KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Cryptanalysis of an 'Efficient-Strong Authentiction Protocol (E-SAP) for Healthcare Applications Using Wireless Medical Sensor Networks'

  • Khan, Muhammad Khurram (Center of Excellence in Information Assurance (CoEIA) King Saud University) ;
  • Kumari, Saru (Department of Mathematics, Agra College) ;
  • Singh, Pitam (Department of Mathematics, Motilal Nehru National Institute of Technology (MNNIT))
  • Received : 2012.11.20
  • Accepted : 2013.01.16
  • Published : 2013.05.30
Download PDF
⟨ Previous Next ⟩

Abstract

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.

Keywords

References

  1. M.K. Khan, "Fingerprint biometric-based self and deniable authentication scheme for the electronic world," IETE Technical Review, vol. 26, no. 3, pp. 191-195, 2009. https://doi.org/10.4103/0256-4602.50703
  2. S. K., M. K. Gupta and M. Kumar, "Cryptanalysis and security enhancement of Chen et al.'s remote user authentication scheme using smart card," Central European Journal of Computer Science, vol. 2, no.1, pp. 60-75, 2012. https://doi.org/10.2478/s13537-012-0003-y
  3. M. K. Khan, S. K. Kim and K. Alghathbar, "Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'," Computer Communications, vol. 34, no. 3, pp. 305-309, 2010.
  4. L.C. Wuu, C.H. Hung and C.M. Chang, "Quorum-based Key Management Scheme in Wireless Sensor Networks," KIIS Transactions on Internet and Information systems, vol. 6, no. 9, pp. 2442 -2454, 2012.
  5. Y. D., T.Q., H.J. and W.F. Sun. "A Pattern-based Query Strategy in Wireless Sensor Network," KSII Transactions on Internet and Information systems, vol. 6, no. 6, pp. 1267-1285, 2012.
  6. M. I. Razzak, M. K. Khan, K. Alghathbar, "Contactless Biometrics in Wireless Sensor Network: A Survey," in Proc of 3rd International Conference on Security Technologies (SecTech'10), CCIS, Springer-Verlag, vol. 122, pp. 236-243, Dec. 2010.
  7. M. K. Khan and K. Alghathbar, "Security Analysis of 'Two-Factor User Authentication in Wireless Sensor Networks," in Proc. of 4th International Conference on Information Security and Assurance (ISA'10), Lecture Notes in Computer Science, (Japan), vol. 6059, pp. 55-60, June 2010.
  8. A. Thapa and S. Shin, "QoS Provisioning in Wireless Body Area Networks: A Review on MAC Aspects," KSII Transactions on Internet and Information systems, vol. 6, no. 5, pp. 1267-1285, 2012.
  9. W.Y. Chung, "Multi-Modal Sensing M2M Healthcare Service in WSN," KSII Transactions on Internet and Information systems, vol. 6, no. 4, pp. 1090-1105, 2012.
  10. S. Ullah, H. Higgins, B.B., B. L., C. B., I. M., S. Saleem, Z. Rahman and K.S .Kwak, "A Comprehensive Survey of Wireless Body Area Networks - On PHY, MAC, and Network Layers Solutions," J. Medical Systems, vol. 36, no. 3, pp. 1065-1094, 2012. https://doi.org/10.1007/s10916-010-9571-3
  11. S. Ullah and K.S. Kwak, "Body Area Network for Ubiquitous Healthcare Applications: Theory and Implementation," Journal Medical Systems, vol. 35, no. 5, pp. 1243-1244, 2011. https://doi.org/10.1007/s10916-011-9787-x
  12. S. Saleem, S. Ullah, H.S. Yoo, "On the Security Issues in Wireless Body Area Networks", Journal of Digital Content Technology and its Applications (JDCTA), vol. 3, no. 3, pp. 178-184, 2009.
  13. S. Ullah, P. Khan, N. Ullah, S. Saleem, H. Higgins, K.S Kwak, "A Review of Wireless Body Area Networks for Medical Applications", International Journal of Communications, Network and System Sciences (IJCNS), vol. 2 no. 8, 2010.
  14. K. H. M. Wong, Y. Zheng, J. Cao and S. Wang, "A dynamic user authentication scheme for wireless sensor networks," in Proc. of IEEE International Conference on Sensor Network Ubiquitous, and Trustworthy Computing, vol. 1, pp. 318-327, 2006.
  15. H. R. Tseng, R. H. Jan, and W. Yang, "An improved dynamic user authentication scheme for wireless sensor networks," IEEE on Global Telecommunications Conference, pp. 986-990, 2007.
  16. M.L. Das, "Two-factor user authentication in wireless sensor networks," IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1086-1090, 2009. https://doi.org/10.1109/TWC.2008.080128
  17. M.K. Khan and Khaled Alghathbar, "Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'," Sensors, vol. 10, no. 3, pp. 2450-2459, 2010. https://doi.org/10.3390/s100302450
  18. P. Kumar, S.G. Lee and H.J. Lee, "E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks," Sensors, vol. 12, pp. 1625-1647, 2012. https://doi.org/10.3390/s120201625
  19. B. Vaidya, J.J.P.C. Rodrigues and J.H. Park, "User authentication schemes with pseudonymity for ubiquitous sensor network in NGN," International Journal of Communication Systems, vol. 23, pp. 1201-1222, 2009.
  20. D. He, Y. Gao, S. Chan, C. Chen and J. Bu, "An enhanced two-factor user authentication scheme in wireless sensor networks," Ad Hoc Sens. Wirel. Netw. vol. 10, pp. 1-11, 2010.
  21. C. Chen, D. He, S. Chan, J. Bu, Y. Gao and R. Fan, "Lightweight and provably secure user authentication with anonymity for the global mobility network," International Journal of Communication Systems., 2010, doi:10.1002/dac.1158.
  22. Z.L. Ping and W. Yi, "An ID-based authenticated key agreement protocol for wireless sensor networks," in Proc. of 1st International Conference on Information Science and Engineering (ICISE), Nanjing, pp. 2542 - 2545, 2009.
  23. X. Lin, R. Lu, X. Shen, Y. Nemoto and N. Kato, "SAGE: A strong privacy-preserving scheme against global evesdropping for ehealth systems," IEEE Journal of Selected Areas Communication., vol. 27, pp. 365-378, 2009. https://doi.org/10.1109/JSAC.2009.090502
  24. P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," in Proc. of Advances in Cryptology, (CRYPTO'99), pp. 388-397, 1999.
  25. T.S. Messerges, E.A. Dabbish and R.H. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593

Cited by

  1. An Improved User Authentication Protocol for Healthcare Services via Wireless Medical Sensor Networks vol.10, pp.4, 2014, https://doi.org/10.1155/2014/347169
  2. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation vol.10, pp.4, 2013, https://doi.org/10.1371/journal.pone.0116709