Secure Delegation-Based Authentication for Telecare Medicine Information Systems

The telecare medicine information systems (TMISs) enable patients to gain health monitoring at home and obtain medical services over mobile networks. In recent years, many authentication schemes have been proposed to address the security and privacy issues in the TMISs. For example, Kim et al. and Huang et al. proposed efficient delegation-based authentication protocols by using elliptic curve cryptography. These protocols have a prerequisite that both the home location register and the visited location register must share secrets beforehand. In this paper, we show that Kim et al.'s and Hwang et al.'s schemes are vulnerable to known key attacks. Moreover, they fail to provide communication confidentiality. We then present a new secure delegation-based authentication protocol by using the identity-based cryptography. The proposed protocol removes the weaknesses of the above-mentioned protocols. Through the analysis of the Burrows Abadi Needham logic, along with a random oracle model, we demonstrate that the proposed scheme provides secure authentication. In addition, the proposed scheme can provide more security functionaries than the existing delegation-based authentication protocols. Better tradeoff among security and functionality features and communication and computation costs makes our scheme suitable and applicable in the TMISs.