Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme

Telecare Medicine Information Systems (TMIS) provides flexible and convenient e-health care. However the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.’s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.’s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.’s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes

Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement

During the past decade, the electronic healthcare (e-health) system has been evolved into a more patient-oriented service with smaller and smarter wireless devices. However, these convenient smart devices have limited computing capacity and memory size, which makes it harder to protect the user’s massive private data in the e-health system. Although some works have established a secure session key between the user and the medical server, the weaknesses still exist in preserving the anonymity with low energy consumption. Moreover, the misuse of biometric information in key agreement process may lead to privacy disclosure, which is irreparable. In this study, we design a dynamic privacy protection mechanism offering the biometric authentication at the server side whereas the exact value of the biometric template remains unknown to the server. And the user anonymity can be fully preserved during the authentication and key negotiation process because the messages transmitted with the proposed scheme are untraceable. Furthermore, the proposed scheme is proved to be semantic secure under the Real-or-Random Model. The performance analysis shows that the proposed scheme suits the e-health environment at the aspect of security and resource occupation

Image based ECC Mutual Authentication Scheme for Cloud Assisted TMIS

In this modern era, cloud-based services like e-commerce, e-gate, and so on provide immense services to humans.    Healthcare centers are gradually moving to cloud-based services. In which, both the hospital and patients are connected remotely online and patient gets treatment quickly. Increasing the demand in Telecare Medical Information System (TMIS) needs to ensure the security and privacy of the healthcare centers and patients’ information. In this paper, we have proposed an e?cient and provably secure Elliptic Curve cryptography image based mutual authentication scheme for cloud assisted TMIS. The proposed authentication schemes ensure the secured treatment provided to patients from healthcare center through online. The patient can upload their health condition data to cloud via mobile device for the treatment.  The proposed authentication scheme required minimum computational cost with minimum communication overhead. The proposed authentication scheme preserves patient anonymity and withstands the known and chosen plaintext attack. The security analysis for the proposed scheme shows that the proposed authentication scheme is more secure. It shows that the proposed authentication scheme is performing well compare to the related authentication schemes