Cryptanalysis of Wu and Xu's authentication scheme for Telecare Medicine Information Systems

TL;DR

This paper critically examines Wu and Xu's authentication scheme for Telecare Medicine Information Systems, revealing multiple security vulnerabilities and inefficiencies that compromise user privacy and system robustness.

Contribution

The paper provides a detailed cryptanalysis of Wu and Xu's scheme, identifying security flaws and inefficiencies not previously reported.

Findings

Vulnerable to off-line password guessing attack

Fails to protect user anonymity

Inefficient incorrect input detection in login phase

Abstract

Remote user authentication is desirable for a Telecare medicine information system (TMIS) to verify the correctness of remote users. In 2013, Jiang et al. proposed privacy preserving authentication scheme for TMIS. Recently, Wu and Xu analyzed Jiang's scheme and identify serious security flaws in their scheme, namely, user impersonation attack, DoS attack and off-line password guessing attack. In this article, we analyze Wu and Xu's scheme and show that their scheme is also vulnerable to off-line password guessing attack and does not protect user anonymity. Moreover, we identify the inefficiency of incorrect input detection of the login phase in Wu and Xu's scheme, where the smart card executes the login session in-spite of wrong input.