Cryptanalysis of Khatoon et al.'s ECC-based Authentication Protocol for Healthcare Systems

Haleh Amintoosi; Mahdi Nikooghadam

arxiv: 1906.08424 · v1 · pith:54FOMZC2new · submitted 2019-06-20 · 💻 cs.CR

Cryptanalysis of Khatoon et al.'s ECC-based Authentication Protocol for Healthcare Systems

Mahdi Nikooghadam , Haleh Amintoosi This is my paper

Pith reviewed 2026-05-25 20:04 UTC · model grok-4.3

classification 💻 cs.CR

keywords cryptanalysisECC-based authenticationhealthcare systemsknown-session-specific temporary information attackperfect forward secrecykey agreement protocol

0 comments

The pith

Khatoon et al.'s ECC authentication scheme for healthcare is vulnerable to known-session-specific temporary information attack and lacks perfect forward secrecy.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper examines an ECC-based unlinkable authentication and key agreement scheme proposed by Khatoon et al. for telecare medical information systems. It shows that the scheme can be attacked when an adversary gains access to temporary session information such as ephemeral keys or nonces. The authors prove that this allows recovery of the session key and that the scheme cannot guarantee perfect forward secrecy. Such vulnerabilities matter for systems handling private health data over the internet.

Core claim

The paper proves that Khatoon et al.'s scheme is vulnerable to known-session-specific temporary information attack and is not able to provide perfect forward secrecy.

What carries the argument

Known-session-specific temporary information attack on the ECC-based key agreement, where leaking ephemeral values allows computation of the shared session key.

Load-bearing premise

The attacker is able to obtain session-specific temporary information such as ephemeral keys or nonces from a compromised session.

What would settle it

Finding that the session key remains secure even after an adversary obtains all session-specific temporary information would disprove the vulnerability claim.

read the original abstract

Telecare medical information systems are gaining rapid popularity in terms of providing the delivery of online health-related services such as online remote health profile access for patients and doctors. Due to being installed entirely on Internet, these systems are exposed to various security and privacy threats. Hence, establishing a secure key agreement and authentication process between the patients and the medical servers is an important challenge. Recently, Khatoon et.al proposed an ECC-based unlink-able authentication and key agreement method for healthcare related application in smart city. In this article, we provide a descriptive analysis on their proposed scheme and prove that Khatoon et al.'s scheme is vulnerable to known-session-specific temporary information attack and is not able to provide perfect forward secrecy.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is the first published cryptanalysis of Khatoon et al.'s 2019 ECC healthcare protocol, showing a known-session-specific temporary information attack and lack of perfect forward secrecy.

read the letter

The key takeaway is that this paper is the first to document attacks on Khatoon et al.'s 2019 ECC-based authentication and key agreement scheme for telecare medical information systems. Specifically, it shows vulnerability to a known-session-specific temporary information attack and demonstrates that the scheme fails to provide perfect forward secrecy. What the paper does well is provide a direct, descriptive analysis based on the protocol's messages and operations. It identifies where an adversary with access to session-specific temporary data, such as ephemeral keys or nonces, can compromise the system. This matches the standard model for such cryptanalyses and does not introduce any new or questionable assumptions. The work is new in the sense that these particular attacks on this scheme have not appeared in the prior literature it cites. The analysis avoids circularity by grounding everything in the equations of the target protocol. Soft spots are limited. The main one is that the abstract does not lay out the complete attack steps or any formal reductions, so a reader would need the full text to check every claim in detail. That said, the structure of the claims looks solid and proportionate to the evidence presented. This paper is aimed at researchers in applied cryptography who focus on authentication protocols for healthcare applications. Anyone reviewing or designing similar systems would benefit from knowing these weaknesses. I would bring this to a reading group on protocol security. I would not cite it unless referencing the specific attacks in a comparison. It deserves peer review because it flags real issues in a published scheme with practical implications for medical systems.

Referee Report

1 major / 1 minor

Summary. The manuscript presents a cryptanalysis of Khatoon et al.'s ECC-based unlinkable authentication and key agreement scheme for healthcare applications. It claims that the scheme is vulnerable to the known-session-specific temporary information attack and fails to achieve perfect forward secrecy, based on a descriptive analysis of the protocol.

Significance. If the attacks are correctly shown, the work contributes to the security evaluation of authentication protocols in telecare medical information systems by identifying concrete weaknesses related to temporary information leakage and forward secrecy. This can guide improvements in protocol design for smart-city healthcare systems.

major comments (1)

[Abstract] Abstract: the central claims of vulnerability to known-session-specific temporary information attack and lack of perfect forward secrecy are stated, but the text provides no explicit derivation steps, message flows, or computations from Khatoon et al.'s scheme that demonstrate how an adversary exploits the temporary information or violates forward secrecy. Without these load-bearing details the claims cannot be verified.

minor comments (1)

The manuscript is very brief; expanding the analysis section with the protocol review and attack steps would improve readability and verifiability.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their review and the opportunity to clarify our manuscript. We address the major comment point by point below.

read point-by-point responses

Referee: [Abstract] Abstract: the central claims of vulnerability to known-session-specific temporary information attack and lack of perfect forward secrecy are stated, but the text provides no explicit derivation steps, message flows, or computations from Khatoon et al.'s scheme that demonstrate how an adversary exploits the temporary information or violates forward secrecy. Without these load-bearing details the claims cannot be verified.

Authors: The abstract is a concise summary of the paper's contributions and claims. The explicit review of Khatoon et al.'s scheme (including message flows and computations) appears in Section 2, while the detailed cryptanalysis steps demonstrating the known-session-specific temporary information attack and the failure of perfect forward secrecy are given in Section 3. These sections supply the derivation steps and adversary actions needed for verification of the claims. revision: no

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The paper conducts a direct descriptive cryptanalysis of the target protocol's messages and equations to exhibit specific vulnerabilities (known-session-specific temporary information attack and absence of perfect forward secrecy). No load-bearing step reduces by construction to a self-definition, fitted input, or self-citation chain; the analysis references only the external scheme's structure and standard adversary models without internal renaming or ansatz smuggling. The derivation remains self-contained against the cited protocol.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The work relies on the standard Dolev-Yao adversary model and common ECC hardness assumptions; no new entities or fitted parameters are introduced.

axioms (1)

domain assumption Standard Dolev-Yao adversary model in which the attacker can intercept, modify, and obtain session-specific temporary values
Invoked implicitly when describing the known-session-specific temporary information attack.

pith-pipeline@v0.9.0 · 5648 in / 1069 out tokens · 41854 ms · 2026-05-25T20:04:26.857342+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

6 extracted references · 6 canonical work pages

[1]

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

OstadSharif, A, AbbasinezhadMood, D, Nikooghadam, M. An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC. Int J Commun Syst. 32:e3913. https://doi.org/10.1002 /dac.3913, (2019)

work page 2019
[2]

An eﬃcient improvement remote us er mutual authentication and session key agreement scheme for E-healthcare systems

Ravanbakhsh N, Nazari M. An eﬃcient improvement remote us er mutual authentication and session key agreement scheme for E-healthcare systems. Multimed Tools Appl. vol. 77, no. 1, pp. 5588, (2018)

work page 2018
[3]

, Khan, M.K., An enhanced lightw eight anonymous biometric based authentication scheme for TMIS, Multimed Tools Appl v ol

Chaudhry, S.A., Naqvi, H. , Khan, M.K., An enhanced lightw eight anonymous biometric based authentication scheme for TMIS, Multimed Tools Appl v ol. 77, no. 5, : 5503-5524. (2019)

work page 2019
[4]

Safkhani and A

M. Safkhani and A. Vasilakos, A New Secure Authentication Protocol for Telecare Medicine Information System and Smart Campus, IEEE Access, vol. 7, pp. 23514-23526, (2019)

work page 2019
[5]

Jiang, Q., Chen, Z., Li, B. et al. Security analysis and imp rovement of bio-hashing based three-factor authentication scheme for telecare medical i nformation systems, J Ambient Intell Human Comput, vol. 9, no. 4, pp: 1061-1073, (2018)

work page 2018
[6]

Khatoon, S

S. Khatoon, S. M. M. Rahman, M. Alrubaian and A. Alamri, ”Pr ivacy-Preserved, Prov- able Secure, Mutually Authenticated Key Agreement Protoco l for Healthcare in a Smart City Environment,” in IEEE Access, vol. 7, pp. 47962-47971, (2019)

work page 2019

[1] [1]

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

OstadSharif, A, AbbasinezhadMood, D, Nikooghadam, M. An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC. Int J Commun Syst. 32:e3913. https://doi.org/10.1002 /dac.3913, (2019)

work page 2019

[2] [2]

An eﬃcient improvement remote us er mutual authentication and session key agreement scheme for E-healthcare systems

Ravanbakhsh N, Nazari M. An eﬃcient improvement remote us er mutual authentication and session key agreement scheme for E-healthcare systems. Multimed Tools Appl. vol. 77, no. 1, pp. 5588, (2018)

work page 2018

[3] [3]

, Khan, M.K., An enhanced lightw eight anonymous biometric based authentication scheme for TMIS, Multimed Tools Appl v ol

Chaudhry, S.A., Naqvi, H. , Khan, M.K., An enhanced lightw eight anonymous biometric based authentication scheme for TMIS, Multimed Tools Appl v ol. 77, no. 5, : 5503-5524. (2019)

work page 2019

[4] [4]

Safkhani and A

M. Safkhani and A. Vasilakos, A New Secure Authentication Protocol for Telecare Medicine Information System and Smart Campus, IEEE Access, vol. 7, pp. 23514-23526, (2019)

work page 2019

[5] [5]

Jiang, Q., Chen, Z., Li, B. et al. Security analysis and imp rovement of bio-hashing based three-factor authentication scheme for telecare medical i nformation systems, J Ambient Intell Human Comput, vol. 9, no. 4, pp: 1061-1073, (2018)

work page 2018

[6] [6]

Khatoon, S

S. Khatoon, S. M. M. Rahman, M. Alrubaian and A. Alamri, ”Pr ivacy-Preserved, Prov- able Secure, Mutually Authenticated Key Agreement Protoco l for Healthcare in a Smart City Environment,” in IEEE Access, vol. 7, pp. 47962-47971, (2019)

work page 2019