Browse > Article
http://dx.doi.org/10.3837/tiis.2013.05.002

Cryptanalysis of an 'Efficient-Strong Authentiction Protocol (E-SAP) for Healthcare Applications Using Wireless Medical Sensor Networks'  

Khan, Muhammad Khurram (Center of Excellence in Information Assurance (CoEIA) King Saud University)
Kumari, Saru (Department of Mathematics, Agra College)
Singh, Pitam (Department of Mathematics, Motilal Nehru National Institute of Technology (MNNIT))
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.7, no.5, 2013 , pp. 967-979 More about this Journal
Abstract
Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.
Keywords
Wireless medical sensor networks; medical professional authentication; medical sensor-node impersonation; insecure session key; password guessing;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Z.L. Ping and W. Yi, "An ID-based authenticated key agreement protocol for wireless sensor networks," in Proc. of 1st International Conference on Information Science and Engineering (ICISE), Nanjing, pp. 2542 - 2545, 2009.
2 X. Lin, R. Lu, X. Shen, Y. Nemoto and N. Kato, "SAGE: A strong privacy-preserving scheme against global evesdropping for ehealth systems," IEEE Journal of Selected Areas Communication., vol. 27, pp. 365-378, 2009.   DOI   ScienceOn
3 P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," in Proc. of Advances in Cryptology, (CRYPTO'99), pp. 388-397, 1999.
4 T.S. Messerges, E.A. Dabbish and R.H. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002.   DOI   ScienceOn
5 M.K. Khan, "Fingerprint biometric-based self and deniable authentication scheme for the electronic world," IETE Technical Review, vol. 26, no. 3, pp. 191-195, 2009.   DOI
6 Y. D., T.Q., H.J. and W.F. Sun. "A Pattern-based Query Strategy in Wireless Sensor Network," KSII Transactions on Internet and Information systems, vol. 6, no. 6, pp. 1267-1285, 2012.
7 S. K., M. K. Gupta and M. Kumar, "Cryptanalysis and security enhancement of Chen et al.'s remote user authentication scheme using smart card," Central European Journal of Computer Science, vol. 2, no.1, pp. 60-75, 2012.   DOI
8 M. K. Khan, S. K. Kim and K. Alghathbar, "Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'," Computer Communications, vol. 34, no. 3, pp. 305-309, 2010.
9 L.C. Wuu, C.H. Hung and C.M. Chang, "Quorum-based Key Management Scheme in Wireless Sensor Networks," KIIS Transactions on Internet and Information systems, vol. 6, no. 9, pp. 2442 -2454, 2012.
10 M. I. Razzak, M. K. Khan, K. Alghathbar, "Contactless Biometrics in Wireless Sensor Network: A Survey," in Proc of 3rd International Conference on Security Technologies (SecTech'10), CCIS, Springer-Verlag, vol. 122, pp. 236-243, Dec. 2010.
11 M. K. Khan and K. Alghathbar, "Security Analysis of 'Two-Factor User Authentication in Wireless Sensor Networks," in Proc. of 4th International Conference on Information Security and Assurance (ISA'10), Lecture Notes in Computer Science, (Japan), vol. 6059, pp. 55-60, June 2010.
12 A. Thapa and S. Shin, "QoS Provisioning in Wireless Body Area Networks: A Review on MAC Aspects," KSII Transactions on Internet and Information systems, vol. 6, no. 5, pp. 1267-1285, 2012.
13 W.Y. Chung, "Multi-Modal Sensing M2M Healthcare Service in WSN," KSII Transactions on Internet and Information systems, vol. 6, no. 4, pp. 1090-1105, 2012.
14 S. Ullah, H. Higgins, B.B., B. L., C. B., I. M., S. Saleem, Z. Rahman and K.S .Kwak, "A Comprehensive Survey of Wireless Body Area Networks - On PHY, MAC, and Network Layers Solutions," J. Medical Systems, vol. 36, no. 3, pp. 1065-1094, 2012.   DOI   ScienceOn
15 S. Ullah and K.S. Kwak, "Body Area Network for Ubiquitous Healthcare Applications: Theory and Implementation," Journal Medical Systems, vol. 35, no. 5, pp. 1243-1244, 2011.   DOI
16 H. R. Tseng, R. H. Jan, and W. Yang, "An improved dynamic user authentication scheme for wireless sensor networks," IEEE on Global Telecommunications Conference, pp. 986-990, 2007.
17 S. Saleem, S. Ullah, H.S. Yoo, "On the Security Issues in Wireless Body Area Networks", Journal of Digital Content Technology and its Applications (JDCTA), vol. 3, no. 3, pp. 178-184, 2009.
18 S. Ullah, P. Khan, N. Ullah, S. Saleem, H. Higgins, K.S Kwak, "A Review of Wireless Body Area Networks for Medical Applications", International Journal of Communications, Network and System Sciences (IJCNS), vol. 2 no. 8, 2010.
19 K. H. M. Wong, Y. Zheng, J. Cao and S. Wang, "A dynamic user authentication scheme for wireless sensor networks," in Proc. of IEEE International Conference on Sensor Network Ubiquitous, and Trustworthy Computing, vol. 1, pp. 318-327, 2006.
20 M.L. Das, "Two-factor user authentication in wireless sensor networks," IEEE Transactions on Wireless Communications, vol. 8, no. 3, pp. 1086-1090, 2009.   DOI   ScienceOn
21 M.K. Khan and Khaled Alghathbar, "Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'," Sensors, vol. 10, no. 3, pp. 2450-2459, 2010.   DOI   ScienceOn
22 P. Kumar, S.G. Lee and H.J. Lee, "E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks," Sensors, vol. 12, pp. 1625-1647, 2012.   DOI
23 B. Vaidya, J.J.P.C. Rodrigues and J.H. Park, "User authentication schemes with pseudonymity for ubiquitous sensor network in NGN," International Journal of Communication Systems, vol. 23, pp. 1201-1222, 2009.
24 D. He, Y. Gao, S. Chan, C. Chen and J. Bu, "An enhanced two-factor user authentication scheme in wireless sensor networks," Ad Hoc Sens. Wirel. Netw. vol. 10, pp. 1-11, 2010.
25 C. Chen, D. He, S. Chan, J. Bu, Y. Gao and R. Fan, "Lightweight and provably secure user authentication with anonymity for the global mobility network," International Journal of Communication Systems., 2010, doi:10.1002/dac.1158.