Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

Zhang, Liping; Zhu, Shaohui

doi:10.1007/s10916-015-0233-3

Cited by 30 publications

(19 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…But, elliptic curve cryptosystem (ECC) is used to design an authentication scheme due to its small key size than RSA‐based cryptosystem. Therefore, ECC‐based authentication schemes have been developed by the researchers.…”

Section: Introductionmentioning

confidence: 99%

“…In , Chaudhry et al pointed out that Islam and Khan's scheme cannot prevent forgery attack and then designed another improved scheme. Furthermore, Zhang and Zhu disclosed that scheme in also suffers from off‐line password guessing and server spoofing attacks, respectively. Li et al , introduced a user authentication scheme with the ECC; however, Mishra et al highlighted that the scheme of Li et al , suffers from password guessing attack and replay attack.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme

Maitra

Obaidat

Islam

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Client‐server‐based communications provide a facility by which users can get several services from home via the Internet. As the Internet is an insecure channel, it is needed to protect information of communicators. An authentication scheme can fulfill the aforementioned requirements. Recently, Huang et al. presented an elliptic curve cryptosystem‐based password authentication scheme. This work has demonstrated that the scheme of Huang et al. has security weakness against the forgery attack. In addition, this paper also presented that the scheme of Huang et al. has some design drawbacks. Therefore, this paper has focused on excluding the security vulnerabilities of the scheme of Huang et al. by proposing an elliptic curve cryptosystem‐based password authentication scheme using smart card. The security of our scheme is based on the hardness assumption of the one‐way hash functions and elliptic curve discrete logarithm problem. Furthermore, we have demonstrated that our scheme is secured against known attacks. The performance of our scheme is also nearly equal when compared to related competing schemes. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme

Maitra

Obaidat

Islam

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…Thereafter, Lu et al [30] also pointed out that the Arshad's [8] scheme cannot achieve complete security requirements and proposed an authentication scheme based on the elliptic curve cryptosystem. Very recently, Zhang-Zhu [45] pointed out that the Islam-Khan's [17] scheme is insecure against several security weaknesses and also proposed a improved scheme to enhance the mentioned security flaws. Recently, Giri et al [11] illustrated that the Khan et al's is insecure against off-line password guessing attack and they also proposed an improved scheme to withstand the mentioned attack.…”

Section: Introductionmentioning

confidence: 99%

An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS

Amin

Biswas

2015

J Med Syst

View full text Add to dashboard Cite

Recently, Giri et al.'s proposed a RSA cryptosystem based remote user authentication scheme for telecare medical information system and claimed that the protocol is secure against all the relevant security attacks. However, we have scrutinized the Giri et al.'s protocol and pointed out that the protocol is not secure against off-line password guessing attack, privileged insider attack and also suffers from anonymity problem. Moreover, the extension of password guessing attack leads to more security weaknesses. Therefore, this protocol needs improvement in terms of security before implementing in real-life application. To fix the mentioned security pitfalls, this paper proposes an improved scheme over Giri et al.'s scheme, which preserves user anonymity property. We have then simulated the proposed protocol using widely-accepted AVISPA tool which ensures that the protocol is SAFE under OFMC and CL-AtSe models, that means the same protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The informal cryptanalysis has been also presented, which confirmed that the proposed protocol provides well security protection on the relevant security attacks. The performance analysis section compares the proposed protocol with other existing protocols in terms of security and it has been observed that the protocol provides more security and achieves additional functionalities such as user anonymity and session key verification.

show abstract

“…In order to overcome the above defects, they proposed a new anonymous two-factor authentication protocol for TMIS. Recently, Zhang and Zhou ( 2015 ) pointed out that Islam et al’s protocol has many security defects such as: (1) Any legal but malicious patient can reveal other user’s identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if he knows legal user’s identity. Zhang et al then proposed a new ECC-based authenticated key agreement scheme in order to fix the above security problems.…”

Section: Introductionmentioning

confidence: 99%

An improved authenticated key agreement protocol for telecare medicine information system

et al. 2016

View full text Add to dashboard Cite

In telecare medicine information systems (TMIS), identity authentication of patients plays an important role and has been widely studied in the research field. Generally, it is realized by an authenticated key agreement protocol, and many such protocols were proposed in the literature. Recently, Zhang et al. pointed out that Islam et al.’s protocol suffers from the following security weaknesses: (1) Any legal but malicious patient can reveal other user’s identity; (2) An attacker can launch off-line password guessing attack and the impersonation attack if the patient’s identity is compromised. Zhang et al. also proposed an improved authenticated key agreement scheme with privacy protection for TMIS. However, in this paper, we point out that Zhang et al.’s scheme cannot resist off-line password guessing attack, and it fails to provide the revocation of lost/stolen smartcard. In order to overcome these weaknesses, we propose an improved protocol, the security and authentication of which can be proven using applied pi calculus based formal verification tool ProVerif.

show abstract

Robust ECC-based Authenticated Key Agreement Scheme with Privacy Protection for Telecare Medicine Information Systems

Cited by 30 publications

References 32 publications

Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme

Security analysis and design of an efficient ECC‐based two‐factor password authentication scheme

An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS

An improved authenticated key agreement protocol for telecare medicine information system

Contact Info

Product

Resources

About