A provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN
Introduction
Internet of Things (IoT) is becoming popular nowadays both from the technical and commercial point of view due to its simplicity, low cost, and easy deployment [1]. The rapid growth of sensor nodes in wireless networks leads to huge consumption of bandwidth and energy reducing battery life. Many resource allocation and optimization algorithms [2], [3] result in reducing energy consumption in heavy applications of wireless sensor networks for industrial systems security and confidentiality [4], [5]. Wireless body area network(WBAN) [6], [7] is an essential application of IoT, which plays a significant role in healthcare services [8] to collect real-time vital health data of a patient. WBAN helps a doctor to monitor the patient’s health state remotely via wireless communication technologies [9]. The wearable sensors attached to the patient’s body collect sensitive and private information of a user [10]. This data helps the medical advisor to diagnose the patient’s health condition for the treatment of the various diseases. Hence, for the privacy and security of a person, it is necessary to ensure that only authorized personnel can have access to this data. This scenario indicates the usefulness of secure mutual authentication and key agreement schemes for the wireless network. The wearable devices [11] are resource constraints, i.e., have limited capabilities in terms of communication and processing power, therefore high computing security mechanisms like AES [12], RSA [13], Diffie–Hellman [14], etc. cannot be implemented in WBAN. The overall energy consumptions of AES, DES, RSA, ECC as well as hash operations have been shown in the paper [15].
Fig. 1 shows the multi-hop centralized architecture for the wireless Body Area Network system. It consists of three types of nodes second-level nodes or wearable sensing devices, first-level nodes or intermediate/gateway nodes, and the hub node. The central node, also known as the hub node or local server, collects all the physiological information from the sensor nodes via a gateway/mobile device. This architecture is divided into three tiers, as shown in Fig. 1. The first tier connects the second-level nodes or wearable devices with the first-level nodes or gateway/mobile device. Here, wearable devices sense the patient’s health data such as blood pressure, heart rate, sleep cycle, body temperature, ECG and EEG, and send it to the mobile/gateway device. The second tier represents the connection between the first-level node and the hub node, where an intermediate node forwards the received data from the wearable sensors to the hub node or local server. The third tier connects the hub node to the health cloud data center via internet.
The hub node sends all the information to the cloud data center where all the critical decisions are taken for the patients, such as to provide emergency medical aid, call an ambulance, etc. The information administered in the wireless BAN is highly sensitive and confidential; therefore, security and privacy become significant issues that must be guaranteed. Moreover, it also becomes a pivotal challenge to enable mutual authentication and secure shared cryptographic key establishment in a resource-constraint architecture, i.e., having limited computation and communication abilities. Li et al. [16] designed a scheme having anonymous mutual authentication and key agreement components for Wireless BAN. Their scheme provided features like mutual authentication, secrecy, security against different known attacks such as replay, eavesdropping, man-in-the-middle attacks, etc. However, we analyzed that this scheme is vulnerable to the intermediate node capture attack, sensor node impersonation and hub node impersonation with intermediate node capture attacks. Also, this scheme does not provide anonymity with unlinkable sessions.
The wearable devices used in the healthcare monitoring systems are resource-constraints. Therefore, the authentication and key-agreement protocol must be lightweight as well as secure to protect the sensitive and confidential information of a patient. It is a challenging task to design such an authentication protocol that also facilitates numerous security features. This motivated us to design a provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN. Our protocol uses basic symmetric cryptosystems like simple XOR and cryptographic hash functions; hence, it is efficient and lightweight. The main contributions of this paper are as follows:
- •
We first analyze the security of Li et al.’s protocol and deduce that it is susceptible to various attacks.
- •
We propose a provably secure and efficient anonymous mutual authentication and key agreement protocol to provide security against well-known attacks.
- •
We prove the establishment of secure session-key and resilience to various known attacks by using BAN-Logic, ROR model and AVISPA tool.
- •
Finally, we show the efficiency of the improved scheme regarding storage, computational, and communication costs.
The rest of the paper is organized as follows. Section 2 discusses the existing related work done in this field. Section 3 presents the system model used throughout the paper. Section 4 reviews Li et al.’s protocol in detail. Section 5 discusses the security analysis of Li et al.’s protocol. Section 6 presents an improved protocol in detail. Section 7 gives the security analysis of our proposed protocol. Section 8 provides the comparative analysis of the proposed protocol with Li et al.’s protocol and the other related existing schemes. Finally, Section 9 concludes the paper.
Section snippets
Related work
In recent years, numerous research has been proposed in the field of authentication and key-establishment [17] for enhancing the security of wireless sensor networks. Most protocols focus on the establishment of secure session-key based on asymmetric key cryptosystems like AES, RSA, ElGamal, ECC, Paillier cryptosystem, etc., but require high resource utilization such as computation and communication power. Such cryptosystems are not suitable for energy constraint WSN environment, especially in
System model
In this Section, we introduce the two models followed in Li et al. and our proposed protocol.
Review of Li et al. ’s [16]protocol
In this section, we shortly review the anonymous mutual authentication and key agreement protocol proposed by Li et al. for wearable devices in WBAN. The scheme has three phases namely initialization phase, registration phase, and authentication phase. We present the detailed overview of these phases of Li et al.’s protocol in Fig. 3 to find out the security weakness in this scheme. Table 1 summarizes all the notations used in Li et al.’s and in our improved protocol throughout the paper.
Security analysis of Li et al. ’s scheme
This section provides the security weaknesses found in Li et al.’s protocol. The protocol has several security shortcomings such as intermediate node capture attack, sensor node impersonation attack, hub node impersonation attack, Linkable sessions etc. The description of the following attacks in Li et al. is presented below:
Proposed improved scheme
Unlike Li et al.’s protocol, the proposed protocol has four phases namely initialization, registration, authentication, and dynamic node update phase. The initialization and registration phase is shown inFig. 4.
Security analysis of our proposed protocol
This section analyzes the security of the proposed protocol using both the formal and the informal security analysis methods. The formal security analysis for the proposed scheme is done using BAN-Logic, real-or-random (ROR) model, and the widely accepted AVISPA tool. BAN-Logic proves that the proposed protocol establishes a secure mutually authenticated session-key between a sensor node and the hub node. ROR model proves the semantic security (session-key security against an adversary attack)
Performance comparison
In this section, we discuss the performance comparison of our protocol with Li et al.’s protocol and the other related existing schemes, designed for the similar environment as of ours, based on the functionality features, storage requirements, computational and communication overheads in the authentication and key-agreement phase. The following subsection discusses each features separately.
Conclusion
WBAN plays an important role in remotely monitoring of patient’s vital information in the healthcare scenario. The authentication process gathers preeminent attention in the field of, but not limited to, medical IoT where the security and privacy of a user are of dominant interest. Several authentication and key agreement protocols have been proposed in the literature based on WBAN but no one completely protects from all security threats.
This paper primarily reviewed Li et al.’s anonymous
CRediT authorship contribution statement
Ankur Gupta: Conceptualization, Methodology, Software, Formal analysis, Writing - original draft, Writing - review & editing, Visualization. Meenakshi Tripathi: Supervision. Aakar Sharma: Formal analysis.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
References (48)
- et al.
Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks
Comput. Netw.
(2017) - et al.
Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards
J. Netw. Comput. Appl.
(2011) - et al.
An enhanced smart card based remote user password authentication scheme
J. Netw. Comput. Appl.
(2013) - et al.
A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments
Math. Comput. Modelling
(2013) - et al.
A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks
Ad Hoc Netw.
(2016) - et al.
Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network
Comput. Netw.
(2018) - et al.
A robust and efficient mutual authentication and key agreement scheme with untraceability for WBANs
Comput. Netw.
(2019) - et al.
A lightweight anonymous user authentication and key establishment scheme for wearable devices
Comput. Netw.
(2019) - et al.
Internet of things: A survey on enabling technologies, protocols, and applications
IEEE Commun. Surv. Tutor.
(2015) - et al.
Iot resource allocation and optimization based on heuristic algorithm
Sensors
(2020)