Abstract
The medical multimedia information system (MMIS), which integrates all available multimedia sources (such as videos of endoscopes, CT scans) to support diagnosis, inspection, surgery, and reporting, has greatly facilitated users (including patients and healthcare providers). What's more, MMIS enables patients to obtain diagnostic information at home and eliminates geographical restrictions between patients and hospitals. However, a large amount of sensitive medical multimedia information in MMIS, such as surgical video, may be leaked during the transmission on the public channel. Therefore, authentication and key agreement (AKA) protocols are urgently needed to provide protection for MMIS. Specifically, authentication can prevent illegal users from accessing the MMIS, while key agreement can derive session keys to protect the sensitive data in transit from eavesdropping and interception. Recently, Zhang et al. presented a dynamic three-factor AKA scheme for privacy protection in the healthcare system which provides user untraceability by dynamic identity. However, we find that Zhang et al.'s scheme cannot withstand offline password guessing attacks and denial of service attacks. Besides, their scheme does not provide password and biometric change phase. To address these shortcomings, an enhanced scheme using Rabin cryptosystem and fuzzy verifier is proposed for MMIS. The analysis of both security and performance demonstrates that the enhanced AKA scheme is better than previous schemes proposed for MMIS.
Highlights
The adoption of information and communication technologies has brought tremendous reforms in the medical service industry, and medical multimedia information system (MMIS) comes into being
MMIS can eliminate the geographical distance between patients and hospitals, since patients can remotely access to medical resources, such as, electrocardiogram, disease diagnosis, video of inspection, etc. and even get medical service outside the hospital [1]
After the examination, the patient does not need to wait for the result in the hospital for a long time, nor does he/she need to commute between hospitals and homes to obtain the diagnosis result
Summary
The adoption of information and communication technologies has brought tremendous reforms in the medical service industry, and medical multimedia information system (MMIS) comes into being. The patient will be able to obtain results from MMS at home or workplace remotely In this process, the MMIS will process a large amount of sensitive data (such as medical multimedia information and personal information). The adversary can intercept the medical multimedia information transmitted by patients through the open channel, he/she performs data analysis or data mining, and obtains relevant sensitive information, such as the genetic history of the family disease. The proposal of an authentication and key agreement (AKA) for the MMIS is a necessity to provide security protection for sensitive medical multimedia information. Amin et al [22] indicated that Das et al.’s scheme is susceptible to offline password guessing attacks, smart card stolen attacks, server/user impersonation attacks, and doesn’t provide session key privacy and user anonymity.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
