LACO: Lightweight Three-Factor Authentication, Access Control and Ownership Transfer Scheme for E-Health Systems in IoT. - Citegraph

Paper Info

Title
LACO: Lightweight Three-Factor Authentication, Access Control and Ownership Transfer Scheme for E-Health Systems in IoT.

Abstract
The use of the Internet of Things (IoT) in the electronic health (e-health) management systems brings with it many challenges, including secure communications through insecure radio channels, authentication and key agreement schemes between the entities involved, access control protocols and also schemes for transferring ownership of vital patient information. Besides, the resource-limited sensors in the IoT have real difficulties in achieving this goal. Motivated by these considerations, in this work we propose a new lightweight authentication and ownership transfer protocol for e-health systems in the context of IoT (LACO in short). The goal is to propose a secure and energy-efficient protocol that not only provides authentication and key agreement but also satisfies access control and preserves the privacy of doctors and patients. Moreover, this is the first time that the ownership transfer of users is considered. In the ownership transfer phase of the proposed scheme, the medical server can change the ownership of patient information. In addition, the LACO protocol overcomes the security flaws of recent authentication protocols that were proposed for e-health systems, but are unfortunately vulnerable to traceability, de-synchronization, denial of service (DoS), and insider attacks. To avoid past mistakes, we present formal (i.e., conducted on ProVerif language) and informal security analysis for the LACO protocol. All this ensures that our proposed scheme is secure against the most common attacks in IoT systems. Compared to the predecessor schemes, the LACO protocol is both more efficient and more secure to use in e-health systems.

Year	DOI	Venue
2019	10.1016/j.future.2019.02.020	Future Generation Computer Systems
Keywords	Field	DocType
E-health systems,IoT,Cybersecurity,Three-factor authentication,Ownership transfer	Authentication,Denial-of-service attack,Computer security,Computer science,Security analysis,Authentication protocol,Access control,Multi-factor authentication,Management system,Traceability,Distributed computing	Journal
Volume	ISSN	Citations
96	0167-739X	9
PageRank	References	Authors
0.52	0	4

Authors (4 rows)

Cited by (9 rows)

References (0 rows)

Name	Order	Citations	PageRank
Seyed Farhad Aghili	1	28	5.21
Hamid Mala	2	173	18.78
Mohammad Shojafar	3	125	8.61
Pedro Peris-Lopez	4	1076	61.84

1