Skip to main content
SpringerLink
Log in

An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The innovations in the field of wearable medical devices, wireless communication and low cost cloud computing aid the wireless body area network (WBAN) to become a prominent component of future healthcare systems. WBAN consists of medical sensors, which continuously monitor the patients’ vital signs and transfers this data to the remote medical server via the cloud. The continuous monitoring of the patients’ health data improves the quality of the medical service and also provides the source for future medical diagnosis. The medical information collected from WBAN is generally transmitted through wireless channel and therefore vulnerable to various information attacks. In this context, medical data security and privacy are key issues; hence there is a requirement of lightweight end-to-end authentication protocol to ensure secure communication. Recently, Li et al. presented a lightweight end-to-end authentication protocol for WBAN based on elliptic curve cryptography (ECC). However, through cryptanalysis, some security loopholes are found in this protocol. In this paper, an enhanced lightweight ECC based end-to-end authentication protocol is proposed to overcome the security vulnerabilities of Li et al.’s scheme. Further, the formal security analysis of the proposed scheme is done using BAN logic and AVISPA tool. The comparative analysis shows that the proposed scheme not only removes the security loopholes of Li et al.’s scheme but also reduces the overall complexity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., Chaudhr, S .A.: Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput. Electr. Eng. 63(C), 182–195 (2017). https://doi.org/10.1016/j.compeleceng.2017.03.016

    Article  Google Scholar 

  2. Alder, S., Kelleher, A., Greene, S.: HIPAA compliance guide. HIPAA J 1–65 (2015)

  3. Hipaa basics for providers: privacy, security, and breach notification rules. Centers for Medicare and Medicaid Services, pp 1–7 (2016). https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/MLN-Publications-Items/ICN909001.html

  4. Ray, S., Biswas, G.P.: A certificate authority (CA)-based cryptographic solution for hipaa privacy/security regulations. J. King Saud Univ. Comput. Inf. Sci. 26(2), 170–180 (2014)

    Google Scholar 

  5. Li, X., Peng, J., Kumari, S., Wu, F., Karuppiah, M., Choo, K .K.R.: An enhanced 1-round authentication protocol for wireless body area networks with user anonymity. Comput. Electr. Eng. 61(C), 238–249 (2017). https://doi.org/10.1016/j.compeleceng.2017.02.011

    Article  Google Scholar 

  6. Islam, S.K.H., Amin, R., Biswas, G.P., Farash, M.S., Li, X., Kumari, S.: An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J. King Saud Univ. Comput. Inf. Sci. 29(3), 311–324 (2017). https://doi.org/10.1016/j.jksuci.2015.08.002

    Article  Google Scholar 

  7. Amin, R., Islam, S.K.H., Biswas, G.P., Khan, M.K., Li, X.: Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(140), 1–21 (2015). https://doi.org/10.1007/s10916-015-0318-z

    Article  Google Scholar 

  8. Amin, R., Islam, S .K .H., Biswas, G., Khan, M .K., Leng, L., Kumar, N.: Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. Int. J. Comput. Telecommun. Netw. 101(C), 42–62 (2016). https://doi.org/10.1016/j.comnet.2016.01.006

    Article  Google Scholar 

  9. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. (TOCS) 8(1), 18–36 (1990). https://doi.org/10.1145/77648.77649

    Article  MATH  Google Scholar 

  10. Kumari, S., Das, A.K., Li, X., Wu, F., Khan, M.K., Jiang, Q., Islam, S.K.H.: A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimedia Tools Appl. 77(2), 2359–2389 (2018). https://doi.org/10.1007/s11042-017-4390-x

    Article  Google Scholar 

  11. Amin, R., Islam, S .K .H., Biswas, G., Khan, M .K., Kumar, N.: A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Gener. Comput. Syst. 80(C), 483–495 (2018). https://doi.org/10.1016/j.future.2016.05.032

    Article  Google Scholar 

  12. Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A .K., Choo, K .K .R.: A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J. Netw. Comput. Appl. 103(C), 194–204 (2018). https://doi.org/10.1016/j.jnca.2017.07.001

    Article  Google Scholar 

  13. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  Google Scholar 

  14. Yeh, C.K., Chen, H.M., Lo, J.W.: An authentication protocol for ubiquitous health monitoring systems. J. Med. Biol. Eng. 33(4), 415–419 (2013). https://doi.org/10.5405/jmbe.1478

    Article  Google Scholar 

  15. Zhao, Z.: An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2), 1–7 (2014). https://doi.org/10.1007/s10916-014-0013-5

    Article  Google Scholar 

  16. He, D., Zeadally, S.: Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1), 71–77 (2015). https://doi.org/10.1109/MCOM.2015.7010518

    Article  Google Scholar 

  17. Amin, R., Islam, S .K .H., Biswas, G., Khan, M .K., Kumar, N.: A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Gener. Comput. Syst. 80(C), 483–495 (2016). https://doi.org/10.1016/j.future.2016.05.032

    Article  Google Scholar 

  18. Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., Chaudhry, S .A.: Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput. Electr. Eng. 63(C), 182–195 (2017). https://doi.org/10.1016/j.compeleceng.2017.03.016

    Article  Google Scholar 

  19. Yessad, N., Bouchelaghem, S., Ouada, F .S., Omar, M.: Secure and reliable patient body motion based authentication approach for medical body area networks. Pervasive Mob. Comput. 42(C), 351–370 (2017). https://doi.org/10.1016/j.pmcj.2017.06.009

    Article  Google Scholar 

  20. Wu, F., Li, X., Xu, L., Kumari, S., Karuppiah, M., Shen, J.: A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Comput. Electr. Eng. 63(C), 168–181 (2017). https://doi.org/10.1016/j.compeleceng.2017.04.012

    Article  Google Scholar 

  21. Das, A.K., Zeadally, S., Wazid, M.: Lightweight authentication protocols for wearable devices. Comput. Electr. Eng. 63(C), 196–208 (2017). https://doi.org/10.1016/j.compeleceng.2017.03.008

    Article  Google Scholar 

  22. Liu, J., Zhang, L., Sun, R.: 1-RAAP: an efficient 1-round anonymous authentication protocol for wireless body area networks. Sensors (2016). https://doi.org/10.3390/s16050728

    Article  Google Scholar 

  23. Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004)

    MATH  Google Scholar 

  24. Stallings, W.: Cryptography and Network Security: Principles and Practice, 6th edn, pp. 285–296. Pearson Education, London (2014)

    Google Scholar 

  25. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987). https://doi.org/10.1090/S0025-5718-1987-0866109-5

    Article  MathSciNet  MATH  Google Scholar 

  26. Miller, V.S.: Use of elliptic curves in cryptography. In: Proceeding in CRYPTO ’85 Advances in Cryptology, LNCS (218), pp. 417–426 (1985)

  27. Ray, S., Biswas, G.P., Dasgupta, M.: Secure multi-purpose mobile-banking using elliptic curve cryptography. Wirel. Pers. Commun. 90(3), 1331–1354 (2016). https://doi.org/10.1007/s11277-016-3393-7

    Article  Google Scholar 

  28. Garg, V.K., Mittal, N.: Time and state in asynchronous distributed systems. In: Wiley Encyclopedia of Computer Science and Engineering. Wiley (2008). https://doi.org/10.1002/9780470050118.ecse436

  29. Wallace, K., Moran, K., Novak, E., Zhou, G., Sun, K.: Toward sensor-based random number generation for mobile and iot devices. IEEE Internet Things J. 3(6), 1189–1201 (2016). https://doi.org/10.1109/JIOT.2016.2572638

    Article  Google Scholar 

  30. Syverson, P.: The use of logic in the analysis of cryptographic protocols. In: Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, pp. 156–170. https://doi.org/10.1109/RISP.1991.130784

  31. Syverson, P.F.: A logic for the analysis of cryptographic protocols (No. NRL-9305). Naval Research Lab, Washington DC (1990)

  32. HLPSL Tutorial: A Beginner’s Guide to Modelling and Analysing Internet Security Protocols. The AVISPA Project (2005). www.avispa-project.org/

  33. He, D., Zeadally, S., Kumar, N., Lee, J.H.: Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11(4), 2590–2601 (2017). https://doi.org/10.1109/JSYST.2016.2544805

    Article  Google Scholar 

  34. Liu, J., Zhang, Z., Chen, X., Kwak, K.S.: Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans. Parallel Distrib. Syst. 25(2), 332–342 (2014). https://doi.org/10.1109/TPDS.2013.145

    Article  Google Scholar 

Download references

Acknowledgements

The research work is supported by University Grants Commission (UGC) under NET-JRF in Sciences, Humanities and Social Sciences. It was funded by Ministry of Human Resource Development (MHRD), Government of India.

Author information

Authors and Affiliations

  1. Department of Computer Applications, National Institute of Technology Raipur, Raipur, India

    K. Sowjanya & Mou Dasgupta

  2. Department of Computer Science and Engineering, National Institute of Technology Sikkim, Ravangla, India

    Sangram Ray

Authors
  1. K. Sowjanya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mou Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sangram Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Sowjanya.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Research involving human participants and/or animals

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sowjanya, K., Dasgupta, M. & Ray, S. An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems. Int. J. Inf. Secur. 19, 129–146 (2020). https://doi.org/10.1007/s10207-019-00464-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-019-00464-9

Keywords

Search

Navigation