Summary: | The telecare medical information systems (TMISs) provide the convenience to the patients/users to be served at home. Along with such ease, it is essential to preserve the privacy and to provide the security to the patients/users in TMIS. Often, authentication protocols are adopted to guarantee privacy and secure interaction between the patients/users and remote server. Recently, Chaudhry et al. pointed out that Islam et al.'s scheme based on smart card is prone to user impersonation and server impersonation attacks. Chaudhry et al. later presented an enhanced scheme based on elliptic curve cryptography to remedy the weaknesses of Islam et al.'s scheme. Unfortunately, we find some important limitations in both schemes. We remark that their scheme is prone to off-line password guessing attack, user/server impersonation attack, and man-in-middle attack. To overcome these limitations, we present an improved authentication scheme keeping apart the threats encountered in the design of Chaudhry et al.'s scheme. Moreover, the presented scheme can also resist all known attacks. We prove the security of the proposed scheme with the help of widespread Burrows-Abadi-Needham logic. A brief comparison with the previous works provides that the presented protocol is more efficient and more secure than other related schemes.
|