Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems

Kim Keewon

doi:https://doi.org/10.9708/jksci.2020.25.02.093

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2020, 25(2), pp.93-103
DOI :https://doi.org/10.9708/jksci.2020.25.02.093
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

Kim Keewon ¹

¹ 단국대학교

ABSTRACT

The telecare medical information system (TMIS) supports convenient and rapid health-care services. A secure and efficient authentication and key agreement scheme for TMIS provides safeguarding electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Giri et al. proposed an RSA-based remote user authentication scheme using smart cards for TMIS and claimed that their scheme could resist various malicious attacks. In this paper, we point out that their scheme is still vulnerable to lost smart card attacks and replay attacks and propose an improved scheme to prevent the shortcomings. As compared with the previous authentication schemes for TMIS, the proposed scheme is more secure and practical.
KEYWORDS

Telecare Medical Information System , Password Based Authentication , Smart Card , Security , Biometric
REFERENCES (17)

[journal] C. Lambrinoudakis / 2000 / Managing Medical and Insurance Information Through a Smart-card-based Information System / Journal of Medical Systems / Springer Science and Business Media LLC 24 (4) : 213~234 / 10.1023/A:1005549330655

[journal] Leslie Lamport / 1981 / Password authentication with insecure communication / Communications of the ACM / Association for Computing Machinery (ACM) 24 (11) : 770~772 / 10.1145/358790.358797

[journal] Min-Shiang Hwang / 2000 / A new remote user authentication scheme using smart cards / IEEE Transactions on Consumer Electronics / Institute of Electrical and Electronics Engineers (IEEE) 46 (1) : 28~30 / 10.1109/30.826377

[journal] Ya-Fen Chang / 2004 / A secure one-time password authentication scheme using smart cards without limiting login times / ACM SIGOPS Operating Systems Review / Association for Computing Machinery (ACM) 38 (4) : 80~90 / 10.1145/1031154.1031164

[journal] Zhen-Yu Wu / 2012 / A Secure Authentication Scheme for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 36 (3) : 1529~1535 / 10.1007/s10916-010-9614-9

[journal] He Debiao / 2012 / A More Secure Authentication Scheme for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 36 (3) : 1989~1995 / 10.1007/s10916-011-9658-5

[journal] Jianghong Wei / 2012 / An Improved Authentication Scheme for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 36 (6) : 3597~3604 / 10.1007/s10916-012-9835-1

[journal] Zhian Zhu / 2012 / An Efficient Authentication Scheme for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 36 (6) : 3833~3838 / 10.1007/s10916-012-9856-9

[journal] R. L. Rivest / 1978 / A method for obtaining digital signatures and public-key cryptosystems / Communications of the ACM / Association for Computing Machinery (ACM) 21 (2) : 120~126 / 10.1145/359340.359342

[journal] Muhammad Khurram Khan / 2013 / An Authentication Scheme for Secure Access to Healthcare Services / Journal of Medical Systems / Springer Science and Business Media LLC 37 (4) : 9954~ / 10.1007/s10916-013-9954-3

[journal] Debasis Giri / 2015 / An Efficient and Robust RSA-Based Remote User Authentication for Telecare Medical Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 39 (1) : 145~ / 10.1007/s10916-014-0145-7

[confproc] P. Kocher / 1999 / Differential Power Analysis / CRYPTO 99, LNCS 1666 : 388~397

[journal] T.S. Messerges / 2002 / Examining smart-card security under the threat of power analysis attacks / IEEE Transactions on Computers / Institute of Electrical and Electronics Engineers (IEEE) 51 (5) : 541~552 / 10.1109/TC.2002.1004593

[confproc] E. Brier / 2004 / Correlation Power Analysis with a Leakage Model / CHES 2004, LNCS 3156 : 16~29

[confproc] T. Eisenbarth / 2008 / On the Power of Power Analysis in the Real World : A Complete Break of the Keeloq Code Hopping Scheme / CRYPTO 08, LNCS 5157 : 203~220

[book] C. Boyd / 2003 / Protocols for Authentication and Key Establishment / Springer

[journal] Chou-Chen Yang / 2004 / Cryptanalysis of security enhancement for the timestamp-based password authentication scheme using smart cards / IEEE Transactions on Consumer Electronics / Institute of Electrical and Electronics Engineers (IEEE) 50 (2) : 578~579 / 10.1109/TCE.2004.1309428
KCI Citation (2)

KJC Korea
Journal Central

Statistics

Tools