Professional Documents
Culture Documents
Blockchain and PUF-Based Lightweight Authentication Protocol For Wireless Medical Sensor Networks
Blockchain and PUF-Based Lightweight Authentication Protocol For Wireless Medical Sensor Networks
Blockchain and PUF-Based Lightweight Authentication Protocol For Wireless Medical Sensor Networks
2327-4662
c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
8884 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 11, JUNE 1, 2022
computational power and larger storage space can be an ideal The organization of the remaining sections is structured as
intermediary between SN and MP. However, due to the public follows. In Section II, we review some recent research works
nature of communication channels in WMSN, some security in the field of authentication protocols concerning WMSN.
breach incidents occur occasionally, which may bring numer- Section III introduces three primitives that constitute our
ous unexpected threats. In 2018, [1] reported that a security proposed protocol for WMSN. The network model and threat
hole existing in the implanted cardiac defibrillators made by model of the proposed authentication framework are presented
Medtronic through which hackers even can gain access to in Section IV. In Section V, we describe the detailed process,
cause the death of patients. notations, and algorithms of the proposed protocol for WMSN.
Solutions for security and privacy problems that exist Section VI evaluates the security of the proposed scheme by
in WMSN are needed. In recent years, researchers have using formal and informal security analysis. Section VII mea-
proposed several authentication protocols for WMSN based sures the communication/computation cost of the proposed
on different mechanisms. In this regard, though the proposed scheme and related existing schemes. Finally, we conclude
schemes successfully cope with some common attacks, such this article in Section VIII.
as device capture attacks, man-in-the-middle (MITM) attacks,
and node impersonation attacks, physical-layer security of
SN/MP and centralized GWN are sometimes forgotten or II. R ELATED W ORK
omitted. Focusing on the above-mentioned challenges, physi- Li et al. [2] proposed a novel authentication protocol for
cally unclonable functions (PUFs) and blockchain-based smart healthcare applications using WMSN with user anonymity and
contracts seem to be appropriate countermeasures. Since PUFs biometric authentication. Later, Wu et al. [3] also proposed
are physical-layer security primitives that utilize random vari- an improved and anonymous two-factor authentication pro-
ation features in submicroscopic and challenge–response (CR) tocol for WMSN-based healthcare applications. However,
behavior, PUF could generate unique responses according to Das et al. [4] found Li et al.’s scheme [2] suffers from
different inputs. Smart contracts could decentralize excessive privileged-insider attacks, node capture attacks, and user track-
centralization of GWN and make the entire interaction pro- ing attacks. To mitigate these existing problems, they proposed
cess self-execute. Hence, in this article, we combine PUF with a security-enhanced anonymous user authentication protocol
smart contracts to construct a novel lightweight and reliable based on the smart card for healthcare applications under
authentication protocol for WMSN. Moreover, to enhance the WMSN. Srinivas et al. [5] also pointed out the possible
security level of SN, we also introduce a fuzzy extractor for security breaches of Wu et al.’s scheme [2], which cannot
biometric information extraction and verification. prevent Distributed Denial-of-Service (DDoS) attacks, offline
identity guessing attacks, offline password guessing attacks,
and user impersonation attacks. Hence, they designed an
A. Motivation and Contributions efficient authentication protocol for healthcare with WMSN.
Most of the existing authentication schemes for WMSN Amin et al. [6] suggested a lightweight and anonymous
cannot provide an efficient measure to assure physical-layer patient monitoring system for WMSN, which only owns sim-
security for decentralized GWN. Hence, in this article, with the ple hash functions. Unfortunately, Jiang et al. [7] observed
aid of emerging blockchain-based smart contracts and PUF, we that Amin et al.’s plan [6] cannot defend against sensor key
design a lightweight and security-enhanced authentication pro- leakage attacks, desynchronization attacks, and stolen mobile
tocol for WMSN which can assist with the above-mentioned device attacks. To solve the mentioned attacks of [6], they
issues. The major contributions of this article are listed as proposed an efficient end-to-end authentication scheme for
follows. WMSN. Although [7] gave comprehensive security analysis,
1) We propose a lightweight authentication protocol that is Mo et al. [8] still noticed that Jiang et al.’s scheme [7] is
only composed of one-way hash functions and bitwise vulnerable to DDoS attacks, privileged-insider attacks, and
XOR operations for WMSN. known session special temporary information attacks. At the
2) Modeled toward long-term unsolved physical-layer secu- same time, Mo et al. [8] provided some countermeasures to
rity and centralized GWN, we utilize blockchain tech- security issues regarding [7]. Fotouhi et al. [9] designed a
nology and PUF to enhance the security level of our two-factor and lightweight authentication scheme for health-
proposed protocol. In addition, a fuzzy extractor is care IoT under wireless body area networks (WBANs).
adopted for a biometric authentication process. Based on the hash chain, the proposed protocol can be
3) We prove the reliability and validity of our mutual secure against various known attacks and provide forward
authentication protocol from two different perspectives secure protection. Li et al. [10] proposed PSL-MAAKA—a
(i.e., formal security proof by an automatic crypto- lightweight mutual authentication and key agreement (AKA)
graphic protocol verifier as well as an informal security protocol composed of hash and XOR operations under
proof). fully public channels for WMSN. Then, Masud et al. [11]
4) We conduct security feature comparison and proposed a privacy-preserving and lightweight user authen-
performance evaluation. The analysis and experiment tication protocol for healthcare-related IoT. Their proposed
outcomes show the obvious advantages of our protocol scheme is solely constructed by a lightweight hash
in terms of security attributes and communication/ function which can effectively alleviate the pressure
computation cost. of SNs.
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
WANG et al.: BLOCKCHAIN AND PUF-BASED LIGHTWEIGHT AUTHENTICATION PROTOCOL 8885
The schemes mentioned above are mostly constructed by Alice could obtain x cryptocurrency units in a Cryptocurrency
hash functions and bitwise XOR operations. These primi- Blockchain from Bob with valid computation outcomes.
tives could be used to create ultralightweight authentica-
tion protocol but at the expense of a security degree. To
B. Physically Unclonable Functions
achieve a balance between security degree and performance
cost, some researchers utilized elliptical curve cryptogra- Semiconductor-based PUF are physically unclonable, that
phy (ECC) to design authentication protocols for WMSN in benefits from their random and unique variations during the
recent years. Challa et al. [12] proposed an efficient prov- Integrated Circuit manufacturing process. The operation of
ably secure three-factor user AKA protocol based on ECC for PUF depends on CR behavior. When a user inputs a challenge
WMSN. Xie et al. [13] suggested a cost effective and robust c to the PUF, it can generate a unique response r. The detailed
certificates-less authentication protocol called CasCP for operation could be illustrated as r = PUFs(c). Besides, PUF
WBANs. Besides, their protocol also supports batch authenti- also has two common mechanisms: 1) for the same, different
cation and conditional privacy preserving. Subsequently, based inputs will provide various outputs, and the same inputs will
on the security poles of [7], Li et al. [14] designed a secure output identical responses and 2) separately, equivalent inputs
three-factor ECC-based user authentication scheme with bio- always generate inconsistent results. However, sometimes in a
metric information for WMSN, which can successfully handle noisy environment, non-noise-resistance could generate some
Denial-of-Service (DoS) attacks, mobile device stolen attacks, responses with several bit errors, which will result in unex-
desynchronization attacks, and sensor key exposure attacks. pected responses and intervene in a system’s normal execution.
Except for the ECC-based authentication protocol for WMSN, Therefore, our proposed scheme should employ ideal or noise-
several schemes have been proposed according to some novel resistant environments that can correct some bit errors at the
technologies. Shuai et al. [15] proposed a lightweight authen- cost of a higher computational cost. Fortunately, we can adopt
tication protocol for on-body wireless networks, which is SRAM designed by Pandey et al. [18]. Their experimental
composed of a pseudonym and one-time hash chain to ensure results show that this type of PUF can nearly remove all the
user anonymity and forward secrecy. Alladi et al. [16] uti- bit error rates.
lized hardware security primitives named PUF to establish a
two-way authentication protocol for WMSN, which can thwart C. Fuzzy Extractors for Biometrics Authentication
physical-layer threats. Subsequently, Saleem et al. [17] also A fuzzy extractor is used to obtain user biometric
found security flaws (i.e., SN impersonation attack and user information (e.g., fingerprint, physiological recognition, and
link attack) of Li et al.’s protocol [14], so they suggested a voice) as key generation elements [19]. The comprehensive
remedy plan by using password protection. extraction and verification process can be divided into the
As mentioned above, although numerous research plans following two steps.
have been proposed for WMSN to deal with some potential 1) Gen: A biometric secret key generation function is a
attacks, significant physical layer and centralized GWN issues probabilistic algorithm and requires an advanced input
are both obscure. Thus, in this article, we attempt to resolve DBj within the metric space M. The formula of this func-
these problems and propose a novel lightweight authentication tion could be presented as Gen(DBj ) = {θj , σj }, where
protocol for WMSN. θk ∈ {0, 1}m is a pair of biometric secret keys, m denotes
the number of bits belonging to θj , and σj is a public
restoration parameter.
III. P RELIMINARIES
2) Rep: A reproduction function is a deterministic algo-
In this section, we briefly describe the technologies, such as rithm which accepts a noisy biometric input DBj and
blockchain technology, smart contracts, PUF, error-correcting search corresponding parameters θj and σj , respectively.
codes, and fuzzy extractors for biometric authentication. The equation of the reproduction function can be illus-
trated as Rep(DBj , σj ) = θj . Note that this equation holds
A. Blockchain and Smart Contracts only when the Hamming distance between DBj and DBj
is equal to or less than a maximum error tolerance value
Blockchain is a chain that can contain millions of blocks
t: DBj ⊕ DBj ≤ t.
and each block records multiple sets of transaction data in
the form of a Merkle tree. Typically, the blockchain is a com-
pletely distributed ledger and anyone can gain access to initiate IV. S YSTEM M ODELS
transactions. Once the transactions are logged in a blockchain, Before the formal description of the proposed protocol, in
it is extremely difficult to alter or remove them. In recent years, this section, we primarily discuss network and threat models
blockchain technology has also led to the creation of a series defined in our framework.
of applications, including smart contracts, decentralized cloud
storage, supply-chain communications, and proof of prove-
nance. The most famous and practical application is a smart A. Network Model
contract, which consists of program codes that take control of As shown in Fig. 1, three entities exist in our proposed
the changes in state in the blockchain only if some predefined protocol: 1) SN; 2) GWN; and 3) MP which are described as
threshold is achieved. As an example, using a smart contract, follows.
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
8886 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 11, JUNE 1, 2022
TABLE I
N OTATIONS
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
WANG et al.: BLOCKCHAIN AND PUF-BASED LIGHTWEIGHT AUTHENTICATION PROTOCOL 8887
ECSNi to SNi through GWNk . Note that the SN regis- via MDj in the public channel, where TS1 is the
tration is in a private communication channel. current timestamp and MPAuth is the name of invoked
3) SC saves RSKSNi , ECSNi , and (CSN
x , Rx ) in local.
i SNi function.
4) While obtaining the S1 from MPj , GWNk first checks the
C. MP Registration Stage freshness of TS1 . If TS1 does not expire, GWNk builds
To retrieve patients’ data from SN legitimately, MPj also a transaction with S1 to the SC.
needs to register in the blockchain network in advance. The 5) SC confirms the validness of the GWN address provided
detailed procedures are illustrated as follows. in the blockchain and counter of MPMPj . Note that since
1) First and foremost, MPj chooses a 160-bit random num- we set counters for each SNi and MPj , if the failure
ber as his identity IDMPj , a nonce NMPj , a password request reaches a predefined threshold (e.g., five times),
PWMPj , and a biometric input DBj and generates a set the corresponding part will be blocked for some time.
of CRs (CMP x , Rx ). 6) SC searches the related R1MPj on the basis of pro-
j MPj
1
2) MPj computes RPWMPj = h(PWMPj NMPj ) and vided CMP j
from its database. Subsequently, SC cal-
sends parameters {IDMPj , RPWMPj , (CMP x , N x ),
j MPj culates M2 = M3 ⊕ R1MPj , M4 = h(Aj RPWMPj ) =
MPRegister } to the nearby GWN
k for invoking h(RSKMPj σj RBj RPWMPj ), M4 = M2 ⊕ M1 and con-
MPRegister function in the SC. ?
firms M4 = M4 . If the equation holds, MPj is a
3) When GWNk obtains the {IDMPj , RPWMPj , (CMP x ,
j legitimate user. Otherwise, MPj is declined by the SC
NMPj ), MPRegister } from MPj , it constructs a trans-
x
and the corresponding counter counts failure time.
action with these parameters to the SC.
7) To prove its identity to MPj , SC chooses a new CR pair
4) SC verifies the validness of IDMPj by checking the T .
of (CMP 2 , R2 ) from existing (Cx , Rx ) and com-
If IDMPj ∈ T , SC declines this registration request. j MPj MPj MPj
Otherwise, SC applies the DBj to the fuzzy extractor putes M5 = h(M4 R2MPj ) ⊕ Aj . Finally, SC delivers a set
probabilistic generation function Gen which generates of messages S2 = {M5 , CMP 2 , TS } to the MP through
j 2 j
Gen(DBj ) = {θj , σj }, where θj is a biometric secret key GWNk , where TS2 is the current timestamp. At this step,
and σj is a reproduction parameter. the MPAuth function terminates.
5) SC selects a 160-bit random secret key as 8) After receiving S2 , as usual, MPj initially checks the
RSKMPj and calculates RBj = h(θj IDMPj ), freshness of TS2 . If TS2 is valid, MPj selects associated
Aj = h(RSKMPj σj RBj ) ⊕ RPWMPj , ECMPj = R2MPj from on-premise set (CMP x , Rx ) and figures out
j MPj
h(RSKMPj IDMPj ), and Bj = ECMPj ⊕ RPWMPj . SC
M5 = h(M1 ⊕ M2 R2MPj ) ⊕ Aj . At the final step, MPj
stores {σj , θj , IDMPj , RPWMPj , RSKMPj , (CMP
x , Rx )} in
?
its database.
j MPj
checks M5 = M5 . If it is equal, then GWNk is considered
6) SC submits {RBj , Aj , Bj , σj Rep(·)} to MPi through legitimate.
GWNk in a secret channel. 9) Simultaneously, to retrieve patient’s data from SNi ,
7) MPi stores {RBj , Aj , Bj , σj Rep(·), RPWMPj , NMPj } in its GWNk automatically invokes the SNAuth function in the
mobile device. SC. Then, the SC chooses a pair of CR (CSN 1 , R1 )
i SNi
from the accessible CR set (CSNi , RSNi ) and computes
x x
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
8888 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 11, JUNE 1, 2022
computes M9 = M8 ⊕ ECMPj , M10 = SKSNi ⊕ ECMPj . 2) Since (RxMPj , RxMPj ) are preloaded in the SC, which can
Otherwise, the same counter calculates failure times automatically generate the novel ID∗MDi and ID∗SNi .
of SNi . Finally, SC transmits a set of messages S5 = 3) Each participant needs to drop all the CR pairs used in
{IDSNi , M9 , M10 , TS5 } to MPj via GWNk . At this point, this round. The detailed process of our protocol can be
SNAuth function finishes. referred to Fig. 2.
12) When MPj gets S5 and TS5 does not expire, MPj extracts
M8 = M9 ⊕ ECMPj , SKSNi = M10 ⊕ ECMPj and VI. S ECURITY A NALYSIS
calculates SKMPj = h(M4 M8 ). If SKSNi = SKMPj , In this section, we evaluate the security of our proposed
SKSNi and SKMPj can be used for the subsequent protocol for WMSN using a formal security analysis (e.g.,
communication through GWNk . the widely accepted AVISPA automated verification tool)2 and
informal security analysis. The formal security analysis mainly
checks the semantic security of our proposed protocol which
E. ID Update Stage can defend against an adversary in breaking SK security. On
To ensure that an adversary A cannot track the interaction the other hand, the informal security analysis illustrates some
between SNi and MPj , at the end of each key agree- common attacks that our protocol may encounter.
ment and authentication, the identities of SNi and MPj
should be dynamically adjusted according using the following A. Formal Security Analysis
steps. When it comes to cryptographic protocols’ security evalua-
1) SNi and MPj compute the new identities as tion, AVISPA is a popular verification tool. In AVISPA, users
ID∗SNi = h(IDSNi IDMDj RxSNi ) and ID∗MPi = h(IDSNi
IDMDj RxMDi ), respectively. 2 http://www.avispa-project.org/
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
WANG et al.: BLOCKCHAIN AND PUF-BASED LIGHTWEIGHT AUTHENTICATION PROTOCOL 8889
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
8890 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 11, JUNE 1, 2022
(a) (b)
(c) (d)
Fig. 4. Computation cost comparison. (a) Computation cost of SN. (b) Computation cost of MP. (c) Computation cost of GWN/SC. (d) Total computation
cost.
TABLE II
C OMPUTATIONAL C OST C OMPARISON the computation cost in terms of a hash function Th , which
takes 0.0005 s. Note that this measurement was conducted
on a desktop with CPU: Intel Core i7-4710HQ 2.50 GHz,
memory: 8 GB, and OS: Win8 64 bit. The experiments show
our proposed protocol for WMSN needs the least computa-
tion cost regards overall computation time (i.e., 0.0065 ms in
total) and achieves obvious advantages when compared with
related schemes regardless of any side (i.e., 0.0015 ms for SN,
0.003 ms for MP, and 0.002 ms for GWN/SC, respectively). In
protocol can prevent physical-layer attacks successfully by detail, the computation cost of SN, MP, GWN/SC, as well as
using PUF. overall in our proposed protocol is reduced by around 57.1%,
50.0%, 81.8%, and 68.3%, respectively.
VII. P ERFORMANCE E VALUATION
In this section, we compare our proposed protocol against B. Communication Cost
several recent works [9], [10], [14]. In this section, we evaluate the communication cost
concerning our proposed protocol and some related
A. Computation Cost works [3], [6], [9], [10]. We assume the identity of MP
is 160 bits, identities of SN and GWN are 32 bits, a public
As shown in Table II and Fig. 4, we compare the com-
key of the system is 512 bits, a timestamp is 32 bits,
munication cost of several existing schemes [3], [6], [9], [10]
“SNAuth/Auth” is 64 bits, and the length of the challenge
among the login and authentication phase. To maintain fair-
generated by PUF is 32 bits.
ness, precision, and reliability of the compassion results, the
In our proposed protocol, five sets of messages are trans-
selected methods [3], [6], [9], [10] are all composed of pure 1 , TS , MPAuth },
mitted, namely, S1 = {IDMPj , M1 , M3 , CMP 1
one-way hash function and bitwise XOR operations. When j
compared with hash operations, the computation cost for bit- S2 = {M5 , CMP2 , TS }, S = {ID
j 2 3 MPj , M 7 , C 1 , TS }, S =
SNi 3 4
{M8 , MSK, CSN 2 , TS , SNAuth }, and S = {ID , M9 ,
wise XOR operations is infinitesimal, so we only measure i 4 5 SN i
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.
WANG et al.: BLOCKCHAIN AND PUF-BASED LIGHTWEIGHT AUTHENTICATION PROTOCOL 8891
TABLE III
C OMMUNICATION C OST C OMPARISON [3] F. Wu et al., “A lightweight and robust two-factor authentication
scheme for personalized healthcare systems using wireless medical
sensor networks,” Future Gener. Comput. Syst., vol. 82, pp. 727–737,
May 2018.
[4] A. K. Das, A. K. Sutrala, V. Odelu, and A. Goswami, “A secure
smartcard-based anonymous user authentication scheme for healthcare
applications using wireless medical sensor networks,” Wireless Pers.
Commun., vol. 94, no. 3, pp. 1899–1933, 2017.
[5] J. Srinivas, D. Mishra, and S. Mukhopadhyay, “A mutual authentication
framework for wireless medical sensor networks,” J. Med. Syst., vol. 41,
no. 5, p. 80, 2017.
[6] R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, and N. Kumar, “A
M10 , TS5 }. From Table III, we can see the overall commu- robust and anonymous patient monitoring system using wireless medical
nication cost of our proposed protocol is 2048 bits, which sensor networks,” Future Gener. Comput. Syst., vol. 80, pp. 483–495,
are lightweight compared with the above-mentioned schemes. Mar. 2018.
[7] Q. Jiang, J. Ma, C. Yang, X. Ma, J. Shen, and S. A. Chaudhry,
Although the communication cost at the SN of Amin et al. [6] “Efficient end-to-end authentication protocol for wearable health moni-
and Wu et al.’s [3] protocols (e.g., both are 320 bits) are less toring systems,” Comput. Elect. Eng., vol. 63, pp. 182–195, Oct. 2017.
than ours (i.g., at 448 bits), the timestamp is overlooked in [8] J. Mo, Z. Hu, and Y. Lin, “Cryptanalysis and security improvement of
two authentication schemes for healthcare systems using wireless med-
their interaction process, which may offer an opportunity for ical sensor networks,” Security Commun. Netw., vol. 2020, Feb. 2020,
an adversary to conduct a replay attack successfully. Finally, Art. no. 5047379.
our proposed protocol can provide higher security with a [9] M. Fotouhi, M. Bayat, A. K. Das, H. A. N. Far, S. M. Pournaghi, and
M. Doostari, “A lightweight and secure two-factor authentication scheme
lower communication cost (i.e., 13Th = 2048 bits) compared for wireless body area networks in health-care IoT,” Comput. Netw.,
with the above-mentioned schemes (i.e., 36Th = 2144 bits vol. 177, Aug. 2020, Art. no. 107333.
for Amin et al. [6], 34Th = 2336 bits for Wu et al. [3], [10] J. Li, Z. Su, D. Guo, K.-K. R. Choo, and Y. Ji, “PSL-MAAKA: Provably
secure and lightweight mutual authentication and key agreement protocol
41Th = 2784 bits for Fotouhi et al. [9], and 26Th = 2144 bits for fully public channels in Internet of medical things,” IEEE Internet
for Li et al. [10]). Things J., vol. 8, no. 17, pp. 13183–13195, Sep. 2021.
[11] M. Masud, G. S. Gaba, K. Choudhary, M. S. Hossain, M. F. Alhamid,
and G. Muhammad, “Lightweight and anonymity-preserving user
VIII. C ONCLUSION AND F UTURE W ORK authentication scheme for IoT-based healthcare,” IEEE Internet Things
J., early access, May 14, 2021, doi: 10.1109/JIOT.2021.3080461.
To achieve physical-layer security which can include decen- [12] S. Challa et al., “An efficient ECC-based provably secure three-factor
tralized trust while resisting multiple common attacks, in this user authentication and key agreement protocol for wireless healthcare
article, emerging blockchain technology is combined with PUF sensor networks,” Comput. Elect. Eng., vol. 69, pp. 534–554, Jul. 2018.
[13] Y. Xie, S. Zhang, X. Li, Y. Li, and Y. Chai, “CasCP: Efficient and
to envision a secure and lightweight authentication for WMSN. secure certificateless authentication scheme for wireless body area
Our scheme can support dynamic identity updates after each networks with conditional privacy-preserving,” Security Commun. Netw.,
authentication and key agreement. Furthermore, our proto- vol. 2019, Jun. 2019, Art. no. 5860286.
[14] X. Li, J. Peng, M. S. Obaidat, F. Wu, M. K. Khan, and C. Chen, “A
col contains a biometric fuzzy extractor to extract biometric secure three-factor user authentication protocol with forward secrecy for
information and conduct proper authentication. The AVISPA wireless medical sensor network systems,” IEEE Syst. J., vol. 14, no. 1,
tool is used to verify the security of our protocol as well as pp. 39–50, Mar. 2020.
[15] M. Shuai, B. Liu, N. Yu, and L. Xiong, “Lightweight and secure three-
informal security analysis is given that lists some attacks often factor authentication scheme for remote patient monitoring using on-
occur in real environments and discusses comprehensive coun- body wireless networks,” Security Commun. Netw., vol. 2019, Jun. 2019,
termeasures of our proposed protocol. Finally, performance Art. no. 8145087.
[16] T. Alladi, V. Chamola, and Naren, “HARCI: A two-way authentication
evaluation highlighting communication and computational cost protocol for three entity healthcare IoT networks,” IEEE J. Sel. Areas
is compared with similar protocols, showing that our proposed Commun., vol. 39, no. 2, pp. 361–369, Feb. 2021.
protocol has an overall low overhead. In future work, certifi- [17] M. A. Saleem, S. Shamshad, S. Ahmed, Z. Ghaffar, and K. Mahmood,
“Security analysis on ‘a secure three-factor user authentica-
cateless signatures will be used to enhance the security of the tion protocol with forward secrecy for wireless medical sensor
proposed AKA protocol. network systems”’ IEEE Syst. J., early access, May 5, 2021,
doi: 10.1109/JSYST.2021.3073537.
[18] S. Pandey, S. Deyati, A. Singh, and A. Chatterjee, “Noise-resilient
ACKNOWLEDGMENT SRAM physically unclonable function design for security,” in Proc.
The authors thank DSR for technical support. IEEE 25th Asian Test Symp. (ATS), Hiroshima, Japan, 2016, pp. 55–60.
[19] M. Wazid, A. K. Das, V. Odelu, N. Kumar, M. Conti, and M. Jo, “Design
of secure user authenticated key management protocol for generic
R EFERENCES IoT networks,” IEEE Internet Things J., vol. 5, no. 1, pp. 269–282,
Feb. 2018.
[1] A. Baranchuk et al., “Cybersecurity for cardiac implantable electronic [20] D. Dolev and A. Yao, “On the security of public key protocols,” IEEE
devices: What should you know?” J. Amer. Coll. Cardiol., vol. 71, Trans. Inf. Theory, vol. 29, no. 2, pp. 198–208, Mar. 1983.
no. 11, pp. 1284–1288, 2018. [21] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-
[2] X. Li, J. Niu, S. Kumari, J. Liao, W. Liang, and M. K. Khan, “A new card security under the threat of power analysis attacks,” IEEE Trans.
authentication protocol for healthcare applications using wireless med- Comput., vol. 51, no. 5, pp. 541–552, May 2002.
ical sensor networks with user anonymity,” Security Commun. Netw., [22] L. Viganò, “Automated security protocol analysis with the AVISPA tool,”
vol. 9, no. 15, pp. 2643–2655, 2016. Electron. Notes Theor. Comput. Sci., vol. 155, pp. 61–86, May 2006.
Authorized licensed use limited to: Indian Institute of Technology Hyderabad. Downloaded on March 09,2023 at 14:12:10 UTC from IEEE Xplore. Restrictions apply.