A Lightweight Mutual Authentication and Key Agreement Scheme for Medical Internet of Things

Wireless body area networks play an indispensable role in the medical Internet of Things. It is a network of several wearables or implantable devices that use wireless technologies to communicate. These devices usually collect the wearer’s physiological data and send it to the server. Some health care providers can access the server over the network and provide medical care to the wearer. Due to the openness and mobility of the wireless network, the adversary can easily steal and forge information, which exchanged in the communication channel that leaks wearer’s privacy. Therefore, a secure and reliable authentication scheme is essential. Most of the existing authentication schemes are based on asymmetric encryption. However, since the sensor devices in wireless body area networks are typically resource-constrained devices, their computing resources cannot afford to use asymmetric encryption. In addition, most of the existing lightweight authentication schemes have various security vulnerabilities, especially the lack of forwarding secrecy. Therefore, we propose a secure lightweight authentication scheme for the wireless body area networks. With this scheme, forward secrecy can be guaranteed without using asymmetric encryption. We use the automatic security verification tool ProVerif to verify the security of our scheme and analyze informal security. The experimental results and the theoretical analysis indicate that our scheme significantly reduces the computational cost compared with the schemes using asymmetric encryption and that it has a lower security risk compared with the lightweight schemes.

[1]  Prosanta Gope,et al.  An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks , 2016, J. Netw. Comput. Appl..

[2]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[3]  Victor C. M. Leung,et al.  Enabling technologies for wireless body area networks: A survey and outlook , 2009, IEEE Communications Magazine.

[4]  Xiong Li,et al.  A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks , 2016, Secur. Commun. Networks.

[5]  Jehad M. Hamamreh,et al.  Secure Orthogonal Transform Division Multiplexing (OTDM) Waveform for 5G and Beyond , 2017, IEEE Communications Letters.

[6]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[7]  Zhaohui Wu,et al.  Toward Risk Reduction for Mobile Service Composition , 2016, IEEE Transactions on Cybernetics.

[8]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[9]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[10]  Maged Hamada Ibrahim,et al.  Secure anonymous mutual authentication for star two-tier wireless body area networks , 2016, Comput. Methods Programs Biomed..

[11]  Zhaohui Wu,et al.  Mobile Service Selection for Composition: An Energy Consumption Perspective , 2017, IEEE Transactions on Automation Science and Engineering.

[12]  Upkar Varshney,et al.  Pervasive Healthcare: Applications, Challenges And Wireless Solutions , 2005, Commun. Assoc. Inf. Syst..

[13]  Hossein Gharaee,et al.  Lightweight, anonymous and mutual authentication in IoT infrastructure , 2016, 2016 8th International Symposium on Telecommunications (IST).

[14]  Jian Shen,et al.  Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems , 2018, J. Ambient Intell. Humaniz. Comput..

[15]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[16]  Chun Chen,et al.  Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions , 2012, IEEE Transactions on Wireless Communications.

[17]  MengChu Zhou,et al.  Mobility-Aware Service Composition in Mobile Communities , 2017, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[18]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[19]  Mohamed F. Younis,et al.  Efficient aggregation of delay-constrained data in wireless sensor networks , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..

[20]  Yoon-Ho Choi,et al.  Authentication Protocol for Wearable Devices Using Mobile Authentication Proxy , 2018, 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN).

[21]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[22]  Ming Li,et al.  ASK-BAN: authenticated secret key extraction utilizing channel characteristics for body area networks , 2013, WiSec '13.

[23]  Fan Wu,et al.  A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things , 2018, IEEE Internet of Things Journal.

[24]  Zhaohui Wu,et al.  Mobility-Enabled Service Selection for Composite Services , 2016, IEEE Transactions on Services Computing.

[25]  Albert Y. Zomaya,et al.  Composition-Driven IoT Service Provisioning in Distributed Edges , 2018, IEEE Access.

[26]  Aneesh M. Koya,et al.  Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network , 2018, Comput. Networks.