Abstract
A wireless medical sensor network (WMSN ) is a professional application of the traditional wireless body area sensor networks in medicine. Using WMSNs, the parameters of patients’ vital signs can be gathered from the sensor nodes deployed on the body of the patients and accessed by the healthcare professionals by using a mobile device. Due to wireless communication, securing communication becomes a vital issue in WMSNs. Since the vital signs parameters are sensitive to the patients’ health status and these information must not be revealed to the others except the healthcare professionals, the protection of patients’ privacy becomes another key issue for WMSNs applications. Thus, user authentication with anonymity property is the most basic and commonly used method in order to resolve the security and privacy issues of WMSNs. He et al. presented a user authentication protocol for healthcare applications using WMSNs to protect the security and privacy problems. However, Li et al. showed that their scheme is incorrect in authentication and session key agreement phase, has no wrong password detection mechanism and is vulnerable to denial of service caused by password change with wrong password. In this paper, we review Li et al.’s scheme and show that their scheme is still vulnerable to privileged-insider attack, sensor node capture attack and fails to provide user anonymity property. Moreover, we find that He et al.’s scheme is still vulnerable to the same attacks as we find out in Li et al.’s scheme. In order to remedy the security weaknesses found in both He et al.’s scheme and Li et al.’s scheme, we present a secure biometrics-based user authentication scheme in WMSNs using smart card. Through the rigorous formal and informal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that our scheme is secure. Our scheme is also efficient in computation and communication as compared to He et al.’s scheme, Li et al.’s scheme and other related schemes.
Similar content being viewed by others
References
He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., & Yeo, S.-S. (2015). Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.
Kumar, P., Lee, S. G., & Lee, H. J. (2012). E-SAP: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks. Sensors, 12(2), 1625–1647.
Huang, Y. M., Hsieh, M. Y., Chao, H. C., Hung, S. H., & Park, J. H. (2009). Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks. IEEE Journal on Selected Areas in Communications, 27(4), 400–411.
Das, A. K. (2016). A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications, 9(1), 223–244.
Das, A. K. (2015). A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. International Journal of Communication Systems, 1–25. doi:10.1002/dac.2933.
Das, A. K. (2015). A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wireless Personal Communications, 82(3), 1377–1404.
Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10, 2450–2459.
Khan, M. K., & Kumari, S. (2013). An authentication scheme for secure access to healthcare services. Journal of Medical Systems, 37(4), 1–12.
Kumari, S., Khan, M. K., & Atiquzzaman, M. (2015). User authentication schemes for wireless sensor networks: A review. Ad Hoc Networks, 27, 159–194.
Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., & Khan, M. K. (2015). A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Security and Communication Networks. doi:10.1002/sec.1214.
Shi, W., & Gong, P.(2013) A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. International Journal of Distributed Sensor Networks, 2013:1–7. Article ID 730831, doi:10.1155/2013/730831.
Yeh, H. L., Chen, T. H., Liu, P. C., Kim, T. H., & Wei, H. W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors, 11(5), 4767–4779.
Han, W. (2011). Weakness of a secured authentication protocol for wireless sensor networks using elliptic curves cryptography. http://eprint.iacr.org/2011/293.
Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. K. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th Annual International Cryptology Conference. Advances in Cryptology—CRYPTO’99, Lecture Notes in Computer Science, (Vol. 1666, pp. 388–397) Santa Barbara, California, USA.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.
Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.
Odelu, V., Das, A. K., & Goswami, A. (2016). SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms. IEEE Transactions on Consumer Electronics, 62(1), 30–38.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.
Chatterjee, S., & Das, A. K. (2015). An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Security and Communication Networks, 8(9), 1752–1771.
Odelu, V., Das, A. K., & Goswami, A. (2015). A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks. Security and Communication Networks, 8(9), 1732–1751.
Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209, 80–92.
Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269, 270–285.
Das, A. K., Mishra, D., & Mukhopadhyay, S. (2015). An anonymous and secure biometric-based enterprise digital rights management system for mobile environment. Security and Communication Networks, 8(18), 3383–3404.
Das, A. K. (2015). A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. Journal of Medical Systems, 39(3), 1–20.
Chuang, Y.-H., & Tseng, Y.-M. (2010). An efficient dynamic group key agreement protocol for imbalanced wireless networks. International Journal of Network Management, 20(4), 167–180.
Wu, S., & Chen, K. (2012). An efficient key-management scheme for hierarchical access control in E-medicine system. Journal of Medical Systems, 36(4), 2325–2337.
AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed January 2015.
Lv, C., Ma, M., Li, H., Ma, J., & Zhang, Y. (2013). An novel three-party authenticated key exchange protocol using one-time key. Journal of Network and Computer Applications, 36(1), 498–503.
von Oheimb, D. (2005). The high-level protocol specification language hlpsl developed in the eu project avispa. In Proceedings of APPSEM 2005 Workshop, (pp. 1–17) Tallinn.
AVISPA. SPAN, the Security Protocol ANimator for AVISPA. http://www.avispa-project.org/. Accessed July 2016.
Basin, D., Modersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.
He, D., Zeadally, S., Xu, B., & Huang, X. (2015). An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Transactions on Information Forensics and Security, 10(12), 2681–2691.
He, D., Kumar, N., Lee, J. H., & Sherratt, R. S. (2014). Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 60(1), 30–37.
Advanced Encryption Standard (AES). FIPS PUB 197, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.
Koblitz, N., Menezes, A., & Vanstone, S. A. (2000). The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19(2–3), 173–193.
Rivest, R. L., Shamir, A., & Adleman, L. M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.
Secure hash standard. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995. http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.
Acknowledgments
The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper. This work was partially supported by the Information Security Education and Awareness (ISEA) Phase II Project, Department of Electronics and Information Technology (DeitY), India.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Das, A.K., Sutrala, A.K., Odelu, V. et al. A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks. Wireless Pers Commun 94, 1899–1933 (2017). https://doi.org/10.1007/s11277-016-3718-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3718-6