Recently, Tanveer et al. proposed a resource‐efficient authentication scheme for telecare medical information systems employing the authenticated key exchange. Tanveer et al. vehemently claimed that the protocol is safe against smart card stolen attacks, password guessing attacks, anonymity and untraceability, replay attacks, man‐in‐the‐middle attacks, impersonation attacks, and so forth. We have scrutinized the Tanveer et al. protocol. Based on his attack model, we have analyzed that this protocol is not secured against session key disclosure attacks, privileged insider attacks, and medical server impersonation attacks. We have also discussed improvement mechanisms to protect the mentioned security threats.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.