Skip to main content
Top
Published in: Wireless Personal Communications 4/2017

29-05-2017

Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System

Authors: Mustapha Benssalah, Mustapha Djeddou, Karim Drouiche

Published in: Wireless Personal Communications | Issue 4/2017

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Radio frequency identification (RFID) technology has been used in a wide variety of applications, more recently as a leading identification technology in healthcare environments. In the most recent years, this technology is adopted for telecare medicine information system (TMIS) for authentication, safety, security, data confidentiality and patient’s privacy protection over public networks. TMIS is the bridge between patients at home and doctors at healthcare organizations that permits to confirm the correctness of exchanged information between different actors of the system. Recently, several RFID authentication schemes have been presented and suggested for the TMIS in the literature. These schemes try to resolve the security and privacy problems over insecure healthcare networks environments by exploiting different cryptographic primitive’s solutions. In this paper, we analyze in depth the security of the most recent proposed protocol for TMIS in the literature and find out its main vulnerabilities. The proposed attacks are possible due to some weaknesses related to the misuse of the timestamp technique, the calculation of the reader request and tag response messages using the one-way hash function, which are not attentively scrutinized. Furthermore, we propose an efficient and robust improved mobile authentication protocol with high efficiency and security for TMIS. The performance analysis shows that our improved protocol could solve security weaknesses of the studied protocol and provide mobility, efficiency and is well-suited to adoption for TMIS.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference Shoniregun, C. A., Dube, K., & Mtenzi, F. (2010). Electronic healthcare information security. Berlin: Springer.CrossRef Shoniregun, C. A., Dube, K., & Mtenzi, F. (2010). Electronic healthcare information security. Berlin: Springer.CrossRef
2.
go back to reference Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.CrossRef Niu, B., Zhu, X., Chi, H., & Li, H. (2014). Privacy and authentication protocol for mobile RFID systems. Wireless Personal Communications, 77(3), 1713–1731.CrossRef
3.
go back to reference Hembroff, G., & Cai, Y. (2008). Secure authentication and authorization design for rural-based healthcare institutions. Security and Communication Networks, 5(1), 407–415.CrossRef Hembroff, G., & Cai, Y. (2008). Secure authentication and authorization design for rural-based healthcare institutions. Security and Communication Networks, 5(1), 407–415.CrossRef
4.
go back to reference Peris-Lopez, P., Orfila, A., Mitrokotsa, A., & Van der Lubbe, J. C. A. (2011). A comprehensive RFID solution to enhance inpatient medication safety. International Journal of Medical Informatics, 80(1), 13–24.CrossRef Peris-Lopez, P., Orfila, A., Mitrokotsa, A., & Van der Lubbe, J. C. A. (2011). A comprehensive RFID solution to enhance inpatient medication safety. International Journal of Medical Informatics, 80(1), 13–24.CrossRef
5.
go back to reference Yen, Y.-C., Lo, N.-W., & Wu, T.-C. (2012). Two RFID-based solutions for secure inpatient medication administration. Journal of Medical Systems, 36(5), 2769–2778.CrossRef Yen, Y.-C., Lo, N.-W., & Wu, T.-C. (2012). Two RFID-based solutions for secure inpatient medication administration. Journal of Medical Systems, 36(5), 2769–2778.CrossRef
6.
go back to reference Chou, J.-S. (2014). An efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 75–94.MathSciNetCrossRef Chou, J.-S. (2014). An efficient mutual authentication RFID scheme based on elliptic curve cryptography. The Journal of Supercomputing, 70(1), 75–94.MathSciNetCrossRef
7.
go back to reference Khan, M. K., & Kumari, S. (2014). Cryptanalysis and improvement of an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. Security and Communication Networks, 7(2), 399–408.CrossRef Khan, M. K., & Kumari, S. (2014). Cryptanalysis and improvement of an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. Security and Communication Networks, 7(2), 399–408.CrossRef
8.
go back to reference Li, C.-T., Weng, C.-Y., & Lee, C.-C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of Medical Systems, 39(8), 1–8.CrossRef Li, C.-T., Weng, C.-Y., & Lee, C.-C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of Medical Systems, 39(8), 1–8.CrossRef
10.
go back to reference Khor, J. H., Ismail, W., Younis, M. I., Sulaiman, M. K., & Rahman, Mohammad Ghulam. (2011). Security problems in an RFID system. Wireless Personal Communications, 59(1), 17–26.CrossRef Khor, J. H., Ismail, W., Younis, M. I., Sulaiman, M. K., & Rahman, Mohammad Ghulam. (2011). Security problems in an RFID system. Wireless Personal Communications, 59(1), 17–26.CrossRef
11.
go back to reference Wang, S., Liu, S., & Chen, D. (2014). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.CrossRef Wang, S., Liu, S., & Chen, D. (2014). Security analysis and improvement on two RFID authentication protocols. Wireless Personal Communications, 82(1), 21–33.CrossRef
12.
go back to reference Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682. Alavi, S. M., Baghery, K., Abdolmaleki, B., & Aref, M. R. (2015). Traceability analysis of recent RFID authentication protocols. Wireless Personal Communications, 83(3), 1663–1682.
13.
go back to reference Sun, P. R., Wang, B. H., & Wu, F. (2008). A new method to guard inpatient medication safety by the implementation of RFID. Journal of Medical Systems, 32(4), 327–332.CrossRef Sun, P. R., Wang, B. H., & Wu, F. (2008). A new method to guard inpatient medication safety by the implementation of RFID. Journal of Medical Systems, 32(4), 327–332.CrossRef
14.
go back to reference Lo, N.-W., Yeh, K.-H., et al. (2010). Anonymous coexistence proofs for RFID tags. Journal of Information Science and Engineering, 26(4), 1213–1230. Lo, N.-W., Yeh, K.-H., et al. (2010). Anonymous coexistence proofs for RFID tags. Journal of Information Science and Engineering, 26(4), 1213–1230.
15.
go back to reference Huang, H.-H., & Ku, C.-Y. (2009). A RFID grouping proof protocol for medication safety of inpatient. Journal of Medical Systems, 33(6), 467–474.CrossRef Huang, H.-H., & Ku, C.-Y. (2009). A RFID grouping proof protocol for medication safety of inpatient. Journal of Medical Systems, 33(6), 467–474.CrossRef
16.
go back to reference Chien, H.-Y., Yang, C.-C., Wu, T.-C., & Lee, C.-F. (2011). Two RFID-based solutions to enhance inpatient medication safety. Journal of Medical Systems, 35(3), 369–375.CrossRef Chien, H.-Y., Yang, C.-C., Wu, T.-C., & Lee, C.-F. (2011). Two RFID-based solutions to enhance inpatient medication safety. Journal of Medical Systems, 35(3), 369–375.CrossRef
17.
go back to reference Safkhani, M., Bagheri, N., & Naderi, M. (2014). A note on the security of IS-RFID, an inpatient medication safety. International Journal of Medical Informatics, 83(1), 82–85.CrossRef Safkhani, M., Bagheri, N., & Naderi, M. (2014). A note on the security of IS-RFID, an inpatient medication safety. International Journal of Medical Informatics, 83(1), 82–85.CrossRef
18.
go back to reference Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., & Jan, J.-K. (2012). A design of tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 2795–2801.CrossRef Chen, Y.-Y., Huang, D.-C., Tsai, M.-L., & Jan, J.-K. (2012). A design of tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 2795–2801.CrossRef
19.
go back to reference Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 3995–4004.CrossRef Safkhani, M., Bagheri, N., & Naderi, M. (2012). On the designing of a tamper resistant prescription RFID access control system. Journal of Medical Systems, 36(5), 3995–4004.CrossRef
20.
go back to reference Wu, Z.-Y., Chen, L., & Wu, J.-C. (2013). A reliable RFID mutual authentication scheme for healthcare environments. Journal of Medical Systems, 37(2), 1–9.CrossRef Wu, Z.-Y., Chen, L., & Wu, J.-C. (2013). A reliable RFID mutual authentication scheme for healthcare environments. Journal of Medical Systems, 37(2), 1–9.CrossRef
21.
go back to reference Picazo-Sanchez, P., Bagheri, N., Peris-Lopez, P., & Tapiador, J. E. (2013). Two RFID standard-based security protocols for healthcare environments. Journal of Medical Systems, 37(5), 1–12.CrossRef Picazo-Sanchez, P., Bagheri, N., Peris-Lopez, P., & Tapiador, J. E. (2013). Two RFID standard-based security protocols for healthcare environments. Journal of Medical Systems, 37(5), 1–12.CrossRef
22.
go back to reference Bruen, A. A., & Forcinito, M. A. (2005). Classical ciphers and their cryptanalysis, cryptography, information theory, and error-correction: A handbook for the 21st century. London: Wiley.MATH Bruen, A. A., & Forcinito, M. A. (2005). Classical ciphers and their cryptanalysis, cryptography, information theory, and error-correction: A handbook for the 21st century. London: Wiley.MATH
23.
go back to reference Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 1–5.CrossRef Srivastava, K., Awasthi, A. K., Kaul, S. D., & Mittal, R. C. (2015). A hash based mutual RFID tag authentication protocol in telecare medicine information system. Journal of Medical Systems, 39(1), 1–5.CrossRef
24.
go back to reference Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.CrossRef Cho, J.-S., Yeo, S.-S., & Kim, S. K. (2011). Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value. Computer Communications, 34(3), 391–397.CrossRef
Metadata
Title
Security Analysis and Enhancement of the Most Recent RFID Authentication Protocol for Telecare Medicine Information System
Authors
Mustapha Benssalah
Mustapha Djeddou
Karim Drouiche
Publication date
29-05-2017
Publisher
Springer US
Published in
Wireless Personal Communications / Issue 4/2017
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-017-4474-y

Other articles of this Issue 4/2017

Wireless Personal Communications 4/2017 Go to the issue