Security Analysis of User Authentication and Key Agreement Protocol for the Telecare Medicine Information System
Main Article Content
Abstract
The Telecare Medicine Information System (TMIS) is a steadily expanding medical service, offering remote access to health-care facilities and treatments to the patient via the internet. In recent times, Amintoosi and Nikooghadam have introduced a formally secure authentication and key management system for TMIS, relying on the utilization of the Elliptic Curve (EC) Cryptosystem. They assessed the protocol by Khatoon et al. and demonstrated its susceptibility to temporary information attacks specific to known sessions, highlighting its inability to offer flawless forward secrecy. As a remedy, they put forward an enhanced protocol based on elliptic curve cryptography (ECC). However, we found that the Amintoosi and Nikooghadam protocols are vulnerable to off-dictionary and replay attacks. In all authentication mechanisms, it is crucial to include regular password changes and a revocation process to uphold end-user security. Nonetheless, their protocol conspicuously lacks essential components, including phases for password changes, revocation, and re-registration. Consequently, we present an improved protocol that effectively mitigates all the vulnerabilities outlined in the protocols of Khatoon et al. and Amintoosi and Nikooghadam, while also incorporating essential features such as password updates, revocation procedures, and re-registration phases. The suggested protocol is subjected to formal analysis using the random oracle model, and compared to state- of -the-art protocols to demonstrate its suitability for TMIS