An authentication and key agreement scheme enables participants to agree a common secret key and to establish a secure channel. A secure authentication and key agreement scheme for telecare medicine information systems provides doctors, nurses, patients, etc. with mutual authentication and secure communication. Recently, Z. Wang et al. (2015) proposed an efficient dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems, and also claimed that their scheme can resist possible attacks. However, this investigation shows that Z. Wang et al.'s scheme fails to provide session key security and user anonymity, and suffers from password guessing and impersonation attacks. To overcome the weaknesses, this investigation proposes an improved authentication scheme by using extended chaotic map-based Diffie-Hellman key change. The proposed scheme avoids the weaknesses in previous schemes, and retains low computational cost.
金鑰協商機制讓參與者協商一共同密鑰並建立一安全通訊管道。一適用於遠距醫療資訊系統環境之安全認證與金鑰協商機制提供醫生、護士、病患等使用者相互認證並安全地通訊。近來,Z. Wang等人(2015)利用渾沌映射技術,提出一適用於遠距醫療資訊系統環境,有效率之動態識別碼為基礎的使用者認證機制,並宣稱其所提機制能抵擋可能安全攻擊。然而,本研究顯示Z. Wang等人無法提供認證金鑰安全和使用者匿名等特性,並且可能遭受字典攻擊與偽冒攻擊。為克服所提之缺點,本研究利用渾沌映射之Diffie-Hellman交換技術,提出一改良的認證與金鑰協商機制。所提之認證與金鑰協商機制不僅可以避免相關研究的缺點外,並且仍維持在低運算成本。