Wireless medical sensor networks (WMSNs) play an important role in collecting healthcare data of the remote patient and\ntransmitting them to the medical professional for proper diagnosis via wireless channel. To protect the patientâ??s healthcare data\nwhich is private-related and sensitive, some authentication schemes for healthcare systems using WMSN have been proposed to\nensure the secure communication between the medical sensors and the medical professional. Since cryptanalyzing the security\ndefects of authenticated protocols is crucial to put forward solutions and propose truly robust protocols, we scrutinize two stateof-\nthe-art authentication protocols using WMSN for healthcare systems. Firstly, we examine Ali et al.â??s enhanced three-factor\nbased authentication protocol and show that although it provides a formal proof and a security verification, it still fails to resist\noffline dictionary guessing attack, desynchronization attack, and privileged insider attack and contains a serious flaw in the\npassword change phase. Secondly, we investigate Shuai et al.â??s lightweight and three-factor based authentication protocol and\npoint out that it cannot achieve high security level as they claimed; it is actually subject to offline dictionary guessing attack and\nprivileged insider attack, and it also has a design flaw in the password change phase. In addition, we suggest several countermeasures\nto thwart these security weaknesses in these two schemes for WMSN and the similar kinds.
Loading....