ECKCI: An ECC-Based Authenticated Key Agreement Scheme Resistant to Key Compromise Impersonation Attack for TMIS

Pirmoradian, Fatemeh; Dakhilalian, Mohammad; Safkhani, Masoumeh

doi:10.22042/isecure.2024.408640.989

ECKCI: An ECC-Based Authenticated Key Agreement Scheme Resistant to Key Compromise Impersonation Attack for TMIS

Document Type : Research Article

Authors

Fatemeh Pirmoradian ¹

Mohammad Dakhilalian ¹

Masoumeh Safkhani ²^{, 3}

¹ Department of Electrical and Computer Engineering, Isfahan University of Technology (IUT), Isfahan, Iran

² Department of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran, Iran

³ School of Computer Science, Institute for Research in Fundamental Sciences (IPM), Tehran, Iran

https://doi.org/10.22042/isecure.2024.408640.989

Abstract

Internet of things (IoT) is an innovation in the world of technology. Continuous technological advancements based on the IoT cloud and booming wireless technology have revolutionized the living of human and remote health monitoring of patients is no exclusion. The Telecare Medicine Information Systems (TMIS) is a system between Home Health Care (HHC) Organizations and patients at home that collects, saves, manage and transmits the Electronic Medical Record (EMR) of patients. Therefore, security in remote medicine has always been a very big and serious challenge. Therefore, biometrics-based schemes play a crucial role in IoT, Wireless Sensor Networks (WSN), etc. Recently, Xiong et al. and Mehmood \textit{et al.} presented key exchange methods for healthcare applications that they claimed these schemes provide greater privacy. But unfortunately, we show that these schemes suffer from privacy issues and key compromise impersonation attack. To remove such restrictions, in this paper, a novel scheme (ECKCI) using Elliptic Curve Cryptography (ECC) with KCI resistance property was proposed. Furthermore, we demonstrate that the ECKCI not only overcomes problems such as key compromise impersonation attack in previous protocols, but also resists all specific attacks. Finally, a suitable equilibrium between the performance and security of ECKCI in comparisons with these recently proposed protocols was obtained. Also, the simulation results with the Scyther and ProVerif tools show that the ECKCI is safe in terms of security.

Keywords

Authentication Protocols

Privacy

ProVerif Tool

Scyther Tool

[1] M Chen, S Gonzalez, A Vasilakos, H Cao, and V C.M.Leung. Body Area Networks: A Survey. Mobile Networks and Applications., 16:171–193, 2011.
[2] A Ashtari, A Shabani, and B Alizadeh. Mutual Lightweight PUF-Based Authentication Scheme Using Random Key Management Mechanism for Resource-Constrained IoT Devices. The ISC International Journal of Information Security,
14(3):1–8, 2022.
[3] H Arshad, V Teymoori, M Nikooghadam, and H Abbassi. On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems. Journal of Medical Systems, 39(76), 2015.
[4] R Amin, S.K Hafizul Islam, G.P Biswas, M Khurram Khan, and N Kumar. A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Generation Computer Systems, 80:483–495, 2018.
[5] M Safkhani, C Camara, P Peris-Lopez, and N Bagheri. RSEAP2: An enhanced version of RSEAP, an RFID based authentication protocol for vehicular cloud computing. Vehicular Communications, 28, 2021.
[6] J Mo, W Shen, and W Pan. An Improved Anonymous Authentication Protocol for Wearable Health Monitoring Systems. Wireless Communications and Mobile Computing, 2020.
[7] Z Mehmood, A Ghani, G Chen, and A.S Al-ghamdi. Authentication and Secure Key Management in E-Health Services: A Robust and Efficient Protocol Using Biometrics. IEEE Access, 7(18929505), 2019.
[8] Hu Xiong, J Tao, and C Yuan. Enabling Telecare Medical Information Systems With Strong Authentication and Aonymity. IEEE Access, 5(16870694):5648–5661, 2017.
[9] H Amintoosi, M Nikooghadam, M Shojafar, S Kumari, and M Alazab. Slight: A lightweight authentication scheme for smart healthcare services. Computers and Electrical Engineering, 99(107803), 2022.
[10] S Son, Y Park, and Y Park. A Secure, Lightweight, and Anonymous User Authentication Protocol for IoT Environments. Sustainability, 13, 2021.
[11] M Hosseinzadeh, M Hussain Malik, M Safkhani, N Bagheri, Q Hoang Le, L Tightiz, and A.H Mosavi. Toward Designing a Secure Authentication Protocol for IoT Environments. Sustainability, 15, 2023.
[12] B Narwal and A.K Mohapatra. SEEMAKA: Secured Energy-Efficient Mutual Authentication and Key Agreement Scheme for Wireless Body Area Networks. Wireless Personal Communications, 113:1985–2008, 2020.
[13] J Alizadeh, M Safkhani, and A Allahdadi. ISAKA: Improved Secure Authentication and Key Agreement protocol for WBAN. Wireless Personal Communications, 126:2911–2935, 2022.
[14] A Ostad-Sharif, D Abbasinezhad-Mood, and M Nikooghadam. A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications. Journal of Medical Systems, (10), 2019.
[15] H Idrissi and M Ennahbaoui. An Enhanced Anonymous ECC-Based Authentication for Lightweight Application in TMIS. International Conference on Codes, Cryptology and Information Security, 13874:290–320, 2023.
[16] Y Guo and Y Guo. CS-LAKA: A lightweight authenticated key agreement protocol with critical security properties for iot environments. IEEE Transactions on Services Computing, pages 1–13, 2023.
[17] P Kumar Roy and A Bhattacharya. An anonymity-preserving mobile user authentication protocol for global roaming services. Computer Networks, 221, 2023.
[18] M Tanveer, M.B Muhammad Nasir, B Alzahrani, A Albeshri, K Alsubhi, and S.A Chaudhry. Security analysis and Improvement of a Privacy Authentication Scheme for Telecare Medical Information Systems. Arabian Journal for Science
and Engineering, 2023.
[19] H Alasmary. RDAF-IIoT: Reliable Device-Access Framework for the Industrial Internet of Things. Mathematics, 11, 2023.
[20] A Gafouri Mirsaraei, A Barati, and H Barati. A secure three-factor authentication scheme for IoT environments. Journal of Parallel and Distributed Computing, 169:87–105, 2022.
[21] Y Li. A secure and efficient three-factor authentication protocol for IoT environments. Journal of Parallel and Distributed Computing, 179, 2023.
[22] Y Chen and J Chen. An efficient and privacy-preserving mutual authentication with key agreement scheme for telecare medicine information system. Peer-to-Peer Networking and Applications, 15:516–528, 2022.
[23] X Jia, D He, N Kumar, and K.K.R Choo. Authenticated key agreement scheme for fogdriven IoT healthcare system. Wireless Networks, 25:4737–4750, 2019.
[24] X Li, T Chen, Q Cheng, and J Ma. An efficient and authenticated key establishment scheme based on fog computing for healthcare system. 16(164815), 2022.
[25] M Ma, D He, H Wang, N Kumar, and K.K.R Choo. An efficient and provably secure authenticated key agreement protocol for fog-based vehicular ad-hoc networks. Internet of Things Journal, 6:8065–8075, 2019.
[26] S Rana, M.S Obaidat, D Mishra, A Mishra, and Y.S Rao. Efficient design of an authenticated key agreement protocol for dew-assisted IoT systems. The Journal of Supercomputing, 78:3696–3714, 2022.
[27] Y Ma, Y Ma, and Q Cheng. Cryptanalysis and Enhancement of an Authenticated Key Agreement Protocol for Dew-Assisted IoT Systems. Security and Communicationl Networks, 2022, 2022.
[28] S Szymoniak and S Kesar. Key Agreement and Authentication Protocols in the Internet of Things: A Survey. Applied Sciences, 13, 2022.
[29] B.A Alzahrani, S.A Chaudhry, A Barnawi, A Al-Barakati, and T Shon. An Anonymous Device to Device Authentication Protocol Using ECC and Self Certified Public Keys Usable in Internet of Things Based Autonomous Devices. Electronics, 9, 2020.
[30] R Hajian, A Haghighat, and S.H Erfani. A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT. Internet of Things, 18, 2022.
[31] J Hoffstein, J Pipher, and J.H Silverman. An Introduction to Mathematical Cryptography. 2008.
[32] A.K Das, M Wazid, A.R Yannam, J.J.P.C Rodrigues, and Y Park. Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment. IEEE Access, 7(18648442):55382–55397, 2019.
[33] A.K Das, M Wazid, N Kumar, A.V Vasilakos, and J.J.P.C Rodrigues. Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment. IEEE Internet of Things Journal,
5(6):4900–4913, 2018.
[34] J Qi, M Jianfeng, Y Chao, M Xindi, S Jian, and S.A Chaudhry. Efficient end-to-end authentication protocol for wearable health monitoring systems. Computers and Electrical Engineering, 63:182–195, 2017.
[35] J Wei, X Hu, and W Liu. An Improved Authentication Scheme for Telecare edicine Information Systems. Journal of Medical Systems, 36:3597–3604, 2012.
[36] https://kcitls.org/img/kci-mitm.png. (13 march), 2023.
[37] M Just and S Vaudenay. Authenticated multi-party key agreement. International Conference on the Theory and Application of Cryptology and Information Security, 1163:36–49, 2005.
[38] A.K Das, M Wazid, N Kumar, A.V Vasilakos, and J.J.P.C Rodrigues. Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment. IEEE Internet of Things Journal, 5(6):4900–4913, 2018.
[39] M Burrows, M Abadi, and R.M Needham. A logic of authentication. Proceedings Mathematical Physical and Engineering Sciences, 426:233–271, 1989.
[40] L Takkinen. Analysing Security Protocols with AVISPA. TKK T-110.7290 Research Seminar on Network Security, 12(1), 2006.
[41] C.J.F Cremers. The Scyther Tool: Verification, Falsification, and Analysis of Security protocols. International Conference on Computer Aided Verification, pages 414–418, 2008.
[42] R Kusters and T Truderung. Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation. 2009 22nd IEEE Computer Security Foundations Symposium, 2009.
[43] H Qiao, X Dong, Q Jiang, S Ma, C Liu, N Xi, and Y Shen. Anonymous Lightweight Authenticated Key Agreement Protocol for Fog- Assisted Healthcare IoT System. IEEE Internet of Things Journal, 10:16715–16726, 2023.
[44] T.Y Wu, L Wang, and C.M Chen. Enhancing the Security: A Lightweight Authentication and Key Agreement Protocol for Smart Medical Services in the IoHT. Mathematics, 11, 2023.
[45] D Dolev and A Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29:198–208, 1983.
[46] K Sowjanya, M Dasgupta, and S Ray. An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems. International Journal of Information Security, 19:129–146, 2020.