4 research outputs found
Cryptanalysis of Wu and Xu's authentication scheme for Telecare Medicine Information Systems
Remote user authentication is desirable for a Telecare medicine information
system (TMIS) to verify the correctness of remote users. In 2013, Jiang et al.
proposed privacy preserving authentication scheme for TMIS. Recently, Wu and Xu
analyzed Jiang's scheme and identify serious security flaws in their scheme,
namely, user impersonation attack, DoS attack and off-line password guessing
attack. In this article, we analyze Wu and Xu's scheme and show that their
scheme is also vulnerable to off-line password guessing attack and does not
protect user anonymity. Moreover, we identify the inefficiency of incorrect
input detection of the login phase in Wu and Xu's scheme, where the smart card
executes the login session in-spite of wrong input
The Cryptanalysis of Lee's Chaotic Maps-Based Authentication and Key Agreement Scheme using Smart card for Telecare Medicine Information Systems
The Telecare medicine information system (TMIS) is developed to provide
Telecare services to the remote user. A user can access remote medical servers
using internet without moving from his place. Although remote user and server
exchange their messages/data via public networks. An adversary is considered to
be enough powerful that he may have full control over the public network. This
makes these Telecare services vulnerable to attacks. To ensure secure
communication between the user and server many password based authentication
schemes have been proposed. In 2013, Hao et al. presented chaotic maps-based
password authentication scheme for TMIS. Recently, Lee identified that Hao et
al.'s scheme fails to satisfy key agreement property, such that a malicious
server can predetermine the session key. Lee also presented an efficient
chaotic map-based password authentication and key agreement scheme using Smart
cards for TMIS. In this article, we briefly review Lee's scheme and
demonstrates the weakness of Lee's scheme. The study shows that the Lee's
scheme inefficiency of password change phase causes denial of service attack
and login phase results extra computation and communication overhead
Cryptanalysis of Cryptanalysis and Improvement of Yan et al Biometric-Based Authentication Scheme for TMIS
Remote user authentication is critical requirement in Telecare Medicine
Information System (TMIS) to protect the patient personal details, security and
integrity of the critical medical records of the patient as the patient data is
transmitted over insecure public communication channel called Internet. In
2013, Yan proposed a biometric based remote user authentication scheme and
claimed that his scheme is secure. Recently, Dheerendra et al. demonstrated
some drawbacks in Yan et al scheme and proposed an improved scheme to erase the
drawbacks of Yan et al scheme. We analyze Dheerendra et al scheme and identify
that their scheme is vulnerable to off-line identity guessing attack, and on
successfully mounting it, the attacker can perfom all major cryptographic
attacks.Comment: arXiv admin note: text overlap with arXiv:1309.4944 by other author
A Study On ID-based Authentication Schemes for Telecare Medical Information System
The smart card based authentication schemes are designed and developed to
ensure secure and authorized communication between remote user and the server.
In recent times, many smart card based authentication schemes for the telecare
medical information systems (TMIS) have been presented. In this article, we
briefly discuss some of the recently published smart card based authentication
schemes for TMIS and try to show why efficient login and password change phases
are required. In other word, the study demonstrates how inefficient password
change phase leads to denial of server attack and how inefficient login phase
increase the communication and computation overhead and decrease the
performance of the system