Department of Computer Science & Engineering, Indian School of Mines, Dhanbad, 826004, India,
J Med Syst. 2015 Aug;39(8):78. doi: 10.1007/s10916-015-0258-7. Epub 2015 Jun 26.
Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.
远程医疗信息系统(TMIS)通过不安全的互联网在患者/用户和医生之间建立了高效便捷的联系。因此,在不安全的通信中访问重要的医疗数据时,数据安全性、隐私性和用户认证至关重要。最近,文献中提出了许多 TMIS 的用户认证协议,但观察到大多数协议无法满足完整的安全要求。在本文中,我们使用智能卡仔细研究了 Mishra 等人和 Xu 等人提出的两个远程用户认证协议,并解释了这两个协议都存在一些安全弱点。然后,我们提出了一种适用于 TMIS 的三因素用户认证和密钥协商协议,该协议解决了上述方案中的安全漏洞。非正式的密码分析确保所提出的协议能够很好地抵御相关的安全攻击。此外,模拟器 AVISPA 工具确认该协议可以抵御主动和被动攻击,包括重播和中间人攻击。安全功能和性能比较分析表明,我们的协议不仅能对安全攻击提供强大的保护,而且在登录和密码更改阶段以及会话密钥验证属性方面也具有更好的复杂性和效率。
