Photo by lensingmyworld from unsplash
Very recently, Masud et al. (2022) proposed a lightweight and anonymity-preserving user authentication scheme to establish secure communication between the doctor, the gateway, and sensor nodes in IoT-based healthcare, aiming… Click to show full abstract
Very recently, Masud et al. (2022) proposed a lightweight and anonymity-preserving user authentication scheme to establish secure communication between the doctor, the gateway, and sensor nodes in IoT-based healthcare, aiming to ensure the privacy of the patients’ physiological data. In this article, however, we carefully revisit their scheme and first point out that the scheme is not practically implementable in its current form, and second we show that it is vulnerable to session key disclosure attacks, off-line password guessing attacks, and traceability attacks, under the assumption that the attacker can gain access to the sensor nodes and the doctor’s device. We also propose fixes for each of these issues or vulnerabilities.
Journal Title: IEEE Internet of Things Journal
Year Published: 2023
Link to full text (if available)
Share on Social Media: Sign Up to like & get
recommendations!