LAPCHS: A lightweight authentication protocol for cloud-based health-care systems

Abstract

The development of technology has accelerated things and solved many problems. Among various technologies, the integration of the Internet of Things (IoT) into human social life brings the promise of an easier and better life. The integration of IoT into the medical field, as well as the environments and patients associated with it, has provided a new context called the Telecare Medical Information Systems. It should be noted that the smart medicine, in addition to its significant benefits, carries many security threats, so privacy and especially anonymity is the largest concern in implementing a telecare medical information system.Due to the importance of privacy preservation and security in smart health-care systems, Fan et al. have recently proposed a lightweight authentication protocol (IEEE Netw. 33 (2) (2019)) using quadratic residue and pseudo random number generators, to be used in this platform. They believed that their scheme has enough security, privacy preservation, and also good resistance to various attacks including tag traceability attacks, replay attacks and also de-synchronization (DoS) attacks. The aim of the present study is to examine the security of the mentioned protocol. In fact, a heuristic attack was presented, in which an adversary could retrieve tag’s and reader’s current and previous identifier that contradicts anonymity and forward untraceability properties of this protocol. Reader and tag impersonation attacks were also applied against the protocol. Besides, a lightweight authentication protocol was proposed for cloud-based health-care systems called LAPCHS. Security analysis of our new protocol, through heuristic security analysis and also formal evaluations using Real-or-Random Model and simulations done on the AVISPA and the Scyther tools, confirms its security against different attacks.