School of Mathematics and Statistics, Wuhan University, Wuhan, China.
Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, 430072, China.
J Med Syst. 2018 Oct 2;42(11):219. doi: 10.1007/s10916-018-1047-x.
Significant development of information technologies has made Telecare Medical Information Systems (TMISs) increasingly popular. In a TMIS, patients upload their medical data through smart devices to obtain a doctor's diagnosis. However, these smart devices have limited computing and storage capacities, so it is difficult to store substantial patient information and to support time-consuming operations. Moreover, although many three-factor authentication protocols have been proposed for TMISs, the problems of privacy leaks and other security flaws are serious. In addition, authentication factors are verified at the user side in most protocols, giving users a high level of trust and resulting in a potential lack of security. In this paper, we propose a novel efficient truly three-factor authentication protocol for TMISs. In our proposed protocol, three factors (i.e., password, smart card and biometrics) are verified at the server side, which reduces the storage and computational burden of the user side. Additionally, our proposed protocol uses only lightweight operators and is thus efficient. A formal proof analysis demonstrates that our proposed protocol is provably secure in the random oracle model. The performance evaluation shows that the proposed protocol is very efficient and suitable for TMISs.
信息技术的飞速发展使得远程医疗信息系统(TMISs)越来越受欢迎。在 TMIS 中,患者通过智能设备上传他们的医疗数据,以获得医生的诊断。然而,这些智能设备的计算和存储能力有限,因此很难存储大量的患者信息和支持耗时的操作。此外,尽管已经提出了许多用于 TMIS 的三因素认证协议,但隐私泄露和其他安全漏洞的问题仍然很严重。此外,在大多数协议中,认证因素在用户端进行验证,这给用户带来了高度的信任,从而导致潜在的安全漏洞。在本文中,我们提出了一种新颖的高效的 TMIS 真正的三因素认证协议。在我们提出的协议中,三个因素(即密码、智能卡和生物识别)在服务器端进行验证,这减少了用户端的存储和计算负担。此外,我们提出的协议只使用轻量级操作符,因此效率很高。形式证明分析表明,我们提出的协议在随机 oracle 模型中是可证明安全的。性能评估表明,所提出的协议非常高效,适合 TMISs。
