Cryptanalysis and Improvement of an Improved Two Factor Authentication Scheme for Telecare Medicine Information Systems

Telecare medical information systems (TMIS) aim to provide healthcare services remotely. Efficient and secure mechanism for authentication and key agreement is required in order to guarantee the security and privacy of patients in TMIS. Recently Amin et al. proposed an improved RSA based user authentication and session key agreement protocol for TMIS after demonstrating some security pitfalls in Giri et al.’s scheme. They claimed that their improved protocol overcomes the weakness of Giri et al.’s scheme and resists all known attacks. However, our analyses show that Amin et al.’s protocol is vulnerable to offline identity-password guessing attacks once the victim’s card is compromised and does not provide perfect forward secrecy. Furthermore we propose a new ECC based anonymous authentication and key agreement scheme which is efficient and provides all security requirements.