Jiang Qi, Ma Jianfeng, Lu Xiang, Tian Youliang
School of Computer Science and Technology, Xidian University, Xi'an, China,
J Med Syst. 2014 Feb;38(2):12. doi: 10.1007/s10916-014-0012-6. Epub 2014 Feb 4.
To ensure only authorized access to medical services, several authentication schemes for telecare medicine information systems (TMIS) have been proposed in the literature. Due to its better performance than traditional cryptography, Hao et al. proposed an authentication scheme for TMIS using chaotic map based cryptography. They claimed that their scheme could resist various attacks, including the smart card stolen attack. However, we identify that their scheme is vulnerable to the stolen smart card attack. The reason causing the stolen smart card attack is that the scheme is designed based on the assumption that the scheme itself achieves user untraceability. Then, we propose a robust authentication and key agreement scheme. Compared with the previous schemes, our scheme not only enjoys more security features, but also has better efficiency. Our analysis indicates that designing a two-factor authentication scheme based on the assumption that privacy protection is achieved in the scheme itself may pose potential security risks. The lesson learned is that, we should avoid this situation in the future design of two-factor authentication schemes.
为确保只有授权人员才能访问医疗服务,文献中已经提出了几种用于远程医疗信息系统(TMIS)的认证方案。由于其性能优于传统密码学,郝等人提出了一种使用基于混沌映射密码学的TMIS认证方案。他们声称他们的方案可以抵御各种攻击,包括智能卡被盗攻击。然而,我们发现他们的方案容易受到智能卡被盗攻击。导致智能卡被盗攻击的原因是该方案是基于方案本身实现用户不可追踪性的假设设计的。然后,我们提出了一种健壮的认证和密钥协商方案。与先前的方案相比,我们的方案不仅具有更多的安全特性,而且具有更高的效率。我们的分析表明,基于方案本身实现隐私保护的假设设计双因素认证方案可能会带来潜在的安全风险。吸取的教训是,在未来双因素认证方案的设计中我们应该避免这种情况。
Zotero 插件