Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103759

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:It is tricky to determine whether two ciphertexts contain the same message when the messages are encrypted with different public keys. public key encryption with equality test (PKEET) addresses this problem without decryption. By integrating PKEET with identity-based encryption, identity-based encryption with equality test (IBEET) simplifies the certificate management in PKEET. In this paper, we first propose an IBEET scheme that can resist offline message recovery attacks (OMRA) and requires neither the dual-tester setting nor the group mechanism. With the help of some mathematical assumptions, we demonstrate the security of our scheme. Experiment results reveal that our scheme is efficient. From the perspective of usability, we explain why our scheme is more appropriate to be applied in healthcare social Apps than other OMRA-resistant schemes.

Yuyang Zhou,Liang Zhao,Yuqiao Jin,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2022.05.007

IF: 8.1

2022-08-01

Information Sciences

Abstract:The wireless body area network (WBAN) provides users with real-time medical services. Meanwhile, the cloud technology provides greater storage space and computing power for medical data. Both of them have contribute to the development of telemedicine. In a cloud-assisted WBAN, the open network environment and the semi-trust cloud service providers expose the user’s private medical data to backdoor adversaries who can make exfiltration attacks, such as the algorithm substitution attack (ASA) through the process of data sharing. Therefore, it is necessary to find a secure and efficient medical data sharing scheme for the huge amount of medical data. In this paper, we first design an identity-based proxy re-encryption scheme with cryptographic reverse firewall (IBPRE-CRF), then show the application in a multiple-access telemedicine data sharing scenario. Security analysis shows that the IBPRE-CRF scheme provides chosen plaintext attack security and resists exfiltration attacks. Performance analysis shows that the IBPRE-CRF scheme has a significant communication and computational cost advantage while being resistant to exfiltration attacks in clouds. Therefore, our IBPRE-CRF scheme is suitable for telemedicine data sharing in a cloud-assisted WBAN.

computer science, information systems

Dey, Joydeep

DOI: https://doi.org/10.1007/s11277-024-11574-6

IF: 2.017

2024-09-20

Wireless Personal Communications

Abstract:In these crucial times of COVID-19, cryptographic and nature inspired innovations help to communicate confidential data in the wireless telemedicine. The novel corona virus had entirely shattered all segments of life in the entire world. In the medical sciences, patients are more advised to take telemedicine supports. Cardiac patients are very much prone to corona virus. They need to transmit confidential medical data for their online treatments. Such heterogeneous cardiac information is to be protected with patients' confidentiality. It is very noteworthy to impose high security features on the COVID-19 "New Normal" telecardiology. In this paper, we have designed a cryptographic system based on metaheuristic Harmony search algorithm and tree parity machines. It has been proposed to counter attack against different security hazards in online medical transactions during this tremendous flooded COVID-19 time. The proposed method has been modularized into four modules. These are: Neuro-Metaheuristic Session Key (NMSK) generation, Cryptographic Engineering, Frame format generation, and authentication and decryption phase. Harmony search with tree parity machines were used to generate the key i.e. NMSK. A new state-of-art sharing was proposed to dilute the information contents inside the telemedicine networks against the intruders. Moreover, the proposed state-of-art sharing exhibits the complete bi-partite graph property. A rigorous frame format has been placed before the encrypted message inside the COVID-19 telecardiology. Different types of statistical and mathematical tests were carried out on the proposed technique to prove its efficacy. Thus, the proposed cryptographic system acts as a reinforcement of security mechanism in COVID-19 telecardiology.

telecommunications

Hanlin Chen,Ding Ding,Lei Zhang,Cheng Zhao,Xin Jin

DOI: https://doi.org/10.1016/j.compeleceng.2021.107659

2022-03-01

Abstract:This paper designs and implements a secure and resource-efficient communication scheme for electrocardiogram (ECG) telemedicine systems. In the authentication and key agreement phase, a novel reusable Improved Juels-Sudan (IJS) fuzzy extractor with the Shared Random Bio-pool (SRB) technique is proposed to prevent the information leakage of personal biometrics. By exploiting the dynamical biometric model (DBM) for generating synthetic ECG signals, the reusable IJS fuzzy extractor could accomplish identity authentication, generation and distribution of keys, and periodic rekeying in a zero-leakage, user no-involvement and efficient way. In data encryption and transmission phase, a Task Migration Deployment Strategy (TMDS) is adopted to improve the efficiency of various resources. Experiments show that the scheme has high security, including information zero-leakage, low false acceptance rate (FAR) and false rejection rate (FRR), as well as saves various resources with a ratio of 385.8:1, which improves by at least 294.8% compared to the existing schemes.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Nanjing University,Wang Ming,Zhong Hong,Zhong Sheng

DOI: https://doi.org/10.1007/s11704-020-9396-2

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:1 Introduction With the rapid development of cloud computing,more and more data are stored in cloud servers as cyphertexts for stor-age[1,2].However,it faces enormous challenges regarding ci-phertext analysis.For example,in the cloud medical services,authorized medical institutions(AMIs)need analyze medical records to figure out gender and age information on patients with the same disease.On account of privacy protection for pa-tients,hospitals should encrypt each medical record,and upload the ciphertext to the cloud server,followed by the application of public key encryption with equality test(PKEET)[3,4]to get the encrypted medical records with the same disease.However,frequent operations of equality testing will result in off-line key-word guessing attacks(KGAs)[5],thus making insider attack-ers snatch users'confidential information because the keyword space of diseases is far smaller than key space.

H O Alanazi,A A Zaidan,B B Zaidan,M L Mat Kiah,S H Al-Bakri

DOI: https://doi.org/10.1007/s10916-014-0165-3

Abstract:This study has two objectives. First, it aims to develop a system with a highly secured approach to transmitting electronic medical records (EMRs), and second, it aims to identify entities that transmit private patient information without permission. The NTRU and the Advanced Encryption Standard (AES) cryptosystems are secured encryption methods. The AES is a tested technology that has already been utilized in several systems to secure sensitive data. The United States government has been using AES since June 2003 to protect sensitive and essential information. Meanwhile, NTRU protects sensitive data against attacks through the use of quantum computers, which can break the RSA cryptosystem and elliptic curve cryptography algorithms. A hybrid of AES and NTRU is developed in this work to improve EMR security. The proposed hybrid cryptography technique is implemented to secure the data transmission process of EMRs. The proposed security solution can provide protection for over 40 years and is resistant to quantum computers. Moreover, the technique provides the necessary evidence required by law to identify disclosure or misuse of patient records. The proposed solution can effectively secure EMR transmission and protect patient rights. It also identifies the source responsible for disclosing confidential patient records. The proposed hybrid technique for securing data managed by institutional websites must be improved in the future.

Hu Xiong,Yingzhe Hou,Xin Huang,Yanan Zhao,Chien-Ming Chen

DOI: https://doi.org/10.1109/jsyst.2020.3048972

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:The signcryption protocols supporting the equality test are only for a single system rather than a flexible heterogeneous environment of wireless body area networks (WBANs). In this article, this problem is efficiently addressed through a proposed heterogeneous signcryption scheme from identity-based cryptosystem (IBC) to public key infrastructure (PKI) with an equality test (HSCIP-ET) for WBANs. Our scheme allows the sensors planted or worn by a user in the IBC system to signcrypt sensitive data using the public key of the management center in the PKI system, and then uploading it to the cloud server. Subsequently, the equality test can be executed by the cloud server on diverse ciphertexts to determine whether they contain the identical plaintext and return the corresponding result after receiving a request from an application provider. Furthermore, a rigorous analysis and an experimental comparison demonstrate the security and efficiency of the HSCIP-ET approach, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Zhen Yan,Xijun Lin,Xiaoshuai Zhang,Jianliang Xu,Haipeng Qu

DOI: https://doi.org/10.3390/e26010074

IF: 2.738

2024-01-16

Entropy

Abstract:The identity-based encryption with equality test (IBEET) has become a hot research topic in cloud computing as it provides an equality test for ciphertexts generated under different identities while preserving the confidentiality. Subsequently, for the sake of the confidentiality and authenticity of the data, the identity-based signcryption with equality test (IBSC-ET) has been put forward. Nevertheless, the existing schemes do not consider the anonymity of the sender and the receiver, which leads to the potential leakage of sensitive personal information. How to ensure confidentiality, authenticity, and anonymity in the IBEET setting remains a significant challenge. In this paper, we put forward the concept of the identity-based matchmaking encryption with equality test (IBME-ET) to address this issue. We formalized the system model, the definition, and the security models of the IBME-ET and, then, put forward a concrete scheme. Furthermore, our scheme was confirmed to be secure and practical by proving its security and evaluating its performance.

physics, multidisciplinary

Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Zhang Wenhua,Mohammad Kamrul Hasan,Norleyza Binti Jailani,Shayla Islam,Nurhizam Safie,Hussain Mobarak Albarakati,Abeer Aljohani,Muhammad Attique Khan

DOI: https://doi.org/10.1016/j.chb.2024.108134

IF: 9.9

2024-01-04

Computers in Human Behavior

Abstract:Telehealth, a cornerstone of Healthcare 4.0 has widespread adoption owing to its convenience and efficiency. However, the secure transmission of patient records over the Internet and Cloud services remains a paramount concern. This study endeavors to design an enhanced security model that guarantees the privacy and confidentiality of patient electronic health records in telehealth applications. The proposed model employs a lightweight encryption algorithm to generate an access token that strictly regulates data access exclusively to the patient's department. Leveraging the patient's unique ID for encryption and decryption processes, the model ensures the secure handling of sensitive information. Robust data privacy measures are implemented through a random key generator utilizing the patient's ECG signal for secure key generation. Test results underscore the efficacy of the proposed security model in limiting access to patient-related data within the designated department. Furthermore, the model employs an efficient encryption algorithm, resulting in a 0.2% increase in generation rate compared to previous models, while reducing CPU usage by 23.16%. These enhancements significantly bolster the reliability and efficiency of the security model, providing robust safeguards for patient electronic health records' privacy and confidentiality during transmission across diverse telehealth applications. This study makes a substantial contribution to healthcare by addressing critical concerns surrounding patient privacy and confidentiality. The designed security model stands poised for seamless integration into various telehealth applications, offering a steadfast solution for data privacy and confidentiality concerns.

psychology, multidisciplinary, experimental

Abeer D. Algarni,Naglaa F. Soliman,Hanaa A. Abdallah,Fathi E. Abd El-Samie

DOI: https://doi.org/10.1007/s11042-020-09369-5

IF: 2.577

2020-11-27

Multimedia Tools and Applications

Abstract:Multimedia security has been extensively used in content protection, image authentication, data hiding and signal encryption. Similarly, transmission of biomedical data or information remotely for healthcare applications should be secure. One of the important medical signals that need to be transmitted to healthcare centers is the Electrocardiogram (ECG) signal. This paper is concerned mainly with ECG signal encryption for security applications. The paper presents three cryptosystems for ECG signal encryption based on the fusion of ECG signals with other masking signals that are rich in activities such as speech signals. The common thread between these cryptosystems is the operation on sample values of the ECG signal rather than adopting encoding and decoding schemes, and this saves much time and is more immune to both noise and hacking scenarios. The proposed cryptosystems are compared to the encryption technique that uses 1-D logistic map. The performances of the proposed cryptosystems are evaluated through simulation experiments in terms of histogram, structural similarity index, Signal-to-Noise Ratio (SNR), log-likelihood ratio, spectral distortion and correlation coefficient. It is clear from the experiments that the utilization of more levels of encryption increases the security.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Sha Ma,Zhiqing Ye,Qiong Huang,Chengyu Jiang

DOI: https://doi.org/10.1016/j.ins.2024.120099

IF: 8.1

2024-01-13

Information Sciences

Abstract:Text similarity measures have become increasingly pivotal in text-related research and applications, encompassing tasks such as information retrieval, text classification, document clustering. Unveiling the equality relationship between encrypted words is fundamental for ensuring privacy-preserving text similarity. Identity-based encryption with equality test (IBEET) emerges as a promising solution for computing similarity over encrypted data in cloud environment. However, prevalent IBEET schemes often lack control over the lifespan of trapdoors, potentially leading to misuse and unauthorized disclosure of users' privacy. In this paper, we introduce a novel primitive known as controllable forward secure identity-based encryption with equality test (CFS-IBEET), designed to support both permanent trapdoor and temporary trapdoor. We present a concrete CFS-IBEET scheme based on bilinear pairing and conduct a comprehensive security analysis against two types of adversaries in random oracle model. The comprehensive performance evaluation shows that our CFS-IBEET scheme offers significant advantages of high efficiency of encryption, decryption, trapdoor generation and test algorithms as well as the guarantee of controllable forward security, showcasing its applicability for collaborative filtering recommendation system in E-commerce age.

computer science, information systems

Shaofen Xie,Faguo Wu,Xiao Zhang,Wang Yao,Zhiming Zheng

DOI: https://doi.org/10.1109/iceiec.2019.8784488

2019-01-01

Abstract:Recently, how to share the encrypted data efficiently from the cloud service provider becomes a hot topic, and massive research works have studied on Equality Test for encryption files of secure cloud storage. The basic idea of sharing information is to find the encrypted target information. Considering the scheme of identity-based encryption with equal test (IBEET) is defined as a feasible scheme, but it can only search for ciphertext composed of identical plaintext. However, the above technologies have seriously affected information sharing, because it greatly limits the search scope. Especially in some special areas, such as medical industries, doctors need to share similar medical information for auxiliary treatment and autonomous learning to improve the personal business ability. We propose the similarity test for sharing the privacy-preserving medical information in cloud environment. Our scheme proposal focuses on the Locality-Sensitive Hashing function to generate the index for protecting the upload information. In addition, our scheme utilizes the identity based on NTRU encryption to achieve resistance to quantum attacks.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Shahzad Khan,Waseem Iqbal,Abdul Waheed,Gulzar Mehmood,Shawal Khan,Mahdi Zareei,Rajesh Roshan Biswal

DOI: https://doi.org/10.3390/s22010336

2022-01-03

Abstract:The ever-growing ecosystem of the Internet of Things (IoT) integrating with the ever-evolving wireless communication technology paves the way for adopting new applications in a smart society. The core concept of smart society emphasizes utilizing information and communication technology (ICT) infrastructure to improve every aspect of life. Among the variety of smart services, eHealth is at the forefront of these promises. eHealth is rapidly gaining popularity to overcome the insufficient healthcare services and provide patient-centric treatment for the rising aging population with chronic diseases. Keeping in view the sensitivity of medical data, this interfacing between healthcare and technology has raised many security concerns. Among the many contemporary solutions, attribute-based encryption (ABE) is the dominant technology because of its inherent support for one-to-many transfer and fine-grained access control mechanisms to confidential medical data. ABE uses costly bilinear pairing operations, which are too heavy for eHealth's tiny wireless body area network (WBAN) devices despite its proper functionality. We present an efficient and secure ABE architecture with outsourcing intense encryption and decryption operations in this work. For practical realization, our scheme uses elliptic curve scalar point multiplication as the underlying technology of ABE instead of costly pairing operations. In addition, it provides support for attribute/users revocation and verifiability of outsourced medical data. Using the selective-set security model, the proposed scheme is secure under the elliptic curve decisional Diffie-Hellman (ECDDH) assumption. The performance assessment and top-ranked value via the help of fuzzy logic's evaluation based on distance from average solution (EDAS) method show that the proposed scheme is efficient and suitable for access control in eHealth smart societies.

Samia A. El-Moneim Kabel,Ghada M. El-Banby,Lamiaa A. Abou Elazm,Walid El-Shafai,Nirmeen A. El-Bahnasawy,Fathi E. Abd El-Samie,Atef Abou Elazm,Ali I. Siam,Mohamed A. Abdelhamed

DOI: https://doi.org/10.1038/s41598-024-54830-2

IF: 4.6

2024-05-14

Scientific Reports

Abstract:Reinforcement of the Internet of Medical Things (IoMT) network security has become extremely significant as these networks enable both patients and healthcare providers to communicate with each other by exchanging medical signals, data, and vital reports in a safe way. To ensure the safe transmission of sensitive information, robust and secure access mechanisms are paramount. Vulnerabilities in these networks, particularly at the access points, could expose patients to significant risks. Among the possible security measures, biometric authentication is becoming a more feasible choice, with a focus on leveraging regularly-monitored biomedical signals like Electrocardiogram (ECG) signals due to their unique characteristics. A notable challenge within all biometric authentication systems is the risk of losing original biometric traits, if hackers successfully compromise the biometric template storage space. Current research endorses replacement of the original biometrics used in access control with cancellable templates. These are produced using encryption or non-invertible transformation, which improves security by enabling the biometric templates to be changed in case an unwanted access is detected. This study presents a comprehensive framework for ECG-based recognition with cancellable templates. This framework may be used for accessing IoMT networks. An innovative methodology is introduced through non-invertible modification of ECG signals using blind signal separation and lightweight encryption. The basic idea here depends on the assumption that if the ECG signal and an auxiliary audio signal for the same person are subjected to a separation algorithm, the algorithm will yield two uncorrelated components through the minimization of a correlation cost function. Hence, the obtained outputs from the separation algorithm will be distorted versions of the ECG as well as the audio signals. The distorted versions of the ECG signals can be treated with a lightweight encryption stage and used as cancellable templates. Security enhancement is achieved through the utilization of the lightweight encryption stage based on a user-specific pattern and XOR operation, thereby reducing the processing burden associated with conventional encryption methods. The proposed framework efficacy is demonstrated through its application on the ECG-ID and MIT-BIH datasets, yielding promising results. The experimental evaluation reveals an Equal Error Rate (EER) of 0.134 on the ECG-ID dataset and 0.4 on the MIT-BIH dataset, alongside an exceptionally large Area under the Receiver Operating Characteristic curve (AROC) of 99.96% for both datasets. These results underscore the framework potential in securing IoMT networks through cancellable biometrics, offering a hybrid security model that combines the strengths of non-invertible transformations and lightweight encryption.

multidisciplinary sciences

Hu Xiong,Yingzhe Hou,Xin Huang,Yanan Zhao

DOI: https://doi.org/10.1016/j.vehcom.2020.100264

IF: 6.7

2020-12-01

Vehicular Communications

Abstract:<p>To provide a classification function that has the ability to promote the management of signcrypted messages transmitted by the numerous vehicles in the IoV system, in this paper, we construct an identity-based signcryption with equality test scheme (IBSC-ET) for the first time. Our scheme not only ensures the integrity, confidentiality as well as authentication of messages, but also enables the cloud server to execute the equality test between two ciphertexts signcrypted by the same or different public keys to decide whether the same plaintext is contained, which is counted as the essential factor contributing to the classification. Besides, the identity-based mechanism greatly improves the efficiency since the certificate management problem is avoided. Furthermore, the security of the introduced scheme can be proved in the random oracle model under the Computational Diffie-Hellman Assumption (CDHA) as well as the Bilinear Diffie-Hellman Assumption (BDHA). In the end, the feasibility and efficiency of our proposed are demonstrated through the performance analysis.</p>

telecommunications,transportation science & technology

Zahraa M. Yahya,Mohammed F. Al-Gailani

DOI: https://doi.org/10.26636/jtit.2024.2.1491

2024-04-17

Journal of Telecommunications and Information Technology

Abstract:High security solutions are highly important in wireless medical environments, since patient data is confidential, sensitive and must be transmitted over a secure connection. Accordingly, a hybrid encryption method is proposed to ensure data confidentiality (RSA-2048 for key exchange using ACL in SDN with the addition of AES-256-CTR and a hashed secret key for data encryption), and the encrypted data is stored in a private blockchain with the DBFT consensus algorithm to ensure the integrity of data before it being accessed by a doctor's application which decrypts and displays the relevant information. The system was programmed using Python, in an NS3.37 simulator installed on Ubuntu with a MySQL database created using the Apache XAMPP. The product turned out to be a highly secure system for transmitting data from a medical sensor to the doctor's application, offering a throughput of approximately 9 Gbps for both encryption and decryption tasks, while the processing time equaled 0.014 μs per a 128-bit block size for both encryption and decryption, with latency amounting to 0.14 s per 1 KB of data, and the blockchain agreement time equaling 4 ms per 1 KB.

Mahdi Nikooghadam,Haleh Amintoosi

DOI: https://doi.org/10.48550/arXiv.1906.08424

2019-06-20

Abstract:Telecare medical information systems are gaining rapid popularity in terms of providing the delivery of online health-related services such as online remote health profile access for patients and doctors. Due to being installed entirely on Internet, these systems are exposed to various security and privacy threats. Hence, establishing a secure key agreement and authentication process between the patients and the medical servers is an important challenge. Recently, Khatoon <a class="link-external link-http" href="http://et.al" rel="external noopener nofollow">this http URL</a> proposed an ECC-based unlink-able authentication and key agreement method for healthcare related application in smart city. In this article, we provide a descriptive analysis on their proposed scheme and prove that Khatoon et al.'s scheme is vulnerable to known-session-specific temporary information attack and is not able to provide perfect forward secrecy.

Cryptography and Security