Provably secure and lightweight three-factor authentication scheme for industrial medical CPS

Cyber-Physical System (CPS) is a multidimensional complex system that integrates computing, network, and physical environment, which is widely used to promote the upgrading of industrial production and technology. Recently, the application of industrial CPS in the medical field has attracted the attention of scholars and medical experts. Medical CPS can establish a perfect medical network to help doctors monitor patients' conditions in real-time and make treatments. However, how to design a provably secure and lightweight authentication protocol for industrial medical CPS is a challenge. Very recently, Qi et al. proposed an authentication protocol for industrial medical CPS based on the chaotic map, the Artificial Intelligence (AI) biometric technique is used in the protocol to resist password guessing attack and smart card lost attack. However, we find that their protocol is still vulnerable to identity guessing attack, user impersonation attack, trace attack, desynchronization attack, and has no perfect forward secrecy. Therefore, we propose a security-enhanced and lightweight authentication protocol for industrial medical CPS. In the protocol, a dynamic temporary identity strategy is designed to protect anonymity and privacy, which enables the updating of temporary identities while resisting desynchronization attacks. The protocol is proved secure through formal security proof in random oracle model. Meanwhile, compared with the related protocols, our protocol is superior in security and cost to meet the lightweight requirements in medical scenarios.