57 research outputs found
Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme
Telecare Medicine Information Systems (TMIS) provides flexible and convenient e-health care. However the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.’s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.’s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.’s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes
Cryptanalysis on Secure ECC based Mutual Authentication Protocol for Cloud-Assisted TMIS
The creation of TMIS (Telecare Medical Information System) makes it simpler
for patients to receive healthcare services and opens up options for seeking
medical attention and storing medical records with access control. With
Wireless Medical Sensor Network and cloud-based architecture, TMIS gives the
chance to patients to collect their physical health information from medical
sensors and also upload this information to the cloud through their mobile
devices. The communication is held through internet connectivity, therefore
security and privacy are the main motive aspects of a secure cloud-assisted
TMIS. However, because very sensitive data is transmitted between patients and
doctors through the cloud server, thus security protection is important for
this system. Recently, Kumar et al designed a mutual authentication protocol
for cloud-assisted TMIS based on ECC [2]. In this paper, we revisited this
scheme and traced out that their scheme has some significant pitfalls like
health report revelation attack, and report confidentiality. In this study, we
will provide the cryptanalysis of the scheme developed by Kumar et al
- …