The Cryptanalysis of Lee's Chaotic Maps-Based Authentication and Key Agreement Scheme using Smart card for Telecare Medicine Information Systems

TL;DR

This paper analyzes Lee's chaotic maps-based authentication scheme for Telecare Medicine Information Systems, revealing security weaknesses and inefficiencies that could lead to denial of service and increased overhead.

Contribution

The paper critically reviews Lee's scheme, demonstrating its vulnerabilities and inefficiencies, and highlights the need for improved security and performance in TMIS authentication methods.

Findings

Lee's scheme is vulnerable to security attacks.

Inefficient password change phase causes denial of service.

Login phase incurs extra computation and communication overhead.

Abstract

The Telecare medicine information system (TMIS) is developed to provide Telecare services to the remote user. A user can access remote medical servers using internet without moving from his place. Although remote user and server exchange their messages/data via public networks. An adversary is considered to be enough powerful that he may have full control over the public network. This makes these Telecare services vulnerable to attacks. To ensure secure communication between the user and server many password based authentication schemes have been proposed. In 2013, Hao et al. presented chaotic maps-based password authentication scheme for TMIS. Recently, Lee identified that Hao et al.'s scheme fails to satisfy key agreement property, such that a malicious server can predetermine the session key. Lee also presented an efficient chaotic map-based password authentication and key agreement scheme using Smart cards for TMIS. In this article, we briefly review Lee's scheme and demonstrates the weakness of Lee's scheme. The study shows that the Lee's scheme inefficiency of password change phase causes denial of service attack and login phase results extra computation and communication overhead.