Department of Computer Science and Engineering, Xiamen Institute of Technology, Huaqiao University, Xiamen, 361021, China,
J Med Syst. 2013 Aug;37(4):9958. doi: 10.1007/s10916-013-9958-z. Epub 2013 Jul 2.
Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.
如今,由于计算机技术的飞速发展,患者可以通过远程医疗信息系统(TMIS)在线获得多种医疗服务。因此,用户与服务器之间通过网络进行通信的安全性非常重要。认证对于保护信息免受恶意攻击者的攻击起着重要作用。最近,Jiang 等人提出了一种使用智能卡的 TMIS 隐私增强方案,并声称他们的方案优于 Chen 等人的方案。然而,我们已经表明,如果攻击者破坏了合法用户的智能卡,Jiang 等人的方案存在 ID 无用性的弱点,并且容易受到离线密码猜测攻击和用户冒充攻击。此外,如果在密码更改阶段发生成功的冒充攻击和错误的密码输入,它也无法抵抗两种情况下的拒绝服务攻击。然后,我们提出了一种改进的用于远程医疗信息系统的相互认证方案。该系统可用于远程监控、检查患者的既往病史记录和医疗咨询,信息通过互联网传输。最后,我们的分析表明,所提出的方案克服了 Jiang 等人方案的缺点,适用于 TMIS。
