Security in wearable sensor networks and telecare medical information systems (TMIS) has turned to an issue of scholarly interest in recent years. Adequate security to agree on a temporary session key is essential for establishing a secure connection on various layers of the protocol stack in the Internet of Things (IoT) environments. Recently, Gupta et al. proposed a lightweight authentication and key agreement scheme for wearable sensing devices. Our analysis of Gupta et al.’s scheme revealed that it is insecure against privileged-insider attack, compromise sensing device, and desynchronization attacks in wearable sensor registration and login and authentication phases. In this paper, a Scalable Healthcare Authentication Protocol with Attack-Resilience and Anonymous Key-agreement, SHAPARAK, is proposed to overcome security flaws of existing schemes. The proposed protocol offers more scalability as it uses a public channel in the process of registration of each wearable sensing device. It also contains the password and biometrics changing phase without involvement of the trusted server. The security analysis of the proposed scheme is evaluated using the GNY logic, AVISPA tool, random oracle model, and informal security analysis. It is also shown that the proposed protocol is cost-efficient in terms of computation and communication overheads, compared to the existing schemes.

近年来，可穿戴传感器网络和远程护理医疗信息系统（TMIS）的安全性已引起学术界的关注。要在物联网（IoT）环境中的协议堆栈的各个层上建立安全连接，必须有足够的安全性来商定临时会话密钥。最近，Gupta等。提出了一种可穿戴传感设备的轻量级认证和密钥协商方案。我们对Gupta等人方案的分析表明，在穿戴式传感器注册，登录和身份验证阶段，它无法抵御特权内线攻击，损害感应设备以及不同步攻击。本文中的SHAPARAK是具有攻击复原力和匿名密钥协议的可扩展医疗保健身份验证协议，为了克服现有方案的安全性缺陷而提出。所提出的协议在每个可穿戴传感设备的注册过程中使用公共信道，因此提供了更大的可伸缩性。它还包含密码和生物识别更改阶段，而无需可信服务器的参与。使用GNY逻辑，AVISPA工具，随机预言模型和非正式安全分析来评估所提议方案的安全分析。还显示出，与现有方案相比，所提出的协议在计算和通信开销方面具有成本效益。使用GNY逻辑，AVISPA工具，随机预言模型和非正式安全分析来评估所提议方案的安全分析。还显示出，与现有方案相比，所提出的协议在计算和通信开销方面具有成本效益。使用GNY逻辑，AVISPA工具，随机预言模型和非正式安全分析来评估所提议方案的安全分析。还显示出，与现有方案相比，所提出的协议在计算和通信开销方面具有成本效益。