Analysis of lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT

Wireless body area networks (WBANs) play a paramount role in modern health-care systems and bring numerous benefits. Modern WBANs provide a promising service especially for elderly people suffering from heart disease, Alzheimer, etc., which enable them to live safely and independently. Medical institutions tend to use WBANs to provide real-time monitoring of remote patients outside hospitals, which helps saving their lives by means of instant and proper responses at emergency situations. However, in 2020, the world was affected by COVID-19 pandemic and thousands of new cases are discovered daily all over the world. The pandemic provoked a serious lack in professional staff and in many countries there were not enough beds in hospitals for patients with COVID-19 symptoms. This in turn increases the demand for WBANs, which can help medical institutions to withstand harmful consequences of the pandemic and to ensure regular patients monitoring. In this context, very recently, Fotouhi et al. proposed a new lightweight authentication scheme to secure patient's sensitive data in WBANs. The authors claimed that their scheme is secure against various known attacks and is efficient to be applied in practice. However, we analyze Fotouhi et al.'s scheme and find out that their scheme is prone to several attacks. In this paper, we point out the weaknesses associated with their proposed lightweight authentication scheme.