Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems

Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote a...

Full description

Saved in:
Bibliographic Details
Published in:Journal of medical systems 2015-06, Vol.39 (6), p.66-66, Article 66
Main Authors: Chaudhry, Shehzad Ashraf, Naqvi, Husnain, Shon, Taeshik, Sher, Muhammad, Farash, Mohammad Sabzinejad
Format: Article
Language:English
Subjects:
Authentication
Authentication protocols
Communication
Computer Security - standards
Confidentiality - standards
Cryptography
Health Informatics
Health Information Systems - organization & administration
Health Information Systems - standards
Health Sciences
Humans
Information systems
Islam
Medical
Medicine
Medicine & Public Health
Patient Access to Records - standards
Patient Facing Systems
Patients
Professional-Patient Relations
Servers
Statistics for Life Sciences
Telecare
Telemedicine
Telemedicine - methods
Telemedicine - organization & administration
Telemedicine - standards
User-Computer Interface
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Telecare medical information systems (TMIS) provides rapid and convenient health care services remotely. Efficient authentication is a prerequisite to guarantee the security and privacy of patients in TMIS. Authentication is used to verify the legality of the patients and TMIS server during remote access. Very recently Islam et al. ( J. Med. Syst. 38(10):135, 2014 ) proposed a two factor authentication protocol for TMIS using elliptic curve cryptography (ECC) to improve Xu et al.’s ( J. Med. Syst. 38(1):9994, 2014 ) protocol. They claimed their improved protocol to be efficient and provides all security requirements. However our analysis reveals that Islam et al.’s protocol suffers from user impersonation and server impersonation attacks. Furthermore we proposed an enhanced protocol. The proposed protocol while delivering all the virtues of Islam et al.’s protocol resists all known attacks.
ISSN:0148-5598
1573-689X
DOI:10.1007/s10916-015-0244-0