Enabling Telecare Medical Information Systems With Strong Authentication and Anonymity
Telecare medical information system (TMIS) is highly desirable to users by allowing them to remotely access medical services or medical information and security, such as authentication and privacy preserving of users is challenging. Recently, some smart card-based password authentication (two-factor authentication) schemes have been proposed. In this paper, we use Chaudhry et al.'s scheme as a case study and demonstrate that a family of two-factor authentication schemes for the TMIS are not secure against ofine dictionary attack and fail to revoke the stolen/lost smart card. Furthermore, an improved two-factor authentication scheme with anonymity has been proposed to remedy the weakness of these schemes. The security analysis of the proposed solution is formally given with the random oracle model and Burrows Abadi Needham logic.
Authentication, anonymity, telecare medical information system, random oracle model, BAN-logic.