ارسل ملاحظاتك

ارسل ملاحظاتك لنا







A Secure Effective Dynamic Group Password Based Authenticated Key Agreement Scheme for the Integrated EPR Information System

المصدر: مجلة جامعة الملك سعود - علوم الحاسب والمعلومات
الناشر: جامعة الملك سعود
المؤلف الرئيسي: Odelu, Vanga (Author)
مؤلفين آخرين: Goswami, Adrijit (Co-Author) , Das, Ashok Kumar (Co-Author)
المجلد/العدد: مج28, ع1
محكمة: نعم
الدولة: السعودية
التاريخ الميلادي: 2016
الصفحات: 68 - 81
DOI: 10.33948/0584-028-001-006
ISSN: 1319-1578
رقم MD: 973797
نوع المحتوى: بحوث ومقالات
اللغة: الإنجليزية
قواعد المعلومات: science
مواضيع:
كلمات المؤلف المفتاحية:
Cryptanalysis | Integrated EPR Information System | Dynamic Group | Password | Authentication | Security
رابط المحتوى:
صورة الغلاف QR قانون
حفظ في:
المستخلص: With the rapid growth of the Internet, a lot of electronic patient records (EPRs) have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password based authenticated key agreement protocol for the integrated EPR information system (SGPAKE). However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely accepted AVISPA.

ISSN: 1319-1578