Managing Medical and Insurance Information Through a Smart-Card-Based Information System
Journal of Medical Systems
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Medical Data Management: A Practical Guide
Medical Data Management: A Practical Guide
An improved smart card based password authentication scheme with provable security
Computer Standards & Interfaces
A More Secure Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
Strong Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
An Improved Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
Journal of Medical Systems
A Secure Biometrics-based Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
Hi-index | 0.00 |
Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.