Cryptanalysis of Cryptanalysis and Improvement of Yan et al Biometric-Based Authentication Scheme for TMIS

Remote user authentication is critical requirement in Telecare Medicine Information System (TMIS) to protect the patient personal details, security and integrity of the critical medical records of the patient as the patient data is transmitted over insecure public communication channel called Internet. In 2013, Yan proposed a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Dheerendra et al. demonstrated some drawbacks in Yan et al scheme and proposed an improved scheme to erase the drawbacks of Yan et al scheme. We analyze Dheerendra et al scheme and identify that their scheme is vulnerable to off-line identity guessing attack, and on successfully mounting it, the attacker can perfom all major cryptographic attacks.Comment: arXiv admin note: text overlap with arXiv:1309.4944 by other author

The Cryptanalysis of Lee's Chaotic Maps-Based Authentication and Key Agreement Scheme using Smart card for Telecare Medicine Information Systems

The Telecare medicine information system (TMIS) is developed to provide Telecare services to the remote user. A user can access remote medical servers using internet without moving from his place. Although remote user and server exchange their messages/data via public networks. An adversary is considered to be enough powerful that he may have full control over the public network. This makes these Telecare services vulnerable to attacks. To ensure secure communication between the user and server many password based authentication schemes have been proposed. In 2013, Hao et al. presented chaotic maps-based password authentication scheme for TMIS. Recently, Lee identified that Hao et al.'s scheme fails to satisfy key agreement property, such that a malicious server can predetermine the session key. Lee also presented an efficient chaotic map-based password authentication and key agreement scheme using Smart cards for TMIS. In this article, we briefly review Lee's scheme and demonstrates the weakness of Lee's scheme. The study shows that the Lee's scheme inefficiency of password change phase causes denial of service attack and login phase results extra computation and communication overhead

A Study On ID-based Authentication Schemes for Telecare Medical Information System

The smart card based authentication schemes are designed and developed to ensure secure and authorized communication between remote user and the server. In recent times, many smart card based authentication schemes for the telecare medical information systems (TMIS) have been presented. In this article, we briefly discuss some of the recently published smart card based authentication schemes for TMIS and try to show why efficient login and password change phases are required. In other word, the study demonstrates how inefficient password change phase leads to denial of server attack and how inefficient login phase increase the communication and computation overhead and decrease the performance of the system