1 / 18

Authors: Tian -Fu Lee·Chuan-Ming Liu Speaker: 陳彥賓

A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. Authors: Tian -Fu Lee·Chuan-Ming Liu Speaker: 陳彥賓. Outline. 1. Introduction 2. Review Of Zhu’s Scheme 3. Weakness Of Zhu’s Scheme 4. Improved Scheme 5. Security Analysis

duc
Télécharger la présentation

Authors: Tian -Fu Lee·Chuan-Ming Liu Speaker: 陳彥賓

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Secure Smart-Card Based Authentication and Key Agreement Scheme for Telecare Medicine Information Systems Authors: Tian-Fu Lee·Chuan-MingLiu Speaker: 陳彥賓

  2. Outline • 1. Introduction • 2. Review Of Zhu’s Scheme • 3. Weakness Of Zhu’s Scheme • 4. Improved Scheme • 5. Security Analysis • 6. Conclusion

  3. 1. Introduction • A smart-card based authentication scheme for telecare medicine information systems enables patients,doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks.

  4. 2. Review Of Zhu’s Scheme(1/5)

  5. 2. Review Of Zhu’s Scheme(2/5) • Initial 1.Generates two large primes p、q n=p×q 2.choose the system public /private key pair (e,d). User Ui Server S

  6. 2. Review Of Zhu’s Scheme(3/5) • Registration User Ui Server S 1.Generates 、 、 2. Store () into smart card Secure Channel smart card 3. inserts to smart card Secure Channel

  7. 2. Review Of Zhu’s Scheme(4/5) • Authentication Server S User Ui 1.Insert his smart card Input Generate Compute 2.Check Compute Check Generate Compute Check Compute Check If true,accept the service request.

  8. 2. Review Of Zhu’s Scheme (5/5) • Password change Insert his smart card Input old password new password Smart card Compute Smart card replaces with

  9. 3. Weakness Of Zhu’s Scheme (1/2) • The faults of the authentication Server S User Ui • Registration S uses compute • Authentication Uiuses compute • Password change Uiuses and )

  10. 3. Weakness Of Zhu’s Scheme (2/2) • The parallel attacks Server S Attacker User Ui 1.Insert his smart card Input Generate Compute 2.Check Compute Check Generate Compute 3.Check Compute 4.Check Accept the service request

  11. 4. Improved Scheme (1/4) • Initial 1.Generates two large primes p、q n=p×q 2.choose the system public /private key pair (e,d). Server S User Ui

  12. 4. Improved Scheme (2/4) • Registration Server S User Ui 、 1.Generates 、 2. Store () into smart card Secure Channel smart card Secure Channel 3. inserts and SNi=0 to smart card

  13. 4. Improved Scheme (3/4) • Authentication Server S User Ui 1.Insert his smart card Input Generate ++ 2. Check and Generate Updates as Compute Check If true,accept the service request.

  14. 4. Improved Scheme (4/4) • Password change Insert his smart card Input old password new password Smart card Compute Smart card replaces with

  15. 5. Security Analysis (1/3) • The parallel session attacks Uses SNiauthentication server and users can easilydetect the replaying andmanipulating used messagesby attackers.

  16. 5. Security Analysis (2/3) • Providing users’ anonymity Server S User Ui 1.Insert his smart card Input Generate ++

  17. 5. Security Analysis (3/3) • Session key security A public key pair (e, n), d cannot be calculated since no polynomial algorithm has been identified for solving RSA. Thus, obtaining from is difficult.

  18. 6. Conclusion • This paper has a lower computational cost and provides more security properties and using a serial number improve replay attack.

More Related