Skip to main content
SpringerLink
Log in

A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

A wireless medical sensor network (WMSN ) is a professional application of the traditional wireless body area sensor networks in medicine. Using WMSNs, the parameters of patients’ vital signs can be gathered from the sensor nodes deployed on the body of the patients and accessed by the healthcare professionals by using a mobile device. Due to wireless communication, securing communication becomes a vital issue in WMSNs. Since the vital signs parameters are sensitive to the patients’ health status and these information must not be revealed to the others except the healthcare professionals, the protection of patients’ privacy becomes another key issue for WMSNs applications. Thus, user authentication with anonymity property is the most basic and commonly used method in order to resolve the security and privacy issues of WMSNs. He et al. presented a user authentication protocol for healthcare applications using WMSNs to protect the security and privacy problems. However, Li et al. showed that their scheme is incorrect in authentication and session key agreement phase, has no wrong password detection mechanism and is vulnerable to denial of service caused by password change with wrong password. In this paper, we review Li et al.’s scheme and show that their scheme is still vulnerable to privileged-insider attack, sensor node capture attack and fails to provide user anonymity property. Moreover, we find that He et al.’s scheme is still vulnerable to the same attacks as we find out in Li et al.’s scheme. In order to remedy the security weaknesses found in both He et al.’s scheme and Li et al.’s scheme, we present a secure biometrics-based user authentication scheme in WMSNs using smart card. Through the rigorous formal and informal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that our scheme is secure. Our scheme is also efficient in computation and communication as compared to He et al.’s scheme, Li et al.’s scheme and other related schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

(Source: [1])

Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., & Yeo, S.-S. (2015). Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.

    Article  Google Scholar 

  2. Kumar, P., Lee, S. G., & Lee, H. J. (2012). E-SAP: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks. Sensors, 12(2), 1625–1647.

    Article  Google Scholar 

  3. Huang, Y. M., Hsieh, M. Y., Chao, H. C., Hung, S. H., & Park, J. H. (2009). Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks. IEEE Journal on Selected Areas in Communications, 27(4), 400–411.

    Article  Google Scholar 

  4. Das, A. K. (2016). A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-Peer Networking and Applications, 9(1), 223–244.

    Article  Google Scholar 

  5. Das, A. K. (2015). A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. International Journal of Communication Systems, 1–25. doi:10.1002/dac.2933.

  6. Das, A. K. (2015). A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wireless Personal Communications, 82(3), 1377–1404.

    Article  Google Scholar 

  7. Khan, M. K., & Alghathbar, K. (2010). Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors, 10, 2450–2459.

    Article  Google Scholar 

  8. Khan, M. K., & Kumari, S. (2013). An authentication scheme for secure access to healthcare services. Journal of Medical Systems, 37(4), 1–12.

    Article  Google Scholar 

  9. Kumari, S., Khan, M. K., & Atiquzzaman, M. (2015). User authentication schemes for wireless sensor networks: A review. Ad Hoc Networks, 27, 159–194.

    Article  Google Scholar 

  10. Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., & Khan, M. K. (2015). A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Security and Communication Networks. doi:10.1002/sec.1214.

  11. Shi, W., & Gong, P.(2013) A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. International Journal of Distributed Sensor Networks, 2013:1–7. Article ID 730831, doi:10.1155/2013/730831.

  12. Yeh, H. L., Chen, T. H., Liu, P. C., Kim, T. H., & Wei, H. W. (2011). A secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors, 11(5), 4767–4779.

    Article  Google Scholar 

  13. Han, W. (2011). Weakness of a secured authentication protocol for wireless sensor networks using elliptic curves cryptography. http://eprint.iacr.org/2011/293.

  14. Das, A. K., Sharma, P., Chatterjee, S., & Sing, J. K. (2012). A dynamic password-based user authentication scheme for hierarchical wireless sensor networks. Journal of Network and Computer Applications, 35(5), 1646–1656.

    Article  Google Scholar 

  15. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th Annual International Cryptology Conference. Advances in Cryptology—CRYPTO’99, Lecture Notes in Computer Science, (Vol. 1666, pp. 388–397) Santa Barbara, California, USA.

  16. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  17. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  18. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.

    Article  Google Scholar 

  19. Odelu, V., Das, A. K., & Goswami, A. (2016). SEAP: Secure and efficient authentication protocol for NFC applications using pseudonyms. IEEE Transactions on Consumer Electronics, 62(1), 30–38.

    Article  Google Scholar 

  20. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  MATH  Google Scholar 

  21. Chatterjee, S., & Das, A. K. (2015). An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Security and Communication Networks, 8(9), 1752–1771.

    Article  Google Scholar 

  22. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks. Security and Communication Networks, 8(9), 1732–1751.

    Article  Google Scholar 

  23. Das, A. K., Paul, N. R., & Tripathy, L. (2012). Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem. Information Sciences, 209, 80–92.

    Article  MathSciNet  MATH  Google Scholar 

  24. Odelu, V., Das, A. K., & Goswami, A. (2014). A secure effective key management scheme for dynamic access control in a large leaf class hierarchy. Information Sciences, 269, 270–285.

    Article  MathSciNet  MATH  Google Scholar 

  25. Das, A. K., Mishra, D., & Mukhopadhyay, S. (2015). An anonymous and secure biometric-based enterprise digital rights management system for mobile environment. Security and Communication Networks, 8(18), 3383–3404.

    Article  Google Scholar 

  26. Das, A. K. (2015). A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. Journal of Medical Systems, 39(3), 1–20.

    Google Scholar 

  27. Chuang, Y.-H., & Tseng, Y.-M. (2010). An efficient dynamic group key agreement protocol for imbalanced wireless networks. International Journal of Network Management, 20(4), 167–180.

    Google Scholar 

  28. Wu, S., & Chen, K. (2012). An efficient key-management scheme for hierarchical access control in E-medicine system. Journal of Medical Systems, 36(4), 2325–2337.

    Article  Google Scholar 

  29. AVISPA. Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/. Accessed January 2015.

  30. Lv, C., Ma, M., Li, H., Ma, J., & Zhang, Y. (2013). An novel three-party authenticated key exchange protocol using one-time key. Journal of Network and Computer Applications, 36(1), 498–503.

    Article  Google Scholar 

  31. von Oheimb, D. (2005). The high-level protocol specification language hlpsl developed in the eu project avispa. In Proceedings of APPSEM 2005 Workshop, (pp. 1–17) Tallinn.

  32. AVISPA. SPAN, the Security Protocol ANimator for AVISPA. http://www.avispa-project.org/. Accessed July 2016.

  33. Basin, D., Modersheim, S., & Vigano, L. (2005). OFMC: A symbolic model checker for security protocols. International Journal of Information Security, 4(3), 181–208.

    Article  Google Scholar 

  34. He, D., Zeadally, S., Xu, B., & Huang, X. (2015). An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Transactions on Information Forensics and Security, 10(12), 2681–2691.

    Article  Google Scholar 

  35. He, D., Kumar, N., Lee, J. H., & Sherratt, R. S. (2014). Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 60(1), 30–37.

    Article  Google Scholar 

  36. Advanced Encryption Standard (AES). FIPS PUB 197, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.

  37. Koblitz, N., Menezes, A., & Vanstone, S. A. (2000). The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19(2–3), 173–193.

    Article  MathSciNet  MATH  Google Scholar 

  38. Rivest, R. L., Shamir, A., & Adleman, L. M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MathSciNet  MATH  Google Scholar 

  39. Secure hash standard. FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce, April 1995. http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.

Download references

Acknowledgments

The authors would like to acknowledge the many helpful suggestions of the anonymous reviewers and the Editor, which have improved the content and the presentation of this paper. This work was partially supported by the Information Security Education and Awareness (ISEA) Phase II Project, Department of Electronics and Information Technology (DeitY), India.

Author information

Authors and Affiliations

  1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Ashok Kumar Das & Anil Kumar Sutrala

  2. Department of Computer Science and Engineering, Indian Institute of Information Technology Chittoor, Sri City, Andhra Pradesh, 517 588, India

    Vanga Odelu

  3. Department of Mathematics, Indian Institute of Technology, Kharagpur, 721 302, India

    Adrijit Goswami

Authors
  1. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anil Kumar Sutrala
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vanga Odelu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adrijit Goswami
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Das, A.K., Sutrala, A.K., Odelu, V. et al. A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks. Wireless Pers Commun 94, 1899–1933 (2017). https://doi.org/10.1007/s11277-016-3718-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3718-6

Keywords

Search

Navigation