Article Preview
Top1. Introduction
Telecare Medical Information Systems (TMIS) are now a very highly focused domain as these systems provide services for patients who are critically ill and can get proper treatment/ diagnosis at home. Consider the present situation like the Corona pandemic in India. Day by day, the patient numbers are increasing which cannot be handled by govt/private hospitals due to the limited number of medical facilities. Here, TMIS can play an important role for those patients who are diagnosed as suspected cases of COVID 19 and staying at home quarantine. During this time, their regular health monitoring is essential. In such cases, Telecare medical services can provide the guidelines and treatment process for COVID 19 patients. TMIS generally offers any time- anywhere access facility to remote users as cloud-based storage is used (Masdari et al. 2017). These types of services are very challenging as different types of users are accessing the records from different places. Hence, authentication is a challenging task in Telecare medical systems.
In Telecare medical information system, integrated electronic patient records (EPR) are generally used for patent’s health monitoring, treatment, analysis and maintenance of patient’s history etc (Masdari et al. 2017). This health information can be accessed by different stakeholders such as doctors, nurses etc via the internet using password based authentication. Lots of information has been shared among different parties over public channels also. Thus, these web based EPR systems always have a great threat to data privacy and data modification. There are different security flaws in the password-based authentication protocol for TMIS (Mishra 2015). Different authentication schemes for such EPR systems have been found in (Chen et al. 2012, Debiao et al. 2012, Das et al. 2013, Jiang et al. 2013, Lee et al. 2013, Xie et al. 2013). Initially, authors (Chen et al. 2012) proposed a dynamic ID based scheme for TMIS to protect user identity from impersonation attack. Similarly, an efficient low-cost smart card (SC) based authentication scheme for TMIS (Wu et al. 2012) has been found. This scheme is based on a lightweight hash function and complex multiplication operation. But this scheme does not provide mutual authentication. Later, another work (Jiang et al. 2013) has been found which added mutual authentication and user anonymity in their proposed authentication scheme which covers the common three phases with lost smart card revocation. This scheme also prevents the most popular attacks like man-in-the-middle, modification attack, impersonation attack and replay attack. Further, enhancement of Chen et al.’s scheme has been found (Xie et al 2013) to provide anonymity in authentication. This scheme prevents smart card attack, password guessing attack and the attacker is also unable to extract information from the stolen smart card. This scheme follows the usual phases like registration phase, login phase and password change phase. But the major disadvantage of this scheme is high computational load than other schemes. Also this scheme is unable to protect the system from stolen verifier attack and smart card loss attack. Most of these password based authentications cannot withstand off-line password guessing attack, insider attack etc. Hence, biometric based authentication came into the scenario (Chaturvedi et al. 2013). This type of authentication provides security from impersonation attack, stolen card and password guessing attack in medical server authentication system. However, many three factor based authentications were prone to replay attack and lack of anonymity (Pirbhulal et al.2015). Another problem with biometric based authentication is it inherits a low acceptability rate and any slight modification of the concerned biometric trait produces high rejection rates. As Telecare medical services are emergency services, so delay in the login process can lead to a treatment delay which can be fatal for a patient. In TMIS, another popular authentication mechanism is chaotic map based authentication (Guo et al. 2013, Zhang et al. 2016). Most chaos based systems provide no periodicity and pseudo randomness, which reduces the traceability problem. Thus, many chaotic map based schemes (Lin et al. 2015, Li et al. 2016) are available, but in most cases, the confidentiality of the schemes is not perfect. Internal users can trace individuals, which can hamper the privacy of the user data.