Comment on Chen et al.'s Authentication Protocol for Internet of Health Things
Iman Jafarian, Siavash Khorsandi
TL;DR
The paper addresses securing IoMT communications through authentication protocols and critiques Chen et al.'s lightweight authentication and key agreement scheme. It performs descriptive analysis and cryptanalysis, identifying vulnerabilities to known session-specific information attacks and stolen verifier attacks. The findings show that exposure of temporary randomness or theft of smart-card verifiers can compromise session keys and authentication. This work highlights the need for more robust, leakage-resistant IoMT key exchange protocols to ensure patient privacy and system reliability.
Abstract
The Internet of Medical Things has revolutionized the healthcare industry, enabling the seamless integration of connected medical devices and wearable sensors to enhance patient care and optimize healthcare services. However, the rapid adoption of the Internet of Medical Things also introduces significant security challenges that must be effectively addressed to preserve patient privacy, protect sensitive medical data, and ensure the overall reliability and safety of Internet of Medical Things systems. In this context, a key agreement protocol is used to securely establish shared cryptographic keys between interconnected medical devices and the central system, ensuring confidential and authenticated communication. Recently Chen et al. proposed a lightweight authentication and key agreement protocol for the Internet of health things. In this article, we provide a descriptive analysis of their proposed scheme and prove that Chen et al.'s scheme is vulnerable to Known session-specific temporary information attacks and stolen verifier attacks.