Skip to main content

Advertisement

Log in

On the Security of a Blockchain and PUF-Based Lightweight Authentication Protocol for Wireless Medical Sensor Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The advent of the internet of things (IoT) in the global communication network has made everything interconnected and accessible. Therefore, the fields of medicine and diagnosis have emerging trend of using heterogeneous Internet of Medical Things (IoMT). The IoMT makes use of wearable health devices to transfer a huge amount of sensitive medical data to primary servers for diagnosis via a Wireless Medical Sensor Network (WMSN). Although it brings much convenience to patients as well as medical professionals, there are risks of security and privacy breaches. Recently, Wang et al. proposed “Blockchain and PUF-based Authentication Protocol for Wireless Medical Sensor Networks” (DOI 10.1109/JIOT.2021.3117762) for WMSN. Although their protocol deploys security benefits of both the blockchain and PUF technology but cryptanalysis of this protocol shows that the impersonation of the entities involved in the protocol makes it highly vulnerable to eavesdropping, incorrect notion of user anonymity and masquerading attacks. This study pinpoints several security breaches of the said protocol and proposes an enhanced protocol to resolve these security flaws in an invulnerable way. We show that the proposed protocol is safe against various attacks like impersonation, man-in-the-middle, user anonymity and system key leakage using Automated Validation of Internet Security Protocols and Applications tools and Random Oracle Model. We offer pragmatic security analysis and proofs to show that the suggested protocol meets the intended security objectives. Our protocol surpasses four other competitive protocols in terms of computing, communication, and storage costs, according to a thorough performance comparison.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Data Availability

There is no data or any other material associated with this manuscript.

Code Availability

Not Applicable.

References

  1. Khairuddin, A., Azir, K.F.K., & Kan, P.E. (2017). Limitations and future of electrocardiography devices: A review and the perspective from the internet of things, in 2017 international conference on research and innovation in information systems (ICRIIS).IEEE, pp. 1–7.

  2. Deshkar, S., Thanseeh, R., & Menon, V. G. (2017). A review on iot based m-health systems for diabetes. International Journal of Computer Science and Telecommunications, 8(1), 13–18.

    Google Scholar 

  3. Vergara, P. M., de la Cal, E., Villar, J. R., González, V. M., & Sedano, J. (2017). An iot platform for epilepsy monitoring and supervising. Journal of Sensors, 2017(1), 6043069.

    Google Scholar 

  4. Msayib, Y., Gaydecki, P., Callaghan, M., Dale, N., & Ismail, S. (2017). An intelligent remote monitoring system for total knee arthroplasty patients. Journal of medical systems, 41(6), 1–6.

    Google Scholar 

  5. Kitsiou, S., Thomas, M., Marai, G.E., Maglaveras, N., Kondos, G., Arena, R., & Gerber, B. (2017) Development of an innovative mhealth platform for remote physical activity monitoring and health coaching of cardiac rehabilitation patients, in 2017 IEEE EMBS International Conference on Biomedical & Health Informatics (BHI).IEEE, pp. 133–136.

  6. Qi, J., Yang, P., Min, G., Amft, O., Dong, F., & Xu, L. (2017). Advanced internet of things for personalised healthcare systems: A survey. Pervasive and Mobile Computing, 41, 132–149.

    Google Scholar 

  7. Al Mamun, K. A., Alhussein, M., Sailunaz, K., & Islam, M. S. (2017). Cloud based framework for parkinson’s disease diagnosis and monitoring system for remote healthcare applications. Future Generation Computer Systems, 66, 36–47.

    Google Scholar 

  8. Crema, C., Depari, A., Flammini, A., Sisinni, E., Vezzoli, A., & Bellagente, P. (2017). Virtual respiratory rate sensors: An example of a smartphone-based integrated and multiparametric mhealth gateway. IEEE Transactions on Instrumentation and Measurement, 66(9), 2456–2463.

    Google Scholar 

  9. Silsupadol, P., Teja, K., & Lugade, V. (2017). Reliability and validity of a smartphone-based assessment of gait parameters across walking speed and smartphone locations: Body, bag, belt, hand, and pocket. Gait & Posture, 58, 516–522.

    Google Scholar 

  10. Firth, J., Torous, J., Nicholas, J., Carney, R., Rosenbaum, S., & Sarris, J. (2017). Can smartphone mental health interventions reduce symptoms of anxiety? a meta-analysis of randomized controlled trials. Journal of Affective Disorders, 218, 15–22.

    Google Scholar 

  11. Firouzi, F., Rahmani, A.M., Mankodiya, K., Badaroglu, M., Merrett, G.V., Wong, P., & Farahani, B. (2018). Internet-of-things and big data for smarter healthcare: From device to architecture, applications and analytics, pp. 583–586.

  12. Baranchuk, A., Refaat, M. M., Patton, K. K., Chung, M. K., Krishnan, K., Kutyifa, V., Upadhyay, G., Fisher, J. D., & Lakkireddy, D. R. (2018). A. C. of cardiology’s electrophysiology section leadership, Cybersecurity for cardiac implantable electronic devices: What should you know? Journal of the American College of Cardiology, 71(11), 1284–1288.

    Google Scholar 

  13. Wu, F., Li, X., Sangaiah, A. K., Xu, L., Kumari, S., Wu, L., & Shen, J. (2018). A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems, 82, 727–737.

    Google Scholar 

  14. Fotouhi, M., Bayat, M., Das, A. K., Far, H. A. N., Pournaghi, S. M., & Doostari, M.-A. (2020). A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care iot. Computer Networks, 177, 107333.

    Google Scholar 

  15. Amin, R., Islam, S. H., Biswas, G., Khan, M. K., & Kumar, N. (2018). A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Generation Computer Systems, 80, 483–495.

    Google Scholar 

  16. Li, X., Wu, F., Khan, M. K., Xu, L., Shen, J., & Jo, M. (2018). A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems, 84, 149–159.

    Google Scholar 

  17. Wang, W., Qiu, C., Yin, Z., Srivastava, G., Gadekallu, T. R., Alsolami, F., & Su, C. (2021). Blockchain and puf-based lightweight authentication protocol for wireless medical sensor networks. IEEE Internet of Things Journal, 9(11), 8883.

    Google Scholar 

  18. Rodrigues, J. J., Segundo, D. B. D. R., Junqueira, H. A., Sabino, M. H., Prince, R. M., Al-Muhtadi, J., & De Albuquerque, V. H. C. (2018). Enabling technologies for the internet of health things. Ieee Access, 6, 13129–13141.

    Google Scholar 

  19. Sureshkumar, V., Amin, R., Vijaykumar, V., & Sekar, S. R. (2019). Robust secure communication protocol for smart healthcare system with fpga implementation. Future Generation Computer Systems, 100, 938–951.

    Google Scholar 

  20. Tai, W.-L., Chang, Y.-F., & Lo, Y.-L. (2019). An anonymity, availability and security-ensured authentication model of the iot control system for reliable and anonymous ehealth services. Journal of Medical and Biological Engineering, 39(4), 443–455.

    Google Scholar 

  21. Gope, P., Millwood, O., & Sikdar, B. (2021). A scalable protocol level approach to prevent machine learning attacks on physically unclonable function based authentication mechanisms for internet of medical things. IEEE Transactions on Industrial Informatics, 18(3), 1971–1980.

    Google Scholar 

  22. Liu, C.-H., & Chung, Y.-F. (2017). Secure user authentication scheme for wireless healthcare sensor networks. Computers & Electrical Engineering, 59, 250–261.

    Google Scholar 

  23. Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., & Chaudhry, S. A. (2017). Efficient end-to-end authentication protocol for wearable health monitoring systems. Computers & Electrical Engineering, 63, 182–195.

    Google Scholar 

  24. Mo, J., Hu, Z., & Lin, Y. (2020). Cryptanalysis and security improvement of two authentication schemes for healthcare systems using wireless medical sensor networks. Security and Communication Networks, 2020(1), 5047379.

    Google Scholar 

  25. Azrour, M., Mabrouki, J., Guezzaz, A., & Farhaoui, Y. (2021). New enhanced authentication protocol for internet of things. Big Data Mining and Analytics, 4(1), 1–9.

    Google Scholar 

  26. Vinoth, R., Deborah, L. J., Vijayakumar, P., & Kumar, N. (2020). Secure multifactor authenticated key agreement scheme for industrial IoT. IEEE Internet of Things Journal, 8(5), 3801–3811.

    Google Scholar 

  27. Xue, L., Huang, Q., Zhang, S., Huang, H., & Wang, W. (2021). A lightweight three-factor authentication and key agreement scheme for multigateway wsns in iot. Security and Communication Networks, 2021, 1–15.

    Google Scholar 

  28. Challa, S., Das, A. K., Odelu, V., Kumar, N., Kumari, S., Khan, M. K., & Vasilakos, A. V. (2018). An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers & Electrical Engineering, 69, 534–554.

    Google Scholar 

  29. Ali, R., Pal, A. K., Kumari, S., Sangaiah, A. K., Li, X., & Wu, F. (2018). An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. Journal of Ambient Intelligence and Humanized Computing, 12, 1–22.

    Google Scholar 

  30. Li, X., Ibrahim, M. H., Kumari, S., Sangaiah, A. K., Gupta, V., & Choo, K.-K.R. (2017). Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Computer Networks, 129, 429–443.

    Google Scholar 

  31. Masud, M., Gaba, G. S., Choudhary, K., Hossain, M. S., Alhamid, M. F., & Muhammad, G. (2021). Lightweight and anonymity-preserving user authentication scheme for IOT-based healthcare. IEEE Internet of Things Journal, 9(4), 2649.

    Google Scholar 

  32. Kaur, D., Saini, K. K., & Kumar, D. (2022). Cryptanalysis and enhancement of an authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks. Multimedia Tools and Applications, 81(27), 39 367-39 385.

    Google Scholar 

  33. Saini, K. K., Kaur, D., Kumar, D., & Kumar, B. (2024). An efficient three-factor authentication protocol for wireless healthcare sensor networks. Multimedia Tools and Applications, 24, 1–23.

    Google Scholar 

  34. Shao, X., Guo, Y., & Guo, Y. (2022). A PUF-based anonymous authentication protocol for wireless medical sensor networks. Wireless Networks, 28(8), 3753–3770.

    Google Scholar 

  35. Shamshad, S., Mahmood, K., Kumari, S., Chen, C.-M., et al. (2020). A secure blockchain-based e-health records storage and sharing scheme. Journal of Information Security and Applications, 55, 102590.

    Google Scholar 

  36. Xiao, L., Han, D., Meng, X., Liang, W., & Li, K.-C. (2020). A secure framework for data sharing in private blockchain-based wbans. IEEE Access, 8, 153 956-153 968.

    Google Scholar 

  37. Khujamatov, K., Reypnazarov, E., Akhmedov, N., & Khasanov, D. (2020). Blockchain for 5g healthcare architecture, in 2020 international conference on information science and communications technologies (ICISCT).IEEE, pp. 1–5.

  38. Hong, Y., Yang, L., Liang, W., & Xie, A. (2023). Secure access control for electronic health records in blockchain-enabled consumer internet of medical things. IEEE Transactions on Consumer Electronics, 25, 23.

    Google Scholar 

  39. Kearney, J. J., & Perez-Delgado, C. A. (2021). Vulnerability of blockchain technologies to quantum attacks. Array, 10, 100065.

    Google Scholar 

  40. Cui, W., Dou, T., & Yan, S. (2020). Threats and opportunities: Blockchain meets quantum computation,” in 2020 39th Chinese control conference (CCC).IEEE, pp. 5822–5824.

  41. Arpaia, P., Bonavolontà, F., Cioffi, A., & Moccaldi, N. (2021). Power measurement-based vulnerability assessment of IOT medical devices at varying countermeasures for cybersecurity. IEEE Transactions on Instrumentation and Measurement., 70, 1–9.

    Google Scholar 

  42. Chang, C.-C., & Le, H.-D. (2015). A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Transactions on Wireless Communications, 15(1), 357–366. https://doi.org/10.1109/TWC.2015.2473165

    Article  Google Scholar 

  43. Akram, M. A., Mahmood, K., Kumari, S., & Xiong, H. (2020). Comments on toward secure and provable authentication for internet of things: realizing industry 4.0. IEEE Internet of Things Journal, 7(5), 4676–4681.

    Google Scholar 

  44. Delvaux, J. (2019). Machine-learning attacks on polypufs, ob-pufs, rpufs, lhs-pufs, and puf-fsms. IEEE Transactions on Information Forensics and Security, 14(8), 2043–2058.

    Google Scholar 

  45. Yogesh, P. R., et al. (2020). Formal verification of secure evidence collection protocol using ban logic and Avispa. Procedia Computer Science, 167, 1334–1344.

    Google Scholar 

  46. Sahoo, S. S., Mohanty, S., Sahoo, K. S., Daneshmand, M., & Gandomi, A. H. (2023). A three factor based authentication scheme of 5G wireless sensor networks for IoT system. IEEE Internet of Things Journal., 1, 23.

    Google Scholar 

  47. Kumar, D. (2023). Cryptanalysis and improvement of an authentication protocol for wireless sensor networks. Transactions on Emerging Telecommunications Technologies, 34(5), e4747.

    Google Scholar 

  48. Huang, W. (2024). ECC-based three-factor authentication and key agreement scheme for wireless sensor networks. Scientific Reports, 14(1), 1787.

    Google Scholar 

Download references

Acknowledgements

Not Applicable.

Funding

Not Applicable.

Author information

Authors and Affiliations

Authors

Contributions

Writing-original draft: Sumble Fatima (SF), Muhammad Arslan Akram (MAA), Adnan Noor Mian (ANM), Saru Kumari (SK), and Chien-Ming Chen (CMC); Conceptualization: SF, MAA, and ANM; Writing-review and Editing: MAA, ANM, SK, and CMC; Investigation ANM, SK and CMC; Supervision: MAA, ANM and SK;

Corresponding author

Correspondence to Adnan Noor Mian.

Ethics declarations

Conflict of interest

The authors proclaim that they have no Conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fatima, S., Akram, M.A., Mian, A.N. et al. On the Security of a Blockchain and PUF-Based Lightweight Authentication Protocol for Wireless Medical Sensor Networks. Wireless Pers Commun 136, 1079–1106 (2024). https://doi.org/10.1007/s11277-024-11318-6

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-024-11318-6

Keywords

Navigation