Security Analysis on A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems

The Internet of Things (IoT) facilitates different devices and objects to get connected with the Internet. This connectivity helps to switch data via various emerging technologies, which shapes the vision of intelligent identification into reality. As a foremost base of the IoT, the wireless sensor networks (WSNs) have been practiced in various fields, such as smart transportation and smart healthcare. Due to rapid development of WSNs and wireless medical sensor networks (WMSNs), etc., the data security issues and challenges, such as leakage of secret data, have also gained the serious attention of the researchers. Recently, the researchers have devised various authentication protocols for WMSNs, but many of them have serious security flaws. In order to overcome the security flaws of recently designed protocols, Li et al. (IEEE Syst. J., vol. 14, no. 1, pp. 39-50, Mar. 2020) presented a three-factor user authentication protocol for WMSN. Their work claimed that their proposed protocol not only offers user anonymity but also prevents sensor node impersonation attack. In this paper, we present the detailed security analysis of Li et al.'s protocol, which shows that their protocol fails to resist sensor node impersonation attack and does not offer user anonymity. At the end, we suggest the suitable remedy to overcome the deficiencies present in Li et al.'s protocol.

Automated summary

The Internet of Things facilitates the connection of different devices with the Internet, with wireless sensor networks being applied in smart fields. Researchers introduced a three-factor user authentication protocol for WMSN, but it has security flaws.