Giri Debasis, Maitra Tanmoy, Amin Ruhul, Srivastava P D
Department of Computer Science & Engineering, Haldia Institute of Technology, Haldia, 721657, India,
J Med Syst. 2015 Jan;39(1):145. doi: 10.1007/s10916-014-0145-7. Epub 2014 Nov 18.
It is not always possible for a patient to go to a doctor in critical or urgent period. Telecare Medical Information Systems (TMIS) provides a facility by which a patient can communicate to a doctor through a medical server via internet from home. To hide the secret information of both parties (a server and a patient), an authentication mechanism is needed in TMIS. In 2013, Khan and Kumari proposed the authentication schemes for TMIS. In this paper, we have shown that Khan and Kumari's scheme is insecure against off-line password guessing attack. We have also shown that Khan and Kumari's scheme does not provide any security if the password of a patient is compromised. To improve the security and efficiency, a new authentication scheme for TMIS has been proposed in this paper. Further, the proposed scheme can resist all possible attacks and has better performance than the related schemes published earlier.
在危急或紧急情况下,患者不一定总能去看医生。远程医疗信息系统(TMIS)提供了一种设施,通过它患者可以在家中通过互联网经由医疗服务器与医生进行通信。为了隐藏双方(服务器和患者)的机密信息,TMIS中需要一种认证机制。2013年,汗和库马里提出了TMIS的认证方案。在本文中,我们表明汗和库马里的方案容易遭受离线密码猜测攻击。我们还表明,如果患者的密码被泄露,汗和库马里的方案无法提供任何安全性。为了提高安全性和效率,本文提出了一种新的TMIS认证方案。此外,所提出的方案可以抵御所有可能的攻击,并且比早期发表的相关方案具有更好的性能。
