Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme

Zhang, Liping; Zhu, Shaohui; Tang, Shanyu

doi:10.1109/jbhi.2016.2517146

Cited by 85 publications

(56 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An intruder can attempt to get the private information of the participant from the system, causing a potential risk for confidential data. There is no check of the rightness of a client's old secret key amid the secret password change stage, implying that an individual [38] who has other individual's smart card can change secret code and bio-metric without giving the original password. Other conceivable assaults are participant impersonation attacks, brute-force attacks, or dictionary assaults.…”

Section: Security Modelmentioning

confidence: 99%

“…(i) Applying reverse engineering by monitoring user activities, the adversary extracts the privately stored data in the participant's device [38]. In TMIS, when a patient wishes to become a new legitimate user, denoted as U i , then the following steps are accomplished; validity of server-assigned timestamp and IDs.…”

Section: Security Modelmentioning

confidence: 99%

“…(i) Applying reverse engineering by monitoring user activities, the adversary extracts the privately stored data in the participant's device [38].…”

Section: Security Modelmentioning

confidence: 99%

See 2 more Smart Citations

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

et al. 2017

View full text Add to dashboard Cite

Internet-of-Things (IoT) include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS) also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS). Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS) protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

show abstract

Section: Security Modelmentioning

confidence: 99%

Section: Security Modelmentioning

confidence: 99%

See 1 more Smart Citation

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

et al. 2017

View full text Add to dashboard Cite

show abstract

“…Furthermore, based on symmetric cryptosystem and chaotic map, we put forward a new privacy-preserving 3-factor authenticated key agreement scheme for TMIS to conquer the above security flaws that appear in the authentication scheme of Zhang et al 24 The heuristic security evaluation and theoretical performance discussion indicate that our authentication scheme can be free from offline identity/password guessing attack and user/server impersonation attack, without increasing additional computation cost. Concretely, when secret values, which are computed and stored in a patient's individual smart card by the server, get exposed, their scheme suffers from offline guessing attack, which implies that a malicious adversary is able to recover the patient's identity and password in polynomial time.…”

Section: Introductionmentioning

confidence: 99%

“…In Section 2, we briefly review the authentication scheme of Zhang et al 24 In Section 3, we provide a cryptanalysis of the authentication scheme of Zhang et al 24 In Section 4, we provide the proposed 3-factor authentication scheme and the corresponding performance analysis. In Section 2, we briefly review the authentication scheme of Zhang et al 24 In Section 3, we provide a cryptanalysis of the authentication scheme of Zhang et al 24 In Section 4, we provide the proposed 3-factor authentication scheme and the corresponding performance analysis.…”

Section: Introductionmentioning

confidence: 99%

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

Wei

Liu

Hu³

2018

Int J Communication

View full text Add to dashboard Cite

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3-factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well-known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3-factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well-known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS. KEYWORDSchaotic maps, cryptanalysis, multifactor authentication, privacy preservation, telecare medicine information system Int J Commun Syst. 2018;31:e3767. wileyonlinelibrary.com/journal/dac How to cite this article: Wei J, Liu W, Hu X. On the security and improvement of privacy-preserving 3-factor authentication scheme for TMIS. Int J Commun Syst. 2018;31:e3767. https://doi.

show abstract

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

Ostad-Sharif

Abbasinezhad-Mood

Nikooghadam

2019

Int J Communication

View full text Add to dashboard Cite

The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs.Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session-specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.

show abstract

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme

Cited by 85 publications

References 46 publications

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

Contact Info

Product

Resources

About