A Survey on the Two Factor Authentication Protocol used in the Telecare Medical Information System, including possible attack scenarios

Index

List of Figures

List of Table

Acknowledgements

Abstract

1 Introduction

2 Literature Survey
2.1 Classification Tree
2.2 Review of different Author’s scheme

3 List of All Attack on Telecare Medical Information System

4 Requirement and objective for TMIS
4.1 Requirements
4.2 Objectives

5 AVISPA Tool
5.1 Architecture of AVISPA Tool

6 Conclusion

References

Acronyms

List of Figures

Fig 1.1 Telecare medical information system overview

Fig. 2.1.1 Survey Tree of TMIS

Fig. 2.1.2 Framework of telecare medical information system

Fig. 2.2.1 Running times of different schemes

Fig. 3.1.1 stolen smart card attacks

Fig. 3.2.1 Password guessing attacks

Fig. 3.3.1 Insider Attacks

Fig. 3.4.1 Reply attacks

Fig. 3.5.1 Masquerade attack

Fig. 3.6.1 stolen verifier attacks

Fig. 3.7.1 Server spoofing attack

Fig. 3.8.1 Dictionary Attacks

Fig. 3.9.1 Parallel session attack

Fig. 3.10.1 Modification attack

Fig. 3.11.1 Man-in-middle attack

Fig. 3.12.1 Denial of service attack

Fig. 3.13.1 Fake server attack

Fig. 3.14.1 Session key disclosure attack

Fig. 3.15.1 Key escrow attacks

Fig. 3.16.1 Impersonation attack

Fig. 3.17.1 Forward secrecy attack

Fig. 3.18.1 Temporize information attack

Fig. 3.19.1 Survey tree of all attacks

Fig. 5.1.1 Architecture of AVISPA Tool

List of Table

Table 2.2.1 Comparisons of the security properties

Table 2.2.2 Comparisons of the performance

Table 2.2.3 possible attacks of different schemes

Table 2.2.4 Comparisons with performance and security parameter

Table 2.2.5 Comparison regarding resistance to various attacks

Table 2.2.6 the performance comparison of the related scheme

Table 2.2.7 Execution Time of user side and server side

Table 2.2.8 Time operation of different scheme

Acknowledgements

I am grateful to numerous local and global “peers” who have contributed towards shaping this Dissertation Phase 1 report.

First and foremost I would like to express my sincere thanks to Dr. Nishant Doshi who created my interest in cryptography. He was always there to guide, motivate and support me whenever I was stuck. He constantly reminded me to achieve my goal. His observations and comments helped me to establish the overall direction of the research and to move forward with investigation in depth. Irrespective of his busy schedule, he always gave time to listen to my doubts patiently and gave valuable suggestions like a parent. His doors were always open to discuss my doubts anytime.

I owe my deep sense of gratitude to Dissertation Phase 1 report examiners Dr. Sarang Pande, Dr. Nitul Dutta for their valuable suggestions and critical comments during presentation of credit as well as progress seminars and also sharing their knowledge which influenced me more to carry out this research work. I am thankful to Krupali Dalsania, for helping us to solve typos and grammatical error throughout the book.

I thank to all my student colleagues for providing fun filled and very informative environment to learn and grow. It is their love and encouragement, which helped me a lot during my research work. I had many memorable moments with them inside and out-side my work. I am grateful to all my c olleagues, M.Tech students, Teaching Assistants and many others, for being with me in my difficult times and for all the emotional support, care, and fun they provided and who have been kind enough to advise and help in their respective roles. I owe a dept of gratitude to all my friends for their guidance and support. Manish Shingala and Mayur Oza for their thoughtful discussion related to research work that helped me to complete this work in timely fashion. Ruchita Kaneria, Harshit Champaneri, Dhara Patoliya and Jinita Tamboli for constant motivation to carry out this research work.

I wish to thank staff of Department of Computer Engineering, MEFGI for providing me resources throughout my stay in the college.

Last and most important, I thank my family members. Without their constant support, motivation and love, I would not have been reached so far. I dedicate this research work to my family.

Kishan Makadia

Abstract.

Since last few decades, there is drastic increase in the availability of lower-cost telecommunications systems and healthcare services. The telecare medicine information system supports health-care delivery services. These systems are moving towards an automated environment, where automatic patient medical records and electronically interconnected telecare facilities are prevalent. It is important to guarantee the privacy and the security of the users in the telecare medicine information system. A secure authentication scheme will provide to safeguard data integrity, confidentiality, and availability. Efficient authentication is a prerequisite the guarantying the security and privacy of patients in Telecare Medical Information System. Authentication is used to verify the validity of the patients and Telecare Medical Information System server during remote access.

Keyword. Telecare medical information system, User authentication, Security, Password, AVISPA.

1 Introduction

In order to protect patients’ privacy, such as telephone number, medical record number, health information, authentication scheme for telecare medical information systems (TMIS) has been studied widely [24]. An authenticated mechanism for a patient is required to ensure that the private information is not received by any illegal persons. The recent availability of lower-cost telecommunications system and custom made physiological monitoring devices has made it possible to take advantage of telecare medical directly into the patient’s home, i.e. a connection between patient’s home and doctors at a hospital center or home health-care (HHC) agency [25].

During past there was queue to take a physician’s appointment medical services. But today, just a click allows person to access medical services from anywhere and anytime. Tradition’s time consuming methods on medical services has been replaced by digitalized smart methods. We have entered in a new world of error-free, well organized and quality healthcare services.

It is important to ensure the privacy and the security of the patient in the Telecare medicine information system. In the Telecare Medical Information System, the privacy and security issues the address patients’ rights to understand and control the use of their protected medical information, such as name, address, mobile number, medical record number, etc. At the same time, other protected health information, the electronic medical record (EMR), is straight interrelated with the patient’s privacy. Never the less security in the Telecare Medical Information System is of prime concern. The important concern about security issue is of how to ensure information security and privacy during transmission through the insecure Internet

Smart card based password authentication is a two-factor authentication, firstly a successful authentication which requires the user to have a valid smart card and secondly a correct password.

illustration not visible in this excerpt

Fig 1.1 Telecare medical information system overview

2 Literature Survey

2.1 Classification Tree

illustration not visible in this excerpt

Fig. 2.1.1 Survey Tree of TMIS

illustration not visible in this excerpt

Fig. 2.1.2 Framework of telecare medical information system

2.2 Review of different Author’s scheme

In 1981, Lamport [1] introduced the first password-based authentication scheme using password tables to authenticate remote users over insecure network. Later on many password authentication schemes [14, 15, 16] has been proposed to improve security or efficiency or cost.

Secure authentication schemes are the services provided by the server which are not available to illegal users. While widely implemented, such mechanisms will inevitably suffer from several attacks. In order to solve these problems and strengthen the security of the system, smart card based password authentication schemes are introduced.

As before smart card based password authentication is a kind of two-factor authentication scheme and namely a successful authentication requires the user to have a valid smart card and a correct password. Many smart card based password authentication mechanisms [5,6] have been proposed in the last few decades.

For achieving a high level of security and deliver to a mutual authentication processing, some of the password based authentication schemes are designed and presented the concept of Diffie-Hellman key exchange [26], which depends on the difficulty of discrete logarithm’ s problem. The disadvantage of these schemes is that the computation cost is high which is not suitable for low computation power equipment’s in telecare medicine information system, such as Yang et al.’s user authentication scheme [3].

Xu et al. and Liu et al. [11, 4] has been improved on the previous defect and proposed the authentication schemes based on DLP and smart card. However, there are some security flaws leading their schemes to be insecure. Wu et al propose an efficient password-based authentication scheme. The major difference between Wu et al scheme [12] and other schemes is the addition of pre-computing phase.

The Wu et al scheme in user authentication scheme employs three kinds of cryptographic and mathematical methods and theorems, hash function, symmetric cryptograph, and discrete logarithms problem.

The password-based user authentication scheme is proposed for the telecare medicine information system. The Wu et al scheme consists of four phases, namely the registration phase, the pre-computing phase, the authentication phase, and the password change phase.

Wu et al proposed password-based user authentication scheme is secure and suitable to be implemented. The comparison of Wu et al scheme with other related schemes as summarized in Table. Yang et al. [3] scheme, Xu et al. [11] scheme, and Liu et al. [4] scheme suffer from insecure attacks. For example, Yang et al. [3] scheme kept the verification table that causing the stolen-verifier attacks; Xu et al. had no mutual authentication and impersonation attacks; and Liu et al. [4] confronted the problem of interception making the session key not secure.

The performance comparison of Wu et al [12] scheme with the other author schemes is shown in Table. Apparently, the listed three schemes [3, 4, 11] require more exponential operations leading to the need for more calculation time resulting into inefficiency, while Wu et al [12] scheme proposed scheme only requires two exponential operations and eight hash function operations in performing the authentication procedure. The time-consumption of computation on user side of this scheme is far less than others. This scheme view that the scheme is more efficient and appropriate to collocating with low power devices for the telecare medicine environments.

Table 2.2.1 Comparisons of the security properties

illustration not visible in this excerpt

Table 2.2.2 Comparisons of the performance

illustration not visible in this excerpt

Wu et al. [12] scheme is an efficient authentication scheme for TMIS. In their scheme, they added a new phase named the pre-computing phase. In pre-computing phase, the user computes certain values that require costly, time-consuming exponential operation and then stores them into the storage device. When these values are needed, the user can extract quickly from the device thus raising the performance. They claimed their scheme is secure and very suitable for low computation mobile devices such as in the TMIS.

Wu et al. [12] scheme suffers from the impersonation attack to the insider’s attack. In order to defect the weakness, He et al introduce new authentication scheme. Now the performance and the possible attacks of Xu et al and Wu et al scheme given. The listed two schemes [11, 12] require more exponential operations leading to the require for extra calculation time resulting into inefficiency, He et al [13] proposed scheme only requires nine hash function operations, one exponential operations and addition operation in executing the authentication procedure.

The time consuming of computation on user side of this scheme is far less than others. Furthermore, Xu et al. [11] scheme stand from the impersonation attack. Wu et al. [12] scheme stand from the impersonation attack to the inside attack. This shows that the he et al scheme is more efficient and appropriate in collocating with low power mobile devices for the TMIS.

Table 2.2.3 possible attacks of different schemes

illustration not visible in this excerpt

Xu et al. [11] scheme point out a password dictionary attack on Lee et al. [10] scheme when the user’s smart card is lost. Pu et al. [29] scheme discuss the same drawback of the scheme proposed by Wang et al. [30]. Most recently, Wu et al. [12] scheme proposed an efficient authentication scheme for TMIS. Although their scheme is superior to the previous solutions for implementation on devices by adding a pre-computing phase, He et al. [13] scheme pointed out that the scheme could not withstand impersonation attacks and insider attacks. Then, they introduced a more secure authentication mechanism for Telecare Medical Information System.

The performance of Wei et al [14] scheme, compare it with Wu et al. [12] scheme and He et al. [13] scheme as summarized in Table 4 For convenience, we denote by Exp once experimental operation and H once one-way hash function operation.

As shown in Table 4, since pre-computing phase is canceled in Wei et al scheme, and the user does not need to ask the server to generate new pre-computed values repeatedly, it seems more suitable for patients. At the same time, Wei et al. [14] scheme just needs the same times of experimental operations as Wu et al. [12] scheme, and once experimental operation more than He et al. [13] scheme. However, unlike Wu et al. [12] scheme and He et al. [13] schemes, which suffer from offline password guessing attacks when the user’s smart card is lost, and is unpractical, Wei et al [14] scheme proposal achieves a two-factor authentication, and improve the security of Telecare medical information System. Therefore, the improved authentication scheme for Telecare Medical Information System is not only convenient and efficient, but also practical.

Table 2.2.4 Comparisons with performance and security parameter

illustration not visible in this excerpt

Wei et al. [14] demonstrated that both of Wu et al. [12] scheme and He et al. [13] scheme cannot achieve a two-factor authentication. To overcome the weaknesses, Wei et al. [14] proposed an improved authentication scheme for TMIS. Wei et al. [14] scheme claimed their scheme could withstand various attacks. Zhu et al [15] scheme is vulnerable to an off-line password guessing attack. The security analysis and performance analysis scheme is more suitable for Telecare Medical Information System than Wei et al. [14] scheme.

Wei et al. [14] scheme and its improvement proposed by Zhu et al. [15] scheme fail to achieve important characteristics necessary for secure user authentication. Khan et al [16] scheme find that security problems of Wei et al.’s scheme stick with Zhu et al scheme; like undetectable online password guessing attack, traceability of user’s stolen/lost smart card and denial-of-service threat. Khan et al scheme also identifies that Wei et al [14] scheme lacks forward secrecy and Zhu et al [15] scheme lacks session key between user and healthcare server. Khan et al [16] scheme therefore propose an authentication scheme for Telecare Medical Information System with forward secrecy which preserves the confidentiality of air messages even if master secret key of telecare medical information system server is compromised.

Table 2.2.5 Comparison regarding resistance to various attacks

illustration not visible in this excerpt

Zhu et al [15] scheme [15] suffers from user impersonation attacks, DoS attacks, offline and online password guessing attack, and smart card loss attack. Bin et al [17] scheme observe that Zhu et al [15] scheme has improper password change phase and lacks session key for secure communication after mutual authentication. To improve upon these problems and to protect the privacy of user (patient), Bin et al [17] scheme is an enhanced version of Zhu’s scheme in which user is anonymous.

Bin Muhaya [17] scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. In order to withstand the mentioned weaknesses, hamed et al [18] scheme a new two-factor anonymous authentication and key agreement scheme apply on elliptic curve cryptosystem. Security and performance analyses demonstrate that the hamed et al [18] scheme not only overcomes the weaknesses of Bin Muhaya [17] scheme, but also is about 2.73 times faster than Bin Muhaya [17] scheme.

illustration not visible in this excerpt

Fig. 2.2.1 Running times of different schemes

In 2006 Liao et al. [31] scheme proposed a password authentication scheme over insecure Networks. Liu et al. [4] in 2008 introduce a new mutual authentication scheme based on nonce and smart cards. Zhu et al [15] in 2012 showed the authentication scheme of Wei et al. [14] was vulnerable to an off-line password guessing attack and proposed an improved authentication scheme as alternative. Lee et al [19] scheme observe that Zhu et al scheme [15] scheme has insecure against parallel attack. Lee et al proposed secure authentication scheme against Zhu et al [15] scheme.to overcome the parallel attack on telecare medical information systems.

Table 6 lists the performance comparisons of the related authentication schemes and lee et al [19] proposed enhanced scheme, where the time Th, Tme and Tw denote the time for executing a one-way hash function operation, a modular exponentiation operation and a modular multiplication operation, respectively. The theoretical analysis, perform the simulation experiments for comparison. lee et al [19] scheme use the intel(R) core(TM)2 Quad CPU Q8300n @ 2.50 GHz with 4.00 GB memory for simulation and the algorithms used are RSA and SHA-1. The response times, measured in millisecond (ms), of the user and server are measured respectively.

Table 2.2.6 the performance comparison of the related scheme

illustration not visible in this excerpt

In 2004, Das et al. [32] proposed a dynamic ID and password based remote user authentication scheme using smart cards. Their scheme allows any patient to choose and change his/her password freely and does not require to maintain any verifier table. In 2009, Wang et al. [33] then showed that M.L. Das et al. [32] scheme is completely insecure against different attacks. Further, they showed that [33] does not achieve mutual authentication property and could not resist impersonate remote server attack.

Khan et al. [5] analyzed the security of Wang et al. [33] scheme. They pointed out that Wang et al. [33] scheme does not provide anonymity of a user during authentication, patient has no choice in choosing his/her password, does not provide session key agreement and also vulnerable to insider attack. As a result, Khan et al [5] scheme pointed out that Wang et al [33] scheme has practical issue and it is not feasible for real-life implementation. In order to treatment these security weaknesses, Khan et al. [5] also proposed an enhanced password-based remote user authentication scheme using smart cards.

Lee et al [19] scheme still has two security weaknesses. In order to withstand these flaws, found in Lee-Liu’s scheme, Das et al [20] introduce an improvement of their scheme. Lee et al scheme is efficient as compared to Das et al [20] scheme. Further, through the security analysis, Das et al [20] shown that scheme is secure against possible known attacks. In addition to shown that formal security verification using the AVISPA tool to show that Das et al [20] scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks.

TH=One-way hash function operation

TME=Modular Exponentiation operation

TMM=Modular Multiplication operation

Table 2.2.7 Execution Time of user side and server side

illustration not visible in this excerpt

3 List of All Attack on Telecare Medical Information System

3.1 Stolen smart card attack

- Important information
- Common password
- Specific purpose

illustration not visible in this excerpt

Fig. 3.1.1 stolen smart card attacks

3.2 Password guessing attack

- English password
- General password
- Not 100% work

illustration not visible in this excerpt

Fig. 3.2.1 Password guessing attacks

3.3 Insider attack

- Authorized user or unauthorized users
- Admin or patients

illustration not visible in this excerpt

Fig. 3.3.1 Insider Attacks

3.4 Reply attack

- Retrieve information
- Delay communication

illustration not visible in this excerpt

Fig. 3.4.1 Reply attacks

3.5 Masquerade attack

- Unsecure authorization
- Security of users

illustration not visible in this excerpt

Fig. 3.5.1 Masquerade attack

3.6 Stolen Verifier attack

- Authority of verification
- Valid/Invalid Authentication

illustration not visible in this excerpt

Fig. 3.6.1 stolen verifier attacks

3.7 Server Spoofing attack

- IP spoofing
- DNS server spoofing

illustration not visible in this excerpt

Fig. 3.7.1 Server spoofing attack

3.8 Dictionary attack

- Brute force attack
- Generally used passwords
- Not always successful

illustration not visible in this excerpt

Fig. 3.8.1 Dictionary Attacks

3.9 Parallel session attack

- More than one task
- Telephone communication

illustration not visible in this excerpt

Fig. 3.9.1 Parallel session attack

3.10 Modification attack

- Track communication
- Modify Information

illustration not visible in this excerpt

Fig. 3.10.1 Modification attack

3.11 Man-in-middle attack

- Unauthorized person intercepts in process
- Communication or transformation data

illustration not visible in this excerpt

Fig. 3.11.1 Man-in-middle attack

3.12 Denial of service attack

- Unavailable resource of authorized users
- Website hacking

illustration not visible in this excerpt

Fig. 3.12.1 Denial of service attack

3.13 Fake server attack

- Superior server acts as original server
- Happen after node compromise attack

illustration not visible in this excerpt

Fig. 3.13.1 Fake server attack

3.14 Session key disclosure attack

- valid user (Attacker)
- secret information of service providers

illustration not visible in this excerpt

Fig. 3.14.1 Session key disclosure attack

3.15 Key escrow attack

- Secret key of server
- Modification of users key then also possible

illustration not visible in this excerpt

Fig. 3.15.1 Key escrow attacks

3.16 Impersonation attack

- Not update stored data
- Information is leak
- Next session

illustration not visible in this excerpt

Fig. 3.16.1 Impersonation attack

3.17 Forward secrecy attack

- Secure against keys
- Cryptanalysis of cipher text

illustration not visible in this excerpt

Fig. 3.17.1 Forward secrecy attack

3.18 Temporary information attack

- On particular system or network for specific session
- Short term security

illustration not visible in this excerpt

Fig. 3.18.1 Temporize information attack

3.19 Survey tree of all attacks

Abbildung in dieser Leseprobe nicht enthalten

Fig. 3.19.1 Survey tree of all attacks

4 Requirement and objective for TMIS

4.1 Requirements

A practical authentication scheme for Telecare Medical Information System should satisfy the following requirement.

1. A verified User (patient) is allowed to access the TMIS server and then obtain his/her Electronic Medical Record.
2. Mutual authentication and session key agreement could be reached between patients and the TMIS server to stabilize the security of transmitting information.
3. User anonymity should be assured during the communication to protect patient’s privacy.
4. Patient can change his/her password freely to get achieve user friendliness.
5. Various common known attacks could be withstand to ensure security in each session.
6. A low-cost authentication scheme is required for the limited devices.

4.2 Objectives

1. To maintain electronic record of patients’ medical history which can be easily accessible.
2. To integrate scattered medical record of patients available at different TMIS service providers.
3. To provide remote medical care to patients at their home via Internet and so on.

5 AVISPA Tool

AVISPA (Automated Validation of Internet Security Protocols and Applications) is a push-button tool for the automated validation of Internet security-sensitive protocols and applications. It provides a modular and expressive formal language for specifying protocols and their security properties, and integrates different back-ends that implement a variety of state-of-the-art automatic analysis techniques.

5.1 Architecture of AVISPA Tool

illustration not visible in this excerpt

Fig. 5.1.1 Architecture of AVISPA Tool

The architecture of the AVISPA Tool is depicted in Fig. 5.1.1 A user interacts with the tool by specifying a security problem (a protocol paired with a security property that it is expected to achieve) in the High-Level Protocol Specification Language HLPSL. The HLPSL is an expressive, modular, role-based, formal language that allows for the specification of control-flow patterns, data structures, and different cryptographic operators and their algebraic properties, alternative adversary models, as well as complex security properties. These features allow one to specify protocols in HLPSL without resorting to specific techniques to simplify the protocols first, as if often requires in weaker approaches. The AVISPA Tool automatically translates (via the HLPSL2IF Translator) a user-defined security problem into an equivalent specification written in the rewrite-based formalism Intermediate Format IF. An IF specification describes an infinite-state transition system amenable to formal analysis: IF specifications are automatically inputs the back-ends of the AVISPA Tool, which implement different techniques to search the corresponding infinite-state transition system for states that represent attacks on the intended properties of the protocols.

6 Conclusion

In this paper, we have surveyed all telecare medical information system related paper. Secure password based authentication scheme for all the telecare medicine information system. To withstand the different author schemes which have security weaknesses. The informal and formal security analysis, shows that author scheme is secure against attacks including session key security, parallel session attack, user anonymity, stolen smart card attack, replay attack, man-in-the-middle attack and password guessing attack. AVISPA OFMC back-end for the formal security verification, secure against passive and active attacks, including the replay and man-in the-middle attacks.

References

1. L. Lamport, “Password authentication with insecure communication,” Commun. ACM, vol. 24, no. 11, pp. 770–772, (1981). Doi: 10.1145/358790.358797

2. M. Hwang and L. Li, “A new remote user authentication scheme using smart cards,” IEEE Trans. Consum. Electron., no. 2, pp. 2–4, 2000. Doi: 10.1109/30.826377

3. C.-C. Yang, R.-C. Wang, and W.-T. Liu, “Secure authentication scheme for session initiation protocol,” Comput. Secur., vol. 24, no. 5, pp. 381–386, 2005. doi:10.1016/j.cose.2004.10.007

4. J.-Y. Liu, A.-M. Zhou, and M.-X. Gao, “A new mutual authentication scheme based on nonce and smart cards,” Comput. Commun., vol. 31, no. 10, pp. 2205–2209, 2008. doi:10.1016/j.comcom.2008.02.002

5. M. K. Khan, S. K. Kim, and K. Alghathbar, “Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme,’” Comput. Commun., vol. 34, no. 3, pp. 305–309, 2011. doi:10.1016/j.comcom.2010.02.011

6. H.-M. Chen, J.-W. Lo, and C.-K. Yeh, “An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems,” J. Med. Syst., vol. 36, no. 6, pp. 3907–3915, (2012). doi:10.1007/s10916-012-9862-y.

7. Q. Jiang, J. Ma, Z. Ma, and G. Li, “A privacy enhanced authentication scheme for telecare medical information systems,” J. Med. Syst., vol. 37, no. 1, (2013). doi:10.1007/s10916-012-9897-0.

8. T. Cao and J. Zhai, “Improved dynamic ID-based authentication scheme for telecare medical information systems,” J. Med. Syst., vol. 37, no. 2, 2013. Doi: 10.1007/s10916-012-9912-5

9. Q. Xie, J. Zhang, and N. Dong, “Robust anonymous authentication scheme for telecare medical information systems,” J. Med. Syst., vol. 37, no. 2, 2013. Doi: 10.1007/s10916-012-9911-6

10. N. Y. Lee and Y. C. Chiu, “Improved remote authentication scheme with smart card,” Comput. Stand. Interfaces, vol. 27, no. 2, pp. 177–180, 2005. Doi: doi:10.1016/j.csi.2004.06.001

11. J. Xu, W. T. Zhu, and D. G. Feng, “An improved smart card based password authentication scheme with provable security,” Comput. Stand. Interfaces, vol. 31, no. 4, pp. 723–728, (2009). doi:10.1016/j.csi.2008.09.006

12. Z. Y. Wu, Y. C. Lee, F. Lai, H. C. Lee, and Y. Chung, “A secure authentication scheme for telecare medicine information systems,” J. Med. Syst., vol. 36, no. 3, pp. 1529–1535, (2010). doi:10.1007/s10916-010-9614-9.

13. H. Debiao, C. Jianhua, and Z. Rui, “A More Secure Authentication Scheme for Telecare Medicine Information Systems,” J. Med. Syst., vol. 36, no. 3, pp. 1989–1995, (2011). doi:10.1007/s10916-011-9658-5

14. J. Wei, X. Hu, and W. Liu, “An Improved Authentication Scheme for Telecare Medicine Information Systems,” J. Med. Syst., vol. 36, no. 6, pp. 3597–3604, (2012). doi:10.1007/s10916-012-9835-1.

15. Z. Zhu, “An Efficient Authentication Scheme for Telecare Medicine Information Systems,” J. Med. Syst., vol. 36, no. 6, pp. 3833–3838, (2012). doi:10.1007/s10916-012-9856-9.

16. M. K. Khan and S. Kumari, “An Authentication Scheme for Secure Access to Healthcare Services,” J. Med. Syst., vol. 37, no. 4, p. 9954, (2013). doi:10.1007/s10916-013-9952-5.

17. F. T. Bin Muhaya, “Cryptanalysis and security enhancement of Zhu’s authentication scheme for Telecare medicine information system,” Secur. Comm. Networks, vol. 8, no. 2, pp. 71–81, 2014. DOI: 10.1002/sec.967

18. H. Arshad, V. Teymoori, M. Nikooghadam, and H. Abbassi, “On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems,” J. Med. Syst., vol. 39, no. 8, p. 76, (2015). doi: 10.1007/s10916-015-0259-6

19. T. F. Lee and C. M. Liu, “A secure smart-card based authentication and key agreement scheme for telecare medicine information systems,” J. Med. Syst., vol. 37, no. 3, (2013). doi: 10.1007/s10916-013-9933-8

20. A. K. Das and B. Bruhadeshwar, “An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System,” J. Med. Syst., vol. 37, no. 5, (2013). Doi: 10.1007/s10916-013-9969-9

21. X. Xu, P. Zhu, Q. Wen, Z. Jin, H. Zhang, and L. He, “A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems,” J. Med. Syst., vol. 38, no. 1, (2013). Doi:10.1007/s10916-013-9994-8

22. S. H. Islam and M. K. Khan, “Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems,” J. Med. Syst., vol. 38, no. 10, p. 135, (2014). doi:10.1007/s10916-014-0135-9.

23. S. A. Chaudhry, H. Naqvi, T. Shon, M. Sher, and M. S. Farash, “Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems,” J. Med. Syst., vol. 39, no. 6, (2015). doi:10.1007/s10916-015-0244-0

24. Lee, W. B., and Lee, C. D., A cryptographic key management solution for HIPAA privacy/security regulations. IEEE Trans. Inf. Technol. Biomed. 12(1):34–41, 2008. Doi: 10.1109/TITB.2007.906101

25. Lambrinoudakis, C., and Gritzalis, S., Managing medical and insurance information through a smart-card-based information system. J. Med. Syst. 24(4):213–234, 2000. Doi: 10.1023/A:1005549330655

26. Diffie, W., and Hellman, M., New directions in cryptology. IEEE Trans. Inf. Theory 22(6):644–654, 1976. Doi: 10.1109/TIT.1976.1055638

27. Stallings, W., Cryptography and network security: Principal and practices. 4th Edition. Prentice Hall, 2005. ISBN 13: 978-0-13-609704-4

28. ElGamal, T., A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory IT-31 (4):469–472, 1985. Doi: 10.1007/3-540-39568-7_2

29. Pu, Q., Wang, J., and Zhao, R. Y., Strong authentication scheme for telecare medicine information systems. J. Med. Syst. (2011). doi:10.1007/s10916-011-9735-9.

30. Wang, R. C., Juang, W. S., and Lei, C. L., Provably secure and efficient identification and key agreement protocol with user anonymity. J. Comput. Syst. Sci. 2010. doi:10.1016/j.jcss.2010.07.004

31. Liao, E., Lee, C.C., and Hwang, M.S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci., 72(4):727–740, 2006. doi:10.1016/j.jcss.2005.10.001

32. Das, M. L., Saxena, A., and Gulati, V. P., A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50(2):629–631, 2004. Doi: arXiv:0712.2235

33. Wang, Y.-Y., Liu, J.-Y., Xiao, F.-X., and Dan, J., A more efficient and secure dynamic ID-based remote user authentication scheme. Comput. Commun. 32(4):583–585, 2009. doi:10.1016/j.comcom.2008.11.008

34.

Acronyms

illustration not visible in this excerpt

Mr. Kishan Makadia received Bachelor of Engineering in Computer science engineering from Sanjaybhai Rajguru College of Engineering, Rajkot under Gujarat Technological University (GTU), Ahmedabad, India in 2014. He is currently pursing Master of Engineering in Computer Engineering from Marwadi Education Foundation Group of Institution (MEFGI), Rajkot, India under GTU. He is interested in Research on Cryptography, Information Security, Two factor authentication, and Telecare medical information system. He is life member of Cryptology Research Society of India (CRSI), Kolkata, India.

Mr. Sunil Vithlani received Bachelor of Engineering in Computer Engineering from V.V.P. Engineering college, Rajkot under Saurashtra University, Rajkot, India in 2011. He has completed M.E. from Marwadi education Foundation, Rajkot in 2013. Currently he is working in the Department of Computer Engineering at Marwadi Education Foundation, Rajkot since 2014. he is interested in Research on Cryptography and Ad-hoc Networks.

Dr. Nishant Doshi is a faculty in the Department of Computer Engineering at Marwadi Education Foundation, Rajkot since 2014. His main research interests include algorithms, cryptography and remote user authentication, information protection in general. He has completed M. Tech from DA-IICT, Gandhinagar in 2009 and Ph.D. from NIT Surat in 2014. Along with active researcher, he is Editor-in-Chief of journals like IJCES, IJECEE, IJME, IJMES, and IJSCE. He is rewarded as Young Scientist from Venus International Foundation in year 2015.