ECKCI: An ECC-Based Authenticated Key Agreement Scheme Resistant to Key Compromise Impersonation Attack for TMIS

The Internet of Things (IoT) is an innovation in technology. Continuous advancements based on the IoT cloud have revolutionized the lives of humans, and remote health monitoring of patients is no exception. The Telecare Medicine Information System (TMIS) allows physicians, other health care providers and patients to observe the medical data electronically. Therefore, security in remote medicine has always been a serious challenge. Recently, to make a secure communication system, biometrics-based schemes have played a crucial role in IoT, Wireless Sensor Networks (WSN), etc. are gaining popularity due to their authenticity and high security properties. Many key agreement schemes have been presented in this literature. These schemes are only for authorized access to medical services and initiate a session to negotiate a shared essential between users and servers. Recently, Xiong et al. and Mehmood et al. presented key exchange methods for healthcare applications that claimed these schemes provide greater privacy. However, we show that these schemes suffer from privacy issues and key compromise impersonation attacks. In this paper, to remove such restrictions, a novel scheme (ECKCI) based on Elliptic Curve Cryptography (ECC) with KCI resistance property was proposed. Furthermore, we demonstrate that the ECKCI not only overcomes problems such as key compromise impersonation attacks in previous protocols, but also resists all specific attacks. Finally, a suitable equilibrium between the performance and security of ECKCI in comparison with recently proposed protocols was obtained. Also, the simulation results with the Scyther and ProVerif tools show that the ECKCI is safe. (c) 2024 ISC. All rights reserved.