Abstract
Telecare medical information systems are developed to establish an online convenient communication platform for patients and medical staff to exchange healthcare related services. Being installed on Internet, these systems are prone to different security and privacy threats, which may result in leakage of sensitive health-related data and privacy compromise of the patients. Hence, a major challenge is to establish a secure communication channel between the patients and medical servers, where parties are mutually authenticated and a session key is agreed upon and shared between them for further information exchange. Recently, Ostad-Sharif et al. presented an ECC- based anonymous authentication and key agreement method for healthcare applications. In this article, we first prove that Ostad- sharif et al.'s scheme is vulnerable to key compromise password guessing attacks and key compromise impersonation attacks. Then, we propose a secure and efficient authentication and key agreement scheme for telecare medical information systems which can provide mutual authentication and perfect forward secrecy, and resists against key compromise password guessing attacks, key compromise impersonation attacks, insider attacks, and replay attacks. The security of the proposed scheme is also proved formally with the Scyther tool.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
