A secure RFID protocol for Telecare Medicine Information Systems using ECC

The advancements in networking and communication technologies resulted in a novel health care application called Telecare Medicine Information Systems (TMIS). TMIS provides efficient and real time connectivity to patient Body Area Network (BAN) to access patient data remotely by a doctor via an insecure Internet. Due to the involvement of patient sensitive data, and accessing it over an insecure Internet, demands for secure remote user authentication framework. In this context, Jin et al proposed a RFID based authentication scheme for TMIS, and claimed that their scheme is an improved version over existing schemes. In this manuscript, we first analyze Jin et al scheme and illustrate that their scheme is vulnerable to a known session-specific temporary information attack, which in turn leads to leakage of tag identity, tag and reader secret key. We then propose a robust RFID based authentication protocol using ECC with more security capabilities. We will analyze the security strengths of our scheme both formally and informally using random oracle model and AVISPA tool.