@article { author = {Ebrahimi, Mahdieh and Bayat, Majid and Zahednejad, Behnam}, title = {A Privacy Preserving Mutual Authentication Scheme Suitable for IoT-Based Medical Systems}, journal = {The ISC International Journal of Information Security}, volume = {14}, number = {1}, pages = {57-68}, year = {2022}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2021.183936.463}, abstract = {The medical system remains among the fastest to adopt the Internet of Things. The reason for this trend is that integration Internet of Things(IoT) features into medical devices greatly improve the quality and effectiveness of service. However, there are many unsolved security problems. Due to medical information is critical and important, authentication between users and medical servers is an essential issue. Recently, Park et al. proposed an authentication scheme using Shamir's threshold technique for IoT-based medical information system and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Park et al.'s scheme does not achieve user anonymity, forward security, and mutual authentication and it is not resistant to the DoS attacks and then we introduce an improved mutual authentication scheme based on Elliptic Curve Cryptography (ECC) and Shamir 's secret sharing for IoT-based medical information system.In this paper, we formally analyze the security properties of our scheme via the ProVerif. Moreover, we compare our proposed scheme with other related schemes in terms of security and performance.}, keywords = {Internet of Things,Medical System,Security,Authentication,Privacy Preserving,ProVerif}, url = {https://www.isecure-journal.com/article_135754.html}, eprint = {https://www.isecure-journal.com/article_135754_8adfb493c3a0871b1dcbf2111ee896d8.pdf} }