Security Analysis on “A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems”

Abstract

The Internet of Things (IoT) facilitates different devices and objects to get connected with the Internet. This connectivity helps to switch data via various emerging technologies, which shapes the vision of intelligent identification into reality. As a foremost base of the IoT, the wireless sensor networks (WSNs) have been practiced in various fields, such as smart transportation and smart healthcare. Due to rapid development of WSNs and wireless medical sensor networks (WMSNs), etc., the data security issues and challenges, such as leakage of secret data, have also gained the serious attention of the researchers. Recently, the researchers have devised various authentication protocols for WMSNs, but many of them have serious security flaws. In order to overcome the security flaws of recently designed protocols, Li <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> (IEEE Syst. J., vol. 14, no. 1, pp. 39–50, Mar. 2020) presented a three-factor user authentication protocol for WMSN. Their work claimed that their proposed protocol not only offers user anonymity but also prevents sensor node impersonation attack. In this paper, we present the detailed security analysis of Li <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s protocol, which shows that their protocol fails to resist sensor node impersonation attack and does not offer user anonymity. At the end, we suggest the suitable remedy to overcome the deficiencies present in Li <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s protocol.