Zhang Liping, Zhu Shaohui, Tang Shanyu
IEEE J Biomed Health Inform. 2017 Mar;21(2):465-475. doi: 10.1109/JBHI.2016.2517146. Epub 2016 Jan 12.
Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.
远程医疗信息系统(TMIS)提供了灵活便捷的电子医疗保健服务。然而,TMIS中传输的医疗记录会暴露在不安全的公共网络中,因此TMIS更容易受到各种类型的安全威胁和攻击。为了给TMIS提供隐私保护,迫切需要一种安全高效的认证密钥协商方案来保护敏感的医疗数据。最近,米什拉等人通过使用哈希函数和随机数为TMIS提出了一种基于生物特征的认证密钥协商方案,他们声称他们的方案可以消除严等人方案的安全弱点,并提供动态身份保护和用户匿名性。然而,在本文中,我们证明了米什拉等人的方案遭受重放攻击、中间人攻击,并且无法提供完美前向保密性。为了克服米什拉等人方案的弱点,我们随后提出了一种三因素认证密钥协商方案,以使患者能够通过TMIS享受具有隐私保护的远程医疗服务。所提出的方案采用基于混沌映射的密码学来实现安全性和性能的微妙平衡。安全分析表明,所提出的方案能够抵御各种攻击,并提供若干有吸引力的安全属性。性能评估表明,与其他相关方案相比,所提出的方案提高了效率。
