LAKS-NVT: Provably Secure and Lightweight Authentication and Key Agreement Scheme Without Verification Table in Medical Internet of Things

Wireless body area networks (WBANs) and wireless sensor networks (WSNs) are important concepts for the Internet of Things (IoT). They have been applied to various healthcare services to ensure that users can access convenient medical services by exchanging physiological data between user and medical server. User physiological data is collected by sensor nodes and sent to medical service providers, doctors, etc. using public channels. However, these channels are vulnerable to various potential attacks, and hence, it is essential to design provably secure and lightweight mutual authentication (MA) schemes for medical IoT to protect user privacy and achieve secure communication. A lightweight mutual authentication and key agreement (MAKA) scheme was designed in 2019 to guarantee user privacy, but we found that the scheme does not withstand impersonation, stolen senor node and leaking verification table attacks, and it does not also ensure anonymity, untraceability and secure mutual authentication. This paper proposes a provably secure and lightweight MAKA scheme for medical IoT, called LAKS Non-verification table (NVT), that does not require a server verification table. We assess LAKS-NVT’s security against various potential attacks and demonstrate that it achieves secure MA between sensor node and server using Burrows-Abadi-Needham logic. We employ the well-known Real-Or-Random which is random oracle model to prove that LAKS-NVT provides a session key security. In addition, the formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool has been performed and the results show that LAKS-NVT is also secure. We compare LAKS-NVT’s performance against contemporary authentication schemes, and verify that it achieves better security and comparable efficiency. The practical perspective of LAKS-NVT is also carried out via the Network Simulator 2 (NS2) simulation study.

[1]  Joel J. P. C. Rodrigues,et al.  AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment , 2019, IEEE Internet of Things Journal.

[2]  Ding Wang,et al.  A lightweight password‐based authentication protocol using smart card , 2017, Int. J. Commun. Syst..

[3]  Chien-Ming Chen,et al.  Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications , 2018, Journal of Ambient Intelligence and Humanized Computing.

[4]  Kim-Kwang Raymond Choo,et al.  Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment , 2018, IEEE Journal of Biomedical and Health Informatics.

[5]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[6]  Maged Hamada Ibrahim,et al.  Secure anonymous mutual authentication for star two-tier wireless body area networks , 2016, Comput. Methods Programs Biomed..

[7]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[8]  Kyung Sup Kwak,et al.  Certificateless Remote Anonymous Authentication Schemes for WirelessBody Area Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[9]  Fan Wu,et al.  A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things , 2018, IEEE Internet of Things Journal.

[10]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[11]  Willy Susilo,et al.  Secure Remote User Authenticated Key Establishment Protocol for Smart Home Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[12]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[13]  YoHan Park,et al.  Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments , 2019, Sensors.

[14]  Chun-Ta Li,et al.  A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks , 2008, Comput. Commun..

[15]  Ashok Kumar Das,et al.  A secure and effective biometric‐based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor , 2017, Int. J. Commun. Syst..

[16]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[17]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[18]  Ashok Kumar Das,et al.  An Enhanced Access Control Scheme in Wireless Sensor Networks , 2014, Ad Hoc Sens. Wirel. Networks.

[19]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[20]  Yoon-Ho Choi,et al.  Authentication Protocol for Wearable Devices Using Mobile Authentication Proxy , 2018, 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN).

[21]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[22]  Giancarlo Succi,et al.  Authentication in cloud-driven IoT-based big data environment: Survey and outlook , 2019, J. Syst. Archit..

[23]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[24]  Athanasios V. Vasilakos,et al.  Design of secure key management and user authentication scheme for fog computing services , 2019, Future Gener. Comput. Syst..

[25]  Vanga Odelu,et al.  SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms , 2016, IEEE Transactions on Consumer Electronics.

[26]  Vanga Odelu,et al.  Design of Lightweight Authentication and Key Agreement Protocol for Vehicular Ad Hoc Networks , 2017, IEEE Access.

[27]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[28]  Joel J. P. C. Rodrigues,et al.  Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment , 2019, IEEE Access.

[29]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[30]  Athanasios V. Vasilakos,et al.  Biometrics-Based Privacy-Preserving User Authentication Scheme for Cloud-Based Industrial Internet of Things Deployment , 2018, IEEE Internet of Things Journal.

[31]  Xiong Li,et al.  A more secure digital rights management authentication scheme based on smart card , 2014, Multimedia Tools and Applications.

[32]  Zhenguo Zhao,et al.  An Efficient Anonymous Authentication Scheme for Wireless Body Area Networks Using Elliptic Curve Cryptosystem , 2014, Journal of Medical Systems.

[33]  Prosanta Gope,et al.  An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks , 2016, J. Netw. Comput. Appl..

[34]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[35]  Ashok Kumar Das,et al.  Provably Secure and Efficient Authentication Protocol for Roaming Service in Global Mobility Networks , 2017, IEEE Access.

[36]  Samiran Chattopadhyay,et al.  Provably Secure Multi-Server Authentication Protocol Using Fuzzy Commitment , 2018, IEEE Access.

[37]  Thomas G. Zimmerman,et al.  : Near-field , 2022 .

[38]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[39]  Kim-Kwang Raymond Choo,et al.  Expressive CP-ABE Scheme for Mobile Devices in IoT Satisfying Constant-Size Keys and Ciphertexts , 2017, IEEE Access.

[40]  Hari Om,et al.  A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC , 2017, Comput. Commun..

[41]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[42]  Cheng Xu,et al.  A lightweight anonymous mutual authentication and key agreement scheme for WBAN , 2019, Concurr. Comput. Pract. Exp..

[43]  Wei Liang,et al.  A Lightweight Mutual Authentication and Key Agreement Scheme for Medical Internet of Things , 2019, IEEE Access.

[44]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[45]  Ying Chen,et al.  An Improved Three-Factor User Authentication and Key Agreement Scheme for Wireless Medical Sensor Networks , 2019, IEEE Access.

[46]  Yining Liu,et al.  A Secure Authentication Protocol for Internet of Vehicles , 2019, IEEE Access.

[47]  Hossein Gharaee,et al.  Lightweight, anonymous and mutual authentication in IoT infrastructure , 2016, 2016 8th International Symposium on Telecommunications (IST).

[48]  Ping Wang,et al.  Zipf’s Law in Passwords , 2017, IEEE Transactions on Information Forensics and Security.

[49]  Joel J. P. C. Rodrigues,et al.  Cloud Centric Authentication for Wearable Healthcare Monitoring System , 2019, IEEE Transactions on Dependable and Secure Computing.

[50]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.