Sutrala Anil Kumar, Das Ashok Kumar, Odelu Vanga, Wazid Mohammad, Kumari Saru
Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India.
Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India.
Comput Methods Programs Biomed. 2016 Oct;135:167-85. doi: 10.1016/j.cmpb.2016.07.028. Epub 2016 Jul 29.
Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home.
Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property.
The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done.
We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security verification of our scheme using the widely accepted AVISPA tool. High security and extra functionality features allow our proposed scheme to be applicable for telecare medicine information systems which is used for e-health care medical applications.
信息通信技术(ICT)改变了整个社会范式。ICT 便于人们通过互联网使用医疗服务,从而在很大程度上降低了出行成本、住院成本和时间成本。远程医疗信息系统(TMIS)的最新进展使得用户/患者能够通过在家中获得健康监测设施,在互联网上获取医疗服务。
阿明和比斯瓦斯最近提出了一种基于 RSA 的用户认证和会话密钥协商协议,可用于 TMIS,这是对吉里等人基于 RSA 的 TMIS 用户认证方案的改进。在本文中,我们表明,尽管阿明 - 比斯瓦斯的方案在很大程度上改善了吉里等人方案的安全缺陷,但他们的方案存在安全弱点,因为它遭受诸如特权内部人员攻击、用户假冒攻击、重放攻击以及离线密码猜测攻击等。本文提出了一种新的基于 RSA 的 TMIS 用户认证方案,该方案克服了阿明 - 比斯瓦斯方案的安全隐患,并且保留了用户匿名属性。
使用两种广泛接受的伯罗斯 - 阿巴迪 - 尼达姆(BAN)逻辑和随机预言模型进行了仔细的形式化安全分析。此外,还对该方案进行了非形式化安全分析。这些安全分析表明我们的新方案针对各种已知攻击以及在阿明 - 比斯瓦斯方案中发现的攻击具有鲁棒性。还使用广泛接受的互联网安全协议与应用自动验证(AVISPA)工具对所提出的方案进行了模拟。
我们提出了一种用于 TMIS 的新的用户认证和会话密钥协商方案,该方案修复了在阿明 - 比斯瓦斯方案中发现的上述安全隐患,并且通过严格的安全分析和验证工具表明所提出的方案比其他现有方案提供了更好的安全性。此外,我们使用广泛接受的 AVISPA 工具对我们的方案进行了形式化安全验证。高安全性和额外的功能特性使得我们提出的方案适用于用于电子医疗保健医疗应用的远程医疗信息系统。
