Abstract
Electronic health systems, such as telecare medical information system (TMIS), allow patients to exchange their health information with a medical center/doctor for diagnosis in real time, and across borders. Given the sensitive nature of health information/medical data, ensuring the security of such systems is crucial. In this paper, we revisit Das etal.'s authentication protocol, which is designed to ensure patient anonymity and untraceability. Then, we demonstrate that the security claims are invalid, by showing how both security features (i.e., patient anonymity and untraceability) can be compromised. We also demonstrate that the protocol suffers from smartcard launch attacks. To mitigate such design flaws, we propose a new lightweight authentication protocol using the cryptographic hash function for TMIS. We then analyze the security of the proposed protocol using AVISPA and Scyther, two widely used formal specification tools. The performance analysis demonstrates that our protocol is more efficient than other competing protocols.
Highlights
Electronic Health Record (ERH) system is designed to maintain patient records, and facilitate e-prescribing, clinnew smartcard launch attacks. To mitigate such design flaws, we propose a new lightweight authentication protocol using the cryptographic hash function for Telecare Medical Information System (TMIS)
It can be challenging to make a medical diagnosis for a new patient since the medical practitioner does not access to the patient’s prior medical history and other relevant information in real-time, since this is the first time that this medical practitioner is seeing the patient
This limitation can be mitigated in an electronic health system, since the medical practitioner from a and surgery training and planning systems
Summary
The medical-server M Sj (1 ≤ j ≤ m) selects an identity IDmj, and sends it to the central medical registration server M RS. M RS calculates a secret key Xmj = h(IDmj Xc) for M Sj, where Xc denotes the secret key of M RS. Note that M Sj keeps IDmj, Xmj in the database. For m additional medical servers M Sj (m + 1 ≤ j ≤ m + m ), M RS selects an unique identity IDamj, calculates Xamj = h(IDamj Xc), and stores IDamj, Xc in the memory for all additional medical servers M Sj. For m additional medical servers M Sj (m + 1 ≤ j ≤ m + m ), M RS selects an unique identity IDamj, calculates Xamj = h(IDamj Xc), and stores IDamj, Xc in the memory for all additional medical servers M Sj These information will be used ensure scalability, if needed
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have