Wireless body area network (WBAN) is a network of wearable devices placed on the body of patients to collect and transmit their biomedical data to medical servers through open wireless channels. These collected data are sensitive and their transmission via the open wireless channels makes them vulnerable to attacks by unauthorized users. Therefore, secure authentication and data encryption mechanisms in WBAN are essential. In the past few years, several zero knowledge proof (ZKP) and commitment technique based schemes for WBAN were proposed to provide lightweight authentication and data encryption for intra-WBAN communication. However, these schemes are susceptible to node compromise and impersonation attacks and cannot provide security for inter-WBAN communication. Motivated by these limitations, we first propose a compromise and impersonation attacks resistant (CIAR) authentication scheme based on ZKP, commitment technique, and received signal strength (RSS), which could identify attackers that have compromised nodes and attempt to impersonate them. To ensure the security of the inter-WBAN communication, we then propose a channel characteristic aware (CCA) authentication scheme based on the ZKP and commitment technique. We performed security and performance analyses to validate the resilience of the schemes to various attacks and their effectiveness in terms of resources. Moreover, we conducted extensive experiments in indoor and outdoor areas to demonstrate the security strength of our schemes. The experimental results as well as the performance and security analyses show that our CIAR-ZKP scheme overcomes the security weaknesses in previous schemes at an equal cost. Moreover, the results of the CCA-ZKP scheme indicate that it can effectively identify 92% of attack attempts while triggering false alarms on merely 11% of legitimate traffic.

无线人体局域网（WBAN）是放置在患者身上的可穿戴设备网络，用于通过开放的无线通道收集其生物医学数据并将其传输到医疗服务器。这些收集的数据很敏感，并且它们通过开放的无线通道进行传输使它们容易受到未授权用户的攻击。因此，WBAN中的安全身份验证和数据加密机制至关重要。在过去的几年中，提出了几种基于零知识证明（ZKP）和基于承诺技术的WBAN方案，以为WBAN内部通信提供轻量认证和数据加密。但是，这些方案易受节点攻击和模拟攻击的影响，无法为WBAN间通信提供安全性。由于这些限制，我们首先提出一种基于ZKP，承诺技术和接收信号强度（RSS）的折衷和模拟攻击防御（CIAR）身份验证方案，该方案可以识别出遭到破坏的节点的攻击者并尝试模拟它们。为了确保WBAN间通信的安全性，我们然后基于ZKP和承诺技术提出了一种信道特征感知（CCA）身份验证方案。我们进行了安全和性能分析，以验证该方案对各种攻击的弹性以及它们在资源方面的有效性。此外，我们在室内和室外区域进行了广泛的实验，以证明我们方案的安全性。实验结果，性能，安全分析表明，我们的CIAR-ZKP方案以相同的成本克服了以前方案中的安全漏洞。此外，CCA-ZKP方案的结果表明，它可以有效地识别92％的攻击尝试，而仅对11％的合法流量触发错误警报。