A Lightweight Three-Party Mutual Authentication Protocol for Internet of Health Things Systems

Wang, Zhihui; Zhao, Jianli; Sun, Peng; Yang, Jingjing; Wang, Rui; Zhang, Xiao

doi:https://doi.org/10.1155/2023/1044282

Journal of Healthcare Engineering

On this page

Abstract Introduction Related Work Preliminaries Conclusions Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Securing the Internet of Health Things (IoHT) with Lightweight Security Schemes

View this Special Issue

Research Article | Open Access

Volume 2023 | Article ID 1044282 | https://doi.org/10.1155/2023/1044282

A Lightweight Three-Party Mutual Authentication Protocol for Internet of Health Things Systems

Zhihui Wang,¹Jianli Zhao,²Peng Sun,¹Jingjing Yang,¹Rui Wang,¹and Xiao Zhang¹

Academic Editor: Muhammad Asghar Khan

Received10 Feb 2022

Revised11 Apr 2022

Accepted15 Apr 2022

Published22 Feb 2023

Abstract

In Internet of Health Things (IoHT) systems, there is a two-hop network structure between the authentication server TA, Internet of Things Connector (IotC), and wearable sensor (WS). Attackers can use the sensor layer network (the first hop) between the IotC and WS to steal patient’s health-related information and undermine the security of the system and the privacy of sensitive information. To address this threat, this study proposes a lightweight identity authentication and key agreement protocol for third-party authentication servers TA, IotC, and WS. The results of the formal security proof, BAN logic analysis, and AVISPA tool simulation show that the scheme proposed in this study has an ideal security performance and can meet the security requirements of IoHT. In terms of performance, the proposed scheme could dynamically construct a sensor layer network (the first hop) and offline networking according to the diagnostic needs of doctors. Compared with other related protocols, the proposed scheme can significantly reduce the computing resource requirements of IotC and server TA and the resource requirements of database I/O operation of server TA in the application scenario of concurrent access of multiple WS nodes.

1. Introduction

The wearable technology market has reached US $116.2 billion in 2020 and is expected to increase to US $265.4 billion by 2026, with an annual compound growth rate of 18.0% [1]. The rapid growth of the market scale of wearable technology is also constantly promoting the integration of wearable or implantable device technology with IoT, cloud computing, and other information technologies into Internet of Health Things (IoHT) systems in the hospital environment [2]. These new technologies can help medical professionals obtain various types of health data information of target patients faster and better [3] and help medical institutions continuously improve the quality of medical services [4].

Figure 1 describes the general network structure of IoHT systems applied in the medical structure environment [5–8]. Its remarkable feature is the integration of the IoT, cloud computing, wearable, or implantable device technology. As shown in Figure 1, an IoHT system is composed of two interconnected network units: a data service unit and IoT unit. They are connected through a common set of cloud data storage servers.

The IoT unit is a two-hop network structure, similar to the IEEE 802.15.6 Wireless Body Area Network (WBAN) standard description [9] and the industrial Internet of Things [10]. Multiple wearable sensors (WSs) and Internet of Things Connectors (IotCs) constitute the first hop of an IoHT system, that is, the sensor layer network. The IotC and local real-time data monitoring terminal (LMT) or cloud data server form the second-hop transport layer network. In terms of function, it emphasizes the ability of real-time, fast, and accurate acquisition and two-way data transmission of Patient Health Information (PHI) [5, 8, 11], such as patient activity, blood pressure, heart rate, electrocardiogram (ECG), temperature, blood glucose, and blood oxygen level [12].

1.1. Networking Requirements of Sensor Layer Networks

The main application environment of IoHT systems is the medical institutions that provide public medical and health services. Patients have a strong mobility and various other conditions. Therefore, the IoHT systems must collect the corresponding PHI data according to a patient’s condition such as monitoring of blood glucose levels and blood pressure. Some data require a high real-time performance, such as heart rate data in intensive care or cardiac care environments. These have put forward the following special functional requirements or limitations for the network structure of the sensing layer of the IoHT systems:(i)WS and IotC are small in size, easy to carry, and have limited computing resources; therefore, they are not suitable for jobs with a high amount of computing [13].(ii)The correspondence between the patients and IotC was variable. The IotC ownership in IoHT systems is a medical institution that has a corresponding relationship with patients within a certain time range.(iii)The types and number of WS nodes are large, and the server in the IoHT systems should have strong equipment access capability.(iv)The WS nodes are rarely used in isolation. In most cases, these groups were included. IotC should be able to concurrently network multiple WSs.(v)The combination of IotC and WS must be built according to the diagnostic needs of doctors [7].(vi)To reduce the impact of remote network quality on IoHT system availability, the IotC and WS should have offline networking capabilities.

1.2. Requirements of IoHT Systems Lightweight Authentication Strategy

The correctness, timeliness, and credibility of PHIs can support doctors’ decision making and help save or prolong patients’ lives [14]. However, many theft events in PHI data [4] make the security of PHIs a hot issue for healthcare organizations. The Health Insurance, Portability, and Accounting Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) require all healthcare organizations to ensure the safety of health information.

Network attacks against IoT terminal devices, such as webcams [15], small routers [16], bluetooth door locks [17], intelligent thermostats [18], and theft of face recognition data [19], have made people gradually realize that IoT devices in IoHT systems may become a tool for attackers to launch network attacks and destroy the stability of IoHT systems or steal user-sensitive information.

The mutual Authentication and Key Agreement (AKA) mechanism between IoT access devices is an important link for building a secure health system (SHS) [20]. The VPN, SSL, TLS, and other security mechanisms are based on the Internet peer-to-peer communication mechanism, which can ensure data security on both sides, for example, the establishment of a secure data channel between the IotC and the data server [21]. However, because of the two-hop network structure of the IoT unit of IoHT systems and the networking requirements of the sensor layer network, it is very difficult to use VPN, SSL, TLS, and other protocols to build a mutual AKA in the first-hop network (sensor layer network). Therefore, the IoHT systems require a lightweight, anonymous, and secure mutual AKA protocol, that is, more suitable for network structures [22].

The special structure and functional requirements of IoHT systems restrict their application in traditional security protocols. To deal with the threat of malicious attacks, improve the security level of IoHT systems, and meet the functional requirements of portable and ultralow power consumption of wearable sensors, various lightweight mutual AKAs have been proposed.

In 2015, He and Zeadally proposed a lightweight three-party authentication protocol to improve the identity authentication ability of controllers in ambient-assisted living systems [23]. Subsequently, in 2016, with the help of a third-party authentication server, He et al. realized lightweight identity authentication of users using a data aggregation device in the smart grid [24]. The two protocols are based on the elliptic curve (EC) theory and realize the support of third-party authentication servers; therefore, they have low overall resource consumption and high security, but the individual resource consumption of the controller is still high, and the support for sensing devices is insufficient.

In 2017, Li et al. [9] proposed an anonymous lightweight identity authentication and key agreement protocol for two-hop wireless body area networks (WBANs). The protocol is based on a hash function and XOR computing, which significantly reduces the demand for computing resources for wireless sensor devices. A hub node must undertake multiple functions, such as identity authentication, real-time data monitoring, data storage, and remote cloud data forwarding, which are not conducive to the implementation of a security protection strategy, is easier to capture, and has a single point of failure.

In 2018, Srinivas et al. [6] proposed a lightweight tripartite authentication scheme for WSs, users, and cloud servers based on cloud computing and big-data technology. The security of the scheme is verified using a formal real or random (ROR) model and the automatic verification tool AVISPA [25]. This scheme has significant advantages in terms of the communication and computing costs.

However, Srinivas’ protocol must store the authentication information of all possible users in the memory of all the WSs in advance. This causes the wearable sensor of the protocol to have a large demand for storage resources and insufficient ability to resist WS theft attacks [16]. Simultaneously, we found that the construction of the sensor layer network of the protocol requires more manual processing, which is more suitable for networks with stable structures. Under the demand for on-demand construction of an IoHT system sensor layer network, labor and system maintenance costs will increase.

To enhance the ability of wearable devices to protect sensitive data and resist WSs theft attacks, Das et al. [5] proposed a lightweight tripartite authentication and session key scheme between WSs and mobile terminals (MT) (i.e., smartphones) carried by the same user. The security of the protocol was verified using a real or random model and AVISPA tool. Compared with the previous scheme, this method has certain advantages in terms of resource consumption. However, Jiang et al. [26] pointed out that the Das scheme does not resist offline password-guessing attacks, and attackers can use desynchronization attacks to destroy the synchronizer of identity update between WS and MT [26] and provided an improved scheme. Jiang’s scheme offers advantages in terms of security and resource consumption. However, we also found that there were still some problems with Jiang’s scheme.(i)This method is suitable for application in personal health monitoring. In Jiang’s scheme, the user is an MT and the WS is the owner, who lacks the basic function of adjusting the combination relationship of the user, MT, and WSs according to the patient’s condition and the doctor’s diagnostic needs.(ii)There is a security risk in the denial-of-service (DOS). In Jiang’s protocol, MT lacks the necessary verification for message M1, so attackers can use this to send many wrong M1, thus exhausting the computing, communication, and server database I/O resources of MT and the cloud server (CS) to achieve the purpose of DOS.(iii)The computing resource requirements for concurrent MT access to multiple WS nodes must be improved. When the MT needs to access multiple WS nodes, the MT and CS have more repeated calculations and higher demand for computing resources.(iv)The capability of offline networking between MTs and WSs must be improved. In the process of accessing the WS, the server CS must be online and provide corresponding services.(v)The CS has a high demand for I/O database resources. Each time the MT accesses the WS, at least three queries and one database update operation are required. In an IoHT system environment, this may lead to a shortage of CS database resources, affect the number of WS nodes accessed, and weaken the server’s ability to resist DoS attacks.

To enhance the ability of identity authentication between the Internet of Things connector (IotC) and local real-time data terminal, Srinivas et al. proposed a novel temporal credential-based anonymous lightweight user authentication mechanism for the Internet of Drones (IoD) environment [27]. The security of the scheme is proved using a real or random (ROR) model and automated validation of Internet security protocols and applications (AVISPA). However, this scheme does not support the dynamic construction of a sensor layer network. In 2020, Wang et al. [7] proposed a lightweight WSs and WNC mutual authentication protocol based on the elliptic curve cryptography (ECC) algorithm. With the help of a cloud-assisted authentication service, the protocol can realize mutual authentication and key negotiation of a wearable network connector (WNC) access to WSs designated by doctors. However, this scheme has shortcomings in terms of protection against ID. The attacker uses this to track the specified WSs and obtain sensitive data by analyzing the communication frequency and data volume. However, compared to the schemes of Srinivas, DAS, and Jiang, the resource consumption of their sensing terminals remains high.

3. Preliminaries

3.1. Elliptic Curve (EC)

Let be an elliptic curve over a finite field defined by the following equation: , where and . represents a cyclic group constructed from points on elliptic curve and infinity ∞.

3.2. Scalar Multiplication

When , there is a multiplication formula: holds.

3.3. Elliptic Curve Discrete Logarithm Problem (ECDLP)

When and integer are known, it is easy to calculate . When Q and P are known, it is very difficult to calculate the value of the integer .

3.4. Elliptic Curve Cryptography (ECC)

A public-key algorithm based on ECDLP security is called elliptic curve cryptography (ECC). Compared with RSA, ECC requires fewer computing and storage resources [28, 29].

3.5. Elliptic Curve Diffie–Hellman Discrete Logarithm Problem (ECDHDLP)

Assuming and , when the values of and or and are known, it is easy to calculate , but when and are known, it is very difficult to calculate .

3.6. Fuzzy Extractor (FE)

This is a highly secure biometric recognition method. It contains and functions [5], where . When the deviation between and is less than t, can be obtained.

3.7. Collision-Resistant Hash Function

The hash function can convert any long input string into a fixed-length value . If the hash values of two different input strings are the same, the two strings form a set of hash collisions. denotes the advantage of adversary in identifying hash collisions: when , is a real number sufficiently small to be ignored. This hash function is called a collision-resistant hash function.

3.8. Parameters and Symbols

Table 1 lists the names and descriptions of parameters, methods, and symbols required by the proposed protocol. To prevent replay attacks, all participants in the IoHT system network have their own independent timing unit, T, and can maintain synchronization with the system clock of the IoHT systems.

4. The Proposed Scheme

Mutual authentication protocols between devices are typically based on mutually trusting secret information [30]. The combined relationship between patients and IotC and between IotC and WS in IoHT systems often needs to be changed, and the resources of IotC and WS are limited and very different. In this case, the three-party mutual authentication scheme, including the third-party server TA, has clear advantages in terms of communication and storage resources [30]. Therefore, based on the ECDLP and hash function, we propose a lightweight AKA scheme that uses anonymous third-party devices.

4.1. Devices Registration

Figure 2 describes the registration process of IotC. At this stage, TA records the IotC identity and generates a new authentication code . The numerical numbers of (1), (2), …, (7) in Figure 2 are in the order in which IotC and TA execute the protocol at this stage. To enhance the flexibility of the administrator’s workplace, we have strengthened the security protection of the communication process. For example, the tracking of equipment is prevented by formulas and ; TA calculates , and the identity authentication of IotC and administrator users is realized. The registration process of WS is similar to that described in Figure 2.

4.2. IotC Binding to a Patient

The corresponding relationship between the patient and the IotC in the IoHT systems is variable. IotC has only a corresponding relationship with the patient within a certain time range. To meet this demand, this study proposed a strategy for binding to a patient. During the validity period, and the server TA (, ) were used to mark the correspondence between and the patient. Figure 3 shows the detailed process of binding receptor binding to a patient. Numerical numbers such as “(1), (2), …, (5)” in Figure 3 are the execution sequences of and TA in this stage.(1) local authentication administrator.(2) requests and determines the patient information. In this process, the formula is used to encrypt the ID of to prevent device tracking.(3)TA authenticates . TA uses the formula to calculate the ID decryption key of . IotC identity is verified using .(4)TA binds a patient to . The TA selects a user and calculates and .(5) binds a patient. After receiving message , uses the information to calculate and . Subsequently, the key is calculated using the formulas and , and the and are encrypted and saved using the formula .

4.3. TA Authorizes IotC

The ability of the sensor layer network to support the patient’s condition and the doctor’s diagnosis requires variable correspondence between a patient and multiple WS nodes. This relationship can be replaced by that between and multiple WS nodes after the patient is bound to .

Therefore, this study proposes a strategy for TA to authorize IotC to access WS nodes and use (NID, AC [1, …, n]) to mark the corresponding relationship between an IotC and multiple WS nodes. Figure 4 describes the process of obtaining the access authorization of a WS node. When multiple WS nodes require access, the variable is an array.

4.4. IotC Offline Access to WS Node

IoHT systems must meet the needs of offline construction of the sensor layer network in real working scenarios. Therefore, this study proposes a strategy in which TA authorizes once, and IotC can access the specified WS node offline many times within the authorization time range. Figure 5 describes the implementation process of the AKA policy of offline access to .(1) authenticates the users locally. verifies the user’s identity by using the fuzzy extractor function and decrypts and calculates the , , and , which are required to access .(2)Login . calculates the variable values of , , , and in turn. Message is combined and broadcast to the sensor layer network.(3) verifies . After receiving message , uses the formula to verify the authorization validity and data transmission validity , and is much greater than . Then, uses the formula to verify the access authorization of .(4)Calculate the session key SK. After the identity authentication of is successful, uses the formula to calculate the session key between and . continues to calculate the values of variables and and returns the message to .(5) authenticates . After receiving the message , uses the formula to verify the time validity of the message. If valid, using in the current message, select corresponding to sending message and calculate to obtain . Then, calculate . If equation holds, successfully authenticates identity.

4.5. IotC Online Access WS

In the proposed scheme, when IotC obtains access authorization for the WS, the process of accessing the specified WS for the first time can be regarded as an online access. That is, after IotC completes all the operations described in Figure 4 and obtains , , and , it can directly transfer to the number “(2)” in Figure 5, mark the part, and begin to enter the WS node.

4.6. IotC Accesses Multiple WS Nodes Concurrently

In a multi-WS access scenario, Figure 5 shows that the variable in the authorization process is an array AC [1, …, N]. AC [1, …, N] contains the access verification codes for multiple WS nodes. At this time, IotC generates a corresponding message TID and message for each element in AC [1, …, N], according to the operation described in Figure 5. The messages of multiple structures were then sent continuously.

After receives the first structure message, starts to execute all operations in the “(3)” mark section in Figure 5. Until meets the equality, stop receiving and go to the part marked with “(4).”

In the case of multiple WS concurrent access, after receives , uses the TID in to select the corresponding AC to improve the concurrent access capability of .

4.7. Replacement and Change of WS Nodes

When the patient’s condition development or other conditions need to adjust the IotC, this can be realized by sequentially executing the process described in Figures 4 and 5. When only the WS needs to be adjusted, this can be realized by sequentially executing the process described in Figures 4 and 5.

5. Security Analysis

This section proves the security performance and antiattack ability of the proposed protocol through formal methods.

5.1. Security Model

The scheme proposed in this study belongs to the identity authentication and key agreement (AKA) protocol. Therefore, we provide the corresponding security model and formal proof process based on [31–33]. In this model, denotes the proposed scheme. presents the participants in the scheme, which can be , , or . Attacker can be described by the following random oracles:(i): attacker intercepts all messages exchanged between any two parties(ii): attacker sends forged message M to and receives feedback form(iii): attacker obtains the composition information of the session key and launches a known key attack(iv): attacker can obtain the long-term key of to verify the strong forward security performance of the session key SK(i): attacker can obtain {} of (ii) attacker can obtain of (v): Attacker uses a coin toss test to challenge session key {SK}. When , the correct session key SK is returned, and when , a random string is returned.(vi): Attacker calculates the hash value of message M.

Definitions and assumptions need to be used in the definition and false proof process.

5.1.1. Partnering

If a group of participants in the protocol, the instances of and , can pass the mutual identity authentication and negotiate a consistent session key SK, we call them partners.

5.1.2. Fresh

If a session is not disclosed, it is called a fresh session.

5.1.3. Security

When attacker destroys the security advantage of protocol , it means that is secure and satisfies , where is a real number small enough to be ignored, and represents the probability that attacker successfully destroys the security of .

Assumptions 1. The basic algorithms used in the proposed scheme, such as the elliptic curve discrete logarithm problem (ECDLP), elliptic curve Diffie–Hellman discrete logarithm problem (ECDHDLP), fuzzy extractor (FE), hash function, and symmetric-key encryption algorithm (Enc), are secure; that is,, .

5.2. Security Proof

Theorem 1. The advantage of in is given by

In the above formula, q is the order of elliptic curve finite cyclic group ; represents the length of the dictionary; is the length of the hash value, , ,and , respectively, represent the number of times executes , , and queries, respectively, and represents the calculation times of elliptic curve scalar multiplication.

Proof. This process is similar to those in References [31–33] and takes place over five games to . represents that wins in the game and successfully destroys the security of protocol . G₀: This game simulates that attacker uses the random oracle model to launch a real attack on , so we can obtain . G₁: This game simulates attacker launching a passive attack on protocol . Attacker intercepts message through and stores it in the list L. Because the key SK is not transmitted in the above message, passive attacks will not increase the advantage of attacker . Thus, can be obtained . G₂: To improve the advantage, attacker applies the collision principle based on and uses an oracle and to launch multiple attacks. In this case, attacker guesses or collides with the key SK, and the success probability is ; destroying the security of the symmetric-key algorithm, and the success probability is . At this point, the advantage of attacker can be described as . G₃: Attacker indirectly attacks SK through based on : Attacker A can destroy the security of the symmetric-key algorithm. The methods and success probability of attacker are as follows:(i)Attacker collides with the value of , and the success probability is .(ii)Attacker intercepts and in , collides with and values, and uses the formula to calculate , with a success probability of .(iii)Attacker uses the formula to calculate the value of , where and are unknown variables, and the success probability is . At this point, the advantage of attacker can be described as . G₄: This game simulates that attacker uses query to send a forged message to enhance his advantage. In this case, attacker evaluates the success according to the message returned by . The simulator must check whether is in the list L. To verify the formula , attacker must test the values of , , and . Therefore, attacker can obtain . G₅: This game simulates that attacker uses query to send a forged message to enhance its advantage. In this case, attacker passes the formula for verification, and the values of , , , and need to be tested. At this point, the advantage of attack is . G₆: This game simulates that attacker uses query to send a forged message to enhance his advantage. In this case, attacker must test the values of , , and . At this point, the advantage of attack is . G₇: This game simulates that attacker uses queries to send a forged message to enhance its advantage. In this case, attacker must test the values of , , and . At this point, the advantage of attack is .Therefore, combining the advantages of attacker , we can get Theorem 1.

5.3. BAN Logic Proof of the Proposed Protocol

In this chapter, we use the Burrows–Abadi–Needham (BAN) logic [30, 34, 35] to formally prove the security of the device AKA protocol proposed in this study. We assumed that the symbols and represent participation in the communication session, and are messages sent or received by the participants, and is the session key. Table 2 lists the relevant symbols, descriptions, and logic rules often used in the BAN logic. To save space, only Figure 5 is listed as a formal proof describing the content.

According to the functional characteristics of the protocol proposed in this study, the security of the AKA process of accessing can be decomposed into five security verification objectives under the BAN logic. They are, respectively, G1: trust TA, G2: trust , G3: trust , G4: trust , and G5: trust .

5.3.1. G1: Authenticates TA

In BAN logic, the message in Figure 5 is converted to . After receiving , calculates , and the target G1 can be represented by the formula . When the equation holds, is not tampered with. gets , Uses R1: Gets G1:

5.3.2. G2: Trust

In the protocol proposed in this study, uses to mark the identity after binding with patient information and obtaining WS access authorization. Therefore, the target G2 can be represented by the formula . gets , Uses R4: Uses R2: Uses R3: Uses R5: Gets G2:

5.3.3. G3: Trusts

is calculated using the formula , and its calculation security is based on a collision-resistant hash function. is randomly generated by . G3 can be expressed using the formula . gets , , Uses R1: Uses R2: Uses R3: Uses R5: Gets G3:

5.3.4. G4: Trusts

In BAN logic, message is converted to . G4 can be represented using the formula . gets Uses R1: Uses R4: Uses R2: Uses R3: Uses R5: Gets G4: Uses

5.3.5. G5: Trusts

G4 can be represented by the following formula : Uses R1: Uses R4: Uses R2: Uses R3: Uses R5: Gets G5:

At this time, this study successfully uses the BAN logic to formally prove the security of the three-party AKA protocol proposed in this study and achieves all the security indicators.

6. Simulation of the Proposed Protocol

AVISPA [25, 36, 37] is an automated network protocol security verification tool. It includes a constraint-logic attacker search (Cl-AtSe) and an on-the-fly model checker (OFMC), which are two types of network attack simulation checkers. The results of AVISPA evaluation showed a certain degree of recognition. In this part, this study uses the AVISPA tool set for Figure 4 authorized access and equipment AKA process described in Figure 5 and conduct simulation security verification.

Figure 6 shows the HLPSL simulation model of the proposed protocol and the simulation attack process in the AVISPA software. Attacker A was added to the simulation process to verify the ability of the protocol to resist intermediate authentication attacks. Figure 7 evaluates the results of the HLPSL model in AVISPA software using two checkers: OFMC and Cl-AtSe. The results show that the proposed scheme is secure under the two inspector models and meets all specified security objectives.

(a)

(b)

7. Efficiency Evaluation and Comparisons

In this section, the requirements of computing resources and server I/O resources that have a significant impact on system stability are selected, and the lightweight three-party AKA scheme proposed in this study is evaluated. For convenience of description, we select the typical [5–7, 9, 23, 26] lightweight authentication and key agreement protocols in some recent studies for comparison.

7.1. Comparison of the Computation Cost

When the encryption algorithm is fixed, the higher the security level, the longer the key length, and more computing resources are required to be consumed [28]. An objective analysis of the resource consumption of the AKA scheme must be conducted at the same security level. Therefore, Table 3 is established by referring to the relevant experimental data and the results in references [6, 9, 23, 38, 39].

Table 3 lists the approximate time multiple relationships between the main mathematical calculation in some common security encryption algorithms and the SHA-1 hash calculation, and the unit is . For the special , we have not yet found convincing public data; takes very little time and can be ignored.

Table 4 compares the selected literature and the proposed AKA scheme in terms of the theoretical consumption of resources. Considering that IotC in the proposed scheme can support offline and concurrent access to multiple WS nodes within the authorization time range, the corresponding computing resource consumption is listed in Table 4.

In the case of online access, the proposed protocols IotC and TA must perform the authorization process described in Figure 4. Therefore, when accessing the first WS node, the TA must perform three EC scalar multiplications and six hash calculations, that is, calculation time, IotC requires 3 calculation time, and WS requires calculation time. When the IotC offline line accesses the second WS node, the proposed scheme no longer needs to perform the authorization process described in Figure 4. Currently, IotC requires only a calculation time of , whereas WS requires a calculation time of .

Figure 8 shows a comparison of the schemes in Table 4 when only one WS node needs to be accessed. The x-axis represents the theoretically calculated resource demand quantity, and the unit is . The computational performance of Li et al. [9] scheme is the best, and the proposed scheme has certain advantages.

Figure 9 shows the proposed scheme and compares the demand for computing resources with the protocol proposed by Jiang et al. [26] for multi-WS node access. The x-axis represents the number of access WS nodes, and the y-axis represents the theoretically calculated resource demand in units of . Figure 9(a) describes the changes in the computing resource requirements of IotC. Figure 9(b) represents the change in computing resource demand of server TA. Figure 9(c) describes the change in overall computing resources. The increase in the number of nodes has little impact on IotC and the overall computing resource requirements in the scheme proposed in this study, which is better than Jiang’s scheme.

(a)

(b)

(c)

7.2. Server Database I/O Resources

The number of WS, IotCs, and users in an IoHT system is huge, and the necessary information needs to be stored in the database. When IotC is connected to WS, TA must perform the necessary data reading or writing operations to verify the privileges of users after IotC binding and authorize IotC to access the specified WS. The operation of the database requires server I/O resources. This operation is too frequent, which causes insufficient input-output resources and seriously affects the stability of the system.

In Jiang et al.’s scheme [26], privacy protection is realized and device tracking is prevented by synchronizing a set of one-time identity IDs between the WS and server CS. Thus, Ta must perform three queries and one updated data operation during the AKA process. Specifically, an IotC identity query, a temporary ID query of WS, avoids the repeated query of the one-time ID of the newly generated WS at one time and an operation to update the database with a new ID. The proposed scheme requires only one PID query and WS information query. Moreover, when the number of WS nodes increases, the number of queries must be increased to be equal to the number of authorized WS nodes. Figure 10 shows the changes in the I/O operation resource requirements of the server TA database in the case of multi-WS access in the proposed scheme and Jiang et al.’s scheme [26].

8. Conclusions

The rapid development of the Internet of Things and wearable sensing technology has continuously promoted Internet of Health Things (IoHT) systems in medical institutions. However, the IoHT systems not only provide a more convenient and faster channel for health detection data but also make sensitive Personal Health Information (PHI) face many new security risks. Physical channel security between Internet of Things Connectors (IotC) and wearable sensors (WS) is an important link for building IoHT systems into a secure health system (SHS).

Therefore, this study proposes a lightweight three-party authentication and key agreement (AKA) protocol that meets the characteristics of the two-hop structure and the requirements of multi-WS network monitoring. The results of the formal security proof, BAN logic analysis, and simulation experiment of the AVISPA tools show that the scheme proposed in this study can meet the expected security requirements. The results of the comparison with relevant protocols show that the protocol has certain advantages in WS individual computing resource consumption: in the scenario of multiple WS node applications, the increasing trend of computing resource demand of IotC and the server is not obvious, as the I/O operation resources of the server are not affected by the number of WS nodes.

Acronyms

AVISPA:	Automated validation of internet security protocols and applications
AKA:	Authentication and key agreement
BAN logic:	Burrows–Abadi–Needham logic
CS:	Cloud server
Cl-AtSe:	Constraint-logic attacker search
DOS:	Denial-of-service
EC:	Elliptic curve
ECC:	Elliptic curve cryptography
ECDLP:	Elliptic curve discrete logarithm problem
ECDHDLP:	Elliptic curve Diffie–Hellman discrete logarithm problem
FE:	Fuzzy extractor
IoT:	Internet of Things
IoHT:	Internet of Health Things
IotC:	Internet of things Connector
IoD:	Internet of Drones
I/O:	Input/Output
MT:	Mobile terminal
OFMC:	On-the-fly model checker
PHI:	Patient health information
SHS:	Secure health system
TA:	Third-party authentication server
WS:	Wearable sensor
WNC:	Wearable network connector.

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This study was supported by the Science and Technology Research Project of Hebei Province Colleges and Universities (Grant Z2020134) and the Natural Science Foundation of Hebei Province (Grant F2021405001) and the General Project of Hebei North University under Grant no. XJ2021005.

References

researchandmarkets, “Wearable technology market by product (wristwear, headwear, footwear, fashion & jewelry, bodywear), type (smart textile, non-textile), application (consumer electronics, healthcare, enterprise & industrial), and geography - global forecast to 2026,” 2021, https://www.researchandmarkets.com/reports/5314641/wearable-technology-market-by-product-wristwear.
View at: Google Scholar
S. B. Baker, W. Xiang, and I. Atkinson, “Internet of things for smart healthcare: technologies, challenges, and opportunities,” IEEE Access, vol. 5, pp. 26521–26544, 2017.
View at: Publisher Site | Google Scholar
L. M. Dang, M. J. Piran, D. Han, K. Min, and H. Moon, “A survey on internet of things and cloud computing for healthcare,” Electronics, vol. 8, no. 7, p. 768, 2019.
View at: Publisher Site | Google Scholar
J. J. Hathaliya and S. Tanwar, “An exhaustive survey on security and privacy issues in Healthcare 4.0,” Computer Communications, vol. 153, pp. 311–335, 2020.
View at: Publisher Site | Google Scholar
A. K. Das, M. Wazid, N. Kumar, M. K. Khan, K. K. R. Choo, and Y. Park, “Design of secure and lightweight authentication protocol for wearable devices environment,” IEEE Journal of Biomedical and Health Informatics, vol. 22, no. 4, pp. 1310–1322, J, 2018.
View at: Publisher Site | Google Scholar
J. Srinivas, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “Cloud centric authentication for wearable healthcare monitoring system,” IEEE Transactions on Dependable and Secure Computing, vol. 17, no. 5, pp. 942–956, 2020.
View at: Publisher Site | Google Scholar
Z. Wang, L. Gong, J. Yang, and X. Zhang, “Cloud‐assisted elliptic curve password authenticated key exchange protocol for wearable healthcare monitoring system,” Concurrency and Computation: Practice and Experience, vol. 34, no. 9, 2020.
View at: Publisher Site | Google Scholar
C.-T. Li, C.-C. Lee, and C.-Y. Weng, “A secure cloud-assisted wireless body area network in mobile emergency medical care system,” Journal of Medical Systems, vol. 40, no. 5, p. 117, 2016.
View at: Publisher Site | Google Scholar
X. Li, M. H. Ibrahim, S. Kumari, A. K. Sangaiah, V. Gupta, and K.-K. R. Choo, “Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks,” Computer Networks, vol. 129, pp. 429–443, 2017.
View at: Publisher Site | Google Scholar
D. He, M. Ma, S. Zeadally, N. Kumar, and K. Liang, “Certificateless public key authenticated encryption with keyword search for industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3618–3627, 2018.
View at: Publisher Site | Google Scholar
A. K. Yetisen, J. L. Martinez-Hurtado, B. Ünal, A. Khademhosseini, and H. Butt, “Wearables in medicine,” Advances in Materials, vol. 30, no. 33, Article ID 1706910, 2018.
View at: Publisher Site | Google Scholar
X. Jia, D. He, N. Kumar, and K.-K. R. Choo, “Authenticated key agreement scheme for fog-driven IoT healthcare system,” Wireless Networks, vol. 25, no. 8, pp. 4737–4750, 2019.
View at: Publisher Site | Google Scholar
P. A. H. Williams and V. McCauley, Always Connected: The Security Challenges of the Healthcare Internet of Things, IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, USA, 2016.
R. Gupta, S. Tanwar, S. Tyagi, N. Kumar, M. S. Obaidat, and B. Sadoun, “HaBiTs: blockchain-based telesurgery framework for healthcare 4.0,” in Proceedings of the 2019 International Conference on Computer, Information and Telecommunication Systems (CITS), pp. 1–5, Beijing, China, August 2019.
View at: Publisher Site | Google Scholar
P. A. Abdalla and C. Varol, “Testing IoT security,” The Case Study of an IP Camera, vol. 8, 2020.
View at: Google Scholar
X. Zhang, J. Zhao, F. Yang, Q. Zhang, and X. Zhang, “An automated composite scanning tool with multiple vulnerabilities,” in Proceedings of the 2019 IEEE 3rd Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), Chongqing, China, October 2019.
View at: Google Scholar
Z. Mu, W. Li, C. Lou, and M. Liu, “Investigation and application of smart door locks based on bluetooth control technology,” in Proceedings of the 2020 Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC), Dalian, China, April 2020.
View at: Google Scholar
C. Doctorow, “Proof-of-concept ransomware for smart thermostats demoed at defcon,” Boing Boing, 2016, https://boingboing.net/2016/08/08/proof-of-concept-ransomware-fo.html.
View at: Google Scholar
J. Yang, W. Zhang, J. Liu, J. Wu, and J. Yang, “Generating De-identification facial images based on the attention models and adversarial examples,” Alexandria Engineering Journal, vol. 61, no. 11, pp. 8417–8429, 2022.
View at: Publisher Site | Google Scholar
A. Dua, N. Kumar, A. K. Das, and W. Susilo, “Secure message communication protocol among vehicles in smart city,” IEEE Transactions on Vehicular Technology, vol. 67, no. 5, pp. 4359–4373, 2018.
View at: Publisher Site | Google Scholar
R. Chaudhary, A. Jindal, G. S. Aujla, N. Kumar, A. K. Das, and N. Saxena, “LSCSH: lattice-based secure cryptosystem for smart healthcare in smart cities environment,” IEEE Communications Magazine, vol. 56, no. 4, pp. 24–32, 2018.
View at: Publisher Site | Google Scholar
A. Kumari, S. Tanwar, S. Tyagi, and N. Kumar, “Fog computing for Healthcare 4.0 environment: opportunities and challenges,” Computers & Electrical Engineering, vol. 72, pp. 1–13, 2018.
View at: Publisher Site | Google Scholar
D. He and S. Zeadally, “Authentication protocol for an ambient assisted living system,” IEEE Communications Magazine, vol. 53, no. 1, pp. 71–77, 2015.
View at: Publisher Site | Google Scholar
D. He, N. Kumar, and J.-H. Lee, “Privacy-preserving data aggregation scheme against internal attackers in smart grids,” Wireless Networks, vol. 22, no. 2, pp. 491–502, 2016.
View at: Publisher Site | Google Scholar
A. Armando and L. Vigneron, “The AVISPA tool for the automated validation of internet security protocols and applications,” Computer Aided Verification, vol. 3576, pp. 281–285, 2005.
View at: Publisher Site | Google Scholar
Q. Jiang, Y. Qian, J. Ma, X. Ma, Q. Cheng, and F. Wei, “User centric three-factor authentication protocol for cloud-assisted wearable devices,” International Journal of Communication Systems, vol. 32, no. 6, p. e3900, Apr, 2019.
View at: Publisher Site | Google Scholar
J. Srinivas, A. K. Das, N. Kumar, and J. J. P. C. Rodrigues, “TCALAS: temporal credential-based anonymous lightweight authentication scheme for internet of Drones environment,” IEEE Transactions on Vehicular Technology, vol. 68, no. 7, pp. 6903–6916, 2019.
View at: Publisher Site | Google Scholar
D. R. Hankerson, S. A. Vanstone, and A. J. Menezes, Guide to Elliptic Curve Cryptography, Springer, Berlin, Germany, 2003.
A. H. Koblitz, N. Koblitz, and A. Menezes, “Elliptic curve cryptography: the serpentine course of a paradigm shift,” Journal of Number Theory, vol. 131, no. 5, pp. 781–814, 2011.
View at: Publisher Site | Google Scholar
M. Burrows and M. Abadi, “A logic of authentication,” Proceedings of the Royal Society A: Mathematical, Physical Science, vol. 426, pp. 233–271, 1989.
View at: Publisher Site | Google Scholar
E. Bresson, O. Chevassut, and D. Pointcheval, “Security proofs for an efficient password-based key exchange,” in Proceedings of the 10th ACM conference on Computer and communications security, Washington D.C. USA, October 2003.
View at: Google Scholar
M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” in Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 2005.
View at: Google Scholar
F. Wu, L. Xu, S. Kumari, and X. Li, “A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security,” Journal of Ambient Intelligence and Humanized Computing, vol. 8, no. 1, pp. 101–116, 2017.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, S. Kumari, F. Wu, A. K. Sangaiah, and K. K. R. Choo, “A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments,” Journal of Network and Computer Applications, vol. 103, pp. 194–204, 2018.
View at: Publisher Site | Google Scholar
K. Mahmood, S. A. Chaudhry, H. Naqvi, S. Kumari, X. Li, and A. K. Sangaiah, “An elliptic curve cryptography based lightweight authentication scheme for smart grid communication,” Future Generation Computer Systems, vol. 81, pp. 557–565, 2018.
View at: Publisher Site | Google Scholar
H. Nicanfar and V. C. M. Leung, “Multilayer consensus ECC-based password authenticated key-exchange (MCEPAK) protocol for smart grid system,” IEEE Transactions on Smart Grid, vol. 4, no. 1, pp. 253–264, 2013.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, S. Kumari, J. Liao, and W. Liang, “An enhancement of a smart card authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 80, no. 1, pp. 175–192, 2015.
View at: Publisher Site | Google Scholar
B. Zhao, S. Zeng, H. Feng et al., “Lightweight mutual authentication strategy for internet of electric things,” Sustainable Energy Technologies and Assessments, vol. 45, Article ID 101130, 2021.
View at: Publisher Site | Google Scholar
P. Szczechowiak, L. B. Oliveira, M. Scott, M. Collier, and R. Dahab, “NanoECC: testing the limits of elliptic curve cryptography in sensor networks,” Wireless Sensor Networks, vol. 4913, pp. 305–320, 2008, http://link.springer.com/10.1007/978-3-540-77690-1_19.
View at: Google Scholar

Copyright

Copyright © 2023 Zhihui Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

590

Downloads

384

Citations

Journal of Healthcare Engineering

Securing the Internet of Health Things (IoHT) with Lightweight Security Schemes

A Lightweight Three-Party Mutual Authentication Protocol for Internet of Health Things Systems

Abstract

1. Introduction

1.1. Networking Requirements of Sensor Layer Networks

1.2. Requirements of IoHT Systems Lightweight Authentication Strategy

2. Related Work

3. Preliminaries

3.1. Elliptic Curve (EC)

3.2. Scalar Multiplication

3.3. Elliptic Curve Discrete Logarithm Problem (ECDLP)

3.4. Elliptic Curve Cryptography (ECC)

3.5. Elliptic Curve Diffie–Hellman Discrete Logarithm Problem (ECDHDLP)

3.6. Fuzzy Extractor (FE)

3.7. Collision-Resistant Hash Function

3.8. Parameters and Symbols

4. The Proposed Scheme

4.1. Devices Registration

4.2. IotC Binding to a Patient

4.3. TA Authorizes IotC

4.4. IotC Offline Access to WS Node

4.5. IotC Online Access WS

4.6. IotC Accesses Multiple WS Nodes Concurrently

4.7. Replacement and Change of WS Nodes

5. Security Analysis

5.1. Security Model

5.1.1. Partnering

5.1.2. Fresh

5.1.3. Security

5.2. Security Proof

5.3. BAN Logic Proof of the Proposed Protocol

5.3.1. G1: Authenticates TA

5.3.2. G2: Trust

5.3.3. G3: Trusts

5.3.4. G4: Trusts

5.3.5. G5: Trusts

6. Simulation of the Proposed Protocol

7. Efficiency Evaluation and Comparisons

7.1. Comparison of the Computation Cost

7.2. Server Database I/O Resources

8. Conclusions

Acronyms

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright