Cryptanalysis of Wu and Xu's authentication scheme for Telecare Medicine Information Systems
This work addresses security flaws in authentication schemes for telemedicine systems, which is critical for protecting patient data, but it is incremental as it builds on prior cryptanalysis.
The paper analyzes Wu and Xu's authentication scheme for Telecare Medicine Information Systems and identifies vulnerabilities, including off-line password guessing attacks and lack of user anonymity, while also pointing out inefficiencies in incorrect input detection.
Remote user authentication is desirable for a Telecare medicine information system (TMIS) to verify the correctness of remote users. In 2013, Jiang et al. proposed privacy preserving authentication scheme for TMIS. Recently, Wu and Xu analyzed Jiang's scheme and identify serious security flaws in their scheme, namely, user impersonation attack, DoS attack and off-line password guessing attack. In this article, we analyze Wu and Xu's scheme and show that their scheme is also vulnerable to off-line password guessing attack and does not protect user anonymity. Moreover, we identify the inefficiency of incorrect input detection of the login phase in Wu and Xu's scheme, where the smart card executes the login session in-spite of wrong input.