Department of Information Management, Tainan University of Technology, 529 Zhongzheng Road, Tainan City 71002, Taiwan, ROC.
Department of Information Management, National Yunlin University of Science and Technology, 123 University Road, Yunlin 64002, Taiwan, ROC.
Comput Methods Programs Biomed. 2018 Apr;157:191-203. doi: 10.1016/j.cmpb.2018.02.002.
With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated.
Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks.
The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS.
We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency.
随着无线通信技术的飞速发展和智能设备的普及,远程医疗信息系统(TMIS)允许患者通过互联网技术接受医生的治疗,而无需亲自前往医院。通过采用移动设备、云辅助平台和无线体域网,患者可以收集自己的生理状况并通过移动设备上传到医疗云中,使护理人员或医生能够随时随地为患者提供适当的治疗。为了保护患者的医疗隐私并保证系统的可靠性,在访问 TMIS 之前,所有系统参与者都必须经过身份验证。
Mohit 等人最近提出了一种用于基于云的医疗保健系统的轻量级身份验证协议。他们声称他们的协议确保了所有知名安全攻击的弹性,并具有一些重要功能,如相互认证和患者匿名性。在本文中,我们证明了 Mohit 等人的身份验证协议存在各种安全缺陷,并进一步为云辅助 TMIS 引入了他们协议的增强版本,该版本可以确保患者匿名性和患者不可链接性,并防止报告泄露和报告伪造攻击的安全威胁。
安全性分析证明,我们的增强协议针对各种已知攻击以及 Mohit 等人协议中发现的攻击都是安全的。与现有的相关协议相比,我们的增强协议保留了所有理想安全要求的优点,并且在计算成本方面保持了云辅助 TMIS 的效率。
我们为云辅助 TMIS 提出了一种更安全的相互认证和隐私保护协议,该协议修复了 Mohit 等人协议中发现的安全弱点。根据我们的分析,我们的身份验证协议满足隐私保护的大多数功能要求,并有效地应对云辅助 TMIS,具有更好的效率。
