摘要
电子医疗记录的普及和远程医疗信息系统(Telecare Medical Information Systems,TMIS)的推广使异地病人获得相同的医疗服务,改善病人的就医体验。为保证病人隐私信息通过TMIS在公开网络传输时得到保护,认证协议已成为TMIS不可或缺的一部分。分析最近提出的面向TMIS的双因素认证协议的安全性,指出其在智能卡丢失的情况下无法抵抗离线字典攻击,同时未实现真正的匿名性。为克服上述安全缺陷,提出安全性增强的匿名双因素认证协议。安全性和性能分析表明,所提协议以较小的计算开销为代价,为TMIS提供更高的安全性保证,因此更适合在TMIS中部署。
The popularity of electronic medical records and the spread of telecare medical information systems(TMIS)have made it possible for off-site patients to have access to the same medical services,which greatly improves the patient's medical experience.To ensure that patient privacy information is protected as it is transmitted over the public network,the authentication protocol has become an integral part of TMIS.This paper analyzes the security of a recently proposed two-factor authentication protocol for TMIS,and points out that it cannot resist offline dictionary attacks in the case of smart card loss,and also does not achieve true anonymity.To overcome the above security flaws,a security-enhanced anonymous two-factor authentication protocol is proposed.Security and performance analysis show that the proposed protocol provides a higher security guarantee for TMIS,at the cost of smaller computational overhead.Thus,it is more suitable for deployment in TMIS.
作者
赵艳
蒋烈辉
ZHAO Yan;JIANG Liehui(State Key Lab of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China;College of Physical and Electronic Information, Luoyang Normal University, Luoyang 471934, China)
出处
《信息工程大学学报》
2019年第4期480-486,共7页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61802431)。
关键词
远程医疗信息系统
双因素认证
混沌映射
安全性分析
匿名性
telecare medical information systems
two-factor authentication
chaotic map
security analysis
anonymity
