Browse > Article
http://dx.doi.org/10.9708/jksci.2021.26.10.101

Design Errors and Cryptanalysis of Shin's Robust Authentication Scheme based Dynamic ID for TMIS  

Park, Mi-Og (Dept. of Computer Engineering, Sungkyul University)
Publication Information
Journal of the Korea Society of Computer and Information / v.26, no.10, 2021 , pp. 101-108 More about this Journal
Abstract
In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.
Keywords
User Authentication; Stolen Smart-Card attack; Password Guessing attack; TMIS(Telecare Medicine Information System); ECC(Elliptic curve cryptography);
Citations & Related Records
연도 인용수 순위
  • Reference
1 L. Lamport, "Password Authentication with Insecure Communi cation," Communications of the ACM, Vol. 24, Issue. 11, pp. 770-772, Nov. 1981. DOI: 10.1145/358790.358797   DOI
2 B. B. Gupta, V. Prajapati1, N. Nedjah, P. Vijayakumar, A. A. El-Latif, X. Chang, "Machine learning and smart card based two-factor authentication scheme for preserving anonymity in telecare medical information system (TMIS)," Neural Computing and Applications, June 2021. 10.1007/s00521-021-06152-x   DOI
3 D. Dharminder, D. Mishra, and X. Li, "Construction of RSA-Based Authentication Scheme in Authorized Access to Healthcare Services," Journal of Medical Systems, Vol. 44, Article number. 6, pp. 1-9, Nov. 2020. DOI: 10.1007/s10916-019-1471-6   DOI
4 C. T. Li, D. H. Shin, C. C. Wang, "Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems," Computer Methods and Programs in Biomedicine, Vol. 157, No. pp. 191-203, Apr. 2018. DOI: 10.1016/j.cmpb.2018.02.002   DOI
5 S.A. Chaudhry, H. Naqvi, T. Shon, M. Sher, and M. S. Farash, "Cryptanalysis and Improvement of an Improved Two Factor Authentication Scheme for Telecare Medicine Information Systems," Journal of Medical Systems, Vol. 39, No. 6, pp. 1-11, Apr. 2015. DOI: 10.1007/s10916-015-0244-0   DOI
6 D. Mahto, D and K. Yadav, "Cloud-based Secure TeleMedicine Information System using Crypto-Biometric Techniques," EAI Endorsed Transactions on Pervasive Health and Technology, Vol. 5, No. 20, pp. 1-11, Mar. 2020.
7 A. Durlanik and I. Sogukpinar, "SIP authentication scheme using ECDH," PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, Vol. 8. pp. 350-353, Oct. 2005. http://ms11.voip.edu.tw/~xinfu/ref/ecdh.pdf
8 Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., and He, L., "A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems," Journal of Medical Systems, Vol. 38, Nov. 2014. DOI: 10.1007/s10916-013-9994-8   DOI
9 O.S. Arezou, A.M. Dariush, M. Nikooghadam, "An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC," International Journal of COMMUNICATION systems, Vol. 32, Issue. 5, pp. 1-23, Feb. 2019. DOI: 10.1002/dac.3913   DOI
10 S. Islam and M. Khan, "Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems," Journal of Medical Systems, Vol. 38, No. 10, pp. 1-13, Sept. 2014. DOI: 0.1007/s10916-014-0135-9   DOI
11 Keewon Kim, "Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems," Journal of the Korea society of computer and information Vol. 25, No. 2, pp. 93-103, Feb. 2020. https://www.dbpia.co.kr/journal/articleDetail?nodeId=NODE09307564   DOI
12 S. Qiu, G. Xu, H. Ahmad, and L. Wang, "A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems," IEEE Access, Vol. 6, pp. 7452-7463, Mar. 2017. DOI: 10.1109/ACCESS.2017.2780124   DOI
13 Kwangcheul Shin, "A Robust Authentication Scheme Based on ECC and Dynamic ID for Remote Telecare Medical Information Systems," Journal of Korean Institute of Information Technology, Vol. 17, No. 6, pp. 123-132, June 2019. DOI: 10.14801/jkiit.2019.17.6.123   DOI