An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System

Authors:
Ashok Kumar Das;Bezawada Bruhadeshwar
Affiliations:
Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India 500 032;Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, India 500 032
Venue:
Journal of Medical Systems
Year:
2013

Citing 20
Cited 2

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Examining Smart-Card Security under the Threat of Power Analysis Attacks

IEEE Transactions on Computers
Cryptography and Network Security: Principles and Practice

Cryptography and Network Security: Principles and Practice
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Some Observations on the Theory of Cryptographic Hash Functions

Designs, Codes and Cryptography
A more efficient and secure dynamic ID-based remote user authentication scheme

Computer Communications
Two-factor user authentication in wireless sensor networks

IEEE Transactions on Wireless Communications
A Simple and Generic Construction of Authenticated Encryption with Associated Data

ACM Transactions on Information and System Security (TISSEC)
QUARK: a lightweight hash

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'

Computer Communications
Classification and generation of disturbance vectors for collision attacks against SHA-1

Designs, Codes and Cryptography
Review: Dynamic ID-based remote user password authentication schemes using smart cards: A review

Journal of Network and Computer Applications
A random key establishment scheme for multi-phase deployment in large-scale distributed sensor networks

International Journal of Information Security
On the security of public key protocols

IEEE Transactions on Information Theory
A dynamic ID-based remote user authentication scheme

IEEE Transactions on Consumer Electronics
A More Secure Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
A Secure Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem

Information Sciences: an International Journal
An Efficient Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems
An Improved Authentication Scheme for Telecare Medicine Information Systems

Journal of Medical Systems

Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems

Journal of Medical Systems
An Efficient Anonymous Authentication Scheme for Wireless Body Area Networks Using Elliptic Curve Cryptosystem

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.