A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT

Abstract The widespread use of mobile devices, sensors, and wireless sensor networks and the progressive development of the Internet of Things (IoT) has motivated medical and health-care societies to employ IoT to monitor, collect data, and communicate with patients using the wireless body area networks (WBANs). The collected data will make a lot of medical diagnosis applications of WBANs, which are obtained directly from the patients’ bodies. Therefore, because of the nature of wireless networks and freely accessible data feature over the public channel, the security and privacy of WBANs is the most critical concern for those who use it for health-care purposes. Accordingly, there is a need for an authentication scheme for letting a trusted user such as doctors or clinical personnel access to the sensor’s data from patients. In this paper, we propose a new lightweight hash-chain-based and forward secure authentication scheme for wireless body area networks in health-care IoT. Our scheme is secure against various known attacks obliged for WBANs. Additionally, we perform the formal security analysis using Real-or Random (ROR) model, and informal security on the proposed scheme, also, security verification of our scheme is validated by the ProVerif tool. Besides, our scheme is simulated by the OPNET network simulator and compared with several new schemes in terms of security and performance requirements. The simulation results and comparisons confirm that the proposed scheme is suitable for WBANs, and it supports more security features compared to related schemes.

[1]  Xiong Li,et al.  A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps , 2016, Future Gener. Comput. Syst..

[2]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[3]  Ashok Kumar Das,et al.  Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks , 2019, IEEE Transactions on Industrial Informatics.

[4]  Xiong Li,et al.  An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks , 2017, Multimedia Systems.

[5]  Diana Hodgins,et al.  Implantable sensor systems for medical applications , 2013 .

[6]  Li Li,et al.  A provably secure password-based anonymous authentication scheme for wireless body area networks , 2017, Comput. Electr. Eng..

[7]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[8]  Jian Shen,et al.  Future Generation Computer Systems , 2022 .

[9]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[10]  Ruhul Amin,et al.  Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks , 2017, Multimedia Tools and Applications.

[11]  Muhammad Khurram Khan,et al.  Cryptanalysis and Security Improvements of ‘Two-Factor User Authentication in Wireless Sensor Networks’ , 2010, Sensors.

[12]  Mauro Conti,et al.  Provably Secure Authenticated Key Agreement Scheme for Smart Grid , 2018, IEEE Transactions on Smart Grid.

[13]  Sourav Mukhopadhyay,et al.  A Mutual Authentication Framework for Wireless Medical Sensor Networks , 2017, Journal of Medical Systems.

[14]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[15]  Mauro Conti,et al.  Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks , 2018, IEEE Internet of Things Journal.

[16]  Athanasios V. Vasilakos,et al.  Authenticated key management protocol for cloud-assisted body area sensor networks , 2018, J. Netw. Comput. Appl..

[17]  Jianfeng Ma,et al.  An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks , 2012, Wireless Personal Communications.

[18]  Lixiang Li,et al.  An Energy Efficient Mutual Authentication and Key Agreement Scheme Preserving Anonymity for Wireless Sensor Networks , 2016, Sensors.

[19]  Hoon-Jae Lee,et al.  Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks , 2011, 2011 Wireless Advanced.

[20]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[21]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[22]  Hari Om,et al.  Authentication protocol for wireless sensor networks applications like safety monitoring in coal mines , 2016, Comput. Networks.

[23]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[24]  Mohit Gupta,et al.  Anonymous two factor authentication protocol for roaming service in global mobility network with security beyond traditional limit , 2019, Ad Hoc Networks.

[25]  Joel J. P. C. Rodrigues,et al.  TCALAS: Temporal Credential-Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment , 2019, IEEE Transactions on Vehicular Technology.

[26]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[27]  Guomin Yang,et al.  A Secure and Effective Anonymous User Authentication Scheme for Roaming Service in Global Mobility Networks , 2013, Wireless Personal Communications.

[28]  Yu-Fang Chung,et al.  A Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of Medical Systems.

[29]  Ashok Kumar Das,et al.  Anonymous Lightweight Chaotic Map-Based Authenticated Key Agreement Protocol for Industrial Internet of Things , 2020, IEEE Transactions on Dependable and Secure Computing.

[30]  Muhammad Khurram Khan,et al.  A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security , 2017, Int. J. Commun. Syst..

[31]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[32]  Ping Wang,et al.  Targeted Online Password Guessing: An Underestimated Threat , 2016, CCS.

[33]  Khaled Masmoudi,et al.  Tiny 3-TLS: A Trust Delegation Protocol for Wireless Sensor Networks , 2006, ESAS.

[34]  John R. Vacca Computer and Information Security Handbook , 2009 .

[35]  Chong Cao,et al.  Research on Comprehensive Performance Simulation of Communication IP Network Based on OPNET , 2018, 2018 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS).

[36]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[37]  Kim-Kwang Raymond Choo,et al.  Secure Key Agreement and Key Protection for Mobile Device User Authentication , 2019, IEEE Transactions on Information Forensics and Security.

[38]  Khaled Salah,et al.  Assessing readiness of IP networks to support desktop videoconferencing using OPNET , 2008, J. Netw. Comput. Appl..

[39]  Athanasios V. Vasilakos,et al.  Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment , 2018, IEEE Internet of Things Journal.

[40]  Sherali Zeadally,et al.  Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks , 2018, IEEE Systems Journal.

[41]  D.Y. Montuno,et al.  A comparison of active queue management algorithms using the OPNET Modeler , 2002, IEEE Communications Magazine.

[42]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[43]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[44]  Mauro Conti,et al.  ECCAuth: A Secure Authentication Protocol for Demand Response Management in a Smart Grid System , 2019, IEEE Transactions on Industrial Informatics.

[45]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[46]  Samiran Chattopadhyay,et al.  A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment , 2019, IEEE Internet of Things Journal.

[47]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[48]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[49]  Xiong Li,et al.  A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks , 2016, Secur. Commun. Networks.

[50]  Prosanta Gope,et al.  Enhanced Secure Mutual Authentication and Key Agreement Scheme Preserving User Anonymity in Global Mobile Networks , 2015, Wirel. Pers. Commun..

[51]  Jianfeng Ma,et al.  A new authentication scheme with anonymity for wireless environments , 2004, IEEE Trans. Consumer Electron..

[52]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[53]  Ping Wang,et al.  Two-factor authentication in industrial Internet-of-Things: Attacks, evaluation and new construction , 2019, Future Gener. Comput. Syst..

[54]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[55]  Xiong Li,et al.  Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications , 2016, Journal of Medical Systems.

[56]  M. Brownfield,et al.  Wireless sensor network denial of sleep attack , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[57]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.