Enabling Telecare Medical Information Systems With Strong Authentication and Anonymity

Telecare medical information system (TMIS) is highly desirable to users by allowing them to remotely access medical services or medical information and security, such as authentication and privacy preserving of users is challenging. Recently, some smart card-based password authentication (two-factor authentication) schemes have been proposed. In this paper, we use Chaudhry et al.'s scheme as a case study and demonstrate that a family of two-factor authentication schemes for the TMIS are not secure against offline dictionary attack and fail to revoke the stolen/lost smart card. Furthermore, an improved two-factor authentication scheme with anonymity has been proposed to remedy the weakness of these schemes. The security analysis of the proposed solution is formally given with the random oracle model and Burrows-Abadi-Needham logic.