Design Errors and Cryptanalysis of Shin’s Robust Authentication Scheme based Dynamic ID for TMIS (Shin의 TMIS를 위한 동적 ID 기반의 강력한 사용자 인증 기법에 대한 설계 오류와 안전성 분석)

Mi-Og Park (박미옥)

doi:10.9708/jksci.2021.26.10.101

Design Errors and Cryptanalysis of Shin’s Robust Authentication Scheme based Dynamic ID for TMIS

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2021, 26(10), pp.101-108
DOI : 10.9708/jksci.2021.26.10.101
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : September 6, 2021
Accepted : September 29, 2021
Published : October 29, 2021

Mi-Og Park ¹

¹성결대학교

Accredited

ABSTRACT

In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.

KEYWORDS

User Authentication, Stolen Smart-Card attack, Password Guessing attack, TMIS(Telecare Medicine Information System), ECC(Elliptic curve cryptography)

Citation status

* References for papers published after 2023 are currently being built.

[journal] Leslie Lamport / 1981 / Password authentication with insecure communication / Communications of the ACM / Association for Computing Machinery (ACM) 24(11) : 770~772

[journal] B. B. Gupta / 2021 / Machine learning and smart card based two-factor authentication scheme for preserving anonymity in telecare medical information system (TMIS) / Neural Computing and Applications / Springer Science and Business Media LLC

[journal] 김기원 / 2020 / Cryptanalysis and Improvement of RSA-based Authentication Scheme for Telecare Medical Information Systems / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 25(2) : 93~103

[journal] Dharminder Dharminder / 2020 / Construction of RSA-Based Authentication Scheme in Authorized Access to Healthcare Services / Journal of Medical Systems / Springer Science and Business Media LLC 44(1)

[journal] Chun-Ta Li / 2018 / Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems / Computer Methods and Programs in Biomedicine / Elsevier BV 157 : 191~203

[journal] D. Mahto / 2020 / Cloud-based Secure TeleMedicine Information System using Crypto-Biometric Techniques / EAI Endorsed Transactions on Pervasive Health and Technology 5(20) : 1~11

[journal] Arezou Ostad-Sharif / 2019 / An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC / International Journal of Communication Systems / Wiley 32(5) : e3913~

[confproc] A. Durlanik / 2005 / SIP authentication scheme using ECDH / PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY 8 : 350~353

[journal] Xin Xu / 2014 / A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 38(1)

[journal] SK Hafizul Islam / 2014 / Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 38(10)

[journal] Shehzad Ashraf Chaudhry / 2015 / Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems / Journal of Medical Systems / Springer Science and Business Media LLC 39(6)

[journal] Shuming Qiu / 2018 / A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems / IEEE Access / Institute of Electrical and Electronics Engineers (IEEE) 6 : 7452~7463

[journal] 신광철 / 2019 / A Robust Authentication Scheme Based on ECC and Dynamic ID for Remote Telecare Medical Information Systems / 한국정보기술학회논문지 / 한국정보기술학회 17(6) : 123~132

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Design Errors and Cryptanalysis of Shin’s Robust Authentication Scheme based Dynamic ID for TMIS

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Design Errors and Cryptanalysis of Shin’s Robust Authentication Scheme based Dynamic ID for TMIS

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (13) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.