Provably Secure Three-Factor-Based Mutual Authentication Scheme with PUF for Wireless Medical Sensor Networks

Kwon, Deokkyu; Park, YoHan

doi:10.3390/s21186039

Cited by 25 publications

(5 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dharminder et al's scheme includes the followings: (1) Registration phase, (ii) Login and authentication phase, and iii Password change phase. We briefly, describe these phases as follows: Ravanbakhsh & Nazari [33] Utilized ECC a and Fuzzy Extractor Known-session-specific temporary information attacks Perfect forward secrecy [34] Li et al [36] Provides privacy and mutual authentication for TMIS Not provide user anonymity and unlinkability Impersonation attack [37] Giri et al [38] RSA-based authentication for TMIS Off-line password guessing Insider attacks Not provide user anonymity [39] Bin [40] RSA-based authentication for telecare systems Off-line password guessing attack Not provide perfect forward secrecy [41] Lu et al [10] Biometric-based authentication for TMIS, using ECC Off-line identity guessing attack Server impersonation attack Off-line password guessing attack [9] Mishra et al [42] Biometric-based scheme for TMIS Man-in-the-middle attack Not provide perfect forward secrecy [43] Li et al [19] Anonymity preserving authentication for WBAN d Not provide perfect forward secrecy Insider attacks [44] He et al [20] Secure authentication for WBAN Known-session-specific temporary information attack Denial of service attack [44] Sahoo et al [28] Biometric-based authentication using ECC insider attack Not provide anonymity [29] Sahoo et al [26] ECC-based authentication for TMIS replay attack password guessing attack [27] Gupta et al [3] Hash and Biometric-based scheme for WBAN, Known-session-specific temporary information attack Stolen verifier attack Not provide perfect forward secrecy Soni et al [23] Three-factor authentication using ECC Not provide perfect forward secrecy [24], [25] Aghili et al [13] Low computation cost authentication Not provide perfect forward secrecy Server impersonation attack malicios sensor attack [22] Masud et al [30] Low computation cost, hash and Xor-based scheme for WBAN Not provide anonymity insider attack impersonation attack password guessing attack [31],…”

Section: Overview Of Dharminder Et Al's Schemementioning

confidence: 99%

See 1 more Smart Citation

REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

Nikooghadam

Amintoosi

2023

Preprint

View full text Add to dashboard Cite

Crowdsensing systems enlist a group of people to contribute to sensor-based tasks. They involve people, also known as participants, who collect sensor data based on the task requirements specified by the requester, and send it to a server using an application. The sensor data can be either related to the participant and his/her daily activity or collected from the surrounding environment. The crowdsensing-based healthcare system is a sample of a crowdsensing system that provides smart healthcare-related services to patients and elderly people. In such a system, wearable sensors collect sensor data from patients and transmit them to the medical server across a public communication channel. Doctors can then access the data and prepare medical advice, resulting in a drastic reduction in hospital costs. However, patient data generally contain sensitive information that needs to be exchanged securely. Therefore, a significant security challenge is authenticating the sensor device (patient) and generating short-term keys for communicating medical data. Recently, Dharminder et al. and Gupta et al. designed authentication protocols for healthcare systems. In our paper, we show that these schemes are prone to a series of attacks including impersonation and stolen verifier attacks, and cannot provide perfect forward secrecy. We then propose a Robust and Efficient Authentication scheme for Crowdsensing-based Healthcare systems, called REACH. We prove that REACH supports perfect forward secrecy and anonymity and resists well-known attacks. We perform various formal and informal security analyses using the Real-OR-Random (ROR) Model, BAN logic, and the well-known Scyther tool. We also show that REACH outperforms the related methods in incurring the minimum computational overhead and comparable communication overhead.

show abstract

Section: Overview Of Dharminder Et Al's Schemementioning

confidence: 99%

“…In 2021, Masud et al [30] designed a lightweight scheme for authenticating entities in a telecare medical system that only uses hash and XOR functions. But as mentioned in [25] and [31], their scheme was insecure to a series of attacks such as impersonation, insider, and password guessing attacks, and cannot provide anonymity.…”

Section: Related Workmentioning

confidence: 99%

REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

Nikooghadam

Amintoosi

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…To address this problem, a lightweight and privacy-preserving protocol is presented in [105]. However, this approach is vulnerable to user impersonation, offline password guessing and privileged insider attacks [106]. In addition, it cannot offer user anonymity.…”

Section: Related Workmentioning

confidence: 99%

Tele-care medical information systems security techniques: A critical review of the state of the art techniques

Isiaho¹,

Omieno²,

Rono³

2022

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

The advancement in information communication technologies has seen the rise in the deployment of various information exchange devices in the healthcare sector. Among these technologies is the Tele-care Medical Information Systems (TMIS) in which remote users can establish a connection with the hospital medical server and share the necessary information between them. This can potentially offer doctors and patients more reasonable treatment plan, as well as helping address the huge medical expenses and excessive medical treatment duration. There is therefore need to store patient data in the end devices, as well as transmit this data over public channels to facilitate decision making. This paper sought to review the security schemes that have been developed over the recent past to protect the patient data stored or transmitted in TMIS.

show abstract

“…In multi-server environments, an adversary can insert, delete, or modify messages exchanged through a public channel. If adversary obtains these messages and transmits those to users or servers, the adversary can attempt replay or man-in-the-middle (MITM) attack [5]- [8]. Moreover, a malicious adversary can extract user's sensitive personal parameters stored in the mobile device or smart card utilizing power analysis attack.…”

Section: Introductionmentioning

confidence: 99%

A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Cho

Kwon

et al. 2022

IEEE Access

Self Cite

View full text Add to dashboard Cite

In electronic governance (e-governance) system, citizens can access government services such as transportation, licensing and immigration remotely over the Internet. With the development of information and communication technology, usage of the e-governance system has been increased. To efficiently provide citizens with various e-governance services, multi-server environments can be applied to the e-governance system. However, messages can be inserted, deleted, and modified by a malicious adversary since these are transmitted through a public channel. Therefore, many researchers have suggested mutual authentication protocols for secure communication in multi-server environments. In 2020, Sudhakar et al. proposed a smart card based lightweight authentication protocol for multi-server environments. We analyze Sudhakar et al.'s protocol to propose a secure mutual authentication protocol in the egovernance system based on multi-server environments. However, we disclosure that their protocol is not resistant to smart card stolen, insider, man-in-the-middle, user impersonation, and session key disclosure attacks. Moreover, Sudhakar et al.'s protocol does not provide mutual authentication. To improve these security problems, we suggest a secure three-factor mutual authentication protocol for the e-governance system based on multi-server environments. We prove our protocol's security using informal security analysis, Burrows-Abadi-Needham (BAN) logic, and Real-or-Random (ROR) model. We also simulate our protocol utilizing Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. We estimate the proposed protocol's security functionalities, computation costs, and communication overheads compared with existing related protocols. Consequently, we demonstrate that our protocol is secure and suitable for the e-governance system.

show abstract

Provably Secure Three-Factor-Based Mutual Authentication Scheme with PUF for Wireless Medical Sensor Networks

Cited by 25 publications

References 44 publications

REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

Tele-care medical information systems security techniques: A critical review of the state of the art techniques

A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Contact Info

Product

Resources

About