Abstract

Electronic health systems, such as telecare medical information system (TMIS), allow patients to exchange their health information with a medical center/doctor for diagnosis in real time, and across borders. Given the sensitive nature of health information/medical data, ensuring the security of such systems is crucial. In this paper, we revisit Das etal.'s authentication protocol, which is designed to ensure patient anonymity and untraceability. Then, we demonstrate that the security claims are invalid, by showing how both security features (i.e., patient anonymity and untraceability) can be compromised. We also demonstrate that the protocol suffers from smartcard launch attacks. To mitigate such design flaws, we propose a new lightweight authentication protocol using the cryptographic hash function for TMIS. We then analyze the security of the proposed protocol using AVISPA and Scyther, two widely used formal specification tools. The performance analysis demonstrates that our protocol is more efficient than other competing protocols.

Highlights

  • Electronic Health Record (ERH) system is designed to maintain patient records, and facilitate e-prescribing, clinnew smartcard launch attacks. To mitigate such design flaws, we propose a new lightweight authentication protocol using the cryptographic hash function for Telecare Medical Information System (TMIS)

  • It can be challenging to make a medical diagnosis for a new patient since the medical practitioner does not access to the patient’s prior medical history and other relevant information in real-time, since this is the first time that this medical practitioner is seeing the patient

  • This limitation can be mitigated in an electronic health system, since the medical practitioner from a and surgery training and planning systems

Read more

Summary

Medical-server Registration Phase

The medical-server M Sj (1 ≤ j ≤ m) selects an identity IDmj, and sends it to the central medical registration server M RS. M RS calculates a secret key Xmj = h(IDmj Xc) for M Sj, where Xc denotes the secret key of M RS. Note that M Sj keeps IDmj, Xmj in the database. For m additional medical servers M Sj (m + 1 ≤ j ≤ m + m ), M RS selects an unique identity IDamj, calculates Xamj = h(IDamj Xc), and stores IDamj, Xc in the memory for all additional medical servers M Sj. For m additional medical servers M Sj (m + 1 ≤ j ≤ m + m ), M RS selects an unique identity IDamj, calculates Xamj = h(IDamj Xc), and stores IDamj, Xc in the memory for all additional medical servers M Sj These information will be used ensure scalability, if needed

Patient Registration Phase
Login Phase
Authentication and Session Key Agreement Phase
Loss of Patient Anonymity
Loss of Traceability Attack
New Smartcard Launch Attack
Medical Server Registration Phase
Physician Server Registration Phase
Setup Phase
Login and Authentication Phase
Session Key Agreement Phase
New Physician Server Addition Phase
Password Update Phase
Biometric Renewal Phase
Capabilities of the Adversary
Discussion on Security Attacks of Our Protocol
Protocol Simulation using AVISPA Software
Protocol Simulation using Scyther Software
PERFORMANCE STUDY
CONCLUSION
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems
Chun-Ta Li ... Chun-Cheng Wang
Computer methods and programs in biomedicine | VOL. 157
Chun-Ta Li, et. al.Chun-Ta Li ... Chun-Cheng Wang
21 Feb 2018
CDAKA: A Provably-Secure Heterogeneous Cross-Domain Authenticated Key Agreement Protocol with Symptoms-Matching in TMIS.
Xiaoxue Liu ... Wenping Ma
Journal of medical systems | VOL. 42
Xiaoxue Liu, et. al.Xiaoxue Liu ... Wenping Ma
18 Jun 2018
A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS.
Ruhul Amin ... G P Biswas
Journal of medical systems | VOL. 39
Ruhul Amin, et. al.Ruhul Amin ... G P Biswas
15 Feb 2015
Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems.
Shehzad Ashraf Chaudhry ... Mohammad Sabzinejad Farash
Journal of medical systems | VOL. 39
Shehzad Ashraf Chaudhry, et. al.Shehzad Ashraf Chaudhry ... Mohammad Sabzinejad Farash
26 Apr 2015
View more papers

More From: IEEE Transactions on Information Technology in Biomedicine

Paper Title
Journal
Date
Author
Fully Convolutional Hybrid Fusion Network with Heterogeneous Representations for Identification of S1 and S2 from Phonocardiogram.
Yeongul Jang ... Hyuk-Jae Chang
IEEE Transactions on Information Technology in Biomedicine | VOL. PP
Yeongul Jang, et. al.Yeongul Jang ... Hyuk-Jae Chang
19 Jul 2024
CroMAM: A Cross-Magnification Attention Feature Fusion Model for Predicting Genetic Status and Survival of Gliomas using Histological Images.
Jisen Guo ... Cheng Lu
IEEE Transactions on Information Technology in Biomedicine | VOL. PP
Jisen Guo, et. al.Jisen Guo ... Cheng Lu
19 Jul 2024
Learning Interpretable Brain Functional Connectivity Via Self-Supervised Triplet Network With Depth-Wise Attention.
Yunbo Tang ... Yuanlong Yu
IEEE Transactions on Information Technology in Biomedicine | VOL. PP
Yunbo Tang, et. al.Yunbo Tang ... Yuanlong Yu
19 Jul 2024
Obstructive Sleep Apnea Characterization: A Multimodal Cross-Recurrence-Based Approach for Investigating Atrial Fibrillation.
Mantas Rinkevicius ... Vaidotas Marozas
IEEE Transactions on Information Technology in Biomedicine | VOL. PP
Mantas Rinkevicius, et. al.Mantas Rinkevicius ... Vaidotas Marozas
18 Jul 2024
View more papers