iconOpen Access

ARTICLE

Amassing the Security: An Enhanced Authentication and Key Agreement Protocol for Remote Surgery in Healthcare Environment

Tsu-Yang Wu1, Qian Meng1, Lei Yang1, Saru Kumari2, Matin Pirouz3,*

1 Shandong University of Science and Technology, Qingdao, 266400, China
2 Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India
3 California State University, Fresno, 93740, USA

* Corresponding Author: Matin Pirouz. Email: email

(This article belongs to the Special Issue: Internet of Things in Healthcare and Health: Security and Privacy)

Computer Modeling in Engineering & Sciences 2023, 134(1), 317-341. https://doi.org/10.32604/cmes.2022.019595

Abstract

The development of the Internet of Things has facilitated the rapid development of various industries. With the improvement in people’s living standards, people’s health requirements are steadily improving. However, owing to the scarcity of medical and health care resources in some areas, the demand for remote surgery has gradually increased. In this paper, we investigate remote surgery in the healthcare environment. Surgeons can operate robotic arms to perform remote surgery for patients, which substantially facilitates successful surgeries and saves lives. Recently, Kamil et al. proposed a secure protocol for surgery in the healthcare environment. However, after cryptanalyzing their protocol, we deduced that their protocols are vulnerable to temporary value disclosure and insider attacks. Therefore, we design an improved authentication and key agreement protocol for remote surgeries in the healthcare environment. Accordingly, we adopt the real or random (ROR) model and an automatic verification tool Proverif to verify the security of our protocol. Via security analysis and performance comparison, it is confirmed that our protocol is a relatively secure protocol.

Keywords


1  Introduction

As a novel paradigm, Internet of Things (IoT) [15] can effectively share data, coordinate and utilize resources. Simultaneously, in addition to reducing data transmission delay, the active of the emergence of the 5G [6] technology also improves the data transmission rate, which makes it possible to exchange of large amounts of data. This technology has been widely adopted in smart agriculture, smart cities, transportation, healthcare [7,8], artificial intelligence [911], etc., and has become an important part of people’s life.

Healthcare is an important application of the IoT. With the improvement of living standards, the requirements for medical and health care are gradually increasing. Today, there is a substantial demand for medical and health care systems. The application of IoT in healthcare involves the use of the most advanced internet technology to realize interactions between patients and doctors and medical institutions and medical equipment, which enables the informatization. With the help of IoT technology, artificial intelligence [12] and intelligent equipment, we can build a perfect IoT medical system to solve or reduce the problems of difficult medical treatment and tense doctor-patient relationships caused by the lack of medical resources. Although healthcare can provide people with significant convenience, several security problems [1317] exist, such as the disclosure of patients’ medical data and the tampering of patients’ medical schemes by illegal personnel of the system. Many researchers have proposed a large number of schemes [12,1820] to address the security problems inherent in the healthcare environment. However, some existing authentication and key agreement protocols have security vulnerabilities, such as against offline guessing, impersonation and insider attacks. Therefore, it is crucial to propose an AKA protocol to address these challenges.

Wu et al. [21] proposed an authentication scheme, suitable for telemedicine information systems (TMIS). However, Debiao et al. [22] have confirmed that their scheme is vulnerable to several security problems, such as impersonation attacks and insider attacks. To address these vulnerabilities, Debiao et al. [22] proposed an improved scheme, which is also applicable to TMIS. Wei et al. [23] proposed a protocol suitable for TMIS without the pre-deployment phase; however, Zhu et al. [24] verified that the protocol proposed by Wei et al. [23] could not resist offline password guessing attacks. Xu et al. [25] proposed an elliptic curve cryptography (ECC)-based scheme. They claimed that their protocol can effectively provide authentication and user anonymity. However, Islam et al. [26] pointed out that Xu et al.’s [25] scheme are vulnerable to replay attacks and smart card stolen attacks, incorrect password update phase, and failure to successfully complete mutual authentication. Subsequently, Islam et al. [26] proposed an improved protocol based on the that proposed by Xu et al. [25]. The protocol was also designed based on ECC. Li et al. [27] designed an authentication scheme based on chaotic mapping; however, Madhusudhan et al. [28] proved that their scheme cannot successfully resist password guessing attacks. Zhang et al. [29] designed a three factor lightweight authentication agreement to address the problem of user anonymity in the e-healthcate system. However, Aghili et al. [30] pointed out that the agreement of Zhang et al. [29] cannot resist denial of service attacks (DOS) and insider attacks, as well as provide user untraceability and desynchronization. Therefore, Aghili et al. [30] proposed an improved scheme, which can provide user anonymity and mutual authentication. Sharma et al. [31] proposed a healthcare service authentication scheme based on cloud Internet of things, but Azrour et al. [32] pointed out that Sharma et al.'s [31] scheme could not resist user impersonatin attacks and offline password guessing attacks. Soni et al. [33] designed an authentication scheme for patient monitoring, but unfortunately, their scheme was proved by Xu et al. [34] that it could not provide perfect forward security. Kaur et al. [35] designed a secure protocol to solve the problem of security authentication in remote surgery. Ali et al. [36] designed a symmetric encryption and decryption scheme for TMIS; however, Yu et al. [37] discovered that this scheme [36] cannot withstand session key exposure attacks, man in the middle attacks (MITM) and impersonation attacks. Masud et al. [38] proposed a lightweight identity authentication scheme based on IoT healthcare. However, this scheme has been proved by Kwon et al. [39] that there are many security problems, such as offline password guessing, user impersonation, insider attacks and cannot ensure user anonymity. We summarize the literature reviewed in Table 1.

images

Influenced by COVID-19, the demand for remote surgery [40,41] under healthcare environment is gradually increasing. At the same time, the 5G network technology can transmit information with high efficiency and low delay, thereby facilitating remote surgery. The application of a remote surgery is shown in the Fig. 1. Surgeons can operate robotic arms to perform remote surgery for patients, which enables a number patients infected with the virus to receive prompt treatment, reduces the spread of the virus, and provide the stable development of society. Although the development of this technology can bring several benefits, they are highly dependent on the network, and there will be some security problems. For example, if network delay occurs when a surgeon remotely manipulates a robotic arm to operate a patient, the surgeon cannot obtain feedback information in time, which will adversely affect the operation process and severely endanger the patient’s life. In addition, if an illegal surgeon manipulates the robotic arm or an unauthorized robotic arm is utilized, this will also threaten the safety of patients. Therefore, a secure lightweight authentication and key agreement protocol design is required to address these problems.

images

Figure 1: The application of a remote surgery

Recently, Kamil et al. [42] designed a lightweight authentication protocol that primarily solves identity authentication problem in remote surgery. Its remote surgery framework is illustrated in Fig. 2. This framework comprises four entities: a trusted authority (TA), surgeon, gateway, and robotic arm. All medical data during surgery is transmitted through tactile networks. To protect the security and privacy of medical data, the entire operation process needs to be completed under the detection of TA. Before surgery, surgeons and gateways, and the robotic arm must register with TA and obtain a legal identity. After each entity completes its registration, the surgeon, gateway, and robotic arm jointly decide on a session key to transmit data during surgery. They claim that their protocol is secure and efficient. However, we find that their protocol is vulnerable to temporary value disclosure attacks and insider attacks. In this paper, we propose an enhanced protocol suitable for this environment. Our contributions are: (1) We point out that Kamil et al.’s protocol has some security problems. (2) To solve these security problems, we propose an enhanced authentication protocol for remote surgery. Unlike Kamil et al.’s protocol, the registration phase of the robotic arm does not register with the TA via the gateway, because in an operating machine, the gateway and robotic arm are in the same system. We use ProVerif tool and ROR model to evaluate the security of the protocol. In addition, we use informal analysis to conduct a detailed security evaluation of the protocol, and prove that the protocol can resist common attacks, such as MIMT, replay attacks, impersonation attacks, insider attacks, etc. (3) Finally, through security and performance comparison, we find that our protocol is secure and suitable for the remote surgery environment.

images

Figure 2: Network model

The remainder of this paper are arranged as follows. In Section 2, we review the protocol proposed by Kamil et al. The cryptanalysis of their protocol is then comprehensively introduced in detail in Section 3. In Section 4, we introduce our proposed protocol. Then, Section 5 presents a few security analyses of our protocol, while the performance comparison is introduced in Section 6. Finally, Section 7 concludes this paper.

2  Review of Kamil el at. Protocol

In this section, we review the protocol presented by Kamil et al. [42]. This protocol comprises seven phases; however, in this paper, we only adopt four phases: surgeon registration phase, gateway and robotic arm registration phase, user login, authentication and key agreement phase.

2.1 Surgeon Registration Phase

Surgeons are required to register with the TA as legitimate users to utilize robotic arms for remote surgeries. Messages at this stage are transmitted on a secure channel. The detailed steps are presented as follows in Table 2:

(1)   Si selects IDi, PWi, and a random number bi, computes Di=h(IDibi), HPWi=h(PWibi), and then sends {Di,HPWi} to TA.

(2)   After receiving the message sent by Si, TA selects a random number ci, computes α=h(ciDk)h(DiHPWi), and β=cih(IDkDk), stores {α,β,h()} in the smart card (SC), and then sends SC to the user.

(3)   After receiving SC, Si computes A1=h(PWiIDi)bi, A2=h(biHPWiDi), and stores the {A1,A2} in the SC.

images

2.2 Gateway and Robotic Arm Registration Phase

At this phase, TA selects their respective identities for Gk and SNj, computes some private parameters, and then transmits these private parameters to Gk and SNj through secure channels. The detailed steps are presented as follows:

(1)   TA selects its own identity IDTA, a hash function h(), and IDj, IDk, respectively, for the identity of Gk and SNj, selects a random number s, computes Dk=h(sIDTAIDk), Dj=h(sIDTAIDj), and sends {IDk,Dk,IDj,Dj} to the gateway.

2)   After receiving the message sent by TA, Gk stores {IDk,Dk,IDj,Dj} in its own memory, and then sends {IDj,Dj} to RMj.

3)   RMj receives the message sent by Gk and stores {IDj,Dj} in its own memory.

2.3 Login and Authentication Phase

1)   Si inputs IDi,PWi, computes bi=A1h(PWiIDi), Di=h(IDibi), HPWi=h(PWibi), A2=h(biHPWiDi), and then performs authentication by checking A2=?A2. If the authentication is successful, Si selects a random number r1 and timestamp T1, and then computes A3=αh(DiHPWi), A4=βT1, A5=h(r1A3T1), and A6=(r1A5)A3. After completing computation, it transfers the message M1={A4,A5,A6,T1} through the common channel to Gk.

2)    After receiving the message M1 sent by Si, Gk first computes ci=A4h(IDkDk)T1, A3=h(ciDk), and r1A5=A6A3, and then verifies the timestamp |TkT1|=x<ΔT and A5=?A5, where A5=h(r1A3T1). If both are verified, Gk will select a random number r2 and timestamp T2, computes A7=cih(IDjDjr2r1T2), A8=Dj(r2r1T2), A9=h(IDjDjcir2T2), and then send the message M2={A7,A8,A9} to RMj through the common channel.

3)   After receiving message M2, RMj first computes r2r1T2=A8Dj and then verifies the timestamp |TRT2|=x<ΔT. If the validation is successful, RMj computes ci=A7h(IDjDjr2r1T2), A9=h(IDjDjcir2T2) and checks A9=?A9 to verify the identity of Gk. Subsequently, if the identification is successful, RMj selects a random number r2 and timestamp T3, computes K1=h(r2r1r3), A10=h(r2r3K1IDjDjT3), A11=(r3T3)r2, and then sends message M3={A10,A11} to Gk through the common channel.

4)   After receiving the message M3, Gk computes r3T3=A11r2 and verifies the timestamp |TkT3|=x<ΔT. If the verification is successful, Gk computes the session key K2=h(r2r1r3), then computes A10=h(r2r3K2IDjDjT3), and verifies the correctness of the session key through A10=?A10. After the successful verification, Gk selects the timestamp T4, computes A12=h(K2r2r3A9T4), A13=(r2r3T4)r1, and then transmits the message M4={A8,A12,A13} to Si through the common channel.

5)   After receiving the message M4, Si obtains the value of r2r3T4 by computing A13r1, and then verifies the timestamp |TST4|=x<ΔT. If the verification is successful, Si computes the session key K3=h(r2r3r1), A12=h(K3r2r3A9T4), and verifies whether the session key is correct by checking A12=?A12.

3  Cryptanalysis of Kamil et al.’s Protocol

In this section, based on the following attacker model [43], we analyze the security of the protocol proposed by Kamil et al. [42], and subsequently deduce that this protocol cannot resist temporary value disclosure attacks, insider attacks.

Attacker Model: Based on D-Y model [44], we define attacker A has the following capabilities:

1)   A can block, steal, change and replay messages transmitted via a common channel, but a cannot obtain information transmitted via a secure channel;

2)   A can steal the surgeon’s smart card and extract the information stored in the smart card through power analysis;

3)   A can be a malicious entity and can obtain the information stored in the gateway. A can also obtain the information stored in robotic arm’s memory.

3.1 Insider Attacks

Insider attacks refers to a malicious person in the system who obtains the information stored in the system by other entities, uses the messages on the public channel, and finally successfully calculates the session key. Suppose a malicious attack A in the hospital obtains the content {IDk,Dk,IDj,Dj} stored in the gateway during the registration phase, then he can launch the following attacks.

3.1.1 Impersonate the Surgeon

1)   A obtains the message {IDj,Dj} stored in the gateway, and messages M1={A4,A5,A6,T1} and M2={A7,A8,A9} on the common channel are also intercepted. Then, A can calculate r2r1T2=A8Dj, ci=A7h(IDjDjr2r1T2), β=A4T1, and A3=(r1A5)A6.

2)   A reselects a random number r1 and timestamp T1, then calculates A4=βT1, A5=h(r1A3T1), A6=(r1A5)A3, and then sends message M1={A4,A5,A6,T1} to Gk.

3)   After receiving message M1, Gk calculates ci=A4h(IDkDk)T1, A3=h(ciDk), r1A5=A6A3. Subsequently, Gk checks the timestamp |TkT1|=x<ΔT, if true, Gk verifies A5=?A5, where A5=h(r1A3T1). If the verification is successful, Gk selectes r2,T2, computes A7=cih(IDjDjr2r1T2), A8=Dj(r2r1T2), A9=h(IDjDjcir2T2), and then sends the message M2={A7,A8,A9} to SNj.

4)   After SNj receives M2, it calculates r2r1T2=A8Dj, and then checks |TRT2|=x<ΔT. If true, SNj verifies A9=?A9, where ci=A7h(IDjDjr2r1T2), A9=h(IDjDjcir2T2). If the verification is successful, SNj selects T3,r2, K1=h(r2r1r3), A10=h(r2r3K1IDjDjT3), A11=(r3T3)r2. Then it sends message M3={A10,A11} to Gk.

5)   After receiving M3, Gk calculates r3T3=A11r2 and checks |TkT3|=x<ΔT; if true, it calculates K2=h(r2r1r3). Gk verifies A10=?A10, where A10=h(r2r3K2IDjDjT3). If the verification is successful, Gk selects T4, calculates A12=h(K2r2r3A9T4), A13=(r2r3T4)r1, and then sends M4={A8,A12,A13} to Si.

6)   At this point, A intercepts the message M4 sent by Gk and calculates r2r3T4=A13r1, and the final session key K=h(r2r3r1).

3.1.2 Derive Session key

1.    A intercepts the message M2={A7,A8,A9} transmitted on the common channel. Accordingly, A can calculate r2r1T2=A8Dj.

2.    After r2 and r1 are calculated, A intercepts the message M3={A10,A11} transmitted on the common channel, and then calculates r3T3=A11r2. Therefore, A can calculate the session key K2=h(r2r1r3).

In summary, we logically infer that the protocol proposed by Kamil et al. [42] cannot resist privileged insider attacks.

3.2 Temperory Value Disclosure Attacks

Assuming that attacker A obtains the random number r1 selected by surgeon Sk in the login authentication phase, and intercepts the message A13 transmitted on the public channel, he can obtain the values of r2 and r3 by computing A13r1, and A can easily calculate the session key K=h(r2r3r1). Therefore, it can be concluded that their proposed protocol cannot resist the temporary value disclosure attacks.

4  The Proposed Protocol

In this section, we introduce the proposed protocol. The protocol comprises four phases: surgeon registration phase, gateway registration phase, robotic arm registration phase, login and authentication phase. Each phase will be comprehensively described in detail next.

4.1 Registration Phases

The registration phase mainly includes gateway registration, surgeon registration and robtic arm registration, which will be described in detail.

Surgeon Registration Phase: Before operating with a robotic arm, a surgeon must register with the TA as a legal user via a secure channel. Fig. 3 shows the surgeon’s registration process. The specific steps necessary for this registration are as follows:

1)   The surgeon Si selects his own IDi, PWi, BIOi, and a random number ai, and then computes Gen(BIOi)=(σi,τi), RPWi=h(PWiai), Ai=h(IDiRPWiσi), TRPWi=h(RPWiσi). Subsequently, TA sends {IDi,TRPWi} to TA.

2)   After receiving the information sent by Si, TA selects a random number bi, and then computes X=xh(biTRPWi), Bi=h(IDix)TRPWi, Di=biTRPWi. Subsequently, TA issues a smart card SC to the Si, stores {Bi,Di} into the SC, and sends it to Si.

3)   After receiving the SC sent by TA, the surgeon stores {Ai,τi} in the SC.

images

Figure 3: Surgeon registration

Gateway Registration Phase: Before being utilized, the gateway must register with the TA and generate some private data for the authentication phase. Fig. 4 shows gateway’s registration process. The specific steps required are as follows:

1.    The gateway selects its own IDk and sends it to the TA.

2.    After receiving the message sent by the gateway, TA selects a random number dk, computes Gk=h(IDkdk), Gx=Gkx, and then sends Gk,dk to the gateway.

3.    Subsequently, the gateway stores Gk,dk in its own memory.

images

Figure 4: Gateway registration phase

Robotic Arm Registration Phase: Because the robotic arm and gateway are in the same system, the robotic arm is solely required to register with the gateway via a secure channel. Fig. 5 shows robotic arm’s registration process. The specific steps required are comprehensively presented as follows:

1)   The robotic arm RMj selects its identity IDj and sends it to the gateway via a secure channel.

2)   After receiving a message sent by the robotic arm, gateway selects a random number cj, and computes x=h(IDkdk)Gx, Ej=h(IDjx), Fj=cjEj; subsequently, Gk stores Fj and then sends {Ej,Fj} to RMj.

3)   Finally RMj saves {Ej,Fj} in its memory.

images

Figure 5: Robotic arm registration phase

4.2 Login and Authentication Phase

Before performing long-distance operations, surgeons need to manipulate robotic arms via an access gateway. After Si logs into the system, Gk first verifies Si’s identity, and then sends an authentication request to RMj. After RMj completes the authentication, Gk sends an authentication message to Si. After mutual authentication, the three entities establish a common session key for communications. The specific login authentication and session key establishment process are shown in Table 3 and comprehensively described as follows:

1)   Si inputes IDi, PWi, inprints BIOi, and computes σi=Rep(BIOi,τi), RPWi=h(PWiai), Ai=h(IDiRPWiσi), Ai=h(IDiRPWiσi), by checking Ai=?Ai to verify whether the legality of Si’s identity. If the verification process is successful, Si selects a random number r1 and timestamp T1, computes TRPWi=h(RPWiσi), h(IDix)=BiTRPWi, bi=DiTRPWi, x=Xh(biTRPWi), C1=IDih(IDkx), C2=SIDjh(h(IDix)bi), C3=r1h(biIDi), C4=h(r1IDiIDjbiT1), and sends the message M1={Di,Bi,C1,C2,C3,C4,T1} to Gk.

2)   After receiving the message M1 sent by Si, Gk first checks the timestamp |T1Tk|=x<ΔT. If the verification is successful, it computes x=h(IDkdk)Gx, IDi=C1h(IDkx), TRPWi=Bih(IDix), bi=DiTRPWi, SIDj=C2h(h(IDix)bi), r1=C3h(biIDi), C4=h(r1IDiIDjbiT1), and checks C4=?C4 to verify Si. If the verification passes, Gk selects the timestamp T2 and random number r1, computes Ej=h(IDjx), cj=FjEj, PIDj=h(IDjcj), C5=r2PIDj, C6=h(PIDjr2cjT2), C7=r1h(r2cj), C8=h(bicj)h(IDjr2), and then sends the message M2={C5,C6,C7,C8,T2} to SNj.

3)   After receiving the message M2 sent by Gk, SNj first checks the timestamp |T2Tj|=x<ΔT. If the verification is successful, SNj computes cj=FjEj, PIDj=h(IDjcj), r2=C5PIDj, C6=h(PIDjr2cjT2), C6=?C6; if true Gk selects r3,T3, and verifies Gk’s identity by computing C6=?C6. If this verification is successful, SNj selects a random number r3 and timestamp T3, computes r1=C7h(r2cj), h(bicj)=C8h(IDjr2), SK=h(r1r2r3h(bicj), C9=h(SKh(bicj)T3), C10=r3h(r1IDj), and then sends the message M3={C9,C10,T3} to the gateway.

4)   After receiving the message M3 from SNj, Gk first checks the timestamp |T3Tk|=x<ΔT and computes r3=C10h(r1IDj), SK=h(r1r2r3h(bicj), C9=h(SKh(bicj)T3); subsequently, Gk verifies the identity of SNj by calculating C9=?C9. After successful verification, Gk selects T4, computes C11=r2h(TRPWir1), C12=h(bicj)h(biIDi), C13=h(SKr2r3T4), and sends message M4 to Si.

5)   When Si receives the message from Gk, it first validates the timestamp |T4Ti|=x<ΔT, then computes r3=C10h(r1IDj), r2=C11h(TRPWir1), h(bicj)=C12h(biIDi), SK=h(r1r2r3h(bicj)), C13=h(SKr2r3T4), and finally verifies C13=?C13. If the verification is successful, Si saves SK for future communication.

images

5  Security Analysis

In this section, we adopt Proverif, ROR model, and informal analysis to validate the security of our proposed protocol

5.1 Proverif

Four entities are adopted in our protocol: TA, Gk, Si and RMj. According to the registration and authentication processes of the four entities in the protocol, we utilize Proverif [45,46] to describe the entire protocol process, which is comprehensively presented below:

1)   ch and sch are used to represent common channel and secure channel, respectively. The registration phase is carried out on the secure channel, while the login and authentication phase is conducted on the public channel. The session key adopts SKi, SKj, and SKk to represent the session key of the surgeon, robotic arm, and gateway, respectively. We also define some operations, such as hash, XOR, etc. The defined query is adopted for security verification. The specific function definition is presented in Figs. 6a6c.

2)   Si’s process is illustrated in Fig. 7a.

3)   Gk’s process is presented in Fig. 7b.

4)   Rj’s process is illustrated in Fig. 7c.

5)   TA’s process is shown in Fig. 7d.

6)   Fig. 6d presents the obtained verification results. The final results are “Query not attacker (SKi[]) is true,” “Query not attacker (SKj[]) is true,” “Query not attacker (SKk[]),” “Query inj-event (SurgeonAuthed) ==> inj-event (SurgeonStarted) is true,” “Query inj-event (RMAcGateway) ==> inj-event(GatewayAcSurgeon) is true,” “Query inj-event(GatewayAcRM) ==> inj-event(RMAcGateway) is true,” and “Query inj-event(SurgeonAcGateway) ==> inj-event(GatewayAcRM) is true.” Therefore, our protocol can successfully pass the security verification of Proverif and resist attacks.

images

Figure 6: Definitions and results

images

Figure 7: Process

5.2 Formal Security Analysis

In this section, we perform a security analysis on the proposed protocol in the ROR [19,47] model to demonstrate the protocol’s security.

5.2.1 ROR Model

The proposed protocol contains four entities: a surgeon, gateway, TA, and robotic arm. In the ROR model, we adopt ΠDix, ΠRMjy, ΠGkz, and ΠTAn to denote the x-th doctor’s instance, y-th robot arm instance, z-th gateway, and the n-th TA, respectively. We assume that attacker A can possess the following query capabilities: Y=ΠDix, ΠRMjy, ΠGkz, and ΠTAn.

Execute(Y): If the attacker executes this query, it intercepts the messages transmitted between Si, Gk and SNj on the public channel. The specific query is shown in Table 4.

images

Send(Y,M): If the attacker executes this query, it sends the message M to Y, and can receive a response from Y. The specific query is shown in Table 5.

images

Hash(string): If an attacker executes this query, it enters a string and gets its hash value. The specific query is shown in Table 6.

images

Corrupt(Y): If an attacker executes this query, it obtains the private value of an entity, such as a long-term private key, a parameter stored in SC, or a temporary message. The specific query is shown in Table 6.

Test(Y): If the attacker executes this query, it flips a coin c. If c=1, A obtains the correct SK, and if c=0, A obtains a string with an equal length to the SK. The specific query is shown in Table 6.

5.2.2 Theorem

In the ROR model, if A can execute the queries Execute(Y), Send(Y,M), Hash(string), Corrupt(Y), and Test(Y), then the probability that the attacker can break the proposed protocol P in polynomial time is: AdvAP(ξ)qsend/2l2+3qhash2/2l1+2max{Cqsends,qsend/2l}. Here, qsend denotes the number of queries executed; qhash refers to the number of Hash executions; C’ and s’ are two constants, and l represents the bit length of the biological information [48].

5.2.3 Proof

We played five rounds of the game, GMi(i=0,1,2,3,4). SuccAGMi(ξ) is denoted as the probability that A can win in GMi. The detailed simulation steps of the query in the game are presented below.

GM0: This game commences by flipping a coin c. GM0 does not perform query; hence, we can obtain the probability that A can successfully break P as follows:

AdvAP(ξ)=|2Pr[SuccAGM0(ξ)]1|.(1)

GM1: GM1 is an execute query added to GM0. A can only intercept messages M1,M2,M3,M4 transmitted on the common channel in GM1. Subsequently, A will obtain SK by Test(Y) query; however, r1,r2,r3 cannot be obtained. Hence, the probability of GM1 is equal to that of GM0.

|Pr[SuccAGM1(ξ)]|=Pr[SuccAGM0(ξ)].(2)

GM2: GM2 is based on GM1 with the addition of Send query, and according to Zipf’s law [48], we can obtain the probability of GM2 as follows:

|Pr[SuccAGM2(ξ)]Pr[SuccAGM1(ξ)]|qsend/2l.(3)

GM3: GM3 is based on GM2 with the Hash query added and the Send query removed. According to the birthday paradox, we can get the probability of GM3 as:

|Pr[SuccAGM3(ξ)]Pr[SuccAGM2(ξ)]|qhash2/2l+1.(4)

GM4: In GM4, we analyze two events to verify the security of SK=h(r1r2r3h(bicj)). One is to verify perfect forward security by obtaining the long-term key x of TA, and the other is to obtain temporary information to verify that the protocol can resist temporary information disclosure attacks.

1)   Perfect forward security: A adopts ΠTAn to obtain the long-term key x of TA, or ΠDix, ΠRMjy or ΠGkz to obtain the private value of the registration phase.

2)   Temporary information disclosure attack: A adopts ΠDix, ΠRMjy or ΠGkz to obtain the temporary information of the three parties.

For the first event, even if A gets the long-term key x of TA, or the private values of both in the registration phase, the random numbers r1,r2 and r3 cannot be computed; hence, A cannot compute the value of SK, where SK=h(r1r2r3h(bicj)). For the second event, even if A can obtain r1, the values of r2,r3,bi, and cj are kept secret; hence, SK cannot be computed. Similarly, even if A can obtain r2 or r3, the value of SK cannot be computed. Accordingly, we can obtain the probability of GM4 as:

|Pr[SuccAGM4(ξ)]Pr[SuccAGM3(ξ)]|qsend/2l+qhash2/2l+1.(5)

GM5: In GM5, A adopts Corrupt(A) to query the smart card for parameters {ai,Ai,τi,Bi,Di,h()} and we show that that the proposed protocol is resistant to offline key guessing attacks. Si is registered using the password PWi and biometric Bioi. A attempts to guess Ai=h(IDiRPWiσi); however, IDi, RPWi and σi are kept secret. The probability that A guesses bits of biological information is: 1/2l [49]. In Zipf’s law [48], when qsend106, the probability that A can guess the password is greater than 0.5. Therefore, we can obtain the probability of GM5 as:

|Pr[SuccAGM5(ξ)]Pr[SuccAGM4(ξ)]|max{Cqsends,qsend/2l}(6)

GM6: In GM6, to verify whether the protocol P can resist the impersonate attack, A queries h(r1r2r3h(bicj)), and the game is terminated. Hence, we can obtain the probability of GM6 as:

|Pr[SuccAGM6(ξ)]Pr[SuccAGM5(ξ)]|qhash2/2l+1.(7)

Because the probabilities of the success and failure of GM6 are equal, the probability that A can guess the session key is:

Pr[SuccAGM6(ξ)]=1/2.(8)

According to the above formula, we can obtain

1/2AdvAP(ξ)=|Pr[SuccAGM0(ξ)]1/2|      =|Pr[SuccAGM0(ξ)]Pr[SuccAGM6(ξ)]|      =|Pr[SuccAGM1(ξ)]Pr[SuccAGM6(ξ)]|      i=05|Pr[SuccAGMi+1(ξ)]Pr[SuccAGMi(ξ)]|      =qsend/2l1+3qhash2/2l+max{Cqsends,qsend/2l}(9)

Therefore, we can obtain

AdvAP(ξ)qsend/2l2+3qhash2/2l1+2max{Cqsends,qsend/2l}.(10)

It is not difficult to infer that our protocol has successfully passed the security verification of ROR model, and that it can resist offline password guessing attacks, smart card stolen attacks, random number disclosure attacks, as well as provide perfect forward security.

5.3 Informal Security Analysis

In this section, we verify that our proposed protocol can resist some common attacks.

5.3.1 Impersonation Attacks

Attacker A is likely to impersonate any one of the surgeon, gateway, and sensor nodes.

1)   Impersonate Surgeon: An attacker A can attempt to impersonate a surgeon by intercepting a message M1={Di,Bi,C1,C2,C3,C4,T1} on the public channel. He attempts to compute C1=IDih(IDkx), C2=IDjh(h(IDix)bi), and C3=r1h(biIDi); however, A does not know the values of x, bi, and IDi, Consequently he cannot compute the values of C1,C2,C3, and C4 accurately. So he cannot calculate to re-initiate a new message M1. Therefore, attacker A cannot impersonate a legitimate surgeon.

2)   Impersonate gateway: An attacker A intercepts the message M2={C5,C6,C7,C8,T2} transmitted on the common channel, tries to compute PIDj=h(IDjcj), C6=h(PIDjr2cjT2), C7=r1h(r2cj), C8=h(bicj)h(IDjr2), and change some of its values. However, because A cannot obtain the value of cj, he cannot compute PIDj and r2, and thus cannot correctly compute the value of C6, therefore, they cannot re-initiate a message M2, as well as impersonate a legitimate gateway.

3)   Impersonate robotic arm: When an attacker A wants to impersonate a legitimate robotic arm, he does so by intercepting the message M3={C9,C10,T3} on the common channel and tries to compute C9, where C9=h(SKh(bicj)T3) is the value for which gateway authenticates the RMj, but he cannot compute to get the values of r1,r2 and h(bicj), so SK=h(r1r2r3h(bicj)) and C9 cannot be computed. Therefore, attacker A cannot re-initiate a message M3, so he cannot successfully impersonate a legitimate robotic arm.

Therefore, we can conclude that our protocol can successfully resist impersonation Attacks.

5.3.2 Man-in-the-Middle Attacks

If an attacker A wants to launch a man-in-the-middle attack, he can do so by intercepting message M1={Di,Bi,C1,C2,C3,C4,T1} on the common channel and trying to turn M1 into M1 by changing the value of r1 or T1. But A does not know the values of messages {IDi,TRPWi,Di}, so he cannot compute bi=DiTRPWi, x=h(IDkdk)Gx, C2=IDjh(h(IDix)bi), C3=r1h(biIDi), and C4=h(r1IDiIDjbiT1). In this case, A also cannot compute and change M2,M3 and M4, so our protocol can resist the man-in-the-middle attacks.

5.3.3 User Anonymity

Since no information about Si’s identity is directly stored in Si’s smart card, an attacker cannot obtain Si’s identity information through smart card stolen attacks. Moreover, although A can intercept the message M1={Di,Bi,C1,C2,C3,C4,T1} on the public channel, A does not know the values of x and IDk; hence the attacker cannot obtain the IDi of Si by computing IDi=C1h(IDkx). Therefore, our protocol can provide user anonymity.

5.3.4 Insider Attacks

We assume that attacker A obtains the information {Gx,dk,Fj} stored by the gateway in the registration phase, but since A does not know x, he cannot compute cj=FjEj, PIDj=h(IDjcj), and the values of r1,r2,r3 are also unknown to A, so A cannot compute the session key SK=h(r1r2r3h(bicj). Therefore, our protocol is resistant to insider attacks.

6  Security and Performance Comparison

In this section, we compare the security and performance with the protocols of Sharma et al. [31], Soni et al. [33], Kaur et al. [35], Masud et al. [38] and Kamil et al. [42], which are applicable to the healthcare environment. The detailed results of the comparison are comprehensively described in subsections.

6.1 Security Comparison

In this subsection, we compare the security of these five protocols. and × are used to indicate whether certain safety characteristics are satisfied. Implies that this characteristic is not considered. The comparison results are shown in Table 7. As can be seen from the table, Sharma et al. [31] protocol cannot resist user impersonation attacks and offline password guessing attacks. The protocol of Soni et al. [33] cannot provide perfect forward security. The protocol proposed by Masud et al. [38] cannot resist user impersonation attacks, offline password guessing attacks and insider attacks, and cannot provide user anonymity. The protocol of Kamil et al. [42] cannot resist insider attacks and temporary value disclosure attacks. The protocol in [35] and our protocol are secure.

images

6.2 Performance Comparison

Here, we compare the performance of these five protocols from two aspects: computional cost and communicational cost.

We adopted a computer with Windows10 operating system, Intel (R) core (TM) i5- 8500CPU@ 3.00 GHz 3.00 G processor, and 8 G memory. The development software we use was IntelliJ idea version 2019.3, which is based on the call of Java pairing library, signature library, and symmetric encryption/decryption function. We ran various operations on the computer 50 times, and then use the average value as the reference time for calculating the computional cost. In addition, we approximate the operation time of the fuzzy extractor to the calculation time of point multiplication, and the computational cost of XOR and join operations is negligible. Based on the results in Table 8, we can drive the comparative results of computational cost in Table 9 and Fig. 8 (original). The reason why the computational cost of protocols [33] and [35] is very high is that they both use point multiplication, and protocol a also uses symmetric encryption and decryption, which leads to great computational overhead. The reason why the computational cost of our protocol is higher than that of protocols [31,33] and [42] is that we use a fuzzy extractor, which occupy some computational overhead, and they only use one-way hash functions, resulting in slightly higher computational cost.

images

images

images

Figure 8: Results

For the communicational cost, we established that the output length of the single hash function H is 256 bits, T represents the timestamp, with a length of 32 bits, ID represents the length of the identity and is 256 bits, the length of encryption operation E is 256 bits, the length of group G is 1024 bits, and s represents the string with a length of 160 bits. According to the above definitions, Table 10 and Fig. 10 comprehensively show the results.

images

To sum up: Table 7 shows the comparison results of security. Table 9 and Fig. 9 are the comparison results of computational cost. Table 10 and Fig. 10 are the comparison results of communication cost. Although the computing cost of Sharma et al. [31] protocol is lower than ours, its security is not as good as ours, and the communication is also higher than ours; The protocols of Soni et al. [33] is not as good as our protocols in terms of security and performance; Although the protocol of Kaur et al. [35] is more secure and the communication cost is lower than ours, its computing cost is very high; Although the computational cost of Masud et al. [38] protocol is lower than ours, it has security problems and higher communication cost than ours; Although the protocol of Kamil et al. [42] has high performance and is better than ours, its security is worse than ours.

images

Figure 9: The comparison results of computational cost

images

Figure 10: The comparison results of communication cost

7  Conclusion

In this paper, through the cryptanalysis of the protocol proposed by Kamil et al., we determined that their protocol cannot resist temporary value disclosure attacks and insider attacks. Then, we designed a novel authentication and key agreement protocol for remote surgeries in tactile network environments. We verified the security of our protocol via informal security analysis, and the ROR model and Proverif conducted formal security analysis on our protocol to further validate the security of the protocol. Finally, the performance comparison further indicates that our protocol is more suitable for tactile network environments. Furthermore, we hope that our research results will provide guidance for the development of intelligent medicine.

Funding Statement: The authors received no specific funding for this study.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.

References

 1.  Xiong, H., Wu, Y., Jin, C., Kumari, S. (2020). Efficient and privacy-preserving authentication protocol for heterogeneous systems in Iot. IEEE Internet of Things Journal, 7(12), 11713–11724. DOI 10.1109/JIoT.6488907. [Google Scholar] [CrossRef]

 2.  Xiong, H., Zhao, Y., Hou, Y., Huang, X., Jin, C. et al. (2020). Heterogeneous signcryption with equality test for iiot environment. IEEE Internet of Things Journal, 8(21), 16142–16152. DOI 10.1109/JIOT.2020.3008955. [Google Scholar] [CrossRef]

 3.  Xue, X., Wu, X., Jiang, C., Mao, G., Zhu, H. (2021). Integrating sensor ontologies with global and local alignment extractions. Wireless Communications and Mobile Computing, 2021, 6625184. DOI 10.1155/2021/6625184. [Google Scholar] [CrossRef]

 4.  Luo, Y., Weimin, Z., Chen, Y. C. (2021). An anonymous authentication and key exchange protocol in smart grid. Journal of Network Intelligence, 6(2), 2414–8105. [Google Scholar]

 5.  Wu, T. Y., Lee, Y. Q., Chen, C. M., Tian, Y., Al-Nabhan, N. A. (2021). An enhanced pairing-based authentication scheme for smart grid communications. Journal of Ambient Intelligence and Humanized Computing, 1–13. DOI 10.1007/s12652-020-02740-2. [Google Scholar] [CrossRef]

 6.  Wu, T. Y., Lee, Z., Obaidat, M. S., Kumari, S., Kumar, S. et al. (2020). An authenticated key exchange protocol for multi-server architecture in 5G networks. IEEE Access, 8, 28096–28108. DOI 10.1109/Access.6287639. [Google Scholar] [CrossRef]

 7.  Wu, J. M. T., Srivastava, G., Jolfaei, A., Fournier-Viger, P., Lin, J. C. W. (2021). Hiding sensitive information in ehealth datasets. Future Generation Computer Systems, 117, 169–180. DOI 10.1016/j.future.2020.11.026. [Google Scholar] [CrossRef]

 8.  Wu, J. M. T., Tsai, M. H., Xiao, S. H., Liaw, Y. P. (2020). A deep neural network electrocardiogram analysis framework for left ventricular hypertrophy prediction. Journal of Ambient Intelligence and Humanized Computing, 1–17. DOI 10.1007/s12652-020-01826-1. [Google Scholar] [CrossRef]

 9.  Meng, Z., Pan, J. S., Tseng, K. K. (2019). Pade: An enhanced differential evolution algorithm with novel control parameter adaptation schemes for numerical optimization. Knowledge-Based Systems, 168, 80–99. DOI 10.1016/j.knosys.2019.01.006. [Google Scholar] [CrossRef]

10. Pan, J. S., Liu, N., Chu, S. C., Lai, T. (2021). An efficient surrogate-assisted hybrid optimization algorithm for expensive optimization problems. Information Sciences, 561, 304–325. DOI 10.1016/j.ins.2020.11.056. [Google Scholar] [CrossRef]

11. Wu, J., Xu, M., Liu, F. F., Huang, M., Ma, L. et al. (2021). Solar wireless sensor network routing algorithm based on multi-objective particle swarm optimization. Journal of Information Hiding and Multimedia Signal Processing, 12(1), 1–11. [Google Scholar]

12. Xue, X., Zhang, J. (2021). Matching large-scale biomedical ontologies with central concept based partitioning algorithm and adaptive compact evolutionary algorithm. Applied Soft Computing, 106, 107343. DOI 10.1016/j.asoc.2021.107343. [Google Scholar] [CrossRef]

13. Gritzalis, S., Lambrinoudakis, C., Lekkas, D., Deftereos, S. (2005). Technical guidelines for enhancing privacy and data protection in modern electronic medical environments. IEEE Transactions on Information Technology in Biomedicine, 9(3), 413–423. DOI 10.1109/TITB.2005.847498. [Google Scholar] [CrossRef]

14. Pan, J. S., Sun, X. X., Chu, S. C., Abraham, A., Yan, B. (2021). Digital watermarking with improved SMS applied for QR code. Engineering Applications of Artificial Intelligence, 97, 104049. DOI 10.1016/j.engappai.2020.104049. [Google Scholar] [CrossRef]

15. Zhang, Z., Chen, S., Sun, X., Liang, Y., Zhang, Z. et al. (2021). Trajectory privacy protection based on spatial-time constraints in mobile social networks. Journal of Network Intelligence, 6(3), 485–499. [Google Scholar]

16. Elshafey, M. A., Amein, A. S., Badran, K. S. (2021). Universal image steganography detection using multimodal deep learning framework. Journal of Information Hiding and Multimedia Signal Processing, 12(3), 152–161. [Google Scholar]

17. Chen, C. M., Deng, X., Kumar, S., Kumari, S., Islam, S. (2021). Blockchain-based medical data sharing schedule guaranteeing security of individual entities. Journal of Ambient Intelligence and Humanized Computing, 1–10. DOI 10.1007/s12652-021-03448-7. [Google Scholar] [CrossRef]

18. Shamshad, S., Ayub, M. F., Mahmood, K., Kumari, S., Chaudhry, S. A. et al. (2021). An enhanced scheme for mutual authentication for healthcare services. Digital Communications and Networks, DOI 10.1016/j.dcan.2021.07.002. [Google Scholar] [CrossRef]

19. Wu, T. Y., Wang, T., Lee, Y. Q., Zheng, W., Kumari, S. et al. (2021). Improved authenticated key agreement scheme for fog-driven IOT healthcare system. Security and Communication Networks, 2021, 6658041. DOI 10.1155/2021/6658041. [Google Scholar] [CrossRef]

20. Wu, T. Y., Yang, L., Lee, Z., Chen, C. M., Pan, J. S. et al. (2021). Improved ecc-based three-factor multiserver authentication scheme. Security and Communication Networks, 2021, 6627956. DOI 10.1155/2021/6627956. [Google Scholar] [CrossRef]

21. Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1529–1535. DOI 10.1007/s10916-010-9614-9. [Google Scholar] [CrossRef]

22. He, D. B., Chen, J. H., Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995. DOI 10.1007/s10916-011-9658-5. [Google Scholar] [CrossRef]

23. Wei, J., Hu, X., Liu, W. (2012). An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3597–3604. DOI 10.1007/s10916-012-9835-1. [Google Scholar] [CrossRef]

24. Zhu, Z. (2012). An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3833–3838. DOI 10.1007/s10916-012-9856-9. [Google Scholar] [CrossRef]

25. Xu, X., Jin, Z. P., Zhang, H., Zhu, P. (2014). A dynamic ID-based authentication scheme based on ECC for telecare medicine information systems. Applied Mechanics and Materials, 457, 861–866. DOI 10.4028/AMM.457-458.861. [Google Scholar] [CrossRef]

26. Islam, S. H., Khan, M. K. (2014). Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. Journal of Medical Systems, 38(10), 1–16. DOI 10.1007/s10916-014-0135-9. [Google Scholar] [CrossRef]

27. Li, C. T., Lee, C. C., Weng, C. Y., Chen, S. J. (2016). A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. Journal of Medical Systems, 40(11), 1–10. DOI 10.1007/s10916-016-0586-2. [Google Scholar] [CrossRef]

28. Madhusudhan, R., Nayak, C. S. (2019). A robust authentication scheme for telecare medical information systems. Multimedia Tools and Applications, 78(11), 15255–15273. DOI 10.1007/s11042-018-6884-6. [Google Scholar] [CrossRef]

29. Zhang, L., Zhang, Y., Tang, S., Luo, H. (2017). Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement. IEEE Transactions on Industrial Electronics, 65(3), 2795–2805. DOI 10.1109/TIE.2017.2739683. [Google Scholar] [CrossRef]

30. Aghili, S. F., Mala, H., Shojafar, M., Peris-Lopez, P. (2019). Laco: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IOT. Future Generation Computer Systems, 96, 410–424. DOI 10.1016/j.future.2019.02.020. [Google Scholar] [CrossRef]

31. Sharma, G., Kalra, S. (2019). A lightweight user authentication scheme for cloud-IOT based healthcare services. Iranian Journal of Science and Technology, Transactions of Electrical Engineering, 43(1), 619–636. DOI 10.1007/s40998-018-0146-5. [Google Scholar] [CrossRef]

32. Azrour, M., Mabrouki, J., Chaganti, R. (2021). New efficient and secured authentication protocol for remote healthcare systems in cloud-IOT. Security and Communication Networks, 2021, 5546334. DOI 10.1155/2021/5546334. [Google Scholar] [CrossRef]

33. Soni, P., Pal, A. K., Islam, S. H. (2019). An improved three-factor authentication scheme for patient monitoring using WSN in remote health-care system. Computer Methods and Programs in Biomedicine, 182, 105054. DOI 10.1016/j.cmpb.2019.105054. [Google Scholar] [CrossRef]

34. Xu, G., Wang, F., Zhang, M., Peng, J. (2020). Efficient and provably secure anonymous user authentication scheme for patient monitoring using wireless medical sensor networks. IEEE Access, 8, 47282–47294. DOI 10.1109/Access.6287639. [Google Scholar] [CrossRef]

35. Kaur, K., Garg, S., Kaddoum, G., Guizani, M. (2020). Secure authentication and key agreement protocol for Tactile Internet-based tele-surgery ecosystem. 2020 IEEE International Conference on Communications (ICC), pp. 1–6. Dublin, Ireland. DOI 10.1109/ICC40277.2020.9148835. [Google Scholar] [CrossRef]

36. Ali, Z., Hussain, S., Rehman, R. H. U., Munshi, A., Liaqat, M. et al. (2020). ITSSAKA-MS: An improved three-factor symmetric-key based secure AKA scheme for multi-server environments. IEEE Access, 8, 107993–108003. DOI 10.1109/ACCESS.2020.3000716. [Google Scholar] [CrossRef]

37. Yu, S., Park, Y. (2020). Comments on “ITSSAKA-MS: An improved three-factor symmetric-key based secure AKA scheme for multi-server environments”. IEEE Access, 8, 193375–193379. DOI 10.1109/ACCESS.2020.3032959. [Google Scholar] [CrossRef]

38. Masud, M., Gaba, G. S., Choudhary, K., Hossain, M. S., Alhamid, M. F. et al. (2021). Lightweight and anonymity-preserving user authentication scheme for IOT-based healthcare. IEEE Internet of Things Journal, 9, 2649–2656. DOI 10.1109/JIOT.2021.3080461. [Google Scholar] [CrossRef]

39. Kwon, D., Park, Y., Park, Y. (2021). Provably secure three-factor-based mutual authentication scheme with PUF for wireless medical sensor networks. Sensors, 21(18), 6039. DOI 10.3390/s21186039. [Google Scholar] [CrossRef]

40. Anvari, M., Broderick, T., Stein, H., Chapman, T., Ghodoussi, M. et al. (2005). The impact of latency on surgical precision and task completion during robotic-assisted remote telepresence surgery. Computer Aided Surgery, 10(2), 93–99. DOI 10.3109/10929080500228654. [Google Scholar] [CrossRef]

41. Wazid, M., Das, A. K., Lee, J. H. (2019). User authentication in a tactile internet based remote surgery environment: Security issues, challenges, and future research directions. Pervasive and Mobile Computing, 54, 71–85. DOI 10.1016/j.pmcj.2019.02.004. [Google Scholar] [CrossRef]

42. Kamil, I. A., Ogundoyin, S. O. (2021). A lightweight mutual authentication and key agreement protocol for remote surgery application in tactile internet environment. Computer Communications, 170, 1–18. DOI 10.1016/j.comcom.2021.01.025. [Google Scholar] [CrossRef]

43. Chaudhry, S. A. (2021). Combating identity de-synchronization: An improved lightweight symmetric key based authentication scheme for IOV. Journal of Network Intelligence, 6(4), 656–667. [Google Scholar]

44. Dolev, D., Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208. DOI 10.1109/TIT.1983.1056650. [Google Scholar] [CrossRef]

45. Blanchet, B. (2008). A computationally sound mechanized prover for security protocols. IEEE Transactions on Dependable and Secure Computing, 5(4), 193–207. DOI 10.1109/TDSC.2007.1005. [Google Scholar] [CrossRef]

46. Abadi, M., Fournet, C. (2001). Mobile values, new names, and secure communication. ACM Sigplan Notices, 36(3), 104–115. DOI 10.1145/373243.360213. [Google Scholar] [CrossRef]

47. Canetti, R., Goldreich, O., Halevi, S. (2004). The random oracle methodology, revisited. Journal of the ACM, 51(4), 557–594. DOI 10.1145/1008731.1008734. [Google Scholar] [CrossRef]

48. Wang, D., Cheng, H., Wang, P., Huang, X., Jian, G. (2017). Zipf’s law in passwords. IEEE Transactions on Information Forensics and Security, 12(11), 2776–2791. DOI 10.1109/TIFS.2017.2721359. [Google Scholar] [CrossRef]

49. Odelu, V., Das, A. K., Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966. DOI 10.1109/TIFS.2015.2439964. [Google Scholar] [CrossRef]


Cite This Article

APA Style
Wu, T., Meng, Q., Yang, L., Kumari, S., Pirouz, M. (2023). Amassing the security: an enhanced authentication and key agreement protocol for remote surgery in healthcare environment. Computer Modeling in Engineering & Sciences, 134(1), 317-341. https://doi.org/10.32604/cmes.2022.019595
Vancouver Style
Wu T, Meng Q, Yang L, Kumari S, Pirouz M. Amassing the security: an enhanced authentication and key agreement protocol for remote surgery in healthcare environment. Comput Model Eng Sci. 2023;134(1):317-341 https://doi.org/10.32604/cmes.2022.019595
IEEE Style
T. Wu, Q. Meng, L. Yang, S. Kumari, and M. Pirouz, “Amassing the Security: An Enhanced Authentication and Key Agreement Protocol for Remote Surgery in Healthcare Environment,” Comput. Model. Eng. Sci., vol. 134, no. 1, pp. 317-341, 2023. https://doi.org/10.32604/cmes.2022.019595


cc Copyright © 2023 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1322

    View

  • 697

    Download

  • 1

    Like

Share Link