A Provably Secure and Lightweight Patient-Healthcare Authentication Protocol in Wireless Body Area Networks

Burgeoning wireless technology developments have positively affected nearly every aspect of human life, and remote patient-healthcare monitoring through the internet is no exception. By employing smart gadgets, wireless body area networks, and cloud-based server platforms, patients can submit their sensor-captured readings in real-time to e-health cloud servers and ultimately to medical professionals so that the latter may treat patients appropriately at any time and in any place. To make the system reliable, an authenticated key agreement is required for the participating entities in this system. Many remote patient-healthcare monitoring protocols have been seen so far; however, reliance on wireless technology brings many security challenges for existing protocols. Recently, Xu et al. presented a new patient healthcare monitoring protocol; however, we demonstrate that it is vulnerable to many attacks, including replay attacks and key compromise impersonation attacks, and also that it suffers from privacy issues. Thereafter, we have proposed an improved scheme and formally analyzed its security features by implementing BAN logic and an automated simulation tool.

[1]  Ming Li,et al.  Data security and privacy in wireless body area networks , 2010, IEEE Wireless Communications.

[2]  Abdullah Al-Barakati,et al.  A Privacy Preserving Authentication Scheme for Roaming in IoT-Based Wireless Mobile Networks , 2020, Symmetry.

[3]  Kim-Kwang Raymond Choo,et al.  Anonymity Preserving and Lightweight Multimedical Server Authentication Protocol for Telecare Medical Information System , 2019, IEEE Journal of Biomedical and Health Informatics.

[4]  Amir Mosavi,et al.  Securing IoT-Based RFID Systems: A Robust Authentication Protocol Using Symmetric Cryptography , 2019, Sensors.

[5]  Maged Hamada Ibrahim,et al.  Secure anonymous mutual authentication for star two-tier wireless body area networks , 2016, Comput. Methods Programs Biomed..

[6]  Eun-Jun Yoon,et al.  A Secure Anonymous Authentication Protocol for Mobile Services on Elliptic Curve Cryptography , 2016, IEEE Access.

[7]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[8]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[9]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[10]  Saru Kumari,et al.  An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure , 2019, Int. J. Commun. Syst..

[11]  Shehzad Ashraf Chaudhry,et al.  An Improved SIP Authenticated Key Agreement Based on Dongqing et al. , 2020, Wirel. Pers. Commun..

[12]  Muhammad Sher,et al.  An improved and secure chaotic map based authenticated key agreement in multi-server architecture , 2016, Multimedia Tools and Applications.

[13]  Cheng Xu,et al.  A lightweight anonymous mutual authentication and key agreement scheme for WBAN , 2019, Concurr. Comput. Pract. Exp..

[14]  Biplab Sikdar,et al.  A Light-Weight Mutual Authentication Protocol for IoT Systems , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[15]  Kim-Kwang Raymond Choo,et al.  An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks , 2017, J. Netw. Comput. Appl..

[16]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[17]  Muhammad Sher,et al.  A secure mutual authenticated key agreement of user with multiple servers for critical systems , 2018, Multimedia Tools and Applications.

[18]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..

[19]  Xiong Li,et al.  A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments , 2018, J. Netw. Comput. Appl..

[20]  Fadi Al-Turjman,et al.  Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems , 2020, Comput. Commun..

[21]  Ingrid Moerman,et al.  A survey on wireless body area networks , 2011, Wirel. Networks.

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[23]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[24]  Sheetal Kalra,et al.  A Lightweight User Authentication Scheme for Cloud-IoT Based Healthcare Services , 2018, Iranian Journal of Science and Technology, Transactions of Electrical Engineering.

[25]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[26]  Zhenguo Zhao,et al.  An Efficient Anonymous Authentication Scheme for Wireless Body Area Networks Using Elliptic Curve Cryptosystem , 2014, Journal of Medical Systems.

[27]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[28]  Athanasios V. Vasilakos,et al.  ECG-Cryptography and Authentication in Body Area Networks , 2012, IEEE Transactions on Information Technology in Biomedicine.

[29]  Rajkumar Buyya,et al.  Distributed data stream processing and edge computing: A survey on resource elasticity and future directions , 2017, J. Netw. Comput. Appl..

[30]  Hossein Gharaee,et al.  Lightweight, anonymous and mutual authentication in IoT infrastructure , 2016, 2016 8th International Symposium on Telecommunications (IST).

[31]  Saru Kumari,et al.  An improved lightweight multiserver authentication scheme , 2017, Int. J. Commun. Syst..

[32]  Muhammad Sher,et al.  A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme , 2017, Multimedia Tools and Applications.

[33]  Arif Ur Rahman,et al.  Security and key management in IoT‐based wireless sensor networks: An authentication protocol using symmetric key , 2019, Int. J. Commun. Syst..

[34]  Shehzad Ashraf Chaudhry,et al.  Comments on “Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment” , 2019, IEEE Internet of Things Journal.

[35]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[36]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[37]  Jian Shen,et al.  Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[38]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[39]  Prosanta Gope,et al.  An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks , 2016, J. Netw. Comput. Appl..

[40]  Fan Wu,et al.  An Enhanced and Provably Secure Chaotic Map-Based Authenticated Key Agreement in Multi-Server Architecture , 2017, Arabian Journal for Science and Engineering.

[41]  Mojtaba Alizadeh,et al.  Cryptanalysis and Improvement of "A Secure Password Authentication Mechanism for Seamless Handover in Proxy Mobile IPv6 Networks" , 2015, PloS one.

[42]  Min Zhao,et al.  Physical Unclonable Function Based Authentication Protocol for Unit IoT and Ubiquitous IoT , 2016, 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI).

[43]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[44]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.