An Authenticated Key Exchange Protocol for Telecare Medical  Information Systems

Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (11): 1102-.

Previous Articles Next Articles

An Authenticated Key Exchange Protocol for Telecare Medical Information Systems

Wang Zhiqiang1,2, Huang Yujie1, Pang Shufang1, and Ou Haiwen1#br#

#br#

1(Department of Cyberspace Security, Beijing Electronic Science & Technology Institute, Beijing 102627)
2(State Information Center Postdoctoral Research Station, Beijing 100045)

Online:2023-11-06 Published:2023-11-30

面向远程医疗信息系统的认证密钥交换协议

王志强1,2黄玉洁1庞舒方1欧海文1

1(北京电子科技学院网络空间安全系北京102627)
2(国家信息中心博士后科研工作站北京100045)

通讯作者: 王志强博士，副教授.主要研究方向为网络空间安全和漏洞挖掘. wangzq@besti.edu.cn
作者简介:王志强博士，副教授.主要研究方向为网络空间安全和漏洞挖掘. wangzq@besti.edu.cn 黄玉洁硕士.主要研究方向为网络空间安全. 1748985319@qq.com 庞舒方硕士研究生.主要研究方向为网络空间安全. 508949341@qq.com 欧海文博士，教授.主要研究方向为密码算法的编码、分析与应用. ouhw@besti.edu.cn

Abstract

Abstract: Telecare Medical Information Systems (TMIS) has greatly improved the patients’ experience and has become a viable solution to meet the needs of diverse medical services. However, when patients’ private information is transmitted over the public networks through TMIS, it is vulnerable to security attacks. To protect patients’ privacy, a large number of authentication key exchange protocols have been designed for TMIS, but most of them are not resistant to offline dictionary attacks, user impersonation attacks and smart card loss attacks. In this paper, an elliptic curvebased authentication key exchange protocol is designed to achieve anonymity and untraceability of users by using identity encryption and randomized message transmission. Finally, the security proof and performance analysis demonstrate the superiority of TMISAKE protocol in terms of security and efficiency, and its ease of deployment in TMIS.

Key words: smart card, authenticated key exchange protocol, provable security, medical information security, Telecare Medical Information Systems

摘要： 远程医疗信息系统(telecare medical information systems, TMIS)极大程度地改善了患者的就医体验，已成为解决多样化医疗服务需求的可行方案.然而，当患者的隐私信息通过TMIS在公共网络上进行传输时容易遭受安全攻击.为保护患者的隐私，研究人员针对TMIS设计了大量的认证密钥交换协议，但已有协议大多存在无法抵抗离线字典攻击、用户冒充攻击、智能卡丢失攻击等安全隐患.针对上述问题，设计了一个基于椭圆曲线的认证密钥交换协议(TMISAKE)，利用身份加密和随机化传输消息的方法实现用户的匿名性和不可追踪性.最后，通过安全性证明及性能分析，验证了TMISAKE协议在安全性和效率方面的优越性.

关键词: 智能卡, 认证密钥交换协议, 可证明安全, 医疗信息安全, 远程医疗信息系统

CLC Number:

TP309.7

王志强, 黄玉洁, 庞舒方, 欧海文, . 面向远程医疗信息系统的认证密钥交换协议[J]. 信息安全研究, 2023, 9(11): 1102-.

References

［1］Masdari M, Ahmadzadeh S. A survey and taxonomy of the authentication schemes in telecare medicine information systems［J］. Journal of Network and Computer Applications, 2017, 87(11): 119［2］Khan F A, Ali A, Abbas H, et al. A cloud based healthcare framework for security and patients’ data privacy using wireless body area networks［J］. Procedia Computer Science, 2014, 34: 511517［3］Aslametal M U, Derhab A, Saleem K, et al. A survey of authentication schemes in telecare medicine information systems［J］. Journal of Medical Systems, 2017, 41(1): 126［4］Sun Qianqian, Zhou Shoujun. The current situation, problems and development countermeasures of telemedicine in China［J］. Journal of Nanjing Medical University (Social Science Edition), 2022, 22(1): 2530［5］Lamport L. Password authentication with insecure communication［J］. Communications of the ACM, 1981, 24(11): 770772［6］ Chang ChinChen, Wu TzongChen. Remote password authentication with smartcards［J］. IEE ProceedingsE: Computers and Digital Techniques, 1993, 138(3): 165168［7］Chien HungYu, Jan JinnKe, Tseng YuhMin. An efficient and practical solution remote authentication: smartcard［J］. Computers and Security, 2002, 21(4): 372375［8］ Hsu ChienLung. Security of Chien et al’s remote user authentication scheme using smart cards［J］. Computer Standards and Interfaces, 2004, 26(3): 167169［9］Chen ChinLing, Lin YuFan, Wang NengChung, et al. An improvement on Hsiang and Shih’s remote user authentication scheme using smart cards［C］ Proc of the 12th ACIS Int Conf on Software Engineering, Artificial Intelligence, Networking and ParallelDistribute Computing. Piscataway, NJ: IEEE, 2011: 5357［10］Wu Zhenyu, Lee YuehChun, Lai Feipei, et al. A secure authentication scheme for telecare medicine information systems［J］. Journal of Medical Systems, 2012, 36(3): 15291535［11］He Debiao, Chen Jianhua, Zhang Rui. A more secure authentication scheme for telecare medicine information systems［J］. Journal of Medical Systems, 2012, 36(3): 19891995［12］Wei Jianghong, Hu Xuexian, Liu Wenfen. An improved authentication scheme for telecare medicine information systems［J］. Journal of Medical Systems, 2012, 36(6): 35973604［13］Zhu Zhian. An efficient authentication scheme for telecare medicine information systems［J］. Journal of Medical Systems, 2012, 36(6): 38333838［14］Khan M K, Kumari S. An authentication scheme for secure access to healthcare services［J］. Journal of Medical Systems, 2013, 37(4): 99549966［15］Giri D, Maitra T, Amin R, et al. An efficient and robust RSAbased remote user authentication for telecare medical information systems［J］. Journal of Medical Systems, 2015, 39(1): 145154［16］Radhakrishnan N, Karuppiah M. An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems［J］. Informatics in Medicine Unlocked, 2018, 16: 1009210103［17］Lee TianFu , Chang IPin, Lin TsungHung, et al. A secure and efficient passwordbased user authentication scheme using smart cards for the integrated EPR information system［J］. Journal of Medical Systems, 2013, 37(3): 99419948［18］Li Chunta, Shih Dongher, Wang Chuncheng. Cloudassisted mutual authentication and privacy preservation protocol for telecare medical information systems［J］. Computer Methods and Programs in Biomedicine, 2018, 157: 191203［19］Kumar V, Ahmad M, Kumari A. A secure elliptic curve cryptography based mutual authentication protocol for cloudassisted TMIS［J］. Telematics and Informatics, 2019, 38: 100117［20］Li Xiaowei, Yang Dengqi, Zeng Xing, et al. Comments on “Provably secure dynamic idbased anonymous twofactor authenticated key exchange protocol with extended security model”［J］. IEEE Trans on Information Forensics and Security, 2019, 14(12): 33443345［21］Li Chunta, Hwang M S, Chu Y P. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks［J］. Computer Communications, 2008, 31(12): 28032814［22］Qi Mingping, Chen Jianhua. New robust biometricsbased mutual authentication scheme with key agreement using elliptic curve cryptography［J］. Multimedia Tools and Applications, 2018, 77(1): 2333523351［23］Sahoo S S, Mohanty S, Majhi B. A secure three factor based authentication scheme for health care systems using IoT enabled devices［J］. Journal of Ambient Intelligence and Humanized Computing, 2021,12(15): 14191434［24］Amin R, Biswas G P. Asecure threefactor user authentication and key agreement protocol for TMIS with user anonymity［J］. Journal of Medical Systems, 2015, 39(8): 119［25］OstadSharif A, AbbasinezhadMood D, Nikooghadam M. An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC［J］. International Journal of Communication Systems, 2019, 32(5): 39133936

[1]	. On the Development of the Practical Security of Public Key Cryptosystems [J]. Journal of Information Security Research, 2019, 5(1): 29-38.
[2]	. Analysis on CFL Provable Security [J]. Journal of Information Security Research, 2016, 2(7): 589-599.

An Authenticated Key Exchange Protocol for Telecare Medical Information Systems

面向远程医疗信息系统的认证密钥交换协议

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics