Skip to main content
SpringerLink
Log in

A Provably Secure and Lightweight Patient-Healthcare Authentication Protocol in Wireless Body Area Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Burgeoning wireless technology developments have positively affected nearly every aspect of human life, and remote patient-healthcare monitoring through the internet is no exception. By employing smart gadgets, wireless body area networks, and cloud-based server platforms, patients can submit their sensor-captured readings in real-time to e-health cloud servers and ultimately to medical professionals so that the latter may treat patients appropriately at any time and in any place. To make the system reliable, an authenticated key agreement is required for the participating entities in this system. Many remote patient-healthcare monitoring protocols have been seen so far; however, reliance on wireless technology brings many security challenges for existing protocols. Recently, Xu et al. presented a new patient healthcare monitoring protocol; however, we demonstrate that it is vulnerable to many attacks, including replay attacks and key compromise impersonation attacks, and also that it suffers from privacy issues. Thereafter, we have proposed an improved scheme and formally analyzed its security features by implementing BAN logic and an automated simulation tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Latré, B., Braem, B., Moerman, I., Blondia, C., & Demeester, P. (2011). A survey on wireless body area networks. Wirel Networks, 17(1), 1–18.

    Article  Google Scholar 

  2. Irshad, A., Sher, M., Nawaz, O., Chaudhry, S. A., Khan, I., & Kumari, S. (2017). A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimedia Tools and Applications, 76(15), 16463–16489.

    Article  Google Scholar 

  3. Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48, 203–209.

    Article  MathSciNet  Google Scholar 

  4. Miller, V. (1986). Uses of elliptic curves in cryptography. In H. C. Williams (Ed.), Advances in cryptology CRYPTO’85 (Vol. 218, pp. 417–426)., Lecture notes in computer science Berlin: Springer.

    Google Scholar 

  5. Irshad, A., Sher, M., Chaudhry, S. A., Kumari, S., Sangaiah, A. K., Li, X., et al. (2017). A secure mutual authenticated key agreement of user with multiple servers for critical systems. Multimedia Tools and Applications, 77, 11067–11099.

    Article  Google Scholar 

  6. Azeem, I., Shehzad, A. C., Qi, X., Xiong, L., Mohammad, S. F., Saru, K., et al. (2017). An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arabian Journal for Science and Engineering, 43, 811–828.

    Google Scholar 

  7. Azeem, I., Shehzad, A. C., Saru, K., Muhammad, U., Khalid, M., & Muhammad, S. F. (2017). An improved lightweight multiserver authentication scheme. International Journal of Communication Systems, 30, e3351.

    Article  Google Scholar 

  8. Irshad, A., Sher, M., Chaudhry, S. A., Xie, Q., Kumari, S., & Wu, F. (2017). An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimedia Tools and Applications, 77, 1167–1204.

    Article  Google Scholar 

  9. Amin, R., Islam, S. H., Kumar, N., & Choo, K. K. R. (2018). An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks. Journal of Network and Computer Applications, 104, 133–144.

    Article  Google Scholar 

  10. Xu, Z., Xu, C., Chen, H., & Yang, F. (2019). A lightweight anonymous mutual authentication and key agreement scheme for WBAN. Concurrency and Computation: Practice and Experience, 31(14), e5295.

    Article  Google Scholar 

  11. Reddy, A. G., Das, A. K., Yoon, E. J., & Yoo, K. Y. (2016). A secure anonymous authentication protocol for mobile services on elliptic curve cryptography. IEEE Access, 4, 4394–4407.

    Article  Google Scholar 

  12. Jiang, Q., Ma, J., Wei, F., Tian, Y., Shen, J., & Yang, Y. (2016). An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks. Journal of Network and Computer Applications, 76, 37–48.

    Article  Google Scholar 

  13. Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A. K., & Choo, K. K. R. (2018). A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. Journal of Network and Computer Applications, 103(194–204), 1.

    Google Scholar 

  14. Aman, M. N., Chua, K. C., & Sikdar, B. (2017). A light-weight mutual authentication protocol for IoT systems. Paper presented at: 2017 IEEE global communications conference. Singapore.

  15. Zhao, M., Yao, X., Liu, H., & Ning, H. (2016). Physical unclonable function based authentication protocol for unit IoT and ubiquitous IoT. Paper presented at: 2016 international conference on identification, information and knowledge in the internet of things (IIKI). Beijing, China.

  16. Gope, P., & Hwang, T. (2016). An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. Journal of Network and Computer Applications, 62, 1–8.

    Article  Google Scholar 

  17. Li, X., Niu, J., Kumari, S., Wu, F., & Choo, K. K. R. (2018). A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Generation Computer Systems, 83, 607–618.

    Article  Google Scholar 

  18. Ibrahim, M. H., Kumari, S., Das, A. K., Wazid, M., & Odelu, V. (2016). Secure anonymous mutual authentication for star two-tier wireless body area networks. Computer Methods and Programs in Biomedicine, 135, 37–50.

    Article  Google Scholar 

  19. Li, X., Ibrahim, M. H., Kumari, S., Sangaiah, A. K., Gupta, V., & Choo, K. K. R. (2017). Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Computer Networks, 129, 429–443.

    Article  Google Scholar 

  20. Janbabaei, S., Gharaee, H., & Mohammadzadeh, N. (2016). Lightweight, anonymous and mutual authentication in IoT infrastructure. Paper presented at: 2016 8th international symposium on telecommunications (IST). Tehran, Iran.

  21. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  Google Scholar 

  22. Hussain, S., & Chaudhry, S. A. (2019). Comments on “Biometrics-based privacy-preserving user authentication scheme for cloud-based industrial internet of things deployment”. IEEE Internet of Things Journal, 6(6), 10936–10940. https://doi.org/10.1109/JIOT.2019.2934947.

    Article  Google Scholar 

  23. Mansoor, K., Ghani, A., Chaudhry, S. A., Shamshirband, S., Ghayyur, S. A. K. (2019). Securing IoT based RFID systems: A robust authentication protocol using symmetric cryptography. Sensors, 19(21), 4752. https://doi.org/10.3390/s1921475.

    Article  Google Scholar 

  24. Mahmood, K., Arshad, J., Chaudhry, S. A., Kumari, S. (2019). An enhanced anonymous identity-based key agreement protocol for smart grid advanced metering Iinfrastructure. International Journal of Communication Systems, 32(16), e4137. https://doi.org/10.1002/dac.4137.

    Article  Google Scholar 

  25. Li, M., Lou, W., & Ren, K. (2010). Data security and privacy in wireless body area networks. IEEE Wireless Communications, 17(1), 51–58.

    Article  Google Scholar 

  26. Ghani, A., Mansoor, K., Mehmood, S., haudhry, S. A., Rahman, A. U., Saqib, M. N. (2019). Security and key management in IoT based wireless sensor networks: An authentication protocol using symmetric key. International Journal of Communication Systems, 32(16), e4139. https://doi.org/10.1002/dac.4139.

    Article  Google Scholar 

  27. Al Ameen, M., Liu, J., & Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. Journal of Medical Systems, 36(1), 93–101.

    Article  Google Scholar 

  28. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., & Kumar, N. (2018). A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Generation Computer Systems, 80, 483–495.

    Article  Google Scholar 

  29. Venkatasubramanian, K. K., Banerjee, A., & Gupta, S. K. S. (2010). Usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine, 14(1), 60–68.

    Article  Google Scholar 

  30. Zhang, Z., Wang, H., Vasilakos, A. V., & Fang, H. (2012). ECG-cryptography and authentication in body area networks. IEEE Transactions on Information Technology in Biomedicine, 16(6), 1070–1078.

    Article  Google Scholar 

  31. Alzahrani, B. A., Chaudhry, S.A., Barnawi, A., Al-Barakati, A., Alsharif, M. H. (2020). A privacy Ppeserving authentication scheme for roaming in IoT-based wireless mobile networks. Symmetry, 12, 287.

    Article  Google Scholar 

  32. Sharma, G., & Kalra, S. (2019). A lightweight user authentication scheme for cloud-IoT based healthcare services. Iranian Journal of Science and Technology, Transactions of Electrical Engineering, 43(1), 619–636.

    Article  Google Scholar 

  33. Alizadeh, M., Zamani, M., Baharun, S., Manaf, A. A., Sakurai, K., Anada, H., et al. (2015). Cryptanalysis and improvement of “a secure password authentication mechanism for seamless handover in proxy mobile IPv6 networks”. PLoS ONE, 10(11), e0142716.

    Article  Google Scholar 

  34. Burrow, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8, 18–36.

    Article  Google Scholar 

  35. Hassan, M. U., Chaudhry, S. A., & Irshad, A. (2020). An improved SIP authenticated key agreement based on Dongqing et al. Wireless Personal Communications 110(4), 2087–2107.

    Article  Google Scholar 

  36. Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., & Chaudhry, S. A. (2017). Efficient end-to-end authentication protocol for wearable health monitoring systems. Computers & Electrical Engineering, 63, 182–195.

    Article  Google Scholar 

  37. Zhao, Z. (2014). An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. Journal of Medical Systems, 38(2), 13.

    Article  Google Scholar 

  38. Blanchet, B. (2005). ProVerif automatic cryptographic protocol verifier user manual. Departement dInformatique, Ecole Normale Superieure, CNRS: Paris.

    Google Scholar 

  39. Amin, R., Islam, S. H., Gope, P., Choo, K. K. R., & Tapas, N. (2018). Anonymity preserving and lightweight multi-medical server authentication protocol for telecare medical information system. IEEE Journal of Biomedical and Health Informatics, 23, 1749–1759.

    Article  Google Scholar 

  40. Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., & Kumar, N. (2015). An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. Journal of Medical Systems, 39(11), 180.

    Article  Google Scholar 

  41. Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117–123.

    Article  Google Scholar 

  42. Chaudhry, S. A., Shon, T., Al-Turjman, F. and Alsharif, M. H. (2020). Correcting design flaws: An improved and cloud assisted key agreement scheme in cyber physical systems. Computer Communications, 153, 527–537.

    Article  Google Scholar 

  43. He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. IEEE Communications Magazine, 53(1), 71–77.

    Article  Google Scholar 

Download references

Acknowledgements

This Project was funded by the Deanship of Scientific Research (DSR), at King Abdulaziz University, Jeddah (SA), under grant no. RG-13-611-38. The authors, therefore, acknowledge with thanks DSR for technical and financial support.

Author information

Authors and Affiliations

  1. Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia

    Bander A. Alzahrani, Aiiad Albeshri & Khalid Alsubhi

  2. International Islamic University Islamabad, Islamabad, Pakistan

    Azeem Irshad

Authors
  1. Bander A. Alzahrani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azeem Irshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aiiad Albeshri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Khalid Alsubhi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bander A. Alzahrani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alzahrani, B.A., Irshad, A., Albeshri, A. et al. A Provably Secure and Lightweight Patient-Healthcare Authentication Protocol in Wireless Body Area Networks. Wireless Pers Commun 117, 47–69 (2021). https://doi.org/10.1007/s11277-020-07237-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07237-x

Keywords

Search

Navigation