Journal of Information Security Reserach ›› 2023, Vol. 9 ›› Issue (11): 1102-.

Previous Articles     Next Articles

An Authenticated Key Exchange Protocol for Telecare Medical  Information Systems

Wang Zhiqiang1,2, Huang Yujie1, Pang Shufang1, and Ou Haiwen1#br#


  1. 1(Department of Cyberspace Security, Beijing Electronic Science & Technology Institute, Beijing 102627)
    2(State Information Center Postdoctoral Research Station, Beijing 100045)

  • Online:2023-11-06 Published:2023-11-30



  1. 1(北京电子科技学院网络空间安全系北京102627)

  • 通讯作者: 王志强 博士,副教授.主要研究方向为网络空间安全和漏洞挖掘.
  • 作者简介:王志强 博士,副教授.主要研究方向为网络空间安全和漏洞挖掘. 黄玉洁 硕士.主要研究方向为网络空间安全. 庞舒方 硕士研究生.主要研究方向为网络空间安全. 欧海文 博士,教授.主要研究方向为密码算法的编码、分析与应用.

Abstract: Telecare Medical Information Systems (TMIS) has greatly improved the patients’ experience and has become a viable solution to meet the needs of diverse medical services. However, when patients’ private information is transmitted over the public networks through TMIS, it is vulnerable to security attacks. To protect patients’ privacy, a large number of authentication key exchange protocols have been designed for TMIS, but most of them are not resistant to offline dictionary attacks, user impersonation attacks and smart card loss attacks. In this paper, an elliptic curvebased authentication key exchange protocol is designed to achieve anonymity and untraceability of users by using identity encryption and randomized message transmission. Finally, the security proof and performance analysis demonstrate the superiority of TMISAKE protocol in terms of security and efficiency, and its ease of deployment in TMIS.

Key words: smart card, authenticated key exchange protocol, provable security, medical information security, Telecare Medical Information Systems

摘要: 远程医疗信息系统(telecare medical information systems, TMIS)极大程度地改善了患者的就医体验,已成为解决多样化医疗服务需求的可行方案.然而,当患者的隐私信息通过TMIS在公共网络上进行传输时容易遭受安全攻击.为保护患者的隐私,研究人员针对TMIS设计了大量的认证密钥交换协议,但已有协议大多存在无法抵抗离线字典攻击、用户冒充攻击、智能卡丢失攻击等安全隐患.针对上述问题,设计了一个基于椭圆曲线的认证密钥交换协议(TMISAKE),利用身份加密和随机化传输消息的方法实现用户的匿名性和不可追踪性.最后,通过安全性证明及性能分析,验证了TMISAKE协议在安全性和效率方面的优越性.

关键词: 智能卡, 认证密钥交换协议, 可证明安全, 医疗信息安全, 远程医疗信息系统

CLC Number: