SHAPARAK: Scalable healthcare authentication protocol with attack-resilience and anonymous key-agreement

Hajian, Rahman; ZakeriKia, Soheyla; Erfani, Hossein; Mirabi, Meghdad

doi:10.1016/j.comnet.2020.107567

Cited by 29 publications

(56 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hajian et al claimed that SHAPARAK can prevent various security attacks, including impersonation, sensor device compromise, and privileged insider attacks, and also can provide anonymity and mutual authentication. However, we prove that SHAPARAK [11] suffers from many security drawbacks such as "man-in-the-middle (MITM)", "impersonation", and "session key disclosure" attacks. In addition, their scheme does not provide "mutual authentication".…”

Section: Figure 1: Tmis System Modelmentioning

confidence: 93%

“…In 2020, Hajian et al [11] proposed a scalable healthcare authentication protocol with attack-resilience and anonymous key agreement (SHAPARAK) in TMIS environments. Hajian et al claimed that SHAPARAK can prevent various security attacks, including impersonation, sensor device compromise, and privileged insider attacks, and also can provide anonymity and mutual authentication.…”

Section: Figure 1: Tmis System Modelmentioning

confidence: 99%

See 1 more Smart Citation

SALS-TMIS: Secure, Anonymous, and Lightweight Privacy-Preserving Scheme for IoMT-Enabled TMIS Environments

Park

2022

IEEE Access

View full text Add to dashboard Cite

With the Telecare Medical Information System (TMIS), patients and doctors can access various healthcare services through wireless communication technology without visiting the hospital in person. However, TMIS must have the necessary security requirements, including authentication and anonymity because information of legitimate patient is transmitted via an open channel. Therefore, secure privacy-preserving schemes are essential to ensure reliable healthcare services for legitimate patient in TMIS. Recently, the existing schemes proposed a secure healthcare authentication protocol with attackresilience and anonymous key agreement in TMIS environments. However, we demonstrate that their scheme cannot prevent impersonation, session key disclosure, and man-in-the-middle attacks and cannot ensure secure mutual authentication. To improve the security flaws of the existing schemes, we design a secure, anonymous, and lightweight privacy-preserving scheme in internet of medical things (IoMT)enabled TMIS environments, called SALS-TMIS. Our scheme withstands potential security threats and ensures the essential security functionalities. We evaluate the security of the SALS-TMIS using informal and formal security analyses, including ROR oracle model and AVISPA implementation. We then compare the computation and communication costs of SALS-TMIS with existing schemes. SALS-TMIS provides superior security and efficiency than related schemes for IoMT-enabled TMIS.

show abstract

Section: Figure 1: Tmis System Modelmentioning

confidence: 93%

Section: Figure 1: Tmis System Modelmentioning

confidence: 99%

SALS-TMIS: Secure, Anonymous, and Lightweight Privacy-Preserving Scheme for IoMT-Enabled TMIS Environments

Park

2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In 2019, Gupta et al [ 41 ] proposed a protocol that used wearable medical devices for IoHT to prevent attackers from modifying patient health information. However, Hajian et al [ 42 ] pointed out that this protocol [ 41 ] did not protect information against privileged insider attacks, offline password-guessing attacks, and de-synchronization attacks. The proposed protocol of Hajian et al [ 42 ] also could not provide perfect forward security and was vulnerable to session-key disclosure and impersonation attacks.…”

Section: Related Workmentioning

confidence: 99%

“…However, Hajian et al [ 42 ] pointed out that this protocol [ 41 ] did not protect information against privileged insider attacks, offline password-guessing attacks, and de-synchronization attacks. The proposed protocol of Hajian et al [ 42 ] also could not provide perfect forward security and was vulnerable to session-key disclosure and impersonation attacks. To improve the security of the protocol, Kumar et al [ 43 ] used digital signatures to encrypt the IoHT protocol communication process.…”

Section: Related Workmentioning

confidence: 99%

LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things

Chen

Kumari

et al. 2022

Sensors

View full text Add to dashboard Cite

The Internet of Health Things (IoHT), which is an extension of the Internet of Things (IoT) in healthcare, has provided a new type of telemedicine approach. In IoHT, wearable sensors are used to collect patient health data, and information is transmitted remotely to doctors who can develop accurate treatment plans and provide timely telemedicine services to patients. However, patient health data are transmitted over a public channel, which means that the privacy and medical data of patients are at significant risk of leakage and can be confronted by serious security problems. We proposed a lightweight authentication protocol known as LAP-IoHT for IoHT environments to overcome the various threats that are currently faced by IoHT. We verified the security of LAP-IoHT using a Real-or-Random model and demonstrated its significant performance advantage by conducting a comparative analysis with other similar protocols for a better adaptation to the IoHT environment.

show abstract

“…In heterogeneous WSNs, any insecure terminal nodes possibly threaten the whole network's security as the flexible access mode; potential vulnerabilities continually come forth due to the complexity of heterogeneous networks [1]. us, it is necessary to design an authentication protocol to ensure that only legitimate users have access to the network [2]. Generally, as far as sensor nodes are resource-constrained in some aspects such as low energy, insufficient computing capabilities, and lack of memory space, many expensive cryptographic primitives are not suitable.…”

Section: Introductionmentioning

confidence: 99%

A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT

Xue

Huang

Zhang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The Internet of Things (IoT) has built an information bridge between people and the objective world, wherein wireless sensor networks (WSNs) are an important driving force. For applications based on WSN, such as environment monitoring, smart healthcare, user legitimacy authentication, and data security, are always worth exploring. In recent years, many multifactor user authentication schemes for WSNs have been proposed using smart cards, passwords, as well as biometric features. Unfortunately, these schemes are revealed to various vulnerabilities (e.g., password guessing attack, impersonation attack, and replay attack) due to nonuniform security evaluation criteria. Wang et al. put forward 12 pieces of widely accepted evaluation criteria by investigating quantities of relevant literature. In this paper, we first propose a lightweight multifactor authentication protocol for multigateway WSNs using hash functions and XOR operations. Further, BAN logic and BPR model are employed to formally prove the correctness and security of the proposed scheme, and the informal analysis with Wang et al.’s criteria also indicates that it can resist well-known attacks. Finally, performance analysis of the compared schemes is given, and the evaluation results show that only the proposed scheme can satisfy all 12 evaluation criteria and keep efficient among these schemes.

show abstract

SHAPARAK: Scalable healthcare authentication protocol with attack-resilience and anonymous key-agreement

Cited by 29 publications

References 25 publications

SALS-TMIS: Secure, Anonymous, and Lightweight Privacy-Preserving Scheme for IoMT-Enabled TMIS Environments

SALS-TMIS: Secure, Anonymous, and Lightweight Privacy-Preserving Scheme for IoMT-Enabled TMIS Environments

LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things

A Lightweight Three-Factor Authentication and Key Agreement Scheme for Multigateway WSNs in IoT

Contact Info

Product

Resources

About