Abstract
The interconnecting of the biomedical sensors (in healthcare system) with cloud for the internet-of-medical-things (IoMT) technology has great potential to ameliorate people’s living conditions. The privacy-preserving of personal health information (PHI) and the mutual authentication between the sensors and other entities are two main factors that affect the further applications of cloud-centric IoMT technology. In the recent work [IEEE IoT Journal, vol. 7(10), 10650-10659, 2020], Kumar and Chand applied identity-based aggregate signcryption scheme to the smart healthcare system (KC-system, for short), which provides privacy-preserving of PHI and the mutual authentication function, simultaneously. However, in this paper, we carefully analyze the security of KC-system and find out that the critical authentication keys of entities can be easily recovered from their communication contents. In other words, the mutual authentication function of KC-system can be easily broken. Moreover, the recovering of the keys will lead to the tedious processes, including obtaining partial private key (from network manager) and requesting for key-protection (from key-protection servers), become completely useless. Finally, we also twist their protocol into a new one, which can be proven secure against the previous attack.
Highlights
W IRELESS body area network (WBAN) is an emerging paradigm in ubiquitous healthcare, whereby sensors, that are implanted or worn on human body, collect and send real-time patient’s personal health information (PHI) data such as breathing rate, heart rate and blood pressure and so on [1]
The personal-assisted device (PAD) collects real-time PHI data transmitted from several biomedical sensor (BMS) and transfers patient’s PHI to cloud server for storing
SECURITY ANALYSIS ON THE KC-SYSTEM we analyze the security of the KC-system
Summary
W IRELESS body area network (WBAN) is an emerging paradigm in ubiquitous healthcare, whereby sensors, that are implanted or worn on human body, collect and send real-time patient’s personal health information (PHI) data such as breathing rate, heart rate and blood pressure and so on [1]. In the recent work [21], Kumar and Chand pointed out that, compared with IBSC, certificateless signcryption cannot achieve the identity-based nature They proposed an escrow-free identity-based aggregated signcryption (EF-IBASC) scheme and constructed a device-todevice aggregated-data communication protocol (see [22]) for cloud-centric smart healthcare system (KC-system, for short), whose security is based on the underlying EF-IBASC scheme. The PAD collects real-time PHI data transmitted from several BMSs and transfers patient’s PHI to cloud server for storing (after signing it based on its private key). It is viewed as not trustworthy entity in Kumar et al.’s model because they think that, for an adversary, it is effortless to physically steal or statistically attack it. INSECURITY OF ENTITIES’ AUTHENTICATION KEYS Note that, in the final phase of algorithm “Entity’s Authentication and Registration", each entity E ∈ {BMS, PAD, SD}
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
