Cryptanalysis on Secure ECC based Mutual Authentication Protocol for Cloud-Assisted TMIS

TL;DR

This paper critically analyzes a recent ECC-based mutual authentication protocol for cloud-assisted TMIS, revealing significant security flaws such as health report revelation and confidentiality issues.

Contribution

It provides a detailed cryptanalysis of Kumar et al.'s protocol, identifying critical vulnerabilities and security weaknesses.

Findings

Identified health report revelation attack vulnerability

Discovered report confidentiality issues

Highlighted the need for improved security in ECC-based TMIS protocols

Abstract

The creation of TMIS (Telecare Medical Information System) makes it simpler for patients to receive healthcare services and opens up options for seeking medical attention and storing medical records with access control. With Wireless Medical Sensor Network and cloud-based architecture, TMIS gives the chance to patients to collect their physical health information from medical sensors and also upload this information to the cloud through their mobile devices. The communication is held through internet connectivity, therefore security and privacy are the main motive aspects of a secure cloud-assisted TMIS. However, because very sensitive data is transmitted between patients and doctors through the cloud server, thus security protection is important for this system. Recently, Kumar et al designed a mutual authentication protocol for cloud-assisted TMIS based on ECC [2]. In this paper, we revisited this scheme and traced out that their scheme has some significant pitfalls like health report revelation attack, and report confidentiality. In this study, we will provide the cryptanalysis of the scheme developed by Kumar et al.