A lightweight authentication scheme for telecare medical information system

The rapid development of information technology promotes the development and application of Telecare Information System (TMIS). However, TMIS also has security problems such as information leakage, false authentication, and key loss. In order to solve the safety problems of TMIS, this paper combines Physical Unclonable Function (PUF) and Elliptic Curve Cryptography (ECC) technology to propose an access control and authentication scheme suitable for TMIS. The proposed scheme uses PUF and compact PUF identity authentication models to implement secure mutual authentication between tag and server. The key information in the scheme is generated by PUF, which not only reduces the cost of algorithm design but also avoids the risk of information leakage and key loss. In addition, this article uses ECC technology to encrypt the PUF response information and random numbers, which can ensure that this data information will not be leaked to the attacker. Then through the ProVerif verification tool and security attribute analysis, it is proved that the scheme is safe in the face of major attacks. The comparative analysis results show that the proposed scheme has higher security and is more suitable for TMIS.