Document Type : Research Article


1 Department of Computer Engineering, Shahed University, Tehran, Iran.

2 Department of Computer Engineering, University of Shiraz, Shiraz


The medical system remains among the fastest to adopt the Internet of Things. The reason for this trend is that integration Internet of Things(IoT) features into medical devices greatly improve the quality and effectiveness of service. However, there are many unsolved security problems. Due to medical information is critical and important, authentication between users and medical servers is an essential issue.
Recently, Park et al. proposed an authentication scheme using Shamir's threshold technique for IoT-based medical information system and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Park et al.'s scheme does not achieve user anonymity, forward security, and mutual authentication and it is not resistant to the DoS attacks and then we introduce an improved mutual authentication scheme based on Elliptic Curve Cryptography (ECC) and Shamir 's secret sharing for IoT-based medical information system.
In this paper, we formally analyze the security properties of our scheme via the ProVerif. Moreover, we compare our proposed scheme with other related schemes in terms of security and performance.


[1] Aida Akbarzadeh, Majid Bayat, Behnam Zahednejad, Ali Payandeh, and Mohammad Reza Aref. A lightweight hierarchical authentication scheme for internet of things. Journal of Ambient Intelligence and Humanized Computing, pages 1–13,2018.
[2] Daewon Lee and HwaMin Lee. Iot service classification and clustering for integration of iot service platforms. The Journal of Supercomputing, 74(12):6859–6875, Dec 2018.
[3] Isabel de la Torre Díez, Susel Góngora Alonso, Sofiane Hamrioui, Eduardo Motta Cruz, Lola Morón Nozaleda, and Manuel A. Franco. Iot-based services and applications for mental health in the literature. Journal of Medical Systems, 43(1):11, Dec 2018.
[4] Wei-Liang Tai, Ya-Fen Chang, and Ya-Ling Lo.An anonymity, availability and security-ensured authentication model of the iot control system for reliable and anonymous ehealth services. Journal of Medical and Biological Engineering, Jan 2018.
[5] V. Jagadeeswari, V. Subramaniyaswamy, R. Logesh, and V. Vijayakumar. A study on medical internet of things and big data in personalized healthcare system. Health Information Science and Systems, 6(1):14, Sep 2018.
[6] B. Lakshmi Dhevi, K. S. Vishvaksenan, K. Senthamil Selvan, and A. Rajalakshmi. Patient monitoring system using cognitive internet of things. Journal of Medical Systems, 42(11):229, Oct 2018.
[7] Bahar Farahani, Farshad Firouzi, Victor Chang, Mustafa Badaroglu, Nicholas Constant, and Kunal Mankodiya. Towards fog-driven iot ehealth: Promises and challenges of iot in medicine and healthcare. Future Generation Computer Systems, 78:659–676, 2018.
[8] P. Mohamed Shakeel, S. Baskar, V. R.Sarma Dhulipala, Sukumar Mishra, and Mustafa Musa Jaber. Maintaining security and privacy in health care system using learning based deep-q-networks. Journal of Medical Systems, 42(10):186, Aug 2018.
[9] Qi Jiang, Jianfeng Ma, Zhuo Ma, and Guangsong Li. A privacy enhanced authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(1):9897, Jan 2013.
[10] Saru Kumari, Muhammad Khurram Khan, and Rahul Kumar. Cryptanalysis and improvement of âĂŸa privacy enhanced scheme for telecare medical information systemsâĂŹ. Journal of medical systems, 37(4):9952, 2013.
[11] Hung-Ming Chen, Jung-Wen Lo, and ChangKuo Yeh. An efficient and secure dynamic idbased authentication scheme for telecare medical information systems. Journal of medical systems, 36(6):3907–3915, 2012.
[12] Tianjie Cao and Jingxuan Zhai. Improved dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2):9912, Jan 2013.
[13] Ruhul Amin, Sk Hafizul Islam, GP Biswas, Muhammad Khurram Khan, and Neeraj Kumar. An efficient and practical smart card based anonymity preserving user authentication scheme for tmis using elliptic curve cryptography. Journal of medical systems, 39(11):180, 2015.
[14] Shehzad Ashraf Chaudhry, Muhammad Tawab Khan, Muhammad Khurram Khan, and Taeshik Shon. A multiserver biometric authentication scheme for tmis using elliptic curve cryptography. Journal of medical systems, 40(11):230, 2016.
[15] Shuming Qiu, Guoai Xu, Haseeb Ahmad, and Licheng Wang. A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems. IEEE access, 6:7452–7463, 2017.
[16] Arezou Ostad-Sharif, Dariush AbbasinezhadMood, and Morteza Nikooghadam. A robust and efficient ecc-based mutual authentication and session key generation scheme for healthcare applications. Journal of medical systems, 43(1):10,2019.
[17] Siwei Peng. An id-based multiple authentication scheme against attacks in wireless sensor networks. In Cloud Computing and Intelligent Systems (CCIS), 2012 IEEE 2nd International Conference on, volume 3, pages 1042–1045. IEEE,
[18] Wenbo Shi and Peng Gong. A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. International Journal of Distributed Sensor Networks, 9(4):730831,2013.
[19] Hung-Min Sun, Bing-Zhe He, Chien-Ming Chen, Tsu-Yang Wu, Chia-Hsien Lin, and Huaxiong Wang. A provable authenticated group key agreement protocol for mobile environment. Information Sciences, 321:224–237, 2015.
[20] Parikshit N Mahalle, Neeli Rashmi Prasad, and Ramjee Prasad. Novel threshold cryptography- based group authentication (tcga) scheme for the internet of things (iot). 2014.
[21] Pawani Porambage, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, and Mika Ylianttila. Pauthkey: A pervasive authentication protocol and key establishment scheme for wireless sensor networks in distributed iot applications. International Journal of Distributed Sensor Networks, 10(7):357430, 2014.
[22] Boyi Xu, Li Da Xu, Hongming Cai, Cheng Xie, Jingyuan Hu, Fenglin Bu, et al. Ubiquitous data accessing method in iot-based information system for emergency medical services. IEEE Trans. Industrial Informatics, 10(2):1578–1586,2014.
[23] Jia-Li Hou and Kuo-Hui Yeh. Novel authentication schemes for iot based healthcare systems. International Journal of Distributed Sensor Networks, 11(11):183659, 2015.
[24] YoHan Park and YoungHo Park. A selective group authentication scheme for iot-based medical information system. Journal of medical systems, 41(4):48, 2017.
[25] Yanxiao Liu, Qindong Sun, Yichuan Wang, Lei Zhu, and Wenjiang Ji. Efficient group authentication in rfid using secret sharing scheme. Cluster Computing, pages 1–7, 2018.
[26] Neal Koblitz. Elliptic curve cryptosystems. Mathematics of computation, 48(177):203–209,1987.
[27] Steven D Galbraith. Mathematics of public key cryptography. Cambridge University Press, 2012.
[28] Adi Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.
[29] Bruno Blanchet, Ben Smyth, and Vincent Cheval. Proverif 1.93: Automatic cryptographic protocol verifier, user manual and tutorial. Internet][cited June 2016], Available from:https://www. bensmyth. com/publications/2010-ProVerif-manualversion-1.93, 2016.
[30] Maria Christofi and Aline Gouget. Formal verification of the mera-based eservices with trusted third party protocol. In IFIP International Information Security Conference, pages 299–314.Springer, 2012.
[31] Stephanie Delaune, Mark Ryan, and Ben Smyth. Automatic verification of privacy properties in
the applied pi calculus. pages 263–278, 2008.
[32] Bruno Blanchet. Automatic verification of security protocols in the symbolic model: The verifier proverif. In Foundations of Security Analysis and Design VII, pages 54–87. Springer, 2014.
[33] Seyed Morteza Pournaghi, Behnam Zahednejad, Majid Bayat, and Yaghoub Farjami. Necppa: A novel and efficient conditional privacy-preserving authentication scheme for vanet. Computer Networks, 134:78–92, 2018.
[34] Behnam Zahednejad, Mahdi Azizi, and Morteza Pournaghi. A novel and efficient privacy preserving tetra authentication protocol. In 2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pages 125–132. IEEE,2017.
[35] H Hakan Kilinc and Tugrul Yanik. A survey of sip authentication and key agreement schemes. IEEE Communications Surveys & Tutorials, 16(2):1005–1023, 2014.