Skip to main content
SpringerLink
Log in

An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks

  • Regular Paper
  • Published:
Multimedia Systems Aims and scope Submit manuscript

Abstract

Wireless sensor networks (WSNs) are fast developed and widely used in many applications. One of the most important applications is wireless medical sensor network (WMSN) which makes modern health-care more popular. The doctor can get the patient’s physiological data collected by special sensors deployed on or in the patient’s body in real time with the mobile devices via the wireless communication channel. The collected data are important and should be confidential. So security measures are considered in the process of communication. Recently, He et al. (Multimed Syst, 21(1), 49–60, 2015) proposed a new two-factor authentication scheme for health-care with WMSNs and claimed it to be secure. But we find that it is vulnerable to the off-line guessing attack, the user impersonation attack, and the sensor node capture attack. Moreover, we present an improved scheme to overcome the disadvantages. Through the formal verification with Proverif and the analysis presented by us, our scheme is secure. It is more practical for applications through the comparison between some recent schemes for WMSNs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Chen, T.H., Shih, W.K.: A robust mutual authentication protocol for wireless sensor networks. Etri J. 32(5), 704–712 (2010)

    Article  Google Scholar 

  2. Das, M.L.: Two-factor user authentication in wireless sensor networks. Wirel. Commun. IEEE Trans. 8(3), 1086–1090 (2009)

    Article  Google Scholar 

  3. Dolev, D., Yao, A.C.: On the security of public key protocols. Inf. Theory IEEE Trans. 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  4. He, D., Zeadally, S.: Authentication protocol for an ambient assisted living system. Commun. Mag. IEEE 53(1), 71–77 (2015)

  5. He, D., Kumar, N., Chen, J., Lee, C.C., Chilamkurti, N., Yeo, S.S.: Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed. Syst. 21(1), 49–60 (2015). doi:10.1007/s00530-013-0346-9

    Article  Google Scholar 

  6. He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. 321, 236–277 (2015). doi:10.1016/j.ins.2015.02.010

    Article  Google Scholar 

  7. He, D., Zeadally, S., Wu, L.: Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. (2015). doi:10.1109/JSYST.2015.2428620

  8. Hsiao, T.C., Liao, Y.T., Huang, J.Y., Chen, T.S., Horng, G.B.: An authentication scheme to healthcare security under wireless sensor networks. J. Med. Syst. 36(6), 3649–3664 (2012). doi:10.1007/s10916-012-9839-x

    Article  Google Scholar 

  9. Hu, F., Jiang, M., Wagner, M., Dong, D.C.: Privacy-preserving telecardiology sensor networks: toward a low-cost portable wireless hardware/software codesign. Inf. Technol. Biomed. IEEE Trans. 11(6), 619–627 (2007)

    Article  Google Scholar 

  10. Huang, H.F., Chang, Y.F., Liu, C.H.: Enhancement of two-factor user authentication in wireless sensor networks. In: Intelligent information hiding and multimedia signal processing (IIH-MSP), sixth International Conference on, IEEE, pp. 27–30 (2010)

  11. Karuppiah, M., Saravanan, R.: A secure remote user mutual authentication scheme using smart cards. J. Inf. Secur. Appl. 19(4), 282–294 (2014)

    Google Scholar 

  12. Karuppiah, M., Saravanan, R.: A secure authentication scheme with user anonymity for roaming service in global mobility networks. Wirel. Pers. Commun. (2015). doi:10.1007/s11277-015-2524-x

  13. Khan, M.K., Alghathbar, K.: Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 10(3), 2450–2459 (2010)

    Article  Google Scholar 

  14. Khan, M.K., Kumari, S.: An improved user authentication protocol for healthcare services via wireless medical sensor networks. Int. J. Distrib. Sens. Netw. (2014)

  15. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology-CRYPTO99. Springer, pp. 388–397 (1999)

  16. Kumar, P., Lee, S.G., Lee, H.J.: E-sap: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks. Sensors 12(2), 1625–1647 (2012)

    Article  Google Scholar 

  17. Kumari, S., Gupta, M.K., Khan, M.K., Li, X.: An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur. Commun. Netw. 7(11), 1921–1932 (2014)

    Article  Google Scholar 

  18. Kumari, S., Khan, M.K., Atiquzzaman, M.: User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw. 27, 159–194 (2015)

    Article  Google Scholar 

  19. Le, X.H., Khalid, M., Sankar, R., Lee, S.: An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare. J. Netw. 6(3), 355–364 (2011)

    Google Scholar 

  20. Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)

    Article  Google Scholar 

  21. Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J.: A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1), 85–95 (2013)

    Article  Google Scholar 

  22. Li, X., Niu, J., Khan, M.K., Liao, J.: An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5), 1365–1371 (2013)

    Article  Google Scholar 

  23. Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., Khan, M.K.: A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Secur. Commun. Netw. (2015)

  24. Mangard, S., Oswald, E., Standaert, F.X.: One for all-call for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)

    Article  Google Scholar 

  25. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  26. Nyang, D., Lee, M.K.: Improvement of das’s two-factor authentication protocol in wireless sensor networks. IACR Cryptol. ePrint Arch. 2009, 631 (2009)

    Google Scholar 

  27. Raja, K.N., Beno, M.M.: On securing wireless sensor network-novel authentication scheme against dos attacks. J. Med. Syst. 38(10), 1–5 (2014). doi:10.1007/s10916-014-0084-3

    Article  Google Scholar 

  28. Wang, D., Wang, P.: On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions. Comput. Netw. 73, 41–57 (2014)

    Article  Google Scholar 

  29. Wang, D., Wang, P.: Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw. 20, 1–15 (2014)

    Article  Google Scholar 

  30. Wang, D., He, D., Wang, P., Chu, C.: Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans. Dependable and Secure Computing (2014). doi:10.1109/TDSC.2014.2355850

  31. Wu, F., Xu, L.: Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. J. Med. Syst. 37(4), 1–9 (2013)

    Article  Google Scholar 

  32. Wu, F., Xu, L., Kumari, S., Li, X.: A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput Elect. Eng. (2015). doi:10.1016/j.compeleceng.2015.02.015

  33. Xu, L., Wu, F.: Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 39(2), 1–9 (2015)

    Article  Google Scholar 

  34. Xu, L., Wu, F.: An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur. Commun. Netw. 8(2), 245–260 (2015). doi:10.1002/sec.977

    Article  MathSciNet  Google Scholar 

  35. Yoo, S.G., Park, K.Y., Kim, J.: A security-performance-balanced user authentication scheme for wireless sensor networks. Int. J. Distrib. Sens. Netw. (2012)

Download references

Acknowledgments

The authors thank the valuable work of the editors and the anonymous reviewers. This research is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, the National Natural Science Foundation of China under Grant No. 61300220, and it is also supported by PAPD and CICAEET.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Xiamen Institute of Technology, Xiamen, 361021, China

    Fan Wu

  2. School of Information Science and Technology, Xiamen University, Xiamen, 361005, China

    Lili Xu

  3. Department of Mathematics, Ch. Charan Singh University, Meerut, 250005, Uttar Pradesh, India

    Saru Kumari

  4. School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan, 411201, China

    Xiong Li

  5. Nanjing University of Information Science and Technology, Nanjing, 210044, China

    Xiong Li

Authors
  1. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lili Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fan Wu.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Communicated by L. Zhou.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, F., Xu, L., Kumari, S. et al. An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks. Multimedia Systems 23, 195–205 (2017). https://doi.org/10.1007/s00530-015-0476-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00530-015-0476-3

Keywords

Search

Navigation