User centric three‐factor authentication protocol for cloud‐assisted wearable devices

Wearable devices, which provide the services of collecting personal data, monitoring health conditions, and so on, are widely used in many fields, ranging from sports to healthcare. Although wearable devices bring convenience to people's lives, they bring about significant security concerns, such as personal privacy disclosure and unauthorized access to wearable devices. To ensure the privacy and security of the sensitive data, it is critical to design an efficient authentication protocol suitable for wearable devices. Recently, Das et al proposed a lightweight authentication protocol, which achieves secure communication between the wearable device and the mobile terminal. However, we find that their protocol is vulnerable to offline password guessing attack and desynchronization attack. Therefore, we put forward a user centric three‐factor authentication scheme for wearable devices assisted by cloud server. Informal security analysis and formal analysis using ProVerif is executed to demonstrate that our protocol not only remedies the flaws of the protocol of Das et al but also meets desired security properties. Comparison with related schemes shows that our protocol satisfies security and usability simultaneously.

[1]  Qi Jiang,et al.  A Mobile Intelligent Terminal Based Anonymous Authenticated Key Exchange Protocol for Roaming Service in Global Mobility Networks , 2020, IEEE Transactions on Sustainable Computing.

[2]  Li Lin,et al.  ms‐PoSW: A multi‐server aided proof of shared ownership scheme for secure deduplication in cloud , 2017, Concurr. Comput. Pract. Exp..

[3]  Shaoen Wu,et al.  Dynamic Trust Relationships Aware Data Privacy Protection in Mobile Crowd-Sensing , 2018, IEEE Internet of Things Journal.

[4]  Jian Shen,et al.  Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems , 2018, J. Ambient Intell. Humaniz. Comput..

[5]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[6]  Kim-Kwang Raymond Choo,et al.  Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment , 2018, IEEE Journal of Biomedical and Health Informatics.

[7]  Jian Shen,et al.  Anonymous and Traceable Group Data Sharing in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[8]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[9]  Xiong Li,et al.  A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments , 2018, J. Netw. Comput. Appl..

[10]  Honggang Wang,et al.  Security-oriented opportunistic data forwarding in Mobile Social Networks , 2017, Future Gener. Comput. Syst..

[11]  Xiong Li,et al.  An improved and provably secure three-factor user authentication scheme for wireless sensor networks , 2018, Peer-to-Peer Netw. Appl..

[12]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[13]  Sherali Zeadally,et al.  Lightweight authentication protocols for wearable devices , 2017, Comput. Electr. Eng..

[14]  Jian Shen,et al.  A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server , 2017, Comput. Electr. Eng..

[15]  Chao Yang,et al.  Efficient end-to-end authentication protocol for wearable health monitoring systems , 2017, Comput. Electr. Eng..

[16]  Junjie Yan,et al.  Social Attribute Aware Incentive Mechanism for Device-to-Device Video Distribution , 2017, IEEE Transactions on Multimedia.

[17]  Sherali Zeadally,et al.  Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks , 2017, IEEE Access.

[18]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[19]  Jian Shen,et al.  An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks , 2016, J. Netw. Comput. Appl..

[20]  Cheng-Chi Lee,et al.  A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems , 2016, Journal of Medical Systems.

[21]  Sherali Zeadally,et al.  Intelligent Device-to-Device Communication in the Internet of Things , 2016, IEEE Systems Journal.

[22]  Feng Zhao,et al.  Security in wearable communications , 2016, IEEE Network.

[23]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[24]  Huansheng Ning,et al.  The yoking-proof-based authentication protocol for cloud-assisted wearable devices , 2016, Personal and Ubiquitous Computing.

[25]  B. Blanchet,et al.  ProVerif 1.94pl1: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2016 .

[26]  Jian Weng,et al.  A novel asymmetric three-party based authentication scheme in wearable devices environment , 2016, J. Netw. Comput. Appl..

[27]  Xiong Li,et al.  An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks , 2017, Multimedia Systems.

[28]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[29]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[30]  Ashok Kumar Das,et al.  A Secure and Efficient User Anonymity-Preserving Three-Factor Authentication Protocol for Large-Scale Distributed Wireless Sensor Networks , 2015, Wirel. Pers. Commun..

[31]  Sherali Zeadally,et al.  Toward self-authenticable wearable devices , 2015, IEEE Wireless Communications.

[32]  Antonio F. Gómez-Skarmeta,et al.  Towards a Lightweight Authentication and Authorization Framework for Smart Objects , 2014 .

[33]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[34]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[35]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.

[36]  Peng Gong,et al.  A New User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2013, Int. J. Distributed Sens. Networks.

[37]  Jean-Yves Fourniols,et al.  Smart wearable systems: Current status and future challenges , 2012, Artif. Intell. Medicine.

[38]  Pardeep Kumar,et al.  E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks , 2012, Sensors.

[39]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[40]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[41]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[42]  Manik Lal Das,et al.  Two-factor user authentication in wireless sensor networks , 2009, IEEE Transactions on Wireless Communications.

[43]  P Lukowicz,et al.  Wearable Systems for Health Care Applications , 2004, Methods of Information in Medicine.

[44]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).