A robust authentication scheme with dynamic password for wireless body area networks

Abstract With the development of wireless technologies, wireless body area networks (WBANs) are widely used in various applications. WBANs bring convenience to both patients and physicians by permitting patients to enjoy high-quality medical resources without the limitations of geographical location. However, as the communication channel is wireless with WBANs, the adversary could intercept the transmitted messages and hack the system. This would be a catastrophic result that would endanger the lives of patients. Therefore, the security performance of WBANs has been widely discussed and is a major concern. In recent years, numbers of security authentication schemes for WBANs have been proposed to improve security. However, these schemes adopt static passwords that have been proven to be insecure methods of authentication. Several studies claim that dynamic passwords, which can be established by humans, are much safer than static passwords. Inspired by these studies, in this paper we propose a robust authentication scheme with dynamic password for WBANs. We adopt a custom password computation algorithm to make the password confidential and dynamic for each login round. This innovation guarantees that our proposed scheme can resist the personal information disclosure attack. To the best of our knowledge, this is the first authentication scheme that adopts a computable dynamic password for WBANs. Furthermore, we find that traditional performance analysis method cannot comprehensively evaluate the superiority of an authentication scheme. In this paper, we adopt the IEEE 802.15.6 standard for computing the energy consumption of schemes in detail. This method provides enhanced accuracy and is a comprehensive way to adopt the energy consumption as the index to evaluate the cost of schemes. The detailed security and performance analyses indicate that our proposed scheme can meet security requirements including authentication, anonymity, untraceability, integrity, non-repudiation and privacy. Furthermore, our proposed scheme can achieve 16 security and functional requirements with relatively small energy consumption and offer improved trade-offs between security and efficiency compared to other schemes.

[1]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[2]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[3]  Hein S. Venter,et al.  Social engineering attack examples, templates and scenarios , 2016, Comput. Secur..

[4]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[5]  Abhijit Chatterjee,et al.  Targeting hardware trojans in mixed-signal circuits for security , 2016, 2016 IEEE 21st International Mixed-Signal Testing Workshop (IMSTW).

[6]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[7]  Frederic P. Miller,et al.  Advanced Encryption Standard , 2009 .

[8]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[9]  Maryline Laurent-Maknavicius,et al.  Survey on secure communication protocols for the Internet of Things , 2015, Ad Hoc Networks.

[10]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[11]  Xin Liu,et al.  A Robust Authentication Scheme With Continuously Updated Information for Vehicular Sensor Networks , 2018, IEEE Access.

[12]  Abhishek Singhal,et al.  A literature survey on social engineering attacks: Phishing attack , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[13]  Rob Johnson,et al.  The password allocation problem: strategies for reusing passwords effectively , 2013, WPES.

[14]  Li Li,et al.  A provably secure password-based anonymous authentication scheme for wireless body area networks , 2017, Comput. Electr. Eng..

[15]  Garth V. Crosby,et al.  Wireless Body Area Networks for Healthcare: A Survey , 2012 .

[16]  Ingrid Moerman,et al.  A survey on wireless body area networks , 2011, Wirel. Networks.

[17]  David A. Wagner,et al.  Security in wireless sensor networks , 2004, SASN '04.

[18]  Jian Shen,et al.  A lightweight multi-layer authentication protocol for wireless body area networks , 2018, Future Gener. Comput. Syst..

[19]  Aneesh M. Koya,et al.  Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network , 2018, Comput. Networks.

[20]  Ingrid Moerman,et al.  A Comprehensive Survey of Wireless Body Area Networks , 2012, Journal of Medical Systems.

[21]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[22]  Xin Liu,et al.  A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks , 2017, PloS one.

[23]  Yue Li,et al.  Personal Information in Passwords and Its Security Implications , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Mehmet A. Orgun,et al.  A Survey of Authentication Schemes in Telecare Medicine Information Systems , 2016, Journal of Medical Systems.

[25]  Dan C. Marinescu,et al.  SecureNoSQL: An approach for secure search of encrypted NoSQL databases in the public cloud , 2017, Int. J. Inf. Manag..

[26]  Tae Hwan Oh,et al.  Security Issues on Wireless Body Area Network for Remote Healthcare Monitoring , 2010, 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing.

[27]  Leïla Azouz Saïdane,et al.  Intelligent slots allocation for dynamic differentiation in IEEE 802.15.6 CSMA/CA , 2018, Ad Hoc Networks.

[28]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[29]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[30]  Athanasios V. Vasilakos,et al.  A Novel Authentication and Key Agreement Scheme for Implantable Medical Devices Deployment , 2018, IEEE Journal of Biomedical and Health Informatics.

[31]  Pardeep Kumar,et al.  E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks , 2012, Sensors.

[32]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[33]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[34]  Aleksandar Milenkovic,et al.  Journal of Neuroengineering and Rehabilitation Open Access a Wireless Body Area Network of Intelligent Motion Sensors for Computer Assisted Physical Rehabilitation , 2005 .

[35]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[36]  Tim Matthews Passwords are not enough , 2012 .

[37]  Sujoy Ghose,et al.  Point matching using asymmetric neural networks , 1993, Pattern Recognit..

[38]  Vanga Odelu,et al.  A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks , 2017, Wirel. Pers. Commun..