Abstract
Wireless body area networks (WBANs) have become one of the key components of mobile health (mHealth) which provides 24/7 health monitoring service and greatly improves the quality and efficiency of healthcare. However, users’ concern about the security and privacy of their health information has become one of the major obstacles that impede the wide adoption of WBANs. Anonymous and unlinkable authentication is critical to protect the security and privacy of sensitive physiological information in transit from the client to the application provider. We first show that the anonymous authentication scheme of Wang and Zhang based on bilinear pairing is prone to client impersonation attack. Then, we propose an enhanced anonymous authentication scheme to remedy the flaw in Wang and Zhang’s scheme. We give the security analysis to demonstrate that the enhanced scheme achieves the desired security features and withstands various known attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Li, M., Lou, W., and Ren, K., Data security and privacy in wireless body area networks. IEEE Wirel. Commun. 17(1):51–58, 2010.
Qi, X., Wang, K., Huang, A., Hu, H., and Han, G., MAC protocol in wireless body area network for mobile health: a survey and an architecture design. Int. J. Distrib. Sens. Netw. 2015:9, 2015. doi:10.1155/2015/289404. Article ID 289404.
Shen, J., Tan, H., Wang, J., et al., A novel routing protocol providing good transmission reliability in underwater sensor networks. J. Internet Technol. 16(1):171–178, 2015.
Xie, S., and Wang, Y., Construction of tree network with limited delivery latency in homogeneous wireless sensor networks. Wirel. Pers. Commun. 78(1):231–246, 2014.
He, D., Zeadally, S., and Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. 2015. doi:10.1109/JSYST.2015.2428620.
Ren, Y., Shen, J., Zheng, Y., Wang, J., and Chao, H.-C., Efficient data integrity auditing for storage security in mobile health cloud. Peer-to-Peer Netw. Appl. 2015. doi:10.1007/s12083-015-0346-y.
Ren, Y., Shen, J., Wang, J., Han, J., and Lee, S., Mutual verifiable provable data auditing in public cloud storage. J. Int. Technol. 16(2):317–323, 2015.
Fu, Z., Sun, X., Liu, Q., et al., Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98-B(1):190–200, 2015.
Xia, Z., Wang, X., Sun, X., and Wang, Q., A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 27(2):340–352, 2015.
Li, H., Yang, Y., Luan, T., Liang, X., Zhou, L., and Shen, X., Enabling fine-grained multi-keyword search supporting classified Sub-dictionaries over encrypted cloud data. IEEE Trans. Dependable Secure Comput. 13(3):312–325, 2015.
He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.
Guo, P., Wang, J., Li, B., et al., A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6):929–936, 2014.
Jiang, Q., Wei, F., Fu, S., Ma, J., Li, G., and Alelaiwi, A., Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4):2085–2101, 2016.
Wang, D., He, D., Wang, P., et al., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.
He, D., Zeadally, S., Xu, B., and Huang, X., An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad-hoc networks. IEEE Trans. Inf. Forensics Secur. 10(12):1681–2691, 2015.
Jiang, Q., Khan, M. K., Lu, X., Ma, J., and He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput. 2016. doi:10.1007/s11227-015-1610-x.
Karaoğlan, D., and Levi, A., A survey on the development of security mechanisms for body area networks. Comput. J. 57(10):1484–1512, 2014.
Ibrahim, M. H., Kumari, S., Das, A. K., et al., Secure anonymous mutual authentication for star two-tier wireless body area networks. Comput. Methods Prog. Biomed. 135:37–50, 2016.
IEEE standard for local and metropolitan area networks: Part 15.6: Wireless body area networks. IEEE, 2012.
Toorani, M., Security analysis of the IEEE 802.15. 6 standard. Int. J. Commun. Syst. 2016. doi:10.1002/dac.3120.
Shen, J., Tan, H., Moh, S., et al., Enhanced secure sensor association and key management in wireless body area networks. J. Commun. Netw. 17(5):453–462, 2015.
Liu, J., Zhang, Z., Chen, X., and Kwak, K., Certificateless remote anonymous authentication schemes for wireless body sensor networks. IEEE Trans. Parallel Distrib. Syst. 25(2):332–342, 2014.
Zhao, Z., An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2):1–7, 2014.
Xiong, H., Cost-effective scalable and anonymous certificateless remote authentication protocol. Inf. Forensics Secur. IEEE Trans. 9(12):2327–2339, 2014.
Xiong, H., and Qin, Z., Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks. IEEE Trans. Inf. Forensics Secur. 10(7):1442–1455, 2015.
He, D., Zeadally, S., Kumar, N., and Lee, J.-H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 2016. doi:10.1109/JSYST.2016.2544805.
Wang, C., and Zhang, Y., New authentication scheme for wireless body area networks using the bilinear pairing. J. Med. Syst. 39:136, 2015.
Hankerson, D., Menezes, A., and Vanstone, S., Guide to elliptic curve cryptography, lecture notes in computer science. Springer, Berlin, 2004.
Boneh D., Franklin M., Identity-based encryption from the weil pairing, Proc. 21st Annu. Int. Cryptol. Conf. (CRYPTO), pp. 213–229, 2001.
Wang, D., and Ma, C., Cryptanalysis of a remote user authentication scheme for mobile client–server environment based on ECC. Inf. Fusion 14(4):498–503, 2013.
Li, X., Niu, J., Kumari, S., Liao, J., and Liang, W., An enhancement of a smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. 80(1):175–192, 2015.
Li, X., Niu, J., Wang, Z., and Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10):1488–1497, 2014.
He, D., Kumar, N., Wang, H., Wang, L., Choo Raymond, K.-K., and Vinel, A., A provably-secure cross-domain hand shake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans. Dependable Secure Comput. 2016. doi:10.1109/TDSC.2016.2596286.
Jiang, Q., Ma, J., and Wei, F., On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst. J. 2016. doi:10.1109/JSYST.2016.2574719.
Li, X., Niu, J., Khan, M. K., and Liao, J., An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5):1365–1371, 2013.
Jiang, Q., Ma, J., Li, G., et al., An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wirel. Pers. Commun. 68(4):1477–1491, 2013.
Jiang, Q., Kumar, N., Ma, J., Shen, J., He, D., and Naveen, C., An privacy aware two-factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Int. J. Netw. Manag. 2016. doi:10.1002/nem.1937.
Wang, D., Wang, N., Wang, P., and Qing, S., Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321:162–178, 2015.
Li, H., Lin, X., Yang, H., Liang, X., Lu, R., and Shen, X., EPPDR: an efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Trans. Parallel Distrib. Syst. 25(8):2053–2064, 2014.
Jiang, Q., Ma, J., Li, G., and Yang, L., An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel. Pers. Commun. 77(2):1489–1506, 2014.
Jiang, Q., Ma, J., Lu, X., and Tian, Y., An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 8(6):1070–1081, 2015.
Acknowledgments
This work is supported by Supported by National Natural Science Foundation of China (Program No. 61672413, U1405255, U1536202, 61372075, 61472310), National High Technology Research and Development Program (863 Program) (Program No. 2015AA016007), Natural Science Basic Research Plan in Shaanxi Province of China (Program No.2016JM6005), Fundamental Research Funds for the Central Universities (Program No. JB161501), China 111 Project (No. B16037), the Priority Academic Program Development of Jiangsu Higher Education Institutions (PAPD), Jiangsu Collaborative Innovation Center of Atmospheric Environment and Equipment Technology (CICAEET), and Specific project on research and development platform of Shanghai Science and Technology Committee (Program No. 14DZ2294400).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Patient Facing Systems
Rights and permissions
About this article
Cite this article
Jiang, Q., Lian, X., Yang, C. et al. A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth. J Med Syst 40, 231 (2016). https://doi.org/10.1007/s10916-016-0587-1
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0587-1