Computation-Efficient Three-Party Encrypted Key Exchange for Telecare Medicine Information Systems

Abstract

A three-party encrypted key exchange (3PEKE) protocol for telecare medicine information systems (TMISs) enables two communicating parties, such as patients, doctors, nurses and health visitors, sharing a long-lived secret only with a trusted third party- Medical Center Server (MCS) to exchange confidential and authenticated Electronic Medical Records (EMRs) and Electronic Health Records (EHRs) with another party over an insecure network. Recently, Lee et al. presented an improved 3PEKE protocol to solve the weaknesses of previous protocols. However, this study states that Lee et al.'s improved 3PEKE protocol still has some security faults such that their protocol cannot execute correctly and fails to resist password guessing attacks. This study also develops an enhanced protocol which is based on Lee et al.'s improved 3PEKE protocol. Additionally, the enhanced protocol protects the user's password by using a one-time key shared with the MCS, eliminates the redundant computations, and rearranges the messages. Compared with related protocols, the enhanced protocol not only has higher security, but also increases efficiency in computation and transmission.