| Summary: | Mobile healthcare (M-health) systems can monitor the patients’ conditions remotely and provide the patients and doctors with access to electronic medical records, and Radio Frequency Identification (RFID) technology plays an important role in M-health services. It is important to securely access RFID data in M-health systems: here, authentication, privacy, anonymity, and tracking resistance are desirable security properties. In 2014, He et al. proposed an elliptic curve cryptography- (ECC-) based RFID authentication protocol which is quite attractive to M-health applications, owing to its claimed performance of security, scalability, and efficiency. Unfortunately, we find their scheme fails to achieve the privacy protection if an adversary launches active tracking attacks. In this paper, we demonstrate our active attack on He et al.'s scheme and propose a new scheme to improve the security. Performance evaluation shows the improved scheme could meet the challenges of M-health applications.
|
|---|
