An identity-based key-exchange protocol
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
An unknown key-share attack on the MQV key agreement protocol
ACM Transactions on Information and System Security (TISSEC)
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Authenticated Multi-Party Key Agreement
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Three weaknesses in a simple three-party key exchange protocol
Information Sciences: an International Journal
Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Information Sciences: an International Journal
An improved smart card based password authentication scheme with provable security
Computer Standards & Interfaces
An off-line dictionary attack on a simple three-party key exchange protocol
IEEE Communications Letters
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Why provable security matters?
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
A More Secure Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
A Secure Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
An Efficient Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
An Improved Authentication Scheme for Telecare Medicine Information Systems
Journal of Medical Systems
Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment
Wireless Personal Communications: An International Journal
Journal of Medical Systems
Journal of Medical Systems
Hi-index | 0.00 |
Many authentication schemes have been proposed for telecare medicine information systems (TMIS) to ensure the privacy, integrity, and availability of patient records. These schemes are crucial for TMIS systems because otherwise patients' medical records become susceptible to tampering thus hampering diagnosis or private medical conditions of patients could be disclosed to parties who do not have a right to access such information. Very recently, Hao et al. proposed a chaotic map-based authentication scheme for telecare medicine information systems in a recent issue of Journal of Medical Systems. They claimed that the authentication scheme can withstand various attacks and it is secure to be used in TMIS. In this paper, we show that this authentication scheme is vulnerable to key-compromise impersonation attacks, off-line password guessing attacks upon compromising of a smart card, and parallel session attacks. We also exploit weaknesses in the password change phase of the scheme to mount a denial-of-service attack. Our results show that this scheme cannot be used to provide security in a telecare medicine information system.