scholarly journals Cryptanalysis and Security Improvement of Two Authentication Schemes for Healthcare Systems Using Wireless Medical Sensor Networks

2020 ◽  
Vol 2020 ◽  
pp. 1-11 ◽  
Author(s):  
Jiaqing Mo ◽  
Zhongwang Hu ◽  
Yuhua Lin
Keyword(s):  
Healthcare Systems ◽  
Authentication Protocol ◽  
Medical Professional ◽  
Healthcare Data ◽  
Insider Attack ◽  
Medical Sensor Networks ◽  
Authentication Schemes ◽  
Guessing Attack ◽  
Privileged Insider Attack ◽  
Three Factor

Wireless medical sensor networks (WMSNs) play an important role in collecting healthcare data of the remote patient and transmitting them to the medical professional for proper diagnosis via wireless channel. To protect the patient's healthcare data which is private-related and sensitive, some authentication schemes for healthcare systems using WMSN have been proposed to ensure the secure communication between the medical sensors and the medical professional. Since cryptanalyzing the security defects of authenticated protocols is crucial to put forward solutions and propose truly robust protocols, we scrutinize two state-of-the-art authentication protocols using WMSN for healthcare systems. Firstly, we examine Ali et al.’s enhanced three-factor based authentication protocol and show that although it provides a formal proof and a security verification, it still fails to resist offline dictionary guessing attack, desynchronization attack, and privileged insider attack and contains a serious flaw in the password change phase. Secondly, we investigate Shuai et al.’s lightweight and three-factor based authentication protocol and point out that it cannot achieve high security level as they claimed; it is actually subject to offline dictionary guessing attack and privileged insider attack, and it also has a design flaw in the password change phase. In addition, we suggest several countermeasures to thwart these security weaknesses in these two schemes for WMSN and the similar kinds.

scholarly journals An improved authentication protocol–based dynamic identity for multi-server environments

2018 ◽  
Vol 14 (5) ◽  
pp. 155014771877765 ◽  
Author(s):  
Jianming Cui ◽  
Xiaojun Zhang ◽  
Ning Cao ◽  
Dexue Zhang ◽  
Jianrui Ding ◽  
...  
Keyword(s):  
Formal Analysis ◽  
Authentication Protocol ◽  
Object Identification ◽  
Third Party ◽  
Password Guessing Attack ◽  
Insider Attack ◽  
Dynamic Identity ◽  
Guessing Attack ◽  
Exclusive Or ◽  
Multi Server

The age of Internet of things gives rise to more challenges to various secure demands when designing the protocols, such as object identification and tracking, and privacy control. In many of the current protocols, a malicious server may cheat users as if it was a legal server, making it vital to verify the legality of both users and servers with the help of a trusted third-party, such as a registration center. Li et al. proposed an authentication protocol based on dynamic identity for multi-server environment, which is still susceptible to password-guessing attack, eavesdropping attack, masquerade attack, and insider attack etc. Besides, their protocol does not provide the anonymity of users, which is an essential request to protect users’ privacy. In this article, we present an improved authentication protocol, depending on the registration center in multi-server environments to remedy these security flaws. Different from the previous protocols, registration center in our proposed protocol is one of parties in authentication phase to verify the legality of the users and the servers, thus can effectively avoid the server spoofing attack. Our protocol only uses nonce, exclusive-OR operation, and one-way hash function in its implementation. Formal analysis has been performed using the Burrows–Abadi–Needham logic to show its security.

scholarly journals A Secure and Lightweight Three-Factor-Based Authentication Scheme for Smart Healthcare Systems

Sensors ◽  
2020 ◽  
Vol 20 (24) ◽  
pp. 7136
Author(s):  
Jihyeon Ryu ◽  
Dongwoo Kang ◽  
Hakjun Lee ◽  
Hyoungshick Kim ◽  
Dongho Won
Keyword(s):  
User Authentication ◽  
Healthcare Systems ◽  
Authentication Scheme ◽  
Sensitive Information ◽  
Symmetric Encryption ◽  
Healthcare Data ◽  
Smart Healthcare ◽  
Verification Tool ◽  
User Authentication Scheme ◽  
Three Factor

Internet of Things (IoT) technology has recently been integrated with various healthcare devices to monitor patients’ health status and share it with their healthcare practitioners. Since healthcare data often contain personal and sensitive information, healthcare systems must provide a secure user authentication scheme. Recently, Adavoudi-Jolfaei et al. and Sharma and Kalra proposed a lightweight protocol using hash function encryption only for user authentication on wireless sensor systems. In this paper, we found some weaknesses in target schemes. We propose a novel three-factor lightweight user authentication scheme that addresses these weaknesses and verifies the security of the proposed scheme using a formal verification tool called ProVerif. In addition, our proposed scheme outperforms other proposed symmetric encryption-based schemes or elliptic curve-based schemes.

scholarly journals An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Medical Sensor Networks

2013 ◽  
Vol 2013 ◽  
pp. 1-7 ◽  
Author(s):  
Rui Guo ◽  
Qiaoyan Wen ◽  
Zhengping Jin ◽  
Hua Zhang
Keyword(s):  
Sensor Networks ◽  
Healthcare System ◽  
Healthcare Systems ◽  
Bilinear Pairing ◽  
Authentication Protocol ◽  
Performance Evaluations ◽  
Physiological Signals ◽  
Medical Sensor Networks ◽  
Secure Authentication ◽  
Certificateless Authentication

Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient’s condition to health professional’s hand-held devices in time. The patient’s physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient’s privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks.

scholarly journals A Secure and Efficient ECC-Based Anonymous Authentication Protocol

2019 ◽  
Vol 2019 ◽  
pp. 1-13 ◽  
Author(s):  
Feifei Wang ◽  
Guoai Xu ◽  
Lize Gu
Keyword(s):  
User Authentication ◽  
Authentication Protocol ◽  
Performance Comparison ◽  
Impersonation Attack ◽  
Session Key ◽  
Anonymous Authentication ◽  
Password Guessing Attack ◽  
Authentication Schemes ◽  
And Performance ◽  
Guessing Attack

Nowadays, remote user authentication protocol plays a great role in ensuring the security of data transmission and protecting the privacy of users for various network services. In this study, we discover two recently introduced anonymous authentication schemes are not as secure as they claimed, by demonstrating they suffer from offline password guessing attack, desynchronization attack, session key disclosure attack, failure to achieve user anonymity, or forward secrecy. Besides, we reveal two environment-specific authentication schemes have weaknesses like impersonation attack. To eliminate the security vulnerabilities of existing schemes, we propose an improved authentication scheme based on elliptic curve cryptosystem. We use BAN logic and heuristic analysis to prove our scheme provides perfect security attributes and is resistant to known attacks. In addition, the security and performance comparison show that our scheme is superior with better security and low computation and communication cost.

scholarly journals A Provably Secure Three-Factor Authentication Protocol for Wireless Sensor Networks

2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Tsu-Yang Wu ◽  
Lei Yang ◽  
Zhiyuan Lee ◽  
Shu-Chuan Chu ◽  
Saru Kumari ◽  
...  
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Formal Analysis ◽  
Authentication Protocol ◽  
Sensor Nodes ◽  
Wireless Sensor ◽  
Sensitive Data ◽  
Computational Overhead ◽  
And Performance ◽  
Three Factor

The wireless sensor network is a network composed of sensor nodes self-organizing through the application of wireless communication technology. The application of wireless sensor networks (WSNs) requires high security, but the transmission of sensitive data may be exposed to the adversary. Therefore, to guarantee the security of information transmission, researchers propose numerous security authentication protocols. Recently, Wu et al. proposed a new three-factor authentication protocol for WSNs. However, we find that their protocol cannot resist key compromise impersonation attacks and known session-specific temporary information attacks. Meanwhile, it also violates perfect forward secrecy and anonymity. To overcome the proposed attacks, this paper proposes an enhanced protocol in which the security is verified by the formal analysis and informal analysis, Burross-Abadii-Needham (BAN) logic, and ProVerif tools. The comparison of security and performance proves that our protocol has higher security and lower computational overhead.

scholarly journals Blockchain for healthcare records: A data perspective

2018 ◽  
Author(s):  
Mian Zhang ◽  
Yuhong Ji
Keyword(s):  
Data Privacy ◽  
Healthcare Systems ◽  
Multiple Perspectives ◽  
Health Records ◽  
Healthcare Data ◽  
Blockchain Technology ◽  
Security Control ◽  
Patient Health ◽  
And Storage ◽  
Insight Into

A problem facing healthcare record systems throughout the world is how to share the medical data with more stakeholders for various purposes without sacrificing data privacy and integrity. Blockchain, operating in a state of consensus, is the underpinning technology that maintains the Bitcoin transaction ledger. Blockchain as a promising technology to manage the transactions has been gaining popularity in the domain of healthcare. Blockchain technology has the potential of securely, privately, and comprehensively manage patient health records. In this work, we discuss the latest status of blockchain technology and how it could solve the current issues in healthcare systems. We evaluate the blockchain technology from the multiple perspectives around healthcare data, including privacy, security, control, and storage. We review the current projects and researches of blockchain in the domain of healthcare records and provide the insight into the design and construction of next generations of blockchain-based healthcare systems.

Sign in / Sign up

Export Citation Format

Share Document