An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient’s as well as...

Full description

Saved in:
Bibliographic Details
Published in:Journal of medical systems 2015-11, Vol.39 (11), p.175-175, Article 175
Main Authors: Chaudhry, Shehzad Ashraf, Mahmood, Khalid, Naqvi, Husnain, Khan, Muhammad Khurram
Format: Article
Language:English
Subjects:
Algorithms
Authentication
Biometric Identification - instrumentation
Biometrics
Computer information security
Computer Security - instrumentation
Confidentiality
Cryptography
Health care
Health Informatics
Health Sciences
Humans
Information systems
Medicine
Medicine & Public Health
Mobile Systems
Patients
Privacy
Smart Living in Healthcare and Innovations
Statistics for Life Sciences
Telecare
Telemedicine - instrumentation
Wireless networks
Wireless Technology
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient’s as well as TMIS server’s legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. ( J. Med. Syst. 39(3):1–8, 2015 ) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.’s ( J. Med. Syst. 38(12):136, 2014 ) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.’s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.’s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.’s scheme is also robust against known attacks.
ISSN:0148-5598
1573-689X
DOI:10.1007/s10916-015-0335-y