Mishra Dheerendra, Mukhopadhyay Sourav, Chaturvedi Ankita, Kumari Saru, Khan Muhammad Khurram
Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur, 721 302, India,
J Med Syst. 2014 Jun;38(6):24. doi: 10.1007/s10916-014-0024-2. Epub 2014 Jun 1.
Remote user authentication is desirable for a Telecare Medicine Information System (TMIS) for the safety, security and integrity of transmitted data over the public channel. In 2013, Tan presented a biometric based remote user authentication scheme and claimed that his scheme is secure. Recently, Yan et al. demonstrated some drawbacks in Tan's scheme and proposed an improved scheme to erase the drawbacks of Tan's scheme. We analyze Yan et al.'s scheme and identify that their scheme is vulnerable to off-line password guessing attack, and does not protect anonymity. Moreover, in their scheme, login and password change phases are inefficient to identify the correctness of input where inefficiency in password change phase can cause denial of service attack. Further, we design an improved scheme for TMIS with the aim to eliminate the drawbacks of Yan et al.'s scheme.
对于远程医疗信息系统(TMIS)而言,出于公共信道上传输数据的安全性、保密性和完整性考虑,远程用户认证是很有必要的。2013年,谭提出了一种基于生物特征的远程用户认证方案,并声称其方案是安全的。最近,严等人指出了谭的方案中的一些缺陷,并提出了一种改进方案以消除谭的方案的缺陷。我们分析了严等人的方案,发现他们的方案容易受到离线密码猜测攻击,并且无法保护匿名性。此外,在他们的方案中,登录和密码更改阶段在识别输入正确性方面效率低下,其中密码更改阶段的低效率可能导致拒绝服务攻击。进一步地,我们为TMIS设计了一种改进方案,旨在消除严等人的方案的缺陷。
