Cryptanalysis and Improvement of “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems”

摘要

Recently, telecare medicine information systems (TMIS) have emerged as an effective mechanism to raise quality convenience and availability of healthcare services. User authentication schemes play an important role in solving security problems and grant access to healthcare services only to the authorized users. In 2010, a few authentication schemes were proposed for TMIS. These were based on the concept of static identity. In 2012, Chen et al. proposed a dynamic ID-based authentication scheme for TMIS, so that the user's identity is not revealed to anyone. However, Chen et al.'s scheme does not involve complex computations like the previous scheme for TMIS, yet it suffers from various security problems. We will show that attackers can not only impersonate the legal participants of the scheme but can also compute the shared session-key. In fact, it is an attack over the confidential communication between the participants. We will also show other drawbacks, such as password guessing attack, denial-of-service attack, immediate replay attack, and incomplete password change phase, present in the scheme. We also demonstrate user anonymity breach in Chen et al.'s scheme. To overcome these problems, we propose an improvement to Chen et al.'s scheme with a different approach. Our approach is aimed at providing an authentication mechanism for TMIS with strong security features. Copyright © 2013 John Wiley & Sons, Ltd.