On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS |
| |
| Authors: | Jianghong Wei Wenfen Liu Xuexian Hu |
| |
| Affiliation: | 1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China;2. State Key Laboratory of Integrated Service Networks, Xidian University, Xi'an, China;3. School of Computer Science and Information Security, Guangxi Key Laboratory of Cryptogpraphy and Information Security, Guilin University of Electronic Technology, Guilin, China |
| |
| Abstract: | The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3‐factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well‐known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3‐factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well‐known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS. |
| |
| Keywords: | chaotic maps cryptanalysis multifactor authentication privacy preservation telecare medicine information system |
|
|
