Cryptanalysis of Secure ECC-Based Three Factor Mutual Authentication Protocol for Telecare Medical Information System

Cyber Security and Applications Pub Date : 2023-02-05 DOI:10.1016/j.csa.2023.100013

C. Madan Kumar , Ruhul Amin , M. Brindha

{"title":"Cryptanalysis of Secure ECC-Based Three Factor Mutual Authentication Protocol for Telecare Medical Information System","authors":"C. Madan Kumar , Ruhul Amin , M. Brindha","doi":"10.1016/j.csa.2023.100013","DOIUrl":null,"url":null,"abstract":"<div><p>Telecare Medical Information System (TMIS) is gaining importance in the present COVID-19 crisis. TMIS as a technology, offers patients a range of remote medical services, incorporated into Wireless Body Area Network (WBAN). The patient’s medical report is confidentially transmitted over an open channel in TMIS environments. An attacker may attempt to compromise the security, such as forgery, replay, and impersonation attacks. To ensure secure communication, various authentication solutions have been introduced for TMIS. Biometrics and Elliptic Curve Cryptography-based mutual authentication protocol was recommended by Sahoo et al. (2020) and is proved to have some loopholes in the protocol. We discovered, however, Sahoo et al. method is unable to prevent privileged insider attacks and insider attacks along with patient anonymity. Jongseok Ryu et al. recommended a ECC based three-factor mutual authentication protocol and ensures patient’s confidentiality for TMIS with proof of informal analysis. They have also performed formal security studies utilizing the Automated Validation of Internet Security Protocols and Applications (AVISPA), the Burrows–Abadi–Needham (BAN) logic and Real-Or-Random (ROR) model. However, we have reviewed the Jongseok Ryu et al.’s proposal. Based on his attacker model, we have examined that this scheme is unsafe against Message Substitution Attacks, Man-in-the-Middle attacks, Session Key Disclosure attacks, Privileged Insider attacks, and Stolen verifier attacks. we suggest a technique to be safe from the above security threats.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100013"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cyber Security and Applications","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2772918423000012","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Telecare Medical Information System (TMIS) is gaining importance in the present COVID-19 crisis. TMIS as a technology, offers patients a range of remote medical services, incorporated into Wireless Body Area Network (WBAN). The patient’s medical report is confidentially transmitted over an open channel in TMIS environments. An attacker may attempt to compromise the security, such as forgery, replay, and impersonation attacks. To ensure secure communication, various authentication solutions have been introduced for TMIS. Biometrics and Elliptic Curve Cryptography-based mutual authentication protocol was recommended by Sahoo et al. (2020) and is proved to have some loopholes in the protocol. We discovered, however, Sahoo et al. method is unable to prevent privileged insider attacks and insider attacks along with patient anonymity. Jongseok Ryu et al. recommended a ECC based three-factor mutual authentication protocol and ensures patient’s confidentiality for TMIS with proof of informal analysis. They have also performed formal security studies utilizing the Automated Validation of Internet Security Protocols and Applications (AVISPA), the Burrows–Abadi–Needham (BAN) logic and Real-Or-Random (ROR) model. However, we have reviewed the Jongseok Ryu et al.’s proposal. Based on his attacker model, we have examined that this scheme is unsafe against Message Substitution Attacks, Man-in-the-Middle attacks, Session Key Disclosure attacks, Privileged Insider attacks, and Stolen verifier attacks. we suggest a technique to be safe from the above security threats.

查看原文本刊更多论文

基于安全ECC的远程医疗信息系统三因素相互认证协议的密码分析

远程医疗信息系统（TMIS）在当前的新冠肺炎危机中变得越来越重要。TMIS作为一项技术，为患者提供一系列远程医疗服务，并纳入无线身体区域网络（WBAN）。患者的医疗报告在TMIS环境中通过开放渠道秘密传输。攻击者可能试图破坏安全性，例如伪造、重放和模拟攻击。为了确保通信安全，TMIS引入了各种身份验证解决方案。Sahoo等人推荐了基于生物特征和椭圆曲线密码的相互认证协议。（2020），并被证明在协议中存在一些漏洞。然而，我们发现，Sahoo等人。该方法无法防止特权内部攻击和内部攻击以及患者匿名。Jongseok-Ryu等人。建议采用基于ECC的三因素相互认证协议，并通过非正式分析证明确保患者对TMIS的保密性。他们还利用互联网安全协议和应用程序的自动验证（AVISPA）、Burrows–Abadi–Needham（BAN）逻辑和真实或随机（ROR）模型进行了正式的安全研究。然而，我们已经审查了Jongseok-Ryu等人的提案。基于他的攻击者模型，我们已经检验了该方案对消息替换攻击、中间人攻击、会话密钥泄露攻击、特权内幕攻击和被盗验证器攻击是不安全的。我们提出了一种技术，以避免上述安全威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cyber Security and Applications

CiteScore

5.20

自引率

0.00%

发文量