<p>Telemonitoring in the Internet of Medical Things (IoMT) requires secure and efficient authentication and key agreement protocols to ensure timely access to sensitive resources–such as patients’ medical records–by authorized groups of physicians. Recently, Chen and Lee proposed an anonymous, group-oriented, time-bound key agreement protocol based on extended chaotic maps, claiming to achieve a high level of security. In this article, we are the first, to the best of our knowledge, to rigorously examine the actual security of this scheme by revealing critical vulnerabilities affecting seven of the eight stated security objectives in its design. Specifically, we demonstrate that the protocol is susceptible to replay, traceability, information disclosure, and impersonation attacks. As a consequence of the impersonation attack, when group members attempt to access a legitimate service provider, an adversary can successfully redirect them to a counterfeit one. Such an attack could have serious implications for patient care, as physicians might receive incorrect medical records purportedly associated with their patients. We implemented the Chen–Lee’s protocol on a Raspberry Pi–based testbed and demonstrated several practical attacks, confirming its weaknesses in real-world scenarios. To mitigate these vulnerabilities, we propose modifications that address the identified flaws while preserving the overall structure of the original protocol. The communications and computation overhead of the proposed protocol is approximately 4% higher than that of the Chen–Lee protocol.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Designing a secure anonymous group-oriented key agreement protocol for the internet of medical things

  • Masoumeh Safkhani,
  • Carmen Camara,
  • Nasour Bagheri,
  • Pedro Peris-Lopez,
  • Alireza Javadi

摘要

Telemonitoring in the Internet of Medical Things (IoMT) requires secure and efficient authentication and key agreement protocols to ensure timely access to sensitive resources–such as patients’ medical records–by authorized groups of physicians. Recently, Chen and Lee proposed an anonymous, group-oriented, time-bound key agreement protocol based on extended chaotic maps, claiming to achieve a high level of security. In this article, we are the first, to the best of our knowledge, to rigorously examine the actual security of this scheme by revealing critical vulnerabilities affecting seven of the eight stated security objectives in its design. Specifically, we demonstrate that the protocol is susceptible to replay, traceability, information disclosure, and impersonation attacks. As a consequence of the impersonation attack, when group members attempt to access a legitimate service provider, an adversary can successfully redirect them to a counterfeit one. Such an attack could have serious implications for patient care, as physicians might receive incorrect medical records purportedly associated with their patients. We implemented the Chen–Lee’s protocol on a Raspberry Pi–based testbed and demonstrated several practical attacks, confirming its weaknesses in real-world scenarios. To mitigate these vulnerabilities, we propose modifications that address the identified flaws while preserving the overall structure of the original protocol. The communications and computation overhead of the proposed protocol is approximately 4% higher than that of the Chen–Lee protocol.