Cryptanalysis and Improvement of an Access Control Protocol for WBANs

ارائه مقاله آقای امید ترکی با عنوان "Cryptanalysis and Improvement of an Access Control Protocol for Wireless Body Area Networks" در هجدمین کنفرانس بین المللی انجمن رمز ایران، اصفهان، دانشگاه اصفهان، شهریور 1400 Since the emerge of wireless body area networks (WBANs) as a new technology in telemedicine, the challenges of secure communications in these networks have been noticed, extensively. Recently, Gao et al. have designed an efficient access control protocol for WBANs and claimed that their proposal can authenticate the physician to the patient and satisfy the confidentiality of the request message sent from the physician to the patient concurrently, in a certificateless setting. Moreover, at the end of the protocol the physician and the patient establish a session key for their next secure communications. They first designed a certimioficateless signcryption (CL-SC) scheme and then implied it to propose their access control protocol. In this paper, we design a key replacement attack against the Gao et al.'s CL-SC scheme, in which the adversary can obtain the confidential request message sent from the physician to the patient. Moreover, based on our designed attack, the adversary can obtain the session key established by the physician for the next communications to the patient. Afterwards, we fix the scheme to be secure against our proposed attacks.