IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v11y2023i15p3314-d1204864.html
   My bibliography  Save this article

Cryptanalysis of Two Privacy-Preserving Authentication Schemes for Smart Healthcare Applications

Author

Listed:
  • Feihong Xu

    (School of Artificial Intelligence, Wuchang University of Technology, Wuhan 430223, China)

  • Junwei Luo

    (School of Computing Technologies, RMIT University, Melbourne, VIC 3083, Australia)

  • Rahman Ziaur

    (School of Computer Science, Queensland University of Technology, Brisbane, QLD 4000, Australia)

Abstract

Ensuring the secure sharing of privacy-sensitive healthcare data is attracting considerable interest from researchers. Recently, Ogundoyin et al. designed a lightweight privacy-preserving authentication scheme named PAASH for smart health applications. Benil et al. proposed a public verification and auditing scheme named ECACS for securing e-health systems. Ogundoyin et al. and Benil et al. proposed an efficient certificateless aggregate signature (CLAS) scheme as their respective foundation signature schemes. They declared that their constructions were provably secure under the hardness assumption of cryptographic problems. In this work, we disprove their claim by analyzing the correctness and security of their underlying CLAS schemes. We first show that the batch verification process of n signatures for the CLAS scheme in PAASH is incorrect, and any public-key replacement attacker can easily break the scheme. We analyze the reasons for our attack and propose an improved scheme, named PAASH + . We then show that the CLAS scheme in ECACS fails to achieve correctness, an essential property that a cryptographic scheme should provide. As a result, it is impractical to deploy the designed PAASH and ECACS constructions in any real smart health applications.

Suggested Citation

  • Feihong Xu & Junwei Luo & Rahman Ziaur, 2023. "Cryptanalysis of Two Privacy-Preserving Authentication Schemes for Smart Healthcare Applications," Mathematics, MDPI, vol. 11(15), pages 1-12, July.
  • Handle: RePEc:gam:jmathe:v:11:y:2023:i:15:p:3314-:d:1204864
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/11/15/3314/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2227-7390/11/15/3314/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Beibei Yuan & Hui Huang & Chenhuang Wu, 2023. "A New Conditional Privacy-Preserving Certificateless Aggregate Signature Scheme in the Standard Model for VANETs," Mathematics, MDPI, vol. 11(23), pages 1-18, November.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:11:y:2023:i:15:p:3314-:d:1204864. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.