Abstract

In the last few years, the wireless body area network (WBAN) has emerged as an appealing and viable option in the e-health application domain. WBAN technology is primarily used to offer continuous screening of health data to patients, independent of their location, time, or activity. A WBAN, on the other hand, is vulnerable to different cyberattacks due to the openness of the wireless environment and the privacy of people’s physiological data. A highly efficient and secure cryptographic scheme that can fulfill the needs of resource-constrained WBAN sensors and devices is considered necessary. First, we take a look at the most up-to-date security solutions for WBANs. Then, we go through some of the underlying concerns and challenges with WBAN security. We propose a new framework called secure channel free certificateless signcryption scheme for WBANs based on a hyperelliptic curve that can meet security requirements such as confidentiality, anonymity, integrity, resistance against unauthorized users, unforgeability, public verifiability, forward secrecy, and antireplay attack, all of which can be achieved with low computation and communication costs. The computation cost of the proposed scheme is 3.36 ms, which is much better than its counterpart schemes.

1. Introduction

A Wireless Body Area Network (WBAN) is a revolutionary innovation that can deliver real-time preventative or proactive healthcare services at a lower cost [1]. Many low-power, intelligent, and tiny biomedical sensors are attached to, implanted in, or implanted around the human body in a WBAN without interfering with the individual’s usual activities. Sensors continuously measure specific biological functions, such as temperature, blood pressure, heart rate, ElectroCardioGram (ECG), respiration, and others regardless of their current location or activity [2]. The physiological information collected is then transmitted over the wireless links to a remote processing unit without the need for complex and wired medical equipment. The ongoing miniaturization of sensors, actuators, and processors coupled with ubiquitous wireless connectivity has contributed to the emergence of WBANs. At the same time, advances in smartphones technology have also enhanced the mobility feature of WBAN technology. Today, WBAN can be connected through the Internet and other existing short-range wireless technologies (ZigBee, Bluetooth, Wi-Fi, and so on) and cellular networks. Wi-Fi may be considered the most favored options for wearable sensor nodes due to its low-cost and high-data-rate features [3].

As shown in Figure 1, the authors suggested a general communication architecture for a WBAN-based e-healthcare system [4]. A body control unit (BCU) and numerous wearable sensor/actuator nodes are included in the proposed design (e.g., a smartphone). Sensor nodes detect biological processes such as pulse, body temperature, blood pressure, glucose level, and electrocardiogram (ECG). According to the messages gathered from the sensors, actuators engage with a BCU (i.e., an insulin pump). The BCU collects biological data and sends it, together with the patient’s profile, to a local/remote medical server through networks. Medical staff offers medical treatments in a timely manner after obtaining and analyzing patient-related data. The BCU functions as a center node in a star topology in general. Additionally, sensor nodes upload data to a medical server or provide data directly to medical staff via the BCU. The medical personnel then issues the relevant instructions to the sensors via the BCU.

In a WBAN system, both patient-related information and medical messages are equally significant. WBAN, on the other hand, is vulnerable to a variety of cyberattacks owing to the open nature of wireless networks. As a result, to enable a safe WBAN system, an effective security architecture is necessary. Confidentiality and authentication are two key security problems in WBANs that must be addressed. Encryption and digital signatures, in general, are the answers to confidentiality and authenticity. The sign-then-encrypt technique is often employed when both procedures are required at the same time. Low-end WBAN sensor devices, on the other hand, have stringent constraints (such as limited on-board energy and processing resources) that prevent complicated cryptographic procedures. “Signcryption” [5] might be used to address these limitations. It is a public-key cryptosystem that performs both digital signature and encryption functions in a single logic step. It is far more efficient and cost-effective than the combination of encryption and digital signatures. Furthermore, it is considerably more suited for resource-constrained situations such as WBAN due to its reduced costs compared to techniques using signature followed by encryption.

As a result, a lightweight signcryption scheme that can fulfill the criteria of WBAN devices is required. Therefore, we offer a certificateless signcryption scheme in this paper. The scheme is based on the concept of a hyperelliptic curve and does not require a secure channel. The new scheme meets all of the previously specified security requirements while incurring low computation and communication costs, making it particularly appropriate for resource-constrained WBAN devices.

1.1. Signcryption for WBAN

Wireless body area network has received a lot of attention in the last decade especially as various technologies improve and devices keep getting smaller, more powerful, and cheaper. In a WBAN, different sensors are implanted in the human body for sensing and collecting data about different types of physiological information which are then sent to the application providers for further analysis and actions. As we have mentioned previously, communication takes place in the WBAN system while using an insecure network, i.e., the Internet, which requires two main security requirements, namely, authentication and confidentiality. Here, signcryption is the most suitable option because it combines both authentication and confidentiality in a single step, and it also requires low computational power making it suitable for resource-constrained devices such as sensors.

Figure 2 shows the generic signcryption model for WBAN which uses four entities, i.e., sensors, controller, trusted authority, and application providers. Normally, the trusted authority is a third party, which is responsible for providing the system parameters such as keys and certificates for different public-key cryptographic techniques. Sensor nodes are implanted into a person’s body for sensing and collecting physiological data and then sending this data to the controller. Likewise, the controller applies the signcryption scheme to the data and transmits it to some application provider. Once the application provider receives the signcryption query, it verifies the authenticity of the sender. If the verification is successful, the application provider performs the decryption process and encrypts the requested data using some secret key (which is only known to the controller and the application provider) and sends it to the application provider. However, for access control, the same process can be repeated on the application provider side as shown in Figure 3. Here, the application provider generates the signcryption of the access control query by combining signature with encryption while using a single key pair in a single algorithm and transmits it to the controller. Once the controller receives the signcryption query, it verifies the authenticity of the sender. If the verification is successful, the controller performs the decryption process and encrypts the requested data using some secret key (which is only known to the controller and the application provider) and sends it to the application provider.

1.2. Security Requirements for WBAN with Signcryption

In a WBAN, the communication process normally takes place through an open network. This means that the attacker can have unauthorized access to reveal the content of encrypted data, modify the original message, generate the forged signature, and so on. The basic security requirements for signcryption used in WBAN include (1) confidentiality: the attacker can compromise the confidentiality of the patient’s sensitive data, if he/she gets access to the encryption or decryption keys. (2) Integrity: the attacker can modify the content of the original message only with the help of encryption or decryption keys. (3) Unauthorized access: the attacker can easily generate the authorized data access request if he/she has a valid digital signature. If the attacker cannot generate a valid then it is called an unauthorized access. (4) Unforgeability: the attacker can generate a forged signature as generated by the authorized user (I think that is what you mean here otherwise we mean the authorized user also generates a forged signature), if he/she gets access to the private key used for generating the digital signature. If the attacker fails to get access to this private key, then, it is called unforgeability. (5) Anonymity: the attacker can pretend to be the authorized user, if he/she can get the identity of the user from ciphertext. The inability of the attacker to access the users’ identities is called anonymity. (6) Forward secrecy: the attacker cannot get access to the encryption/decryption keys, even, if he/she got access to the sender’s private key. (7) Public verifiability: the attacker sends the false signcryption text instead of the authorized sender, and if it causes discrepancies between the sender and the receiver, then, the judge/third party can remove this dispute, which is called public verifiability. (8) Antireplay attack: the attacker cannot replay the existing messages if the sender and receiver use nonce and timestamp techniques for the freshness of messages.

1.3. Contributions of This Work

We summarize the main contributions of this work as follows: (i)We present a comprehensive review of recently proposed signcryption schemes to improve security in the WBAN environment. To the best of our knowledge, this is the first survey that focuses on signcryption for WBAN security(ii)We identify the strengths and weaknesses of the previously proposed signcryption schemes for WBAN in terms of security requirements and their cost-efficiency(iii)Based on the strengths and weaknesses identified for the past related works on signcryption schemes for WBAN, we propose a novel security architecture for the WBAN environment using secure channel free certificateless signcryption based on hyperelliptic curve. The new scheme satisfies all the security requirements identified earlier, and it incurs low computation and communication costs which make it particularly suitable for resource-constrained WBAN devices

The rest of the article is set out as follows. The related work is presented in Section 2, which also includes classification, security deficiencies, and cost requirements. The proposed scheme is provided in Section 3. In Section 4, we describe the construction of the proposed scheme. Section 5, on the other hand, provides the proposed scheme’s security discussions. In addition, we discuss performance analysis in Section 6. The conclusion is presented in Section 7.

In this section, we review and analyze existing signcryption schemes for WBAN with respect to their research goals, security requirements, and computation and communication overheads. Amin et al. [6] proposed a hybrid key establishment technique for body area network (BANs) based on symmetric cryptography with signcryption. They make a cluster head selection with session key creation in one logical step and claimed reduced computation cost as well as communication overhead. They also claimed that their approach supports various security properties such as confidentiality, antireplay attack, integrity, and authentication. However, the scheme consumes high energy and increased bandwidth due to the elliptic curve cryptosystem (ECC). It suffers from certificate renewal and revocation problems. It does not support forward secrecy, public verifiability, mutual authentication, and nonrepudiation. Wang and Liu [7] proposed a ring signcryption method utilizing attribute-based cryptosystem for WBANs. The security hardiness and efficiency of this scheme are based on the computational Diffie-Hellman (CDH) assumption from bilinear pairing. Their method supports various security requirements, i.e., authenticity, nonrepudiation, and confidentiality. However, this method does not address the key escrow problem because the Hospital Authority (HA) performs the role of the Private Key Generation (PKG) center that generates the private keys for both the controller and data users (such as doctor, researchers, and emergency). Therefore, the HA can easily use the user’s private key to forge the signature. Moreover, the scheme’s efficiency is based on bilinear pairing which consumes high energy and uses high bandwidth. It does not support forward secrecy, public verifiability, mutual authentication, and antireplay attack.

Jothi and Srinivasan [8] proposed another method which combines the concept of attribute-based cryptosystem with ring signcryption. In this system, the sensors which are planted into the body use ant colony optimization with the concept of fuzzy ontology. They claimed better performance as compared to existing elliptic curve-based methods with respect to efficiency and feasibility. Further, their approach also supports various security services such as authentication, unforgeability, confidentiality, public verifiability, integrity, nonrepudiation, and forward secrecy. Unfortunately, this method suffers from two major weaknesses, i.e., the key escrow problem and private key distribution among users which needs a secure channel. Li and Hong [9] proposed a new signcryption method that uses the concept of certificateless cryptosystem (CC) with bilinear pairing. Further, they implemented this new method in WBANs and showed that it incurs low computation overhead and energy as compared to existing schemes for WBANs. Their approach supports authentication, confidentiality, nonrepudiation, public verifiability, integrity, and cipher-text authenticity. But this scheme suffers from a partial private key distribution among users which needs a secure channel. Additionally, since this method is based on bilinear pairing, it consumes high energy and increased network bandwidth. Iqbal et al. [10] proposed a new signcryption method with the public verifiability security requirement. They performed the cluster head selection process for this new method and claimed better efficiency due to the hyperelliptic curve, which is suitable for resource hungry environments of WBANs. Their proposed method supports security services such as confidentiality, integrity, forward secrecy, and authentication. However, the network model fails to provide a central authority and suffers from certificate renewal and revocations problems. Further, this work focuses mainly on the public verifiability security property while the authors fail to explain this property. Moreover, this scheme does not provide nonrepudiation, mutual authentication, and protection against replay attack.

Saeed et al. [11] proposed a new method for the Internet of things based on heterogeneous online/offline signcryption, in which the sensor nodes (sender) utilize the functionality of a certificateless infrastructure (CLI), and the server (receiver) utilizes the services of public key infrastructure (PKI). They proved the scheme security requirement using a random oracle model and showed that it satisfies security requirements such as authentication, nonrepudiation, integrity, and confidentiality. Furthermore, they applied the scheme in WBAN. However, due to CLI and PKI, this scheme suffers from secret key distribution, and the certificate revocation and management problem. It also suffers from high consumption of and network bandwidth because it uses bilinear pairing. Also, it does not support mutual authentication, forward secrecy, public verifiability, and protection against replay attack. Lu et al. [12] proposed a scheme for a social network-based mobile health care system that uses attribute-based signcryption. They used a four-party model to protect patients’ sensitive information. The scheme provides traceability, privacy, unforgeability, and correctness. Using encryption and digital signature in a single step, they claimed better performance efficiency. However, due to the PKG concept, this scheme suffers from private key distribution and the key escrow problem. The scheme does not support forward secrecy, public verifiability, nonrepudiation, mutual authentication, and protection against replay attack. Moreover, it has high power consumption and network bandwidth due to of the use of bilinear pairing. Li et al. [13] developed a novel method using certificateless signcryption, and then, they practically deployed this scheme for access control services in WBAN. This method supports several security requirements that include authenticity, integrity, confidentiality, nonrepudiation, and anonymity. They also compare their scheme with existing schemes and demonstrated better results in terms of energy consumption and computational cost. However, due to the CLI concept, this scheme suffers from the partial private key distribution problem and incurs high power consumption. The method does not support public verifiability, forward secrecy, and mutual authentication.

Prameela [14] proposed an improved scheme that uses certificateless signcryption with anonymous mutual authentication for access control in WBANs. They used a chaos baker map scheme with XOR operation and a one-way hash chain function for secure authentication. The experimental results obtained with the proposed scheme yielded better results compared with existing ones in terms of energy consumption, end-to-end delay, coverage time, packet delivery ratio, and throughput. The scheme supports confidentiality, mutual authentication, nonrepudiation, and integrity. Conversely, because of the use of CLI, this scheme suffers from partial private key distribution difficulties and high power consumption and network bandwidth because it uses bilinear pairing. This scheme does not support forward secrecy, public verifiability, and protection against replay attack. Omala et al. [15] proposed a keyword search technique for WBAN based on heterogeneous signcryption, in which the data owner uses the concept of CLI, while the server and receiver utilize the PKI functionality. This heterogeneous signcryption generates the mathematical structure of bilinear pairing. The scheme supports security services such as confidentiality, unforgeability, nonrepudiations, and authenticity. However, the scheme suffers and incurs high power consumption and communication costs due to bilinear pairing. It suffers from weaknesses such as it needs a secure channel for the data owner’s partial private key distribution and PKI certificate management at the server and receiver side. It does not provide public verifiability, forward secrecy, and mutual authentication.

Omala et al. [16] proposed an access control technique for WBAN based on heterogeneous signcryption, in which the controller uses the concept of CLI, while application providers utilize the concept of identity-based cryptography (IBC). The scheme’s cost and security efficiency are based on the mathematical structure of elliptic curve cryptography. The technique is cost-efficient and supports security services such as anonymity, confidentiality, unforgeability, nonrepudiations, and authenticity. However, the scheme also suffers from high computational and communication costs due to elliptic curve cryptosystem. It also needs a secure channel for the application provider’s partial private key distribution. It also suffers from the key escrow problem at the controller side. It does not support public verifiability, forward secrecy, and mutual authentication. Gao et al. [17] proposed an elliptic curve-based technique for access control of WBAN by using a certificateless signcryption. They claimed better cost efficiency, for the technique supports security services such as confidentiality, unforgeability, nonrepudiation, and authenticity. However, the scheme also suffers from high computation and communication costs due to the elliptic curve cryptosystem. It also needs a secure channel for the partial private key distribution. The techniques do not support forward secrecy, public verifiability, and mutual authentications. Ullah et al. [18] proposed an energy-efficient access control technique for WBAN with IoT using certificate-based signcryption. The scheme’s cost and security efficiency are based on the mathematical structure of hyperelliptic curve cryptography. The authors of this technique claimed better cost-efficiency. The scheme supports security services that include confidentiality, unforgeability, antireplay attack, integrity, public verifiability, and forward security. However, since the scheme requires certificate management, the scheme may not scale well when the number of devices in the network increases. The scheme does not support mutual authentication and anonymity properties. Iqbal et al. [19] proposed a new scheme for body sensor network. This scheme uses attribute-based signcryption with blockchain technology. The security and efficiency of this scheme are based on bilinear pairing. The scheme has better power consumption and low communication overheads. The scheme supports security requirements such as confidentiality and unforgeability. The scheme provides protection against antireplay and man-in-the-middle attacks. However, the scheme can be suffering from more computational and communication cost due to bilinear pairing. As with other approaches, the scheme needs a secure channel for partial private key distribution and certificate management due to CLI and PKI. The scheme does not support mutual authentication, anonymity, public verifiability, and forward secrecy. Xiong et al. [20] presented a heterogeneous signcryption method for WBANs that transitions from an identity-based cryptosystem to a public key infrastructure (PKI) with an equality test (HSCIP-ET). The technique enables the IBC system’s sensors to encrypt critical data using the management center’s public key in the PKI system before uploading it to the cloud server. Based on the discussions above, Table 1 summarizes the results of our review.

2.1. Classification of Signcryption Schemes for WBAN regarding Public Key Cryptography

In this section, we classified the existing signcryption schemes for WBAN such as asymmetric cryptosystems and mathematically hard problems. In Table 2, we summarize the contributed schemes on the basis of public key cryptosystems that are attribute based, PKI based, certificateless, certificate based, and heterogeneous, respectively. The schemes in [7, 8, 12, 19] realized on the concept of attribute-based signcryption, while schemes in [7, 8, 12] at the same time utilizes the concept of identity-based cryptosystem, and scheme in [19] uses the heterogeneous cryptosystem method. The techniques presented in [6, 10] are realized on PKI-based cryptography. The schemes proposed in [9, 13, 14, 17] used the concept of certificateless signcryption technique. The technique used in [18] is based on certificate-based signcryption, and the schemes in [11, 15, 16, 19] are on the basis of heterogeneous signcryption techniques.

2.2. Classification of Signcryption Schemes for WBAN with respect to Cryptographic Hard Problems

In this section, we classified the existing signcryption schemes for WBAN on the basis of hard problems that are shown in Table 3. The schemes presented in [7, 9, 1115, 19] are based on the concept of bilinear pairing, while the schemes provided in [16, 17] utilize the concept of elliptic curve cryptography. The scheme proposed in [8] used the Fuzzy-based cryptosystem, while the schemes contributed in [10, 18] use the notion of hyperelliptic curve cryptography.

2.3. Security Deficiencies in Signcryption Techniques for WBAN

In this phase, on the basis of our analysis that is presented in Table 1, where each technique has its own pros and cons and it is difficult to differentiate the superiority of each technique on others. Further, each of those has its own security limitations on the basis of security properties such as confidentiality, unforgeability, integrity, anonymity, nonrepudiations, forward secrecy, antireplay attack, public verifiability, and preventing from unauthorized access, respectively. The scheme presented in [6] has been suffering from the lack of forward secrecy, public verifiability, and nonrepudiation. The scheme in [7] has the diffenciencies of forward secrecy, public verifiability, and antireplay attack. The scheme in [8] can be affected by the lack of antireplay attack. The technique used in [9] has the limitations of not providing the forward security. The method used in [10] is suffering from the absence of nonrepudiation and antireplay attack. The mechanism used in [11] has been suffering from the absence of forward secrecy, public verifiability, and antireplay attack. The presented scheme in [12] does not provide the security properties such as forward secrecy, public verifiability, nonrepudiation, mutual authentication, and antireplay attack. The mechanism used in [13] can be suffered from the absence of public verifiability and forward secrecy. Due to the absence of forward secrecy, public verifiability, and antireplay attack, the scheme used in [14] can affect. During communication, the schemes used in [1517, 19] can be affected by the absence of public verifiability, forward secrecy, and mutual authentication security properties. The scheme used in [18] is affected by the absence of mutual authentication property.

2.4. Cost Requirements of Signcryption Technique for WBAN

We divide the cost requirements into two subcategories, i.e., computational cost and communication overhead. First of all, we investigate the computational cost of the signcryption mechanisms for WBAN. The computational cost is normally calculated by using some major operations. In signcryption schemes for WBAN, discussed in Table 1, the well-known technique, which is used for the cost efficiency, is bilinear pairing, elliptic curve, and the hyperelliptic curve. According to the experimental results, which is discussed in [21], regarding the major operations, the single pairing operation takes 14.90 milliseconds (ms), single exponential operation takes 1.25 ms, single elliptic scalar multiplication consumes 0.97 ms, and according to [2226], single hyperelliptic curve needs 0.48 ms, respectively. Thus, from Table 3, we can easily choose the best scheme on the basis of computational cost. Likewise, the schemes [7, 9, 1115, 19] are based on bilinear pairing, which can be required 14.90 ms for single pairing operations; and the mechanisms used in [16, 17] are based on elliptic curve, which requires 0.97 ms, while the schemes of [10, 18] requiring 0.48 ms due to hyperelliptic curve. Based on the aforementioned discussion, we can conclude that the hyperelliptic curve is the most favorable option while designing signcryption scheme for WBAN. Further, for communication overhead, the assumption observed from [18] bilinear pairing, elliptic curve, and the hyperelliptic uses 1024 bits, 160 bits, and 80 bits key sizes, respectively. We can conclude that the hyperelliptic curve will be the best option in terms of communication overhead for such types of WBAN, which have a low bandwidth capacity.

3. Proposed Secured Channel Free Certificateless Signcryption for WBAN

From Table 1, it is very clear that all the existing signcryption schemes for WBAN are suffering from certain flaws such as key escrow, certificate management, and secure channel needs. Further, these schemes are also suffering from the lack of one or more security requirements, and some of the schemes are suffering from high computational communication cost. To remove the key escrow, certificate management, and the need of secure channel problem and to provide all the claimed security requirements as discussed in related work section (3) with low computational and communication cost, we proposed a new framework called secured channel free certificateless signcryption for WBAN. For this new scheme, we adopt the secured channel free concept from [27], certificateless signcryption from [13], and the security and efficiency of the particular scheme based on a hyperelliptic curve [18]. Here, the secure channel free means that this scheme does not require any secure channel for the distributions of partial private key among the participated users. In Figure 4, we show the flow of secured channel-free certificateless signcryption for WBAN. This new ecosystem contains four entities, i.e., the smart sensor nodes, controller, application provider, and key generation center (KGC), respectively. The following substeps can be more helpful while clarifying the working flow of this new ecosystem.

3.1. Key Generation Center

The key generation center generates the public parameter set, master private, and public key. Then, KGC published publicly the public parameter set and master public key. After this, upon receiving the identity from application provider and controller, KGC generates the pseudorandom partial private key (PRPPK) for each user and transmits it to each user through open network.

3.2. Application Providers

Application providers are the run time service providers (SP), i.e., doctors, nurses, smart pharmacy, and emergency services, which monitor the patient’s condition. For the monitoring purpose, the SP can request for patient data, while for privacy and authorization, SP perform signcryption on access control query and then transmit it to the controller. For the signcryption process, the application providers first send his identity to KGC for accessing of PRPPK. The KGC then produces PRPPK and sends it to the application providers through open network. The application providers then extract the partial private key from the PRPPK and generate the full public and private key. Further, the application providers generate secret session key for the encryption of patient data. At the end, the application providers produce the signcryption on patient data by using all the aforementioned parameters and transmit it to the controller by using internet.

3.3. Smart Sensor Nodes

These are the small sensors, which are generally implanted within the patient’s body for monitoring data regarding the nature of different diseases and then hand over to the controller on demand basis.

3.4. Controller

The controller is a smart device that can be a laptop, mobile phone, and personal digital assistant, etc., which is normally used to receive data from sensors and also the access control signcrypted query from application providers. In our case, on receipting the signcrypted query from application providers, the controller then performs the unsigncryption process on it and then verifies and decrypts it. For this process, the controller first sends his identity to the KGC for accessing of PRPPK. The KGC then produces PRPPK and sends it to the controller through open network. The controller extracts the partial private key from the PRPPK and generates the full public and private key. Further, the application providers recover the secret session key for the decryption of access control query. At the end, the controller performs the unsigncryption process upon the signcrypted access control query, if the verification process is done, then, controller decrypts the query and encrypts the requested patient data through secret key and send back to the application providers.

Note: this scheme provides the security services of confidentiality and integrity because it encrypts the patient data through secret key, which is only known to the application providers and the controller. It also resists against the unauthorized user access because if the attacker wants to access the data then he/she must generate a forged signature for it. Therefore, the controller does not generate the forged signature because for this purpose he/she must have the private key of application providers. Even if the private key of application providers/controller is known to the attacker, still this scheme has resisted against to break the confidentiality, because for encryption and decryption purpose, it uses the secret key, which means the new scheme provides the forward secrecy property. Further, this scheme hides the identity of the controller and application providers; it means that it cannot send the identity of the controller and application provider openly with ciphertext, which provides the anonymity property. It also used a technique for the discrepancy resolving among the application providers and controller, if happen, which is called public verifiability security requirement. The new scheme generates a fresh nonce, encrypts it, and sends along with every access control query for the resistance of replay attack. What is more in this new scheme, it is based on a hyperelliptic curve, which is the generalized form elliptic curve which provides the same level of security with 80 bits key in contrast to 160 bits key of elliptic curves. Thus, due to the hyperelliptic curve, our new scheme has the capacity of low computational cost and decrease communication overhead. If we look into the literature section of this paper, only two signcryption schemes [10, 18] for WBAN on the basis of the hyperelliptic curve are available, but the schemes in [10] have the limitations of failing to provide the role of central authority, suffering from certificate renewal and revocations problems, lacking of public verifiability, nonrepudiation, and antireplay attack. The scheme used in [18] can be affected by requiring the certificate management in a network which consists a large number of devices, and it can also be affected by the lack of anonymity property. So, our scheme also removes all these disadvantages which are discussed above.

4. Constructions of the Proposed Scheme

It includes the substeps that are setup, actor key setting, actor partial private key setting, actor private key generation, actor public key setting, CLSC-signcrypt, and CL-unsigncrypt, respectively.

Here, first of all, we provide the symbols used in the proposed scheme in Table 4 and the whole process of the construction towards a new scheme in the following steps.

4.1. Setup

The setup phase is executed by KGC to make a system parameter set and master key. The following are the steps which show how to compose a system parameter set and master key. (1)Given a security parameter ℒ, the KGC chooses a prime number and makes a finite field , where its order is such that . Select a hyperelliptic curve on and pick a divisor from (2)Uniformly select 𝒬 as the master private key and calculate its public key as , further, it saves at his memory and enables publicly to the network(3)It also choice the hash functions that are , and (4)Produce parameter set {,} and publish it to the network

4.2. Actor Key Setting

An actor with uniformly chooses 𝒬 as his/her secret value, calculates , and sends to KGC.

4.3. Actor Partial Private Key Setting

After receipting , the KGC then uniformly chooses 𝒬, calculates =, calculates the pseudopartial private key = +, and sends () to an actor with utilizing an open network.

4.4. Actor Private Key Generation

After receipting (), an actor with first verifies it by utilizing the equation, if it is held, then it extracts the partial private key as and produces the private key as =.

4.5. Actor Public Key Setting

An actor with computes his/her public key as = and sends it to the KGC through open network.

4.6. CL-Signcrypt

With the sender and receiver identities () and a messages , the sender performs the following steps by composing CGSWSC-signcrypt algorithm. (1)Uniformly choose and calculate (2)Compute 𝛿= and (3)Uniformly choose another number 𝒬 and compute (4)Generate the ciphertext as 𝛬=() and then calculate a digital signature as , where (5)At the end, the sender transmits to the receiver

4.7. CL-Unsigncrypt

Upon receipting , the receiver can verify it by composing the following steps. (1)Calculate 𝛿=. and (2)Compute and calculate (3)Recover the plain text as and compute (4)Accept (), if =𝜑 and +. are holds

4.7.1. Correctness

Each actor with can verify the pseudopartial private key by utilizing the following computations:

The receiver can verify the signature as if +.. is held.

5. Security Discussions

This scheme provides the security services of confidentiality and integrity because it encrypts the patient data through secret key, which is only known to the application providers and the controller. It also resists against the unauthorized user access because if the attacker wants to access the data then he/she must generate a forged signature for it. Therefore, the attacker does not generate the forged signature because for this purpose he/she must have the private key of application providers. Even if the private key of application providers/controller is known to the attacker, still this scheme has resisted against to break the confidentiality, because, for encryption and decryption purposes, it uses the secret key, which means the new scheme provides the forward secrecy property. Further, this scheme hides the identity of the controller and application providers; it means that it cannot send the identity of the controller and application provider openly with ciphertext, which provides the anonymity property. It also used a technique for the discrepancy resolving among the application providers and controller, if happen, which is called public verifiability security requirement. The new scheme generates a fresh nonce, encrypts it, and sends along with every access control query for the resistance of replay attack. What is more in this new scheme, it is based on a hyperelliptic curve, which is the generalized form elliptic curve which provides the same level of security with 80 bits key in contrast to 160 bits key of elliptic curves. Thus, due to the hyperelliptic curve, our new scheme has the capacity of low computational cost and decrease communication overhead. If we look into the literature section of this paper, only two signcryption schemes [10, 18] for WBAN on the basis of the hyperelliptic curve are available, but the schemes in [10] have the limitations of failing to provide the role of central authority, suffering from certificate renewal and revocations problems, lacking of public verifiability, nonrepudiation, and antireplay attack. The scheme used in [18] can be affected by requiring the certificate management in a network which consists a large number of devices, and it can also be affected by the lack of anonymity property. So, our scheme also removes all these disadvantages which are discussed above.

6. Performance Analysis

This section includes performances analysis in terms of computational and communication costs.

6.1. Computational Cost

In Table 5, we give the computational cost comparison among our designed secure channel free certificateless signcryption and the existing ones, i.e., Saeed et al. [11], Lu et al. [12], Li et al. [13], Prameela [14], Omala et al. [15], Omala et al. [16], Gao et al. [17], Ullah et al. [18], and Iqbal et al. [19] on the basis of major operations. We consider the major operation, i.e., bilinear pairing, pairing-based scalar multiplication, exponential, hyperelliptic divisor multiplication, and elliptic curve scalar multiplication in the proposed one and in Saeed et al. [11], Lu et al. [12], Li et al. [13], Prameela [14], Omala et al. [15], Omala et al. [16], Gao et al. [17], Ullah et al. [18], and Iqbal et al. [19]. Further, , PBM, , HEM, and ESM signify one pairing operation, one pairing-based scalar multiplication operation, one exponential operation, one hyperelliptic curve divisor multiplication operation, and one elliptic curve scalar multiplication operation, respectively. Additionally, we create comparisons among the proposed one and Saeed et al. [11], Lu et al. [12], Li et al. [13], Prameela [14], Omala et al. [15], Omala et al. [16], Gao et al. [17], Ullah et al. [18], and Iqbal et al. [19] on the basis of milliseconds (ms), which is shown in Table 6. We observed from [21] that the single ESM consumes 0.97 ms, needs 14.90 ms, PBM consumes 4.31 ms, needs 1.97 ms, and it is also assumed that HEM earnings consume 0.48 ms [2226]. Moreover, a computation cost reduction is shown in Table 7 and Figure 5, respectively.

6.2. Communication Overhead

Sending additional bits along with the actual ciphertext is called communication overhead. If the additional bits are smaller in size, then, the communication will be fast; otherwise, delays will occur in communications. In this phase, we compare our designed CB-PS with existing ones, i.e., Saeed et al. [11], Lu et al. [12], Li et al. [13], Prameela [14], Omala et al. [15], Omala et al. [16], Gao et al. [17], Ullah et al. [18], and Iqbal et al. [19] on the basis of communication overhead as shown in Table 8. To make these comparisons, we suppose that bits, bits, , and bits. Besides, a communication cost reduction is shown in Tables 9 and 8 and Figure 6, respectively.

7. Conclusion

A detailed review of the currently available signcryption schemes that might be used in the WBAN system is presented in this article. Then, each scheme is subjected to a critical review in terms of security requirements, as well as the need for computational and communication expenses. The research revealed that the majority of existing WBAN signcryption schemes failed to meet one or more security requirements, as well as had high computational and communication costs. Then, for WBAN applications, we presented a new framework called secure channel free certificateless signcryption scheme, which is based on the notion of a hyperelliptic curve. The proposed scheme removes all the limitations of existing signcryption schemes for WBAN, because it does not suffer from the certificate management problem, key escrow problem, and does not require any secure channel for the distribution of partial private key. In addition, the scheme is lightweight in terms of computational and communication costs. Furthermore, the new scheme has the capability of providing the security requirements, such as confidentiality, integrity, resist against the unauthorized user, unforgeability, public verifiability, forward secrecy, and antireplay attack, respectively. In the future, we are intended to apply the same scheme to the multimessage and multireceiver environment.

Data Availability

All data generated or analyzed during this study are included in this article.

Conflicts of Interest

The authors declare no conflicts of interest with respect to the research, authorship, and/or publication of this article.