Cryptanalysis of Khatoon et al.'s ECC-based Authentication Protocol for Healthcare Systems

Abstract: Telecare medical information systems are gaining rapid popularity in terms of providing the delivery of online health-related services such as online remote health profile access for patients and doctors. Due to being installed entirely on Internet, these systems are exposed to various security and privacy threats. Hence, establishing a secure key agreement and authentication process between the patients and the medical servers is an important challenge. Recently, Khatoon et.al proposed an ECC-based unlink-able authentication and key agreement method for healthcare related application in smart city. In this article, we provide a descriptive analysis on their proposed scheme and prove that Khatoon et al.'s scheme is vulnerable to known-session-specific temporary information attack and is not able to provide perfect forward secrecy.