Security enhancement on an authentication scheme for privacy preservation in Ubiquitous Healthcare System

In Ubiquitous Healthcare System (U-Healthcare), authentication is an essential task for secure medical information transmissions. In a recent paper, Kim proposed a smartcardbased authentication scheme for privacy preservation in UHealthcare. This scheme can protect user context privacy and is believed to have many abilities to resist a range of attacks, even though the secret data stored on the smartcard are compromised. In this paper, we evaluate the security of Kim´s proposal and illustrate that the scheme is, in fact, insecure against the stolensmartcard attack. Moreover, some steps of the scheme are unattainable, and security assumption is too strict. Then, we also investigate a novel scheme based on Kim´s scheme and the quadratic residue assumption. Compared with the existing schemes, the new proposal does not require the Electric Health Record database (EHR) to share a various secure value with patients and physicians, individually. Thus, it is more practical and realistic. We show that our proposed scheme can provide stronger security than Kim´s previous scheme.