Cryptanalysis of an ﾂ｡ﾂｮEfficient-Strong Authentiction Protocol (E-SAP) for Healthcare Applications Using Wireless Medical Sensor Networksﾂ｡ﾂｯ

• Muhammad Khurram Khan,
• Saru Kumari,
• Pitam Singh,

Vol. 7, No. 5, May 30, 2013
10.3837/tiis.2013.05.002, Download Paper (Free):

• Wireless medical sensor networks
• medical professional authentication
• medical sensor-node impersonation
• insecure session key
• password guessing.

Abstract

Now a day, Wireless Sensor Networks (WSNs) are being widely used in different areas one of which is healthcare services. A wireless medical sensor network senses patients vital physiological signs through medical sensor-nodes deployed on patients body area; and transmits these signals to devices of registered medical professionals. These sensor-nodes have low computational power and limited storage capacity. Moreover, the wireless nature of technology attracts malicious minds. Thus, proper user authentication is a prime concern before granting access to patients sensitive and private data. Recently, P. Kumar et al. claimed to propose a strong authentication protocol for healthcare using Wireless Medical Sensor Networks (WMSN). However, we find that P. Kumar et al.s scheme is flawed with a number of security pitfalls. Information stored inside smart card, if extracted, is enough to deceive a valid user. Adversary can not only access patients physiological data on behalf of a valid user without knowing actual password, can also send fake/irrelevant information about patient by playing role of medical sensor-node. Besides, adversary can guess a users password and is able to compute the session key shared between user and medical sensor-nodes. Thus, the scheme looses message confidentiality. Additionally, the scheme fails to resist insider attack and lacks user anonymity.

Statistics

Cite this article