Cargando…
Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’
Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) i...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2015
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4532429/ https://www.ncbi.nlm.nih.gov/pubmed/26263401 http://dx.doi.org/10.1371/journal.pone.0131368 |
| _version_ | 1782385216729382912 |
|---|---|
| author | Islam, SK Hafizul Khan, Muhammad Khurram Li, Xiong |
| author_facet | Islam, SK Hafizul Khan, Muhammad Khurram Li, Xiong |
| author_sort | Islam, SK Hafizul |
| collection | PubMed |
| description | Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. |
| format | Online Article Text |
| id | pubmed-4532429 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2015 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-45324292015-08-20 Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ Islam, SK Hafizul Khan, Muhammad Khurram Li, Xiong PLoS One Research Article Over the past few years, secure and privacy-preserving user authentication scheme has become an integral part of the applications of the healthcare systems. Recently, Wen has designed an improved user authentication system over the Lee et al.’s scheme for integrated electronic patient record (EPR) information system, which has been analyzed in this study. We have found that Wen’s scheme still has the following inefficiencies: (1) the correctness of identity and password are not verified during the login and password change phases; (2) it is vulnerable to impersonation attack and privileged-insider attack; (3) it is designed without the revocation of lost/stolen smart card; (4) the explicit key confirmation and the no key control properties are absent, and (5) user cannot update his/her password without the help of server and secure channel. Then we aimed to propose an enhanced two-factor user authentication system based on the intractable assumption of the quadratic residue problem (QRP) in the multiplicative group. Our scheme bears more securities and functionalities than other schemes found in the literature. Public Library of Science 2015-08-11 /pmc/articles/PMC4532429/ /pubmed/26263401 http://dx.doi.org/10.1371/journal.pone.0131368 Text en © 2015 Islam et al http://creativecommons.org/licenses/by/4.0/ This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are properly credited. |
| spellingShingle | Research Article Islam, SK Hafizul Khan, Muhammad Khurram Li, Xiong Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ |
| title | Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ |
| title_full | Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ |
| title_fullStr | Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ |
| title_full_unstemmed | Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ |
| title_short | Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ |
| title_sort | security analysis and improvement of ‘a more secure anonymous user authentication scheme for the integrated epr information system’ |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4532429/ https://www.ncbi.nlm.nih.gov/pubmed/26263401 http://dx.doi.org/10.1371/journal.pone.0131368 |
| work_keys_str_mv | AT islamskhafizul securityanalysisandimprovementofamoresecureanonymoususerauthenticationschemefortheintegratedeprinformationsystem AT khanmuhammadkhurram securityanalysisandimprovementofamoresecureanonymoususerauthenticationschemefortheintegratedeprinformationsystem AT lixiong securityanalysisandimprovementofamoresecureanonymoususerauthenticationschemefortheintegratedeprinformationsystem |