Cryptoanalysis on a Cloud-Centric Internet-of-Medical-Things-Enabled Smart Healthcare System

• Published in: IEEE access Vol. 10; pp. 23618 - 23624
• Main Authors: Xu, Ronghua, Ren, Qiaochuan
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Authentication; Cloud computing; Cryptography; Digital signatures; Health care; Intelligent sensors; Internet of medical things; Internet of Medical Things (IoMT); Medical services; Privacy; Security; Security analysis; Sensors; Servers; smart healthcare system
• ISSN: 2169-3536; 2169-3536
• DOI: 10.1109/ACCESS.2022.3154466

The interconnecting of the biomedical sensors (in healthcare system) with cloud for the internet-of-medical-things (IoMT) technology has great potential to ameliorate people's living conditions. The privacy-preserving of personal health information (PHI) and the mutual authentication between the sensors and other entities are two main factors that affect the further applications of cloud-centric IoMT technology. In the recent work [IEEE IoT Journal, vol. 7(10), 10650-10659, 2020], Kumar and Chand applied identity-based aggregate signcryption scheme to the smart healthcare system (KC-system, for short), which provides privacy-preserving of PHI and the mutual authentication function, simultaneously. However, in this paper, we carefully analyze the security of KC-system and find out that the critical authentication keys of entities can be easily recovered from their communication contents. In other words, the mutual authentication function of KC-system can be easily broken. Moreover, the recovering of the keys will lead to the tedious processes, including obtaining partial private key (from network manager) and requesting for key-protection (from key-protection servers), become completely useless. Finally, we also twist their protocol into a new one, which can be proven secure against the previous attack.