Abstract
It is important to guarantee the privacy and the security of the users in the telecare medicine information system. Recently, Wu et al.’s proposed an authentication scheme for mobile devices in telecare medicine information system. They added the pre-computing idea within the communication process to avoid the time-consuming exponential computations. They also claimed their scheme can withstand various attacks. We will show that their scheme suffers from the impersonation attack to the insider’s attack. In order to overcome the weaknesses, we propose an improved scheme to eliminate the weakness. Our scheme is not only more secure than Wu et al.’s scheme, but also has better performance. Then our scheme is more efficient and appropriate to collocating with low power mobile devices for the telecare medicine information system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000.
Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008.
Liao, E., Lee, C. C., and Hwang, M. S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.
Diffie, W., and Hellman, M., New directions in cryptology. IEEE Trans. Inf. Theory 22(6):644–654, 1976.
Yang, C. C., Wang, R. C., and Liu, W. T., Secure authentication scheme for session initiation protocol. Comput. Secur. 24:381–386, 2005.
Liu, J. Y., Zhou, A. M., and Gao, M. X., A new mutual authentication scheme based on nonce and smart cards. Comput. Commun. 31(10):2205–2209, 2008.
He, D., Chen J., and Hu J., An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security, Information Fussion, doi:10.1016/j.inffus.2011.01.001.
Xu, J., Zhu, W. T., and Feng, D. G., An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 31(4):723–728, 2009.
Wu, Z.-Y., Lee, Y.-C., Lai, F., Lee H.-C., and Chung, Y., A Secure Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. doi:10.1007/s10916-010-9614-9.
Kocher, P., Jaffe, J., and Jun, B., Differential power analysis, Proc. Adv. Cryptology (CRYPTO'99). 388–397, 1999.
Messerges, T. S., Dabbish, E. A., and Sloan, R. H., Examining smart card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5):541–552, 2002.
Ku, W.-C., and Chen, S.-M., Cryptanalysis of a flexible remote user authentication scheme using smart cards [J].ACMSIGOPS Oper. Syst. Rev. 39(1):90–96, 2005.
Acknowledgements
The authors thank the anonymous reviewers and Prof. Ralph Grams for their valuable comments. This research was supported by the Fundamental Research Funds for the Central Universities under Grants 201275786.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Debiao, H., Jianhua, C. & Rui, Z. A More Secure Authentication Scheme for Telecare Medicine Information Systems. J Med Syst 36, 1989–1995 (2012). https://doi.org/10.1007/s10916-011-9658-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10916-011-9658-5