Telecare Medical Information System (TMIS) is a platform for the patients and the medical server to communicate and exchange data through the Internet. As the Internet is an insecure medium, the shared sensitive data is at troublesome situation. To protect sensitive data over the public network, it is essential to have secure communication. The authentication and key establishment protocol supports building a secure communication between the patients and the medical server. Recently, Madhusudhan-Nayak proposed an enhanced chaotic map-based authentication and key establishment protocol for TMIS. In this work, we demonstrate that the Madhusudhan-Nayak scheme does not provide user anonymity, fails to achieve mutual authentication and susceptible to traceability attack, insider attack, server impersonation attack and replay attack. To overcome the weaknesses found in Madhusudhan-Nayak protocol, we propose an improved mutual authentication scheme suitable for TMIS with key establishment technique. The proposed protocol is analyzed against many security threats informally and using the formal method BAN logic, the protocol is proven to be mutually authenticated. As there are numerous authentication protocols for TMIS have been put forward in the literature, we compared the proposed scheme with the related existing schemes in several security aspects. The comparison results illustrate that the proposed protocol surpasses these competing schemes.

Telecare医疗信息系统（TMIS）是患者和医疗服务器通过Internet进行通信和交换数据的平台。由于Internet是不安全的介质，因此共享敏感数据处于麻烦状态。为了保护公共网络上的敏感数据，必须进行安全的通信。认证和密钥建立协议支持在患者与医疗服务器之间建立安全的通信。最近，Madhusudhan-Nayak为TMIS提出了一种增强的基于混沌地图的身份验证和密钥建立协议。在这项工作中，我们证明了Madhusudhan-Nayak方案不提供用户匿名性，无法实现相互身份验证，并且容易受到可追溯性攻击，内部人员攻击，服务器模拟攻击和重播攻击的影响。为了克服在Madhusudhan-Nayak协议中发现的弱点，我们提出了一种适用于TMIS的，带有密钥建立技术的改进的相互认证方案。对所提出的协议进行了非正式的针对许多安全威胁的分析，并使用正式的方法BAN逻辑证明了该协议是相互认证的。由于文献中提出了许多针对TMIS的身份验证协议，因此我们在几个安全方面将提出的方案与相关的现有方案进行了比较。比较结果表明，所提出的协议超越了这些竞争方案。对所提出的协议进行了非正式的针对许多安全威胁的分析，并使用正式的方法BAN逻辑证明了该协议是相互认证的。由于文献中提出了许多针对TMIS的身份验证协议，因此我们在几个安全方面将提出的方案与相关的现有方案进行了比较。比较结果表明，所提出的协议超越了这些竞争方案。对所提出的协议进行了非正式的针对许多安全威胁的分析，并使用正式的方法BAN逻辑证明了该协议是相互认证的。由于文献中提出了许多针对TMIS的身份验证协议，因此我们在几个安全方面将提出的方案与相关的现有方案进行了比较。比较结果表明，所提出的协议超越了这些竞争方案。