• Title/Summary/Keyword: Telecare Medicine Information System

Search Result 4, Processing Time 0.019 seconds

A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement

  • An, Younghwa
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.3
    • /
    • pp.41-49
    • /
    • 2016
  • Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava's biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.'s authentication scheme, and we have shown that Mishra et al.'s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.'s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.

An Improved Smart Card-based User Authentication Scheme with Session Key Agreement for Telecare Medicine Information System

  • Yang, Hyungkyu
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.9 no.3
    • /
    • pp.35-43
    • /
    • 2017
  • In 2013, Lee-Lie proposed secure smart card based authentication scheme of Zhu's authentication for TMIS which is secure against the various attacks and efficient password change. In this paper, we discuss the security of Lee-Lie's smart card-based authentication scheme, and we have shown that Lee-Lie's authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to overcome these security problems of Lee-Lie's authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved smart card based user authentication scheme for TMIS is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack, the session key generation attack and provides mutual authentication between the user and the telecare system.

Design Errors and Cryptanalysis of Shin's Robust Authentication Scheme based Dynamic ID for TMIS

  • Park, Mi-Og
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.10
    • /
    • pp.101-108
    • /
    • 2021
  • In this paper, we analyze Shin's proposed dynamic ID-based user authentication scheme for TMIS(Telecare Medicine Information System), and Shin's authentication scheme is vulnerable to smart card loss attacks, allowing attackers to acquire user IDs, which enables user impersonation attack. In 2019, Shin's proposed authentication scheme attempted to generate a strong random number using ECC, claiming that it is safe to lose a smart card because it is impossible to calculate random number r'i due to the difficulty of the ECC algorithm without knowing random number ri. However, after analyzing Shin's authentication scheme in this paper, the use of transmission messages and smart cards makes it easy to calculate random numbers r'i, which also enables attackers to generate session keys. In addition, Shin's authentication scheme were analyzed to have significantly greater overhead than other authentication scheme, including vulnerabilities to safety analysis, the lack of a way to pass the server's ID to users, and the lack of biometric characteristics with slightly different templates.

Analysis of Al-Saggaf et al's Three-factor User Authentication Scheme for TMIS

  • Park, Mi-Og
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.9
    • /
    • pp.89-96
    • /
    • 2021
  • In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al's authentication scheme, the Al-Saggaf et al's one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al's authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.