Abstract
Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.’s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.’s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.’s scheme. In this paper, we found that both Lee’s and Jiang et al.’s authentication schemes have a serious security problem in that a registered user’s secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee’s scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee’s and Jiang et al.’s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Awasthi, A.K., and Srivastava, K., A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce. J. Med. Syst. 37(5):9964, 2013.
Chang, C.C., and Lee, C.Y., A Smart Card-Based Authentication Scheme Uing User Identify Cryptography. Int. J. Netw. Secur. 15 (2):139–147, 2013.
Chang, T.Y., Hwang, M.S., Yang, W.P., A Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol. Inf. Sci. 181 (1):217–226, 2011.
Chen, T.Y., Lee, C.C., Hwang, M.S., Jan, J.K., Towards Secure and Efficient User Authentication Scheme Using Smart Card for Multi-Server Environments. J. Supercomput. 66 (2):1008–1032, 2013.
Das, A.K., Improving Identity-Based Random Key Establishment Scheme for Large-Scale Hierarchical Wireless Sensor Networks. Int. J. Netw. Secur. 14 (1):1–21, 2012.
Das, A.K., and Bruhadeshwar, B., An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System. J. Med. Syst. 37 (5):9969, 2013.
Guo, C., and Chang, C.C., Chaotic Maps-Based Password-Authenticated Key Agreement Using Smart Cards. Commun. Nonlinear Sci. Numer. Simul. 18 (6):1433–1440, 2013.
Hao, X., Wang, J., Yang, Q., Yan, X., Li, P., A Chaotic Map-Based Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 37 (2):9919, 2013.
He, D., Chen, J., Zhang, R., A More Secure Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 36 (3):1989–1995, 2012.
He, D., Zhao, W., Wu, S., Security Analysis of a Dynamic ID-Based Authentication Scheme for Multi-Server Environment Using Smart Cards. Int. J. Netw. Secur. 15 (5):350–356, 2013.
Hwang, M.S., Lee, C.C., Tzeng, S.F., A New Proxy Signature Scheme for a Specified Group of Verifiers. Inf. Sci. 227 (1):102–115, 2013.
Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust Chaotic Map-Based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems. J. Med. Syst. 38 (2):12, 2014.
Kar, J., ID-Based Deniable Authentication Protocol Based on Diffie-Hellman Problem on Elliptic Curve. Int. J. Netw. Secur. 15 (5):357–364, 2013.
Lee, T.F., An Efficient Chaotic Map-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems. J. Med. Syst. 37 (6):9985, 2013.
Lee, C.C., Li, C.T., Hsu, C.W., A Three-Party Password-Based Authenticated Key Exchange Protocol with User Anonymity Using Extended Chaotic Maps. Nonlinear Dyn. 73 (1-2):125–132, 2013.
Lee, C.C., Chen, C.T., Li, C.T., Wu, P.H., A Practical RFID Authentication Mechanism for Digital Television, Telecommunication Systems: Article in press, 2013.
Lee, C.C., Lou, D.C., Li, C.T., Hsu, C.W., An Extended Chaotic-Maps-Based Protocol with Key Agreement for Multiserver Environments. Nonlinear Dyn. 76 (1):853–866, 2014.
Li, C.T., and Hwang, M.S., An Efficient Biometrics-Based Remote User Authentication Scheme Using Smart Cards. J. Netw. Comput. Appl. 33 (1):1–5, 2010.
Li, C.T., and Hwang, M.S., A Lightweight Anonymous Routing Protocol Without Public Key En/Decryptions for Wireless ad Hoc Networks. Inf. Sci. 181 (23):5333–5347, 2011.
Li, C.T., Secure Smart Card Based Password Authentication Scheme with User Anonymity. Inf. Technol. Control. 40 (2):157–162, 2011.
Li, C.T., and Lee, C.C., A Robust Remote User Authentication Scheme Using Smart Card. Inf. Technol. Control. 40 (3):236–245, 2011.
Li, C.T., and Lee, C.C., A Novel User Authentication and Privacy Preserving Scheme with Smart Cards for Wireless Communications. Math. Comput. Model. 55 (1-2):35–44 , 2012.
Li, C.T., A New Password Authentication and User Anonymity Scheme Based on Elliptic Curve Cryptography and Smart Card. IET Inf. Secur. 7 (1):3–10, 2013.
Li, C.T., Lee, C.C., Weng, C.Y., Fan, C.I., An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity. KSII Trans. Int. Inf. Syst. 7 (1):119–131, 2013.
Li, C.T., Weng, C.Y., Lee, C.C., An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks. Sensors 13 (8):9589–9603, 2013.
Li, C.T., Lee, C.C., Weng, C.Y., An Extended Chaotic Maps Based User Authentication and Privacy Preserving Scheme Against DoS Attacks in Pervasive and Ubiquitous Computing Environments. Nonlinear Dyn. 74 (4):1133–1143, 2013.
Li, C.T., and Lee, C.C., More Secure Authenticated Group Key Agreement in a Mobile Environment. Inf. Int. Interdiscip. J. 16 (9(B)):6817–6830, 2013.
Li, C.T., and Lee, C.C., A Novel User Authentication and Key Agreement Scheme with Smart Cards Over Insecure Networks. Inf. Int. Interdiscip. J. 17 (4):1271–1284, 2014.
Liao, I.E., Lee, C.C., Hwang, M.S., A Password Authentication Scheme Over Insecure Networks. J. Comput. Syst. Sci. 72 (4):727–740, 2006.
Ramasamy, R., and Muniyandi, A.P., An Efficient Password Authentication Scheme for Smart Card. Int. J. Netw. Secur. 14 (3):180–186, 2012.
National Institute of Standards and Technology, US Department of Commerce, Secure Hash Standard, pp. 180–182: US Federal Information Processing Standard Publication, 2002.
Wu, Z.Y., Lee, Y.C., Lai, F., Lee, H.C., Chung, Y., A Secure Authentication Scheme for Telecare Medicine Information Systems. J. Med. Syst. 36 (3):1529–1535, 2012.
Xu, X., Zhu, P., Wen, Q., Jin, Z., Zhang, H., He, L., A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems. J. Med. Syst. 38 (1):9994, 2013.
Yang, L., Ma, J.F., Jiang, Q., Mutual Authentication Scheme with Smart Cards and Password Under Trusted Computing. Int. J. Netw. Secur. 14 (3):156–163, 2012.
Acknowledgments
The authors would like to thank the anonymous referee for their valuable suggestions and comments. In addition, this research was partially supported by the National Science Council, Taiwan, R.O.C., under contract no.: NSC 102-3114-C-165-001-ES and NSC 102-2221-E-030-003.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Li, CT., Lee, CC. & Weng, CY. A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems. J Med Syst 38, 77 (2014). https://doi.org/10.1007/s10916-014-0077-2
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-014-0077-2