Lu Yanrong, Li Lixiang, Peng Haipeng, Xie Dong, Yang Yixian
Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China.
J Med Syst. 2015 Jun;39(6):65. doi: 10.1007/s10916-015-0229-z. Epub 2015 Apr 22.
The Telecare Medicine Information Systems (TMISs) provide an efficient communicating platform supporting the patients access health-care delivery services via internet or mobile networks. Authentication becomes an essential need when a remote patient logins into the telecare server. Recently, many extended chaotic maps based authentication schemes using smart cards for TMISs have been proposed. Li et al. proposed a secure smart cards based authentication scheme for TMISs using extended chaotic maps based on Lee's and Jiang et al.'s scheme. In this study, we show that Li et al.'s scheme has still some weaknesses such as violation the session key security, vulnerability to user impersonation attack and lack of local verification. To conquer these flaws, we propose a chaotic maps and smart cards based password authentication scheme by applying biometrics technique and hash function operations. Through the informal and formal security analyses, we demonstrate that our scheme is resilient possible known attacks including the attacks found in Li et al.'s scheme. As compared with the previous authentication schemes, the proposed scheme is more secure and efficient and hence more practical for telemedical environments.
远程医疗信息系统(TMISs)提供了一个高效的通信平台,支持患者通过互联网或移动网络获取医疗保健服务。当远程患者登录到远程医疗服务器时,认证成为一项基本需求。最近,已经提出了许多基于扩展混沌映射的使用智能卡的TMISs认证方案。Li等人基于Lee和Jiang等人的方案,提出了一种基于扩展混沌映射的TMISs安全智能卡认证方案。在本研究中,我们表明Li等人的方案仍然存在一些弱点,例如违反会话密钥安全性、易受用户假冒攻击以及缺乏本地验证。为了克服这些缺陷,我们通过应用生物识别技术和哈希函数操作,提出了一种基于混沌映射和智能卡的密码认证方案。通过非正式和正式的安全分析,我们证明了我们的方案能够抵御可能的已知攻击,包括在Li等人的方案中发现的攻击。与先前的认证方案相比,所提出的方案更安全、高效,因此在远程医疗环境中更实用。
