Comment on Chen et al.'s Authentication Protocol for Internet of Health Things

TL;DR

This paper critically analyzes Chen et al.'s lightweight authentication protocol for the Internet of Medical Things, revealing security vulnerabilities that compromise patient data privacy and system integrity.

Contribution

It provides a detailed critique of Chen et al.'s scheme, demonstrating its weaknesses against specific security attacks.

Findings

Chen et al.'s protocol is vulnerable to known session-specific attacks.

The scheme is susceptible to stolen verifier attacks.

Security flaws compromise confidentiality and authentication.

Abstract

The Internet of Medical Things has revolutionized the healthcare industry, enabling the seamless integration of connected medical devices and wearable sensors to enhance patient care and optimize healthcare services. However, the rapid adoption of the Internet of Medical Things also introduces significant security challenges that must be effectively addressed to preserve patient privacy, protect sensitive medical data, and ensure the overall reliability and safety of Internet of Medical Things systems. In this context, a key agreement protocol is used to securely establish shared cryptographic keys between interconnected medical devices and the central system, ensuring confidential and authenticated communication. Recently Chen et al. proposed a lightweight authentication and key agreement protocol for the Internet of health things. In this article, we provide a descriptive analysis of their proposed scheme and prove that Chen et al.'s scheme is vulnerable to Known session-specific temporary information attacks and stolen verifier attacks.