IEEE Access (Jan 2019)

Questioning Key Compromise Attack on Ostad-Sharif et al.’s Authentication and Session key Generation Scheme for Healthcare Applications

  • Saru Kumari,
  • Pradeep Chaudhary,
  • Chien-Ming Chen,
  • Muhammad Khurram Khan

DOI
https://doi.org/10.1109/ACCESS.2019.2905731
Journal volume & issue
Vol. 7
pp. 39717 – 39720

Abstract

Read online

Recently, Ostad-Sharif et al. pointed out the susceptibility of three different authentication schemes themed for telecare medicine/medical information systems to key compromise impersonation attack (KCIA). To further address this issue, they proposed an ECC-based authentication and key generation scheme for healthcare applications. In this paper, we show that Ostad-Sharif et al.'s scheme is not only affected with key compromise impersonation attack but also suffers from a key compromise password guessing attack. Several papers have been published by the researchers by applying KCIA on existing authentication protocols. Before any further move in research in this direction, researchers must contemplate about KCIA. We conclude this article with a rigorous analysis of KCIA along with two questions to ponderon for the research community working in this field.

Keywords