ABSTRACT
Implantable Medical Devices (IMDs) play a very critical role in both medical and non-medical fields. Hence, protecting the security and privacy of these devices is among the highest priorities, as failing to do so would jeopardize the life of the patient. One way of maintaining the safety of IMDs is to design an authentication protocol between the IMDs and the external devices. With this regard, although several authentication schemes exist, a significant number of these protocols did not include formal verification to prove their secrecy against known attacks. One such authentication scheme is the He and Zeadally protocol for IMD-Enabled Ambient Assisted Living System. Accordingly, in this paper, we analyzed the security of this protocol by using formal verification methods -BAN-Logic and AVISPA. As a result, despite the protocol's strong qualities, we found that the protocol is insecure and fell short of other essential such as emergency authentication and key-update procedures.
- Chardack, W. M., Gage, A. A., & Greatbatch, W. (1960). A transistorized, self-contained, implantable pacemaker for the long-term correction of complete heart block. Surgery, 48(4), 643--654.Google Scholar
- U.S. Implantable Medical Devices Market Analysis. (2020, May). Retrieved from https://www.coherentmarketinsights.com/market-insight/us-implantable-medical-devices-market-3853.Google Scholar
- Tobón, D. P., Falk, T. H., & Maier, M. (2013). Context awareness in WBANs: a survey on medical and non-medical applications. IEEE Wireless Communications, 20(4), 30--37.Google ScholarCross Ref
- Salayma, M., Al-Dubai, A., Romdhani, I., & Nasser, Y. (2017). Wireless body area network (WBAN) a survey on reliability, fault tolerance, and technologies coexistence. ACM Computing Surveys (CSUR), 50(1), 1--38. Google ScholarDigital Library
- Magjarevic, R. (2007). Home care technologies for ambient assisted living. In 11th Mediterranean Conference on Medical and Biomedical Engineering and Computing 2007 (pp. 397--400). Springer, Berlin, Heidelberg.Google ScholarCross Ref
- Negra, R., Jemili, I., & Belghith, A. (2016). Wireless body area networks: Applications and technologies. Procedia Computer Science, 83, 1274--1281.Google ScholarCross Ref
- He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. IEEE Communications Magazine, 53(1), 71--77.Google ScholarDigital Library
- Sharma, V., You, I., & Kul, G. (2017, October). Socializing drones for inter-service operability in ultra-dense wireless networks using blockchain. In Proceedings of the 2017 international workshop on managing insider security threats (pp. 81--84). Google ScholarDigital Library
- Kumar, P., Garg, S., Singh, A., Batra, S., Kumar, N., & You, I. (2018). MVO-based 2-D path planning scheme for providing quality of service in UAV environment. IEEE Internet of Things Journal, 5(3), 1698--1707.Google ScholarCross Ref
- Korzhuk, V., Groznykh, A., Menshikov, A., & Strecker, M. (2019). Identification of attacks against wireless sensor networks based on behaviour analysis. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 10(2), 1--21.Google Scholar
- Kim, A., Oh, J., Ryu, J., Lee, J., Kwon, K., & Lee, K. (2019). SoK: A Systematic Review of Insider Threat Detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 10(4), 46--67.Google Scholar
- Basnet, R. B., Shash, R., Johnson, C., Walgren, L., & Doleck, T. (2019). Towards Detecting and Classifying Network Intrusion Traffic Using Deep Learning Frameworks. J. Internet Serv. Inf. Secur., 9(4), 1--17.Google Scholar
- Hossain, M. S., Tuj-Johora, F., & Andersson, K. (2019). A Belief Rule Based Expert System to Assess Hypertension under Uncertainty. Journal of Internet Services and Information Security (JISIS), 9(4), 18--38.Google Scholar
- Rushanan, M., Rubin, A. D., Kune, D. F., & Swanson, C. M. (2014, May). Sok: Security and privacy in implantable medical devices and body area networks. In 2014 IEEE symposium on security and privacy (pp. 524--539). IEEE. Google ScholarDigital Library
- Tanwar, S., Vora, J., Kaneriya, S., Tyagi, S., Kumar, N., Sharma, V., & You, I. (2019). Human arthritis analysis in fog computing environment using Bayesian network classifier and thread protocol. IEEE Consumer Electronics Magazine, 9(1), 88--94.Google ScholarCross Ref
- Jeong, H. D. J., Hyun, W., Lim, J., & You, I. (2012, September). Anomaly teletraffic intrusion detection systems on hadoop-based platforms: A survey of some problems and solutions. In 2012 15th International Conference on Network-Based Information Systems (pp. 766--770). IEEE. Google ScholarDigital Library
- Kasyoka, P., Kimwele, M., & Mbandu Angolo, S. (2020). Certificateless pairing-free authentication scheme for wireless body area network in healthcare management system. Journal of Medical Engineering & Technology, 44(1), 12--19.Google ScholarCross Ref
- Rasmussen, K. B., Castelluccia, C., Heydt-Benjamin, T. S., & Capkun, S. (2009, November). Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM conference on Computer and communications security (pp. 410--419). Google ScholarDigital Library
- Jang, C. S., Lee, D. G., Han, J. W., & Park, J. H. (2011). Hybrid security protocol for wireless body area networks. Wireless Communications and Mobile Computing, 11(2), 277--288. Google ScholarDigital Library
- Ellouze, N., Allouche, M., Ben Ahmed, H., Rekhis, S., & Boudriga, N. (2013, November). Securing implantable cardiac medical devices: Use of radio frequency energy harvesting. In Proceedings of the 3rd international workshop on Trustworthy embedded devices (pp. 35--42). Google ScholarDigital Library
- Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., & Mödersheim, S. (2005, July). The AVISPA tool for the automated validation of internet security protocols and applications. In International conference on computer aided verification (pp. 281--285). Springer, Berlin, Heidelberg. Google ScholarDigital Library
- Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, 426(1871), 233--271.Google ScholarCross Ref
- Tsai, K. L., Huang, Y. L., Leu, F. Y., You, I., Huang, Y. L., & Tsai, C. H. (2018). AES-128 based secure low power communication for LoRaWAN IoT environments. IEEE Access, 6, 45325--45334.Google ScholarCross Ref
- Kim, J., Astillo, P. V., & You, I. (2020). DMM-SEP: Secure and efficient protocol for distributed mobility management based on 5G networks. IEEE Access, 8, 76028--76042.Google ScholarCross Ref
- Boyd, Colin, and Wenbo Mao. "On a limitation of BAN logic." In Workshop on the Theory and Application of Cryptographic Techniques, pp. 240--247. Springer, Berlin, Heidelberg, 1993. Google ScholarDigital Library
- Sharma, V., You, I., Kumar, R., & Kim, P. (2017). Computational offloading for efficient trust management in pervasive online social networks using osmotic computing. IEEE Access, 5, 5084--5103.Google ScholarCross Ref
Index Terms
- A Formal Security Verification on He and Zeadally's Authentication Protocol for IMD-Enabled Ambient Assisted Living System
Recommendations
Authentication for paranoids: multi-party secret handshakes
ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network SecurityIn a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution ...
Design and formal verification of a CEM protocol with transparent TTP
In certified email (CEM) protocols, trusted third party (TTP) transparency is an important security requirement which helps to avoid bad publicity as well as protecting individual users' privacy. Cederquist et al. proposed an optimistic certified email ...
RFID Authentication Protocols Based on Error-Correcting Codes: A Survey
Code-based cryptography is a very promising research area. It allows the construction of different cryptographic mechanisms (e.g. identification protocol, public-key cryptosystem, etc.). McEliece cryptosystem is the first code-based public-key ...
Comments