Cryptanalysis of a chaotic map-based authentication and key agreement scheme for telecare medicine information systems

Abstract

User authentication and privacy is quite essential in telecare medicine information systems (TMIS) for a secure and efficient access of the healthcare services. Very recently, in 2014, Li et al. proposed an efficient chaotic maps and smart cards based password authentication and key agreement scheme TMIS (Journal of Medical Systems). In this paper, we analyze that though the Li et al. scheme is computationally efficient, it has several security weaknesses. As for example, it has design flaws in both login authentication phase and in password change phase. Moreover, it cannot resist denial-of-service attack and adopts incorrect strategy in design of server status table. As a result, the Li et al. scheme is not suitable for practical applications. Finally, we hint at some possible improvements that can be adopted by their scheme to make it more secured against various possible known attacks.