Provably Secure and Lightweight Patient Monitoring Protocol for Wireless Body Area Network in IoHT

Xie, Qi; Liu, Dongnan; Ding, Zixuan; Tan, Xiao; Han, Lidong

doi:https://doi.org/10.1155/2023/4845850

Journal of Healthcare Engineering

On this page

Abstract Introduction System Model and Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Securing the Internet of Health Things (IoHT) with Lightweight Security Schemes

View this Special Issue

Research Article | Open Access

Volume 2023 | Article ID 4845850 | https://doi.org/10.1155/2023/4845850

Provably Secure and Lightweight Patient Monitoring Protocol for Wireless Body Area Network in IoHT

Qi Xie,¹Dongnan Liu,¹Zixuan Ding,¹Xiao Tan,¹and Lidong Han¹

Academic Editor: Muhammad Asghar Khan

Received21 Apr 2022

Revised04 Jun 2022

Accepted24 Nov 2022

Published13 Feb 2023

Abstract

As one of the important applications of Internet of Health Things (IoHT) technology in the field of healthcare, wireless body area network (WBAN) has been widely used in medical therapy, and it can not only monitor and record physiological information but also transmit the data collected by sensor devices to the server in time. However, due to the unreliability and vulnerability of wireless network communication, as well as the limited storage and computing resources of sensor nodes in WBAN, a lot of authentication protocols for WBAN have been devised. In 2021, Alzahrani et al. designed an anonymous medical monitoring protocol, which uses lightweight cryptographic primitives for WBAN. However, we find that their protocol is defenseless to off-line identity guessing attacks, known-key attacks, and stolen-verifier attacks and has no perfect forward secrecy. Therefore, a patient monitoring protocol for WBAN in IoHT is proposed. We use security proof under the random oracle model (ROM) and automatic verification tool ProVerif to demonstrate that our protocol is secure. According to comparisons with related protocols, our protocol can achieve both high computational efficiency and security.

1. Introduction

Wireless body area network (WBAN) exists as a transmission network for body monitoring. It has intellectual network appliances, such as personal wireless terminals, wearable devices, and wireless sensors. Individuals can use network devices to build personalized health networks based on WBAN, and they are substantial participants in the Internet of Health Things (IoHT) application. WBAN is widely used in patient monitoring, physiological parameter measurement, and so on. The measured data are transmitted by the sensor to the devices with a forwarding function in real time using wireless network transmission and then stored in the database of the remote server [1–3]. Using WBAN-based systems, patient-specific electronic medical records can be established, and professionals can analyze medical data through patient electronic records. Moreover, the electronic data of patients can be used for later analysis and diagnosis, and medical personnel can provide targeted medical services based on these data [4].

The communication and interaction of WBAN are based on an open wireless channel, so it is inevitable to face a series of challenges. Attackers can eavesdrop, tamper, intercept publicly transmitted information, and use the obtained information to launch attacks and obtain patients’ privacy. This poses a great threat to the medical IoHT and patient privacy [5, 6]. In addition, the WBAN system requires real-time data transmission and timely processing of a large number of communication requests, which makes the energy consumption of infrastructures with limited efficiency very heavy [7]. However, most devices for WBAN have limited computing power, so they cannot perform traditional cryptographic calculations. Moreover, intensive computation will bring about overblown network loads, which will affect the performance of the system. Therefore, the medical field urgently needs a lightweight privacy-protected secure key agreement to meet the above challenges.

In recent years, a lot of anonymous medical key agreements have been proposed. An innovative dynamic ID-based key agreement in telecare medical information system (TMIS) was presented by Chen et al. [8]. However, Xie et al. [9] state that Chen et al.’s scheme cannot defend against off-line password guessing attacks and impersonation attacks and has no privacy protection and perfect forward secrecy. Xie et al. [10] presented a novel authentication protocol for TMIS in 2014, which is considered to be pragmatic and secure. Radhakrishnan and Muniyandi [11] submitted a two-factor key agreement for TMIS based on elliptic curve cryptography (ECC). In 2015, Wang and Zhang [12] solved the anonymity of authentication in WBAN using bilinear pairs, and their scheme could defend against known-key attacks and man-in-middle attacks. However, according to the research of Jiang et al. [13], the protocol cannot resist client forgery attacks, is not suitable for practical applications, and may lead to nonsynchronization of system logs. In 2017, Li et al. [14] proposed an anonymous authentication scheme. It employs lightweight cryptographic primitives (e.g., hash function operations) and asserts that it has realized the mutual authentication of the sensor nodes worn by patients and the hub node and has realized unlinkability and anonymity. Later, Koya et al. [15] stated that it is not feasible because their scheme assumes that the central node is entirely credible. Moreover, it is defenseless to sensor impersonation attacks. Soni and Singh [16] submitted a lightweight authentication scheme employing low-cost operations for WBAN. Based on the wireless medical sensor network, Jan et al. [17] submitted a patient key agreement for the healthcare system to realize secure and efficient communication between users and sensors. Recently, Ullah et al. [18] submitted a hyperelliptic curve and pragmatic IoT-based crossdomain authentication scheme for WBAN. In addition, Ullah et al. [19–21] proposed a multimessage signcryption protocol, anonymous certificateless signcryption protocol, and certificate-founded signcryption protocol for IoHT. Khan et al. [22] proposed an online-offline certificate-less signature protocol for IoHT.

Wu et al. [23] designed an identity authentication scheme using unilateral bilinear pairing technology which only performs bilinear pairing at the access point (AP). After that, Chen and Peng [24] declared that it cannot realize mutual authentication and is also susceptible to client forgery attacks. Li et al. [25] devised a key agreement founded on ECC to realize user anonymity. But Sowjanya et al. [26] found that their scheme not only has the problems of clock nonsynchronization and excessive control power of users but also no perfect forward secrecy. Kalra and Sood [27] submitted a secure key agreement that is not affected by time synchronization, which is based on the password. In 2021, Chunka et al. [28] reviewed their scheme and found that it had many security issues. For instance, due to the defects in the gateway design, the scheme cannot confirm the authenticities of sensor nodes, so it cannot resist the sensor nodes captured attacks, and the gateway private key is prone to be leaked. In addition, a large number of redundant multiple hash calculations increase the computational burden on the system. Xu et al. [29] raised an anonymous and lightweight patient monitoring protocol using lightweight cryptographic primitives. The survey of Alzahrani et al. [30] shows that off-line identity guessing attacks will wreck its anonymity, and it is also defenseless to key compromise attacks and replay attacks.

1.1. Motivation and Contributions

According to the summary of the existing literature [30–33], we found that some protocols using lightweight cryptographic primitives cannot resist various attacks, and many protocols based on asymmetric cryptography have high time complexity. In 2021, Alzahrani et al. [30] designed an anonymous medical monitoring scheme. Nevertheless, their scheme is defenseless to stolen-verifier attacks, known-key attacks, and off-line identity guessing attacks and has no perfect forward secrecy. To realize a secure and lightweight authentication protocol in WBAN systems, we propose a patient monitoring protocol. Here, our contributions are as follows:(i)We reviewed Alzahrani et al.’s [30] protocol and analyzed its drawbacks, for example, known-key attacks, stolen-verifier attacks, and off-line identity guessing attacks(ii)A patient monitoring protocol is proposed to realize the security and lightweight requirements of WBAN systems(iii)Using the automated verification tool ProVerif and formal security proof in ROM, we demonstrate the proposed protocol is secure(iv)Our protocol is relatively pragmatic and secure by performance comparison

The remaining section is constructed as follows: the system model and preliminaries are given in Section 2. In Section 3, we describe the review and drawbacks of Alzahrani et al.’s protocol. Section 4 proposes a patient monitoring scheme. Its security is analyzed in Sections 5 and 6. Its security properties, computation cost, storage cost, and communication cost between ours and some related protocols are evaluated in Section 7. Section 8 concludes the paper.

2. System Model and Preliminaries

In this section, we present the system model and attack model. Concurrently, we describe the physically unclonable function (PUF).

2.1. System Model

Figure 1 illustrates its system model. It adopts the centralized two-hop architecture of WBAN, which includes the following devices: sensor nodes (SNs), relay nodes (RNs), and medical server node (MS). RN is the intermediate node, and only needs to forward messages between SN and MS, and it can add or delete its identity before forwarding messages. RN is always within the communication coverage of MS, and SN is covered by at least one RN. Resource-constrained SN monitors and collects patients’ medical health data by being worn or embedded into patients.

2.2. Attack Model

Presuming the attacker (AR) maintains the following capacities:(1)AR can capture messages transmitted via open channels and may eavesdrop, replace, replay, or intercept the data in these messages(2)AR can obtain verifier table stored in MS, but cannot obtain its secret key(3)AR can capture and RN and then retrieve all data stored in their memory(4)We adopt Dolev–Yao threat model [34] and assume that the public channel is insecure

2.3. Physically Unclonable Function

As a hardware security technology, a physically unclonable function (PUF) can be regarded as the “digital fingerprint” of the chip [35]. It uses the inherent physical differences to produce a specific unclonable response to a given challenge. Therefore, it is difficult to be predicted before production and cloned after production. It has broad application prospects in the field of security. According to the same challenge, the response of PUF can remain unchanged under different conditions. Any detection or observation of PUF will change the circuit characteristics, and the output of PUF will also change. Therefore, PUF is often used to protect crucial data in cryptography [36].

All notations in our paper are illustrated in Table 1.

3. Drawbacks of Alzahrani et al.’s Scheme

3.1. Review of Alzahrani et al.’s Scheme

We briefly review Alzahrani et al.’s [30] anonymous authentication protocol, which involves three steps: (1) system initialization; (2) device registration; (3) mutual authentication and key agreement. SA performs step (1) and step (2) through a private channel as follows.

3.1.1. System Initialization

(i)SA generates a long-term master secret key for MS(ii)Subsequently, MS reserves the master secret key

3.1.2. Devices Registration

(i)SA selects three random integers , , , and an identity for the sensor node and reserves tuple <, , > in the memory of MS(ii)SA computes , = h(, )(iii)SA reserves tuple <, , , , > in the memory of (iv)Finally, the verification table of MS is <, , , >

3.1.3. Mutual Authentication and Key Agreement

The communications between and MS are as follows:(i) creates a current timestamp and computes the validation , where is ’s identity, denotes a random integer, and the current timestamp is denoted as .(ii) submits Message1 tuple <, , , > to RN.(iii)RN appends its identity and forwards the Message2 tuple <, , , , > to MS.(iv)MS scans the identity and finishes the session if no record is found in its memory. Otherwise, MS creates the current timestamp and checks if , and if not, finishes the session. Otherwise, MS computes . MS checks the validity of the identity , if so, MS extracts the tuple <, , > from its memory, computes , and checks = . If so, MS generates random nonce and and computes , , , , , , , , , and the session key . Afterwards, MS sends the Message3 tuple <, , , , > to RN. MS displaces with and with .(v)RN removes its identity and forwards the Message 4 tuple <, , , > to .(vi) computes , , , , , , . Afterwards, checks . If so, computes the session key . displaces and , with and , and stores them in its memory. Finally, displaces with and with .

3.2. Drawbacks

3.2.1. Off-Line Identity Guessing Attack

Supposing an adversary (AR) can eavesdrop on the conversation between and MS. AR intercepts the first round of , , and the second round of , , where and are the first round of and . AR computes , where , . Only in is unknown, and AR guesses to verify if = . If so, AR obtains successfully. Otherwise, guesses again.

3.2.2. Desynchronization Attack

If AR intercepts Message4 and drops it, the will miss it. The insecurity is that MS has updated , , , , but has not. This will make every subsequent authentication process between and MS fail.

3.2.3. Stolen-Verifier Attack

If the verifier table <, , , > of MS is stolen, AR can obtain all the data in it. AR eavesdrops on the communication between and MS, intercepts Message1 tuple <, , , >, Message 4 tuple <, , , >, computes , , and , and computes the session key . That is, AR can obtain the session key.

3.2.4. Known-Key Attack

If the session keys of two consecutive rounds are leaked, AR will get and of the third round. According to identity guessing attacks, AR obtains the SN’s identity . In the third round of protocol execution, AR intercepts message 1 and message 4 and computes , , , , . Therefore, the session key of the subsequent round will be obtained by the AR.

3.2.5. No Perfect Forward Security

If the long-term secret key and short-term secret key and of the Alzahrani et al.’s [30] scheme are leaked, AR calculates , . Then, AR calculates , , . Finally, AR can compute the session key . Therefore, it doesn’t achieve perfect forward secrecy.

4. Proposed Protocol

A security-enhanced protocol is presented, which involves three steps: (1) system initialization; (2) device registration; (3) mutual authentication and key agreement. SA executes initialization and registration steps through a private channel as follows.

4.1. Initialization

SA executes as follows:(1)The master secret key is generated by SA(2)Subsequently, MS accepts the master secret key via a secure channel and keeps it secretly(3)SA chooses an elliptic curve of large order. is a base point. SA computes . Afterwards, SA chooses a hash function .

4.2. Registration

The registration phase can be described as follows:(1)SA chooses the random integer and the identity for the sensor node , an identity for RN, and reserves and in the memory of MS(2)SA computes , , , where is the current timestamp, and is MS’s secret key(3)SA reserves the tuple <, , , , > in the memory of , and generates a challenge and computes , , where PUF is deployed in the sensor node (4)Finally, stores , and the verification table of MS is

4.3. Mutual Authentication and Key Agreement

This phase is shown in Figure 2.(1) chooses the random integer and the timestamp and calculates , , , .(2) submits the Message1 tuple <, , , , , > to RN.(3)RN appends its identity and forwards the Message 2 tuple <, , , , , , > to MS.(4)MS scans the identity and finishes the session if no record is found in its memory. Otherwise, MS creates the current timestamp and checks if , and if not, finishes the session. Otherwise, MS computes , . MS calculates , and checks ? = . If so, MS creates random numbers and . Next, MS computes , , , , , , the session key , and . Afterwards, MS sends the Message3 tuple <, , , , , > to RN.(5)RN removes its identity and forwards the Message4 tuple <, , , , > to .(6) creates the current timestamp and checks if , and if not, finishes the session. Otherwise, computes , , , , . checks if = . If so, successfully establishes the session key with MS and updates <, , > with <>.

5. Informal Security Analysis

5.1. Off-Line Identity Guessing Attack

If an adversary(AR) can eavesdrop on the open channel and guess of the sensor node , it is not feasible for him/her to verify whether = is correct or not without knowing , where = , , . Because of computational Diffie–Hellman problem (CDHP), AR cannot compute from and . Therefore, off-line identity guessing attack is infeasible.

5.2. Desynchronization Attack

In the improved protocol, and are updated as and on the side of the MS. Even if AR intercepts the Message4, it has no impact on the next session between the sensor node and the MS.

5.3. Stolen-Verifier Attack

Stolen-verifier attack means that an adversary can obtain verification table except the secret key from MS by trespassing on the device or side channel attack and then launch attacks. In the proposed scheme, the verification table of MS only contains the identities and of and . So the adversary cannot launch any attacks even if he or she obtains these identities. Thus, the protocol defends against stolen-verifier attacks.

5.4. Known-Key Attack

Assuming that AR knows the session key , because only contained in , so AR cannot launch any attack.

5.5. Smart Card Lost Attack

By the side-channel attack, AR is able to get all data reserved in the smart card when it is lost, and then launch attacks. However, in our protocol, smart card isn’t used, so the protocol defends against the smart card lost attack.

5.6. Sensor Node Captured Attack

In the improved protocol, the sensor node stores , where is ’s identity, , , , is the challenge of , is the timestamp, and is the secret key of MS. Assuming that the sensor node is captured by AR, he/she cannot obtain the secret parameter to impersonate because of PUF. In addition, AR cannot obtain the secret key . Therefore, the sensor node captured attack cannot influence the security of nodes and the sensor network.

5.7. Anonymity and Unlinkability

The identity of the sensor node is in Message and transmitted via an open channel, where , , . So an adversary cannot compute the identity of the sensor because he can not know the secret key of MS. Thus, our scheme achieves anonymity. Moreover, because each session will generate new and , the identity of the sensor node cannot be tracked by AR.

5.8. Perfect Forward Secrecy

If AR obtains all the secret information of the sensor node and the long-term master secret key of MS, because of CDHP, he/she still cannot successfully calculate without knowing . Therefore, the protocol achieves perfect forward secrecy.

5.9. Impersonation Attack

This attack means that AR can impersonate a legal user to generate and send a message, and the message can be passed through the authentication by the receiver. That is to say, the receiver confirms that the message is initiated by a legitimate user. In our protocol, AR impersonates the sensor node to generate and send to RN, where , , , is MS’s secret key, and is the timestamp. The adversary cannot forge and without knowing . On the other hand, the adversary cannot compute even if he/she can obtain all data stored in due to the property of PUF. Therefore, the adversary cannot generate the valid .

5.10. Replay Attack

If AR can obtain a message and replay it to the receiver, the message can be passed through the authentication of the receiver. In the proposed scheme, the timestamps and random nonce are used, so the protocol defends against the replay attack.

6. Formal Security Analysis

6.1. Formal Verification Using ProVerif

As an automated verification cryptographic scheme tool, ProVerif [37] is founded on the Dolev–Yao model and Prolog language. It verifies many cryptographic primitives, for example, public-key cryptography, hash function, and equations. When using ProVerif tool for verifying insecure cryptographic protocols, the tool will give a corresponding attack sequence.

The open channel, types, constants, variables, constructors, and destructors of our proposed protocol are represented in Figure 3. We designed four events for the improved protocol, which are BeginSNj(), BeginMS(), EndSNj(), and EndMS() as depicted in Figure 4. BeginSNj() represents that the sensor node begins the key agreement session with MS. BeginMS() represents that MS starts the key agreement session with . successfully established a session key with MS, which is indicated as EndSNj(). EndMS() represents MS successfully established a session key with the sensor node .

Queries are shown in Figure 5. Figures 6 and 7 are exhibiting the processes of the sensor node and MS. The main process is represented in Figure 8.

For testifying the improved scheme’s correctness, we propose some queries and finally implement them through simulation, as shown in Figure 9.

Results (1)–(4) proved that the secret parameters and session key are secure, and sensor nodes are anonymous in our protocol. Results (5)-(7) showed that the two processes began and terminated successfully in sequence.

6.2. Formal Security Proof

After identifying the random oracle model (ROM), we calculate the advantage of breaking our protocol by the adversary . The notions of ROM are clarified as follows.

6.2.1. Participants & States

Three participants is in , sensor node , relay node , and medical server node . In i-th instance, , , , and are recorded as , , , and , respectively. The oracles in ROM have only three states: , , and . represents a correct message that is received by an oracle. If the message is illegal, the oracle in . means both the conditions above have not occurred.

If the oracle is in , and the session key has been agreed with , then gets the session identity , and its participant’s identity is .

6.2.2. Partnering

If and are in , the session key is negotiated. Two partners meet below requirements:(1)(2)(3),

6.2.3. Queries

Queries can emulate multiple attacks. Executeif the query is lunched by , he/she gets all the transcripts. Send (, Message): which simulates that Message is sent to . If the message is correct, responses , else, the message is ignored. Revealif and are in the state , the session key has been agreed, and the query Test has not been executed yet. Then, the session key will be revealed by this query. Else, return null. Corruptwhich simulates the attack of intercepting and returns the stored information in it. Testthis query produces a random bit , which is performed no more than once. If and the session key has been agreed, the real session key is returned to , else, the query returns a random session key.

6.2.4. Freshness

If the ensuing requirements are met, can be defined as fresh.(1) and are in the state (2)Reveal has not been executed(3)Corrupt is executed at most once

6.2.5. Semantic Security

The random bit in Test query determines the output of Test. Meanwhile, generates a random , if , knows if the output is session key. The advantage of guessing the correct bit is . is secure when , where is sufficiently small.

CDHP: the CDHP is specified that given , , and , computing is computationally infeasible in probabilistic polynomial time (PPT). is the generator point, . Subsequently, the advantage of solving CDHP is , .

Theorem 1. Suppose the adversary tends to break the proposed scheme in PPT. The queries Execute, Send, and Hash are executed , , and times, respectively. Query Test is allowed to be executed at most once. is the bit-length of the hash operation’s the output. , where is the average length of other transcripts. The advantage of breaking by in PPT can be expressed as follows:

Proof. To simulate the attacks on , we define various games . The event corresponding to means that completes his/her goal in . : which simulates the real attack, at the first, the probability of cracking is : which simulates that launches Execute and Test queries to verify the output according to the transcripts . Among the transcripts, are related to the session key. However, cannot figure out the relation between them the transcripts and the output of Test because of the random numbers. Therefore, we have : In this game, we simulate computes the session key through the messages transmitted openly. , which is based on CDHP. The advantage of calculating by is . Therefore, we have : This game simulates performs Corrupt to acquire the reserved information in and try to calculate to testify the ’s correctness, where , , and . has to break PUF to obtain . The probability of breaking PUF is . Therefore, we have : which simulates Execute and Send queries are executed by to launch the collision attacks. In line with the birthday paradox’s definition, the possibility of a hash collision is . Meanwhile, the collision probability of other transcripts is . Hence, we haveThe random bit , the probability of guessing is , which is equal to guessing the session key. That is,Combining (1) with (6), we got(8) can be expressed as follows:

7. Performance Analysis

We study and compare security and performance efficiency between ours with others. According to the comparison of the security attributes which are given in Table 2, we earn better security. In Windows 10 professional 64-bit, Intel(R) Core(TM) i5-4590, we earn (millisecond), , [36], where is hash operation, represents ECC operation, and is symmetric key encryption. As Table 3 revealed, we describe the computational cost comparison between other protocols and the proposed protocol. In [14], the server’s and sensor’s total computation cost is . Accordingly, the schemes [29, 30] both need , and scheme [25] needs , and ours is . Because our protocol is safer than others and achieves perfect forward secrecy, so ours achieve both high computational efficiency and security.

According to [38], outputs of identity, timestamp, and password are 32 bits, and a random integer, hash function, or block encryption is 256 bits, and a point in the elliptic curve is 160 bits. We calculate the storage overhead of the devices participating in authentication. Storage costs comparison is indicated in Table 4, ours maintain the lowest storage overhead. In addition, messages in login and mutual authentication are transmitted 4 times in our scheme. We calculate our communication costs and others, and ours is equivalent to other schemes from Table 5.

8. Conclusion

We first point out that Alzahrani et al.’s protocol can’t defend against stolen-verifier attacks, desynchronization attacks, known-key attacks, and off-line identity guessing attacks and has no perfect forward secrecy. After that, we design a patient monitoring scheme based on ECC for WBAN in IoHT. We use verification tool ProVerif and formal security proof to demonstrate the security of our scheme. Through comparative analysis, our protocol is safer and more efficient to suit the lightweight and secrecy in medical scenarios. In the future, we will research more pragmatic and anonymous authentication protocol for more complex WBAN scenarios.

Data Availability

All data are included in manuscript.

Conflicts of Interest

The authors declare that there are no conflicts of interest.

Acknowledgments

This research was supported by the National Natural Science Foundation of China (Grant no. U21A20466) and the National Key R&D Program of China (Grant no. 2017YFB0802000).

References

M. Seyedi, B. Kibret, D. T. Lai, and M. Faulkner, “A survey on intrabody communications for body area network applications,” IEEE Transactions on Biomedical Engineering, vol. 60, no. 8, pp. 2067–2079, 2013.
View at: Google Scholar
V. Esteves, A. Antonopoulos, E. Kartsakli, M. Puig-Vidal, P. Miribel-Català, and C. Verikoukis, “Cooperative energy harvesting-adaptive MAC protocol for WBANs,” Sensors, vol. 15, no. 6, Article ID 12635, 2015.
View at: Google Scholar
R. Punj and R. Kumar, “Technological aspects of WBANs for health monitoring: a comprehensive review,” Wireless Networks, vol. 25, no. 3, pp. 1125–1157, 2019.
View at: Publisher Site | Google Scholar
B. Narwal and A. K. Mohapatra, “A review on authentication protocols in wireless body area networks (WBAN),” in Proceedings of the 2018 3rd International Conference on Contemporary Computing and Informatics (IC3I), pp. 227–232, IEEE, Gurgaon, India, October 2018.
View at: Google Scholar
M. Salayma, A. Al-Dubai, I. Romdhani, and Y. Nasser, “Wireless body area network (WBAN) a survey on reliability, fault tolerance, and technologies coexistence,” ACM Computing Surveys, vol. 50, no. 1, pp. 1–38, 2018.
View at: Publisher Site | Google Scholar
T. Limbasiya and N. Doshi, “An analytical study of biometric based remote user authentication schemes using smart cards,” Computers & Electrical Engineering, vol. 59, pp. 305–321, 2017.
View at: Publisher Site | Google Scholar
Q. Liu, K. G. Mkongwa, and C. Zhang, “Performance issues in wireless body area networks for the healthcare application: a survey and future prospects,” SN Applied Sciences, vol. 3, no. 2, Article ID 155, pp. 1–19, 2021.
View at: Publisher Site | Google Scholar
H. M. Chen, J. W. Lo, and C. K. Yeh, “An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems,” Journal of Medical Systems, vol. 36, no. 6, pp. 3907–3915, 2012.
View at: Publisher Site | Google Scholar
Q. Xie, J. Zhang, and N. Dong, “Robust anonymous authentication scheme for telecare medical information systems,” Journal of Medical Systems, vol. 37, no. 2, pp. 9911–9918, 2013.
View at: Publisher Site | Google Scholar
Q. Xie, B. Hu, and N. Dong, “Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems,” PLoS One, vol. 9, no. 7, Article ID e102747, 2014.
View at: Publisher Site | Google Scholar
N. Radhakrishnan and A. P. Muniyandi, “Dependable and provable secure two-factor mutual authentication scheme using ECC for IoT-based telecare medical information system,” Journal of Healthcare Engineering, vol. 2022, Article ID 9273662, 2022.
View at: Google Scholar
C. Wang and Y. Zhang, “New authentication scheme for wireless body area networks using the bilinear pairing,” Journal of Medical Systems, vol. 39, no. 11, pp. 136–138, 2015.
View at: Publisher Site | Google Scholar
Q. Jiang, X. Lian, C. Yang, J. Ma, Y. Tian, and Y. Yang, “A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth,” Journal of Medical Systems, vol. 40, no. 11, pp. 231–310, 2016.
View at: Publisher Site | Google Scholar
X. Li, M. H. Ibrahim, S. Kumari, A. K. Sangaiah, V. Gupta, and K. K. R. Choo, “Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks,” Computer Networks, vol. 129, pp. 429–443, 2017.
View at: Publisher Site | Google Scholar
A. M. Koya and P. P. Deepthi, “Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network,” Computer Networks, vol. 140, pp. 138–151, 2018.
View at: Publisher Site | Google Scholar
M. Soni and D. K. Singh, “LAKA: lightweight authentication and key agreement protocol for internet of things based wireless body area network,” Wireless Personal Communications, vol. 127, no. 2, pp. 1067–1084, 2021.
View at: Publisher Site | Google Scholar
S. U. Jan, S. Ali, I. A. Abbasi, A. Alsanad, and H. Khattak, “Secure patient authentication framework in the healthcare system using wireless medical sensor networks,” Journal of Healthcare Engineering, vol. 2021, Article ID 9954089, 2021.
View at: Google Scholar
I. Ullah, S. Zeadally, N. U. Amin, M. Asghar Khan, and H. Khattak, “Lightweight and provable secure cross-domain access control scheme for internet of things (IoT) based wireless body area networks (WBAN),” Microprocessors and Microsystems, vol. 81, Article ID 103477, 2021.
View at: Publisher Site | Google Scholar
I. Ullah, M. A. Khan, A. Alkhalifah et al., “A multi-message multi-receiver signcryption scheme with edge computing for secure and reliable wireless internet of medical things communications,” Sustainability, vol. 13, no. 23, Article ID 13184, 2021.
View at: Publisher Site | Google Scholar
I. Ullah, A. Alkhalifah, S. U. Rehman, N. Kumar, and M. A. Khan, “An anonymous certificateless signcryption scheme for internet of health things,” IEEE Access, vol. 9, Article ID 101207, 2021.
View at: Publisher Site | Google Scholar
I. Ullah, N. U. Amin, M. A. Khan, H. Khattak, and S. Kumari, “An efficient and provable secure certificate-based combined signature, encryption and signcryption scheme for internet of things (IoT) in mobile health (M-Health) system,” Journal of Medical Systems, vol. 45, no. 1, 4 pages, 2021.
View at: Publisher Site | Google Scholar
M. A. Khan, S. U. Rehman, M. I. Uddin et al., “An online-offline certificateless signature scheme for internet of health things,” Journal of Healthcare Engineering, vol. 2020, Article ID 6654063, 10 pages, 2020.
View at: Publisher Site | Google Scholar
L. Wu, Y. Zhang, L. Li, and J. Shen, “Efficient and anonymous authentication scheme for wireless body area networks,” Journal of Medical Systems, vol. 40, no. 6, 134 pages, 2016.
View at: Publisher Site | Google Scholar
R. Chen and D. Peng, “Analysis and improvement of a mutual authentication scheme for wireless body area networks,” Journal of Medical Systems, vol. 43, no. 2, pp. 19–10, 2019.
View at: Publisher Site | Google Scholar
X. Li, J. Peng, S. Kumari, F. Wu, M. Karuppiah, and K. K. Raymond Choo, “An enhanced 1-round authentication protocol for wireless body area networks with user anonymity,” Computers & Electrical Engineering, vol. 61, pp. 238–249, 2017.
View at: Publisher Site | Google Scholar
K. Sowjanya, M. Dasgupta, and S. Ray, “An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems,” International Journal of Information Security, vol. 19, no. 1, pp. 129–146, 2020.
View at: Publisher Site | Google Scholar
S. Kalra and S. K. Sood, “Advanced password based authentication scheme for wireless sensor networks,” Journal of Information Security and Applications, vol. 20, pp. 37–46, 2015.
View at: Publisher Site | Google Scholar
C. Chunka, S. Banerjee, and R. S. Goswami, “An efficient user authentication and session key agreement in wireless sensor network using smart card,” Wireless Personal Communications, vol. 117, no. 2, pp. 1361–1385, 2021.
View at: Publisher Site | Google Scholar
Z. Xu, C. Xu, H. Chen, and F. Yang, “A lightweight anonymous mutual authentication and key agreement scheme for WBAN,” Concurrency and Computation: Practice and Experience, vol. 31, no. 14, Article ID e5295, 2019.
View at: Publisher Site | Google Scholar
B. A. Alzahrani, A. Irshad, A. Albeshri, and K. Alsubhi, “A provably secure and lightweight patient-healthcare authentication protocol in wireless body area networks,” Wireless Personal Communications, vol. 117, no. 1, pp. 47–69, 2021.
View at: Publisher Site | Google Scholar
J. Shen, Z. Gui, S. Ji, J. Shen, H. Tan, and Y. Tang, “Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks,” Journal of Network and Computer Applications, vol. 106, pp. 117–123, 2018.
View at: Publisher Site | Google Scholar
B. Hu, W. Tang, and Q. Xie, “A two-factor security authentication scheme for wireless sensor networks in IoT environments,” Neurocomputing, vol. 500, pp. 741–749, 2022.
View at: Publisher Site | Google Scholar
T. Jabeen, H. Ashraf, and A. Ullah, “A survey on healthcare data security in wireless body area networks,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 10, pp. 9841–9854, 2021.
View at: Publisher Site | Google Scholar
D. Dolev and A. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983.
View at: Publisher Site | Google Scholar
C. Herder, M. D. Yu, F. Koushanfar, and S. Devadas, “Physical unclonable functions and applications: a tutorial,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1126–1141, 2014.
View at: Publisher Site | Google Scholar
M. Potkonjak and V. Goudar, “Public physical unclonable functions,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1142–1156, 2014.
View at: Publisher Site | Google Scholar
B. Blanchet, B. Smyth, V. Cheval, and M. Sylvestre, ProVerif 2.00: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial, 2018.
Q. Xie, G. Wang, X. Tan, K. Chen, and L. Fang, “Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1382–1392, 2017.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2023 Qi Xie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

409

Downloads

323

Citations