Research Information System
ICEA '23: Proceedings of the 2023 International Conference on Intelligent Computing and Its Emerging Applications, Kao-Hsiung, Taiwan, 14 - 16 December 2023, pp.148-153, (Full Text)
The rapidly growing field of wearable computing has demonstrated significant promise in its ability to transform and enhance the quality of human existence fundamentally. The increasing adoption of hardware and software technology has led to the ubiquitous presence of smart wearable gadgets in our everyday lives. Certainly, the issue of ensuring safe data transfer in wearable computing has emerged as a significant challenge that has attracted much attention from the academic community. In this regard, several authentication procedures have been developed for wearable devices in order to offer secure and reliable communication. However, the majority of the current protocols are susceptible to various security vulnerabilities. Very recently, Tu et al. presented an authenticated key exchange protocol for wearable computing. In this article, we deliberate on the security issues of Tu et al.’s protocol (IEEE Transactions on Mobile Computing, 10.1109/TMC.2023.3297854). They declared that their protocol preserves anonymity and is capable enough to resist masquerading and password-guessing attacks. The security analysis in this article reveals significant vulnerabilities in the authentication phase of Tu et al.’s protocol. We have identified that the adversary can successfully masquerade the sensor and user through this protocol. Moreover, their protocol violates anonymity and is vulnerable to device stolen and password guessing attacks. Consequently, we suggest a possible solution for attack resilience.