期刊
SECURITY AND COMMUNICATION NETWORKS
卷 7, 期 2, 页码 399-408出版社
WILEY-HINDAWI
DOI: 10.1002/sec.791
关键词
authentication; medical information systems; cryptanalysis
资金
- Deanship of Scientific Research at King Saud University [RGP-VPP-288]
Recently, telecare medicine information systems (TMIS) have emerged as an effective mechanism to raise quality convenience and availability of healthcare services. User authentication schemes play an important role in solving security problems and grant access to healthcare services only to the authorized users. In 2010, a few authentication schemes were proposed for TMIS. These were based on the concept of static identity. In 2012, Chen et al. proposed a dynamic ID-based authentication scheme for TMIS, so that the user's identity is not revealed to anyone. However, Chen et al.'s scheme does not involve complex computations like the previous scheme for TMIS, yet it suffers from various security problems. We will show that attackers can not only impersonate the legal participants of the scheme but can also compute the shared session-key. In fact, it is an attack over the confidential communication between the participants. We will also show other drawbacks, such as password guessing attack, denial-of-service attack, immediate replay attack, and incomplete password change phase, present in the scheme. We also demonstrate user anonymity breach in Chen et al.'s scheme. To overcome these problems, we propose an improvement to Chen et al.'s scheme with a different approach. Our approach is aimed at providing an authentication mechanism for TMIS with strong security features. Copyright (c) 2013 John Wiley & Sons, Ltd.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据