A Secure Three-Factor User Authentication Protocol With Forward Secrecy for Wireless Medical Sensor Network Systems

The Internet of Things (IoT) enables all objects to connect to the Internet and exchange data via different emerging technologies, which makes the intelligent identification and management a reality. Wireless sensor networks (WSNs), as a crucial basis of IoT, have been applied in many fields like smart health care and smart transportation. With the development of WSNs, data security has attracted more and more attention, and user authentication is a popular mechanism to ensure the information security of WSNs. Recently, many authentication mechanisms for wireless medical sensor networks (WMSNs) have been proposed, but most of the protocols cannot achieve the features of local password change and forward secrecy while resisting stolen smart card attack. To enhance the security based on previous work, an ECC-based secure three-factor authentication protocol with forward secrecy for WMSN is proposed in this paper. It utilizes a fuzzy commitment scheme to handle the biometric information. Meanwhile, fuzzy verifier and honey_list techniques are used to solve the contradiction of local password verification and mobile device lost attack. The security of our protocol is evaluated by provable security, Proverif tool, and information analysis. Besides, the comparisons with the relevant protocols are given, and the results indicate that our protocol is robust and secure for WMSN systems.

[1]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..

[2]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[3]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[4]  Ping Wang,et al.  Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks , 2018, IEEE Transactions on Industrial Informatics.

[5]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[6]  François-Xavier Standaert,et al.  Generic Side-Channel Distinguishers: Improvements and Limitations , 2011, IACR Cryptol. ePrint Arch..

[7]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[8]  Pardeep Kumar,et al.  E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks , 2012, Sensors.

[9]  Xiong Li,et al.  A new and secure authentication scheme for wireless sensor networks with formal proof , 2017, Peer-to-Peer Netw. Appl..

[10]  David Pointcheval,et al.  Anonymous and Transparent Gateway-Based Password-Authenticated Key Exchange , 2008, CANS.

[11]  Fan Wu,et al.  A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things , 2018, IEEE Internet of Things Journal.

[12]  Robert T. Chien,et al.  Cyclic decoding procedures for Bose- Chaudhuri-Hocquenghem codes , 1964, IEEE Trans. Inf. Theory.

[13]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[14]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[15]  A. K. Pal,et al.  Cryptanalysis and Biometric-Based Enhancement of a Remote User Authentication Scheme for E-Healthcare System , 2018 .

[16]  Fan Wu,et al.  A Robust ECC-Based Provable Secure Authentication Protocol With Privacy Preserving for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[17]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[18]  Peng Gong,et al.  A New User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2013, Int. J. Distributed Sens. Networks.

[19]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[20]  Peilin Hong,et al.  A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks , 2013, J. Netw. Comput. Appl..

[21]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[22]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[23]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[24]  Fan Wu,et al.  An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity , 2015, Secur. Commun. Networks.

[25]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[26]  Cem Ersoy,et al.  Wireless sensor networks for healthcare: A survey , 2010, Comput. Networks.

[27]  Sajjad Hussain Shah,et al.  Remote health monitoring through an integration of wireless sensor networks, mobile phones & Cloud Computing technologies , 2013, 2013 IEEE Global Humanitarian Technology Conference (GHTC).

[28]  Alfred Menezes,et al.  The State of Elliptic Curve Cryptography , 2000, Des. Codes Cryptogr..

[29]  Mauro Conti,et al.  A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring , 2017, Future Gener. Comput. Syst..

[30]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[31]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[32]  Jiannong Cao,et al.  A dynamic user authentication scheme for wireless sensor networks , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[33]  Wei Liang,et al.  A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity , 2016, Secur. Commun. Networks.

[34]  Silviu Folea,et al.  A Cyber-Physical System for Environmental Monitoring , 2016, IEEE Transactions on Instrumentation and Measurement.

[35]  Hao Sheng,et al.  Intelligent transportation systems for smart cities: a progress review , 2012, Science China Information Sciences.

[36]  Jianfeng Ma,et al.  On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2018, IEEE Systems Journal.

[37]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.