International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

An Improved Smart Card-based User Authentication Scheme with Session Key Agreement for Telecare Medicine Information System

  • Yang, Hyungkyu (Computer Media Information Engineering, Kangnam University)
  • Received : 2017.06.15
  • Accepted : 2017.07.10
  • Published : 2017.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In 2013, Lee-Lie proposed secure smart card based authentication scheme of Zhu's authentication for TMIS which is secure against the various attacks and efficient password change. In this paper, we discuss the security of Lee-Lie's smart card-based authentication scheme, and we have shown that Lee-Lie's authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to overcome these security problems of Lee-Lie's authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved smart card based user authentication scheme for TMIS is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack, the session key generation attack and provides mutual authentication between the user and the telecare system.

Keywords

References

  1. L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, vol. 24, no. 11, pp. 770-772, 1987. https://doi.org/10.1145/358790.358797
  2. M.S. Hwang and L.H. Li, "A New Remote User Authentication Scheme Using Smart Cards," IEEE Transactions on Consumer Electronics, vol. 46, pp. 28-30, 2000. https://doi.org/10.1109/30.826377
  3. C.W. Lin, C.S. Tsai and M.S. Hwang, "A New Strong-Password Authentication Scheme Using One-Way Hash Functions," Journal of Computer and Systems Sciences International, vol.45, no.4, pp. 623-626, 2006. https://doi.org/10.1134/S1064230706040137
  4. C.T. Li and M.S. Hwang, "An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards," Journal of Network and Computer Applications, vol. 33, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
  5. A.K. Das, "Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards," IET Information Security, vol.5, Iss. 3, pp. 541-552, 2011.
  6. J. Wei, X. Hu, and W. Lie, "An Improved Authentication Scheme for Telecare Medicine Information Systems," Journal of Medicine Systems, vol. 36, no. 6, pp. 3597-3604, 2012. https://doi.org/10.1007/s10916-012-9835-1
  7. Z. Zhu, "An Efficient Authentication Scheme for Telecare Medicine Information Systems," Journal of Medicine Systems, vol. 36, no. 6, pp. 3833-3838, 2012. https://doi.org/10.1007/s10916-012-9856-9
  8. T.F. Lee, C.M. Lie, "A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems," Journal of Medicine Systems, 37:9933, 2013. https://doi.org/10.1007/s10916-013-9933-8
  9. A.K. Awasthi, K. Srivastava, "A Biometrics Authentication Scheme for Telecare Medicine Information Systems with Nonce," Journal of Medicine Systems, vol. 37(5), pp. 1-4, 2013.
  10. D. Mishra, S. Mukhopadhyay, S. Kumar, M.K. Kyan, A.Chaturvedi, "Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce," Journal of Medicine Systems, vol. 38(41), pp. 1-11, 2014. https://doi.org/10.1007/s10916-013-0001-1
  11. Y. An, "A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement," International Journal of Internet, Broadcasting and Communication, vol. 8(3), pp. 41-49, 2016. https://doi.org/10.7236/IJIBC.2016.8.3.41
  12. H. Yang, "An Improved Biometric-based Password Authentication Scheme with Session Key Agreement," International Journal of Internet, Broadcasting and Communication, vol. 8(3), pp. 50-57, 2016. https://doi.org/10.7236/IJIBC.2016.8.3.50
  13. P. Kocher, J. Jaffe and B. Jun, "Differential Power Analysis," Proceedings of Advances in Cryptology, pp. 388-397, 1999.
  14. T. S. Messerges, E. A. Dabbish and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593