Elsevier

Computer Communications

Volume 160, 1 July 2020, Pages 311-325
Computer Communications

A provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN

https://doi.org/10.1016/j.comcom.2020.06.010Get rights and content

Abstract

Wireless body area networks (WBAN) is a novel paradigm that is gaining popularity in a scenario of current wireless communication systems. It plays an essential role in healthcare applications like remote monitoring of health data. For instance, the crucial and confidential data about the condition of the patient’s physical health can be gathered and transferred through WBAN. Therefore, authentication and session key-agreements are integral security concerns for wearable sensors in WBAN. Moreover, as the wearable devices are resource-constraints, there is a need to develop a lightweight protocol to ensure authenticity, confidentiality, and integrity of the information. Li et al. presented an anonymous mutual authentication protocol to establish a session-key among wearable sensor nodes and the local hub node. However, after an in-depth analysis, we found that their scheme is susceptible to an intermediate node capture attack, and sensor node/hub node impersonation with intermediate node capture attacks. The scheme also does not provide anonymity with unlinkable sessions. This paper proposes a new anonymous mutual authentication and key agreement protocol in WBAN to overcome the security weaknesses in Li et al.’s protocol. The proposed protocol uses only basic symmetric cryptosystems like simple XOR and cryptographic hash functions; hence, it is efficient and lightweight. The validity and the correctness of the proposed protocol are evaluated using BAN-Logic, Real-Or-Random (ROR) model, and the broadly accepted AVISPA tool. The performance comparison of the proposed protocol with the existing related protocols shows the efficiency regarding communication and computational complexities. Hence, it is suitable to be used in real-life applications.

Introduction

Internet of Things (IoT) is becoming popular nowadays both from the technical and commercial point of view due to its simplicity, low cost, and easy deployment [1]. The rapid growth of sensor nodes in wireless networks leads to huge consumption of bandwidth and energy reducing battery life. Many resource allocation and optimization algorithms [2], [3] result in reducing energy consumption in heavy applications of wireless sensor networks for industrial systems security and confidentiality [4], [5]. Wireless body area network(WBAN) [6], [7] is an essential application of IoT, which plays a significant role in healthcare services [8] to collect real-time vital health data of a patient. WBAN helps a doctor to monitor the patient’s health state remotely via wireless communication technologies [9]. The wearable sensors attached to the patient’s body collect sensitive and private information of a user [10]. This data helps the medical advisor to diagnose the patient’s health condition for the treatment of the various diseases. Hence, for the privacy and security of a person, it is necessary to ensure that only authorized personnel can have access to this data. This scenario indicates the usefulness of secure mutual authentication and key agreement schemes for the wireless network. The wearable devices [11] are resource constraints, i.e., have limited capabilities in terms of communication and processing power, therefore high computing security mechanisms like AES [12], RSA [13], Diffie–Hellman [14], etc. cannot be implemented in WBAN. The overall energy consumptions of AES, DES, RSA, ECC as well as hash operations have been shown in the paper [15].

Fig. 1 shows the multi-hop centralized architecture for the wireless Body Area Network system. It consists of three types of nodes (i) second-level nodes or wearable sensing devices, (ii) first-level nodes or intermediate/gateway nodes, and (iii) the hub node. The central node, also known as the hub node or local server, collects all the physiological information from the sensor nodes via a gateway/mobile device. This architecture is divided into three tiers, as shown in Fig. 1. The first tier connects the second-level nodes or wearable devices with the first-level nodes or gateway/mobile device. Here, wearable devices sense the patient’s health data such as blood pressure, heart rate, sleep cycle, body temperature, ECG and EEG, and send it to the mobile/gateway device. The second tier represents the connection between the first-level node and the hub node, where an intermediate node forwards the received data from the wearable sensors to the hub node or local server. The third tier connects the hub node to the health cloud data center via internet.

The hub node sends all the information to the cloud data center where all the critical decisions are taken for the patients, such as to provide emergency medical aid, call an ambulance, etc. The information administered in the wireless BAN is highly sensitive and confidential; therefore, security and privacy become significant issues that must be guaranteed. Moreover, it also becomes a pivotal challenge to enable mutual authentication and secure shared cryptographic key establishment in a resource-constraint architecture, i.e., having limited computation and communication abilities. Li et al. [16] designed a scheme having anonymous mutual authentication and key agreement components for Wireless BAN. Their scheme provided features like mutual authentication, secrecy, security against different known attacks such as replay, eavesdropping, man-in-the-middle attacks, etc. However, we analyzed that this scheme is vulnerable to the intermediate node capture attack, sensor node impersonation and hub node impersonation with intermediate node capture attacks. Also, this scheme does not provide anonymity with unlinkable sessions.

The wearable devices used in the healthcare monitoring systems are resource-constraints. Therefore, the authentication and key-agreement protocol must be lightweight as well as secure to protect the sensitive and confidential information of a patient. It is a challenging task to design such an authentication protocol that also facilitates numerous security features. This motivated us to design a provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN. Our protocol uses basic symmetric cryptosystems like simple XOR and cryptographic hash functions; hence, it is efficient and lightweight. The main contributions of this paper are as follows:

  • We first analyze the security of Li et al.’s protocol and deduce that it is susceptible to various attacks.

  • We propose a provably secure and efficient anonymous mutual authentication and key agreement protocol to provide security against well-known attacks.

  • We prove the establishment of secure session-key and resilience to various known attacks by using BAN-Logic, ROR model and AVISPA tool.

  • Finally, we show the efficiency of the improved scheme regarding storage, computational, and communication costs.

The rest of the paper is organized as follows. Section 2 discusses the existing related work done in this field. Section 3 presents the system model used throughout the paper. Section 4 reviews Li et al.’s protocol in detail. Section 5 discusses the security analysis of Li et al.’s protocol. Section 6 presents an improved protocol in detail. Section 7 gives the security analysis of our proposed protocol. Section 8 provides the comparative analysis of the proposed protocol with Li et al.’s protocol and the other related existing schemes. Finally, Section 9 concludes the paper.

Section snippets

Related work

In recent years, numerous research has been proposed in the field of authentication and key-establishment [17] for enhancing the security of wireless sensor networks. Most protocols focus on the establishment of secure session-key based on asymmetric key cryptosystems like AES, RSA, ElGamal, ECC, Paillier cryptosystem, etc., but require high resource utilization such as computation and communication power. Such cryptosystems are not suitable for energy constraint WSN environment, especially in

System model

In this Section, we introduce the two models followed in Li et al. and our proposed protocol.

Review of Li et al. ’s [16]protocol

In this section, we shortly review the anonymous mutual authentication and key agreement protocol proposed by Li et al. for wearable devices in WBAN. The scheme has three phases namely initialization phase, registration phase, and authentication phase. We present the detailed overview of these phases of Li et al.’s protocol in Fig. 3 to find out the security weakness in this scheme. Table 1 summarizes all the notations used in Li et al.’s and in our improved protocol throughout the paper.

Security analysis of Li et al. ’s scheme

This section provides the security weaknesses found in Li et al.’s protocol. The protocol has several security shortcomings such as intermediate node capture attack, sensor node impersonation attack, hub node impersonation attack, Linkable sessions etc. The description of the following attacks in Li et al. is presented below:

Proposed improved scheme

Unlike Li et al.’s protocol, the proposed protocol has four phases namely initialization, registration, authentication, and dynamic node update phase. The initialization and registration phase is shown inFig. 4.

Security analysis of our proposed protocol

This section analyzes the security of the proposed protocol using both the formal and the informal security analysis methods. The formal security analysis for the proposed scheme is done using BAN-Logic, real-or-random (ROR) model, and the widely accepted AVISPA tool. BAN-Logic proves that the proposed protocol establishes a secure mutually authenticated session-key between a sensor node and the hub node. ROR model proves the semantic security (session-key security against an adversary attack)

Performance comparison

In this section, we discuss the performance comparison of our protocol with Li et al.’s protocol and the other related existing schemes, designed for the similar environment as of ours, based on the functionality features, storage requirements, computational and communication overheads in the authentication and key-agreement phase. The following subsection discusses each features separately.

Conclusion

WBAN plays an important role in remotely monitoring of patient’s vital information in the healthcare scenario. The authentication process gathers preeminent attention in the field of, but not limited to, medical IoT where the security and privacy of a user are of dominant interest. Several authentication and key agreement protocols have been proposed in the literature based on WBAN but no one completely protects from all security threats.

This paper primarily reviewed Li et al.’s anonymous

CRediT authorship contribution statement

Ankur Gupta: Conceptualization, Methodology, Software, Formal analysis, Writing - original draft, Writing - review & editing, Visualization. Meenakshi Tripathi: Supervision. Aakar Sharma: Formal analysis.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References (48)

  • SangaiahA.K. et al.

    Energy consumption in point-coverage wireless sensor networks via bat algorithm

    IEEE Access

    (2019)
  • SangaiahA.K. et al.

    Enforcing position-based confidentiality with machine learning paradigm through mobile edge computing in real-time industrial informatics

    IEEE Trans. Ind. Inf.

    (2019)
  • SangaiahA.K. et al.

    Energy-aware green adversary model for cyberphysical security in industrial system

    IEEE Trans. Ind. Inf.

    (2020)
  • MovassaghiS. et al.

    Wireless body area networks: A survey

    IEEE Commun. Surv. Tutor.

    (2014)
  • CavallariR. et al.

    A survey on wireless body area networks: Technologies and design challenges

    IEEE Commun. Surv. Tutor.

    (2014)
  • IslamS.M.R. et al.

    The internet of things for health care: A comprehensive survey

    IEEE Access

    (2015)
  • TseD. et al.

    Fundamentals of Wireless Communication

    (2005)
  • SohP.J. et al.

    Wearable wireless health monitoring: Current developments, challenges, and future trends

    IEEE Microw. Mag.

    (2015)
  • SeneviratneS. et al.

    A survey of wearable devices and challenges

    IEEE Commun. Surv. Tutor.

    (2017)
  • DaemenJ. et al.

    The Design of Rijndael: AES-The Advanced Encryption Standard

    (2013)
  • RivestR.L. et al.

    A method for obtaining digital signatures and public-key cryptosystems

    Commun. ACM

    (1978)
  • DiffieW. et al.

    New directions in cryptography

    IEEE Trans. Inform. Theory

    (1976)
  • PotlapallyN.R. et al.

    A study of the energy consumption characteristics of cryptographic algorithms and security protocols

    IEEE Trans. Mob. Comput.

    (2006)
  • FerragM.A. et al.

    Authentication protocols for internet of things: A comprehensive survey

    (2016)
  • Cited by (0)

    View full text