Cryptoanalysis on a Cloud-Centric Internet-of-Medical-Things-Enabled Smart Healthcare System

Abstract

The interconnecting of the biomedical sensors (in healthcare system) with cloud for the internet-of-medical-things (IoMT) technology has great potential to ameliorate people's living conditions. The privacy-preserving of personal health information (PHI) and the mutual authentication between the sensors and other entities are two main factors that affect the further applications of cloud-centric IoMT technology. In the recent work [IEEE IoT Journal, vol. 7(10), 10650-10659, 2020], Kumar and Chand applied identity-based aggregate signcryption scheme to the smart healthcare system (KC-system, for short), which provides privacy-preserving of PHI and the mutual authentication function, simultaneously. However, in this paper, we carefully analyze the security of KC-system and find out that the critical authentication keys of entities can be easily recovered from their communication contents. In other words, the mutual authentication function of KC-system can be easily broken. Moreover, the recovering of the keys will lead to the tedious processes, including obtaining partial private key (from network manager) and requesting for key-protection (from key-protection servers), become completely useless. Finally, we also twist their protocol into a new one, which can be proven secure against the previous attack.