On the Security of Authenticated Key Agreement Scheme for Fog-driven IoT Healthcare System

The convergence of Internet of Things (IoT) and cloud computing is due to the practical necessity for providing broader services to extensive user in distinct environments. However, cloud computing has numerous constraints for applications that require high-mobility and high latency, notably in adversarial situations (e.g. battlefields). These limitations can be elevated to some extent, in a fog computing model because it covers the gap between remote data-center and edge device. Since, the fog nodes are usually installed in remote areas, therefore, they impose the design of fool proof safety solution for a fog-based setting. Thus, to ensure the security and privacy of fog-based environment, numerous schemes have been developed by researchers. In the recent past, Jia et al. (Wireless Networks, DOI: 10.1007/s11276-018-1759-3) designed a fog-based three-party scheme for healthcare system using bilinear. They claim that their scheme can withstand common security attacks. However, in this work we investigated their scheme and show that their scheme has different susceptibilities such as revealing of secret parameters, and fog node impersonation attack. Moreover, it lacks the anonymity of user anonymity and has inefficient login phase. Consequently, we have suggestion with some necessary guidelines for attack resilience that are unheeded by Jia et al.