A Provably-Secure Transmission Scheme for Wireless Body Area Networks

Wireless body area network (WBANs) is composed of sensors that collect and transmit a person’s physiological data to health-care providers in real-time. In order to guarantee security of this data over open networks, a secure data transmission mechanism between WBAN and application provider’s servers is of necessity. Modified medical data does not provide a true reflection of an individuals state of health and its subsequent use for diagnosis could lead to an irreversible medical condition. In this paper, we propose a lightweight certificateless signcryption scheme for secure transmission of data between WBAN and servers. Our proposed scheme not only provides confidentiality of data and authentication in a single logical step, it is lightweight and resistant to key escrow attacks. We further provide security proof that our scheme provides indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model. Compared with two other Diffie-Hellman based signcryption schemes proposed by Barbosa and Farshim (BF) and another by Yin and Liang (YL), our scheme consumes 46 % and 8 % less energy during signcryption than BF and YL scheme respectively.     

A Provably Secure RFID Authentication Protocol Based on Elliptic Curve for Healthcare Environments

To enhance the quality of healthcare in the management of chronic disease, telecare medical information systems have increasingly been used. Very recently, Zhang and Qi (J. Med. Syst. 38(5):47, 32), and Zhao (J. Med. Syst. 38(5):46, 33) separately proposed two authentication schemes for telecare medical information systems using radio frequency identification (RFID) technology. They claimed that their protocols achieve all security requirements including forward secrecy. However, this paper demonstrates that both Zhang and Qi’s scheme, and Zhao’s scheme could not provide forward secrecy. To augment the security, we propose an efficient RFID authentication scheme using elliptic curves for healthcare environments. The proposed RFID scheme is secure under common random oracle model.     

A Mutual Authentication Framework for Wireless Medical Sensor Networks

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient’s data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient’s medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients’ vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.     

Privacy-Preserving and Efficient Truly Three-Factor Authentication Scheme for Telecare Medical Information Systems

Significant development of information technologies has made Telecare Medical Information Systems (TMISs) increasingly popular. In a TMIS, patients upload their medical data through smart devices to obtain a doctor’s diagnosis. However, these smart devices have limited computing and storage capacities, so it is difficult to store substantial patient information and to support time-consuming operations. Moreover, although many three-factor authentication protocols have been proposed for TMISs, the problems of privacy leaks and other security flaws are serious. In addition, authentication factors are verified at the user side in most protocols, giving users a high level of trust and resulting in a potential lack of security. In this paper, we propose a novel efficient truly three-factor authentication protocol for TMISs. In our proposed protocol, three factors (i.e., password, smart card and biometrics) are verified at the server side, which reduces the storage and computational burden of the user side. Additionally, our proposed protocol uses only lightweight operators and is thus efficient. A formal proof analysis demonstrates that our proposed protocol is provably secure in the random oracle model. The performance evaluation shows that the proposed protocol is very efficient and suitable for TMISs.     

Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce

The telecare medical information systems (TMISs) support convenient and rapid health-care services. A secure and efficient authentication scheme for TMIS provides safeguarding patients’ electronic patient records (EPRs) and helps health care workers and medical personnel to rapidly making correct clinical decisions. Recently, Kumari et al. proposed a password based user authentication scheme using smart cards for TMIS, and claimed that the proposed scheme could resist various malicious attacks. However, we point out that their scheme is still vulnerable to lost smart card and cannot provide forward secrecy. Subsequently, Das and Goswami proposed a secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. They simulated their scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications (AVISPA) tool to ensure that their scheme is secure against passive and active attacks. However, we show that their scheme is still vulnerable to smart card loss attacks and cannot provide forward secrecy property. The proposed cryptanalysis discourages any use ofthe two schemes under investigation in practice and reveals some subtleties and challenges in designing this type of schemes.     

Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan’s scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.     

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications

Benefited from the development of network and communication technologies, E-health care systems and telemedicine have got the fast development. By using the E-health care systems, patient can enjoy the remote medical service provided by the medical server. Medical data are important privacy information for patient, so it is an important issue to ensure the secure of transmitted medical data through public network. Authentication scheme can thwart unauthorized users from accessing services via insecure network environments, so user authentication with privacy protection is an important mechanism for the security of E-health care systems. Recently, based on three factors (password, biometric and smart card), an user authentication scheme for E-health care systems was been proposed by Amin et al., and they claimed that their scheme can withstand most of common attacks. Unfortunate, we find that their scheme cannot achieve the untraceability feature of the patient. Besides, their scheme lacks a password check mechanism such that it is inefficient to find the unauthorized login by the mistake of input a wrong password. Due to the same reason, their scheme is vulnerable to Denial of Service (DoS) attack if the patient updates the password mistakenly by using a wrong password. In order improve the security level of authentication scheme for E-health care application, a robust user authentication scheme with privacy protection is proposed for E-health care systems. Then, security prove of our scheme are analysed. Security and performance analyses show that our scheme is more powerful and secure for E-health care systems when compared with other related schemes.     

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users’ identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user’s real identity during the process of network communications and only the medical server knows login user’s identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.     

ICASME: An Improved Cloud-Based Authentication Scheme for Medical Environment

Unlike the traditional medical system, telecare medicine information system (TMIS) ensures that patients can get health-care services via the Internet at home. Authenticated key agreement protocol is very important for protecting the security in TMIS. Recently scholars have proposed a lot of authenticated key agreement protocols. In 2016, Chiou et al. demonstrated that Chen et al.’s authentication scheme fails to provide user’s anonymity and message authentication and then proposed an enhanced scheme (Chiou et al., J. Med. Syst. 40(4):1–15, 2006) to overcome these drawbacks. In this paper, we demonstrate that Chiou et al.’s scheme is defenseless against key compromise impersonation (KCI) attack and also fails to provide forward security. Moreover, we propose a novel authentication scheme namely ICASME to overcome the mentioned weaknesses in this paper. Security analyses show that ICASME achieves the forward security and KCI attack resistance. In addition, it is proved that the time taken to implement the ICASME is not intolerable compared to the original protocol.     

An Efficient and Secure Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems

The rapidly increased availability of always-on broadband telecommunication environments and lower-cost vital signs monitoring devices bring the advantages of telemedicine directly into the patient's home. Hence, the control of access to remote medical servers' resources has become a crucial challenge. A secure authentication scheme between the medical server and remote users is therefore needed to safeguard data integrity, confidentiality and to ensure availability. Recently, many authentication schemes that use low-cost mobile devices have been proposed to meet these requirements. In contrast to previous schemes, Khan et al. proposed a dynamic ID-based remote user authentication scheme that reduces computational complexity and includes features such as a provision for the revocation of lost or stolen smart cards and a time expiry check for the authentication process. However, Khan et al.'s scheme has some security drawbacks. To remedy theses, this study proposes an enhanced authentication scheme that overcomes the weaknesses inherent in Khan et al.'s scheme and demonstrated this scheme is more secure and robust for use in a telecare medical information system.     

Cryptanalysis and Improvement of ‘A Privacy Enhanced Scheme for Telecare Medical Information Systems’

To ensure reliable telecare services some user authentication schemes for telecare medical information system (TMIS) have been presented in literature. These schemes are proposed with intent to regulate only authorized access to medical services so that medical information can be protected from misuse. Very recently Jiang et al. proposed a user authentication scheme for TMIS which they claimed to provide enhanced privacy. They made use of symmetric encryption/decryption with cipher block chaining mode (CBC) to achieve the claimed user privacy. Their scheme provides features like user anonymity and user un-traceability unlike its preceding schemes on which it is built. Unluckily, authors overlook some important aspects in designing their scheme due to which it falls short to resist user impersonation attack, guessing attacks and denial of service attack. Besides, its password change phase is not secure; air message confidentiality is at risk and also has some other drawbacks. Therefore, we propose an improved scheme free from problems observed in Jiang et al.’s scheme and more suitable for TMIS.     

Strong Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user’s unique identity to accomplish the user authentication and does not need to store or verify others’s certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.     

Robust Anonymous Authentication Scheme for Telecare Medical Information Systems

Patient can obtain sorts of health-care delivery services via Telecare Medical Information Systems (TMIS). Authentication, security, patient’s privacy protection and data confidentiality are important for patient or doctor accessing to Electronic Medical Records (EMR). In 2012, Chen et al. showed that Khan et al.’s dynamic ID-based authentication scheme has some weaknesses and proposed an improved scheme, and they claimed that their scheme is more suitable for TMIS. However, we show that Chen et al.’s scheme also has some weaknesses. In particular, Chen et al.’s scheme does not provide user’s privacy protection and perfect forward secrecy, is vulnerable to off-line password guessing attack and impersonation attack once user’s smart card is compromised. Further, we propose a secure anonymity authentication scheme to overcome their weaknesses even an adversary can know all information stored in smart card.     

MIStore: a Blockchain-Based Medical Insurance Storage System

Currently, blockchain technology, which is decentralized and may provide tamper-resistance to recorded data, is experiencing exponential growth in industry and research. In this paper, we propose the MIStore, a blockchain-based medical insurance storage system. Due to blockchain’s the property of tamper-resistance, MIStore may provide a high-credibility to users. In a basic instance of the system, there are a hospital, patient, insurance company and n servers. Specifically, the hospital performs a (t, n)-threshold MIStore protocol among the n servers. For the protocol, any node of the blockchain may join the protocol to be a server if the node and the hospital wish. Patient’s spending data is stored by the hospital in the blockchain and is protected by the n servers. Any t servers may help the insurance company to obtain a sum of a part of the patient’s spending data, which servers can perform homomorphic computations on. However, the n servers cannot learn anything from the patient’s spending data, which recorded in the blockchain, forever as long as more than n ? t servers are honest. Besides, because most of verifications are performed by record-nodes and all related data is stored at the blockchain, thus the insurance company, servers and the hospital only need small memory and CPU. Finally, we deploy the MIStore on the Ethererum blockchain and give the corresponding performance evaluation.     

Visual Sharing Protection Method for Medical Images

The telecare medical information system (TMIS) aims to establish telecare services and enable the public to access medical services or medical information at remote sites. Authentication and key agreement is essential to ensure data integrity, confidentiality, and availability for TMIS. Most recently, Chen et al. proposed an efficient and secure dynamic ID-based authentication scheme for TMIS, and claimed that their scheme achieves user anonymity. However, we observe that Chen et al.’s scheme achieves neither anonymity nor untraceability, and is subject to the identity guessing attack and tracking attack. In order to protect user privacy, we propose an enhanced authentication scheme which achieves user anonymity and untraceablity. It is a secure and efficient authentication scheme with user privacy preservation which is practical for TMIS.     

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas’s scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.’s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.     

A Secure Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. In recent years, the increased availability of lower-cost telecommunications systems and custom made physiological monitoring devices for patients have made it possible to bring the advantages of telemedicine directly into the patient’s home. These systems are moving towards an environment where automated patient medical records and electronically interconnected telecare facilities are prevalent. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. Many schemes based on cryptography have been proposed for the goals. However, much of the schemes are vulnerable to various attacks, and are neither efficient, nor user friendly. Specially, in terms of efficiency, some schemes need the exponential computation resulting in high time cost. Therefore, we propose a novel authentication scheme that is added the pre-computing idea within the communication process to avoid the time-consuming exponential computations. Finally, it is shown to be more secure and practical for telecare medicine environments.     

An Improved Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. In order to safeguard patients' privacy, such as telephone number, medical record number, health information, etc., a secure authentication scheme will thus be in demand. Recently, Wu et?al. proposed a smart card based password authentication scheme for the telecare medicine information system. Later, He et?al. pointed out that Wu et?al.'s scheme could not resist impersonation attacks and insider attacks, and then presented a new scheme. In this paper, we show that both of them fail to achieve two-factor authentication as smart card based password authentication schemes should achieve. We also propose an improved authentication scheme for the telecare medicine information system, and demonstrate that the improved one satisfies the security requirements of two-factor authentication and is also efficient.     

Utilization of Electronic Medical Records to Build a Detection Model for Surveillance of Healthcare-Associated Urinary Tract Infections

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients’ medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users’ overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users’ public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.     

An Improved Two-Layer Authentication Scheme for Wireless Body Area Networks

Wireless body area networks (WBANs) comprises a number of sensor nodes and the portable mobile device such as smartphone. It is used to monitor the physical condition and provide a reliable healthcare system. Utilizing the wireless communication network, sensor nodes collect the physiological data of one patient to the portable mobile device and the latter analyzes and transmits them to the application providers. Therefore, the personal data confidentiality and user privacy are cores of WBANs. Recently, Shen et al. presented a multi-layer authentication protocol for WBANs, which is lightweight and much easier to implement. However, we observe that their authentication between sensor nodes and the portable mobile device could ensure the forward security property only when the sensor nodes are changed (add or delete). When the sensor nodes are constant, the security property is not satisfied. Meanwhile, the authentication between the portable mobile device and application provider is prone to mutual impersonation attack, so the critical goal of mutual authentication can not be achieved. In this paper, an improved two-layer authentication scheme is proposed to remove the flaws. The analysis shows that our method is more secure and could withstand various attacks.