Browse > Article
http://dx.doi.org/10.9708/jksci.2020.25.02.093

Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems  

Kim, Keewon (Dept. of Applied Computer Engineering, Dankook University)
Abstract
The telecare medical information system (TMIS) supports convenient and rapid health-care services. A secure and efficient authentication and key agreement scheme for TMIS provides safeguarding electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Giri et al. proposed an RSA-based remote user authentication scheme using smart cards for TMIS and claimed that their scheme could resist various malicious attacks. In this paper, we point out that their scheme is still vulnerable to lost smart card attacks and replay attacks and propose an improved scheme to prevent the shortcomings. As compared with the previous authentication schemes for TMIS, the proposed scheme is more secure and practical.
Keywords
Telecare Medical Information System; Password Based Authentication; Smart Card; Security; Biometric;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Kocher, J. Jae, B. Jun, "Differential Power Analysis," CRYPTO 99, LNCS 1666, pp. 388-397, 1999. DOI: 10.1007/3-540-48405-1_25
2 T. Messerges, E. Dabbish, R. Sloan, R., "Examining Smart-card Security under the Threat of Power Analysis Attacks," IEEE Trans. Comput. Vol. 51, No. 5, pp. 541-552, May 2002. DOI: 10.1109/TC.2002.1004593   DOI
3 E. Brier, C. Clavier, and F. Olivier, "Correlation Power Analysis with a Leakage Model," CHES 2004, LNCS 3156, pp. 16-29, 2004. DOI: 10.1007/978-3-540-28632-5_2
4 T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M.T.M. Shalmani, "On the Power of Power Analysis in the Real World: A Complete Break of the Keeloq Code Hopping Scheme," CRYPTO 08, LNCS 5157, pp. 203-220, 2008. DOI: 10.1007/978-3-540-85174-5_12
5 C. Boyd, and A. Mathuria, "Protocols for Authentication and Key Establishment" Springer, 2003.
6 C.C. Yang, H.W. Yang, and R.C. Wang, "Cryptanalysis of Security Enhancement for the Timestamp-based Password Authentication Scheme Using Smart Cards," IEEE Trans. Consum. Electron., Vol. 50, No. 2, pp. 578-579, May 2004. DOI: 10.1109/TCE.2004.1309428   DOI
7 C. Lambrinoudakis, and S. Gritzalis, "Managing Medical and Insurance Information Through a Smart-card-based Information System," J. Med. Syst., Vol. 24, No. 4, pp. 213-234, Aug. 2000. DOI: 10.1023/A:1005549330655   DOI
8 L. Lamport, "Password Authentication with Insecure Communication," Comm. ACM, Vol. 24, No. 11, pp. 770-772, Nov. 1981. DOI: 10.1145/358790.358797   DOI
9 M.S. Hwang, and L.H. Li, "A New Remote User Authentication Scheme Using Smart Cards," IEEE Trans. Consum. Electron., Vol. 46, No. 1, pp. 28-30, Feb. 2000. DOI: 10.1109/30.826377   DOI
10 Y.F. Chang, C.C. Chang, and J.Y. Kuo, "A Secure One-time Password Authentication Scheme Using Smart Cards without Limiting Login Times," ACM SIGOPS Operating Systems Review, Vol. 38, No. 4, pp. 80-90, Oct. 2004. DOI: 10.1145/1031154.1031164   DOI
11 Z.Y. Wu, Y.C. Lee, F. Lai, H.C. Lee, Y. Chung, "A Secure Authentication Scheme for Telecare Medicine Information Systems," J. Med. Syst., Vol. 36, No. 3, pp. 1529-1535, Jun. 2012. DOI: 10.1007/s10916-010-9614-9   DOI
12 D. He, J. Chen, R. Zhang, "A More Secure Authentication Scheme for Telecare Medicine Information Systems," J. Med. Syst., Vol. 36, No. 3, pp. 1989-1995, Jun. 2012. DOI: 10.1007/s10916-011-9658-5   DOI
13 J. Wei, X. Hu, W. Liu, "An Improved Authentication Scheme for Telecare Medicine Information Systems," J. Med. Syst., Vol. 36, No. 6, pp. 3597-3604, Dec. 2012. DOI: 10.1007/s10916-012-9835-1   DOI
14 Z. Zhu, "An Efficient Authentication Scheme for Telecare Medicine Information Systems," J. Med. Syst., Vol. 36, No. 6, pp. 3833-3838, Dec. 2012. DOI: 10.1007/s10916-012-9856-9   DOI
15 D. Giri, T. Maitra, R. Amin, and P.D. Srivastava, "An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems," J. Med. Syst. Vol. 39, No. 1, pp.145, Jan. 2015. DOI: 10.1007/s10916-014-0145-7   DOI
16 R.L. Rivest, A. Shamir, L. Adleman, "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Commun. ACM, Vol. 21, No. 2, pp. 120-126, Feb. 1978. DOI: 10.1145/359340.359342   DOI
17 M.K. Khan, and S. Kumari, "An Authentication Scheme for Secure Access to Healthcare Services," J. Med. Syst., Vol. 37, No. 4, pp. 9954, Aug. 2013. DOI: 10.1007/s10916-013-9954-3   DOI