Skip to main content
SpringerLink
Log in

A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

To protect patient privacy and ensure authorized access to remote medical services, many remote user authentication schemes for the integrated electronic patient record (EPR) information system have been proposed in the literature. In a recent paper, Das proposed a hash based remote user authentication scheme using passwords and smart cards for the integrated EPR information system, and claimed that the proposed scheme could resist various passive and active attacks. However, in this paper, we found that Das’s authentication scheme is still vulnerable to modification and user duplication attacks. Thereafter we propose a secure and efficient authentication scheme for the integrated EPR information system based on lightweight hash function and bitwise exclusive-or (XOR) operations. The security proof and performance analysis show our new scheme is well-suited to adoption in remote medical healthcare services.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Burrows, M., Abadi, M., Needham, R., A logic of authentication. ACM Trans. Comput. Syst. 8(1):18–36, 1990.

    Article  Google Scholar 

  2. Chen, Y., Chou, J.S., Sun, H.M., A novel mutual authentication scheme based on quadratic residues for RFID systems. Computer Networks 52(12):2373–2380, 2008.

    Article  Google Scholar 

  3. Das, A.K., A secure and robust password-based remote user authentication scheme using smart cards for the integrated EPR information system. Journal of Medical Systems 39(3):25, 2015.

    Article  PubMed  Google Scholar 

  4. Guo, P., Wang, J., Li, B., Lee, S., A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology 15(6):929–936, 2014.

    Google Scholar 

  5. Hao, X., Wang, J., Yang, Q., Yan, X., Li, P., A chaotic map-based authentication scheme for telecare medicine information systems. Journal of Medical Systems 37(2):9919, 2013.

    Article  PubMed  Google Scholar 

  6. He, D., Zhang, Y., Chen, J., Cryptanalysis and improvement of an anonymous authentication protocol for wireless access networks. Wirel. Pers. Commun. 74(2):229–243, 2014.

    Article  Google Scholar 

  7. He, D., Kumar, N., Chilamkurti, N., Lee, J.H., Lightweight ECC based RFID authentication integrated with an ID verifier transfer protocol. Journal of Medical Systems 38(10):116, 2014.

    Article  PubMed  Google Scholar 

  8. He, D., Kumar, N., Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci., 2015. doi:10.1016/j.ins.2015.02.010.

  9. He, D., and Zeadally, S., Authentication protocol for ambient assisted living system. IEEE Commun. Mag. 35(1):71–77, 2015.

    Article  Google Scholar 

  10. Jiang, Q., Ma, J., Lu, X., Tian, Y., Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. Journal of Medical Systems 38(2):12, 2014.

    Article  PubMed  Google Scholar 

  11. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis, in Proceedings of Advances in Cryptology (1999)

  12. Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C., A secure and efficient password-based user authentication scheme using smart cards for the integrated EPR information system. J. Med. Syst. 37(3):9941, 2013.

    Article  PubMed  Google Scholar 

  13. Li, C.T., and Hwang, M.S., An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1):1–5, 2010.

    Article  Google Scholar 

  14. Li, C.T., and Lee, C.C., A robust remote user authentication scheme using smart card. Information Technology and Control 40(3):236–245, 2011.

    Article  Google Scholar 

  15. Li, C.T., and Lee, C.C., A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Math. Comput. Model. 55(1-2):35–44, 2012.

    Article  Google Scholar 

  16. Li, C.T., Lee, C.C., Weng, C.Y., An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics 74(4):1133–1143, 2013.

    Article  Google Scholar 

  17. Li, C.T., Lee, C.C., Weng, C.Y., A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems. Journal of Medical Systems 38(9):77, 2014.

    Article  PubMed  Google Scholar 

  18. Li, C.T., Weng, C.Y., Lee, C.C., A secure RFID tag authentication protocol with privacy preserving in telecare medicine information systems. J. Med. Syst. 39(8):77, 2015.

    Article  PubMed  Google Scholar 

  19. Li, C.T., Lee, C.W., Shen, J.J., An extended chaotic maps based keyword search scheme over encrypted data resist outside and inside keyword guessing attacks in cloud storage services. Nonlinear Dynamics 80(3):1601–1611, 2015.

    Article  Google Scholar 

  20. Li, W.T., Ling, C.H., Hwang, M.S., Group rekeying in wireless sensor networks: a survey. International Journal of Network Security 16(6):401–410, 2014.

    Google Scholar 

  21. Liao, I.E., Lee, C.C., Hwang, M.S., A password authentication scheme over insecure networks. J. Comput. Syst. Sci. 72(4):727–740, 2006.

    Article  Google Scholar 

  22. Messerges, T.S., Dabbish, E.A., Sloan, R.H., Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Commun. 51(5):541–552, 2002.

    Google Scholar 

  23. Ramasamy, R., and Muniyandi, A.P., An efficient password authentication scheme for smart card. International Journal of Network Security 14(3):180–186, 2012.

    Google Scholar 

  24. RFC 2104 − HMAC. Keyed-hashing for message authentication. 〈http://www.ietf.org/rfc/rfc2104.txt

  25. Shen, J., Tan, H., Wang, J., Wang, J., Lee, S., A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology 16 (1):171–178, 2015.

    Google Scholar 

  26. Wen, F., A more secure anonymous user authentication scheme for the integrated EPR information system. J. Med. Syst. 38 :42, 2014.

    Article  PubMed  Google Scholar 

  27. Wu, Z.Y., Chung, Y.F., Lai, F., Chen, T.S., A password-based user authentication scheme for the integrated EPR information system. J. Med. Syst. 36(2):631–638, 2012.

    Article  PubMed  Google Scholar 

  28. Xue, K., and Hong, P., Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17(7):29691V2977, 2012.

    Article  Google Scholar 

  29. Yang, L., Ma, J.F., Jiang, Q., Mutual authentication scheme with smart cards and password under trusted computing. International Journal of Network Security 14(3):156–163, 2012.

    Google Scholar 

  30. Yeh, T.C., Wu, C.H., Tseng, Y.M., Improvement of the RFID authentication scheme based on quadratic residues. Comput. Commun. 34(3):337–341, 2011.

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous referees for their valuable suggestions and comments. In addition, this paper was supported by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 104-2221-E-165-004 and MOST 104-2221-E-030-002.

Author information

Authors and Affiliations

  1. Department of Information Management, Tainan University of Technology, No. 529, Zhongzheng Road, Tainan City, 71002, Taiwan

    Chun-Ta Li & Chun-Cheng Wang

  2. Department of Computer Science, National Pingtung University, No. 4-18, Min-Sheng Road, Pingtung City, 90003, Taiwan

    Chi-Yao Weng

  3. Department of Library and Information Science, Fu Jen Catholic University, No. 510, Jhongjheng Road, New Taipei City, 24205, Taiwan

    Cheng-Chi Lee

  4. Department of Photonics and Communication Engineering, Asia University, No. 500, Lioufeng Road, Taichung City, 41354, Taiwan

    Cheng-Chi Lee

Authors
  1. Chun-Ta Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chi-Yao Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cheng-Chi Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chun-Cheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cheng-Chi Lee.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, CT., Weng, CY., Lee, CC. et al. A Hash Based Remote User Authentication and Authenticated Key Agreement Scheme for the Integrated EPR Information System. J Med Syst 39, 144 (2015). https://doi.org/10.1007/s10916-015-0322-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-015-0322-3

Keywords

Search

Navigation