[go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu’s authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya’s scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya’s scheme, but also is about 2.73 times faster than Bin Muhaya’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Lin, T. H., and Lee, T. F., Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J. Med. Syst. 38(5):1–9, 2014.

    CAS  Google Scholar 

  2. Arshad, H., and Nikooghadam, M., Three-Factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12):1–12, 2014.

    Article  Google Scholar 

  3. Xie, Q., Zhang, J., Dong, N., Robust anonymous authentication scheme for telecare medical information systems. J. Med. Syst. 37(2):1–8, 2013.

    Article  Google Scholar 

  4. Wu, F., and Xu, L., Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4):1–9, 2013.

    Article  CAS  Google Scholar 

  5. Mishra, D., Srinivas, J., Mukhopadhyay, S., A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(10):1–10, 2014.

    Article  Google Scholar 

  6. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014.

    Article  Google Scholar 

  7. Kim, K. W., and Lee, J. D, On the security of two remote user authentication schemes for telecare medical information systems. J. Med. Syst. 38(5):1–11, 2014.

    Article  Google Scholar 

  8. Mishra, D., Mukhopadhyay, S., Chaturvedi, A., Kumari, S., Khan, M. K., Cryptanalysis and improvement of Yan et al.’s biometric-based authentication scheme for telecare medicine information systems. J. Med. Syst. 38(6):1–12, 2014.

    Article  Google Scholar 

  9. Mishra, D., Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems. J. Med. Syst. 39(3):1–8, 2015.

    Article  Google Scholar 

  10. Mishra, D., On the security flaws in id-based password authentication schemes for telecare medical information systems. J. Med. Syst. 39(1):1–16, 2015.

    Article  Google Scholar 

  11. Mishra, D., A study on ID?based authentication schemes for telecare medical information system, arXiv:1311.0151, 2013.

  12. He, D., Kumar, N., Chilamkurti, N., Lee, J. H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. J. Med. Syst. 38(10):1–6, 2014.

    Article  Google Scholar 

  13. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y., A secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1529–1535, 2012.

    Article  PubMed  Google Scholar 

  14. He, D., Chen, j., Zhang, R., A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3):1989–1995, 2012.

    Article  Google Scholar 

  15. Wei, J., Hu, X., Liu, W., An improved authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6):3597–3604, 2012.

    Article  PubMed  Google Scholar 

  16. Zhu, Z., An efficient authentication scheme for telecare medicine information systems. J. Med. Syst. 36(6): 3833–3838, 2012.

    Article  PubMed  Google Scholar 

  17. Khan, M. K., and Kumari, S., An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4):1–12, 2013.

    Article  Google Scholar 

  18. Lee, T. F., and Liu, C. M., A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst., 2013. doi:10.1007/s10916-013-9933-8.

    Google Scholar 

  19. Das, A. K., and Bruhadeshwar, B., An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J. Med. Syst. 37(5):1–17, 2013.

    Article  Google Scholar 

  20. Bin Muhaya, F. T., Cryptanalysis and security enhancement of Zhu’s authentication scheme for telecare medicine information system. Security and Communication Networks 8:149–158, 2015. doi:10.1002/sec.967.

    Article  Google Scholar 

  21. Arshad, H., and Nikooghadam, M., An efficient and secure authentication and key agreement scheme for session protocol using ECC. Multimedia Tools and Applications, 2014. doi:10.1007/s11042-014-2282-x.

    Google Scholar 

  22. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. Proceedings of Advances in Cryptology, Vol. 1666, pp. 788–797, Santa Barbara (1999)

  23. Messerges, T. S., Dabbish, E. A., Sloan, R. H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.

    Article  Google Scholar 

  24. Wang, D., and Wang, P., Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 20:1–15, 2014.

    Article  Google Scholar 

  25. Ma, C.-G., Wang, D., Zhao, S.-D., Security flaws in two improved remote user authentication schemes using smart cards. Int. J. Commun. Syst. 27:2215–2227, 2014. doi:10.1002/dac.2468.

    Article  Google Scholar 

  26. Klein, D. V. Foiling the cracker: a survey of, and improvements to, password security. In: Proceedings of the 2nd USENIX Security Workshop. Anaheim (1990)

  27. Bonneau, J. The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In: 33th IEEE Symposium on Security and Privacy (S&P 2012), IEEE Computer Society, pp. 538–552. San Francisco (2012)

  28. Islam, S. H., Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst., 2014. doi:10.1002/dac.2793.

    Google Scholar 

  29. Hankerson, D., Menezes, A., Vanstone, S., Guide to elliptic curve cryptography. New York: Springer, 2004.

    Google Scholar 

  30. Von Ahn, L., Blum, M., Langford, J., Telling humans and computers apart automatically. Commun. ACM 47(2):56–60, 2004.

    Article  Google Scholar 

  31. Jiang, Q., Ma, J., Li, G., Yang, l., An Efficient Ticket Based Authentication Protocol with unlinkability for wireless access networks. Wirel. Pers. Commun. 77(2):1489–1506, 2014.

    Article  Google Scholar 

  32. Hsieh, W.-B., and Leu, J.-S., Anonymous authentication protocol based on elliptic curve DiffieHellman for wireless access networks. Wirel. Commun. Mob. Comput. 14:995–1006, 2014. doi:10.1002/wcm.2252.

    Article  Google Scholar 

  33. Vanstone, S. A., Elliptic curve cryptosystem-the answer to strong, fast public-key cryptography for securing constrained environments. Inf. Secur. Tech. Rep. 12:78–87, 1997.

    Article  Google Scholar 

  34. Stallings, W., Cryptography and Network Security: Principles and Practice. 4th edition. Upper Saddle River: Prentice Hall, 2005.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering and Information Technology, Imam Reza International University, Mashhad, Iran

    Hamed Arshad, Vahid Teymoori, Morteza Nikooghadam & Hassan Abbassi

Authors
  1. Hamed Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vahid Teymoori
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Morteza Nikooghadam
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hassan Abbassi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Hamed Arshad or Morteza Nikooghadam.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Arshad, H., Teymoori, V., Nikooghadam, M. et al. On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. J Med Syst 39, 76 (2015). https://doi.org/10.1007/s10916-015-0259-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0259-6

Keywords