• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.967-979
• /
• 2013

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patient's vital physiological signs through medical sensor-nodes deployed on patient's body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patient's sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.'s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patient's physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a user's password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.