skip to main content
10.1145/3440943.3444735acmconferencesArticle/Chapter ViewAbstractPublication PagesiceaConference Proceedingsconference-collections
research-article

A Formal Security Verification on He and Zeadally's Authentication Protocol for IMD-Enabled Ambient Assisted Living System

Published: 27 September 2021 Publication History

Abstract

Implantable Medical Devices (IMDs) play a very critical role in both medical and non-medical fields. Hence, protecting the security and privacy of these devices is among the highest priorities, as failing to do so would jeopardize the life of the patient. One way of maintaining the safety of IMDs is to design an authentication protocol between the IMDs and the external devices. With this regard, although several authentication schemes exist, a significant number of these protocols did not include formal verification to prove their secrecy against known attacks. One such authentication scheme is the He and Zeadally protocol for IMD-Enabled Ambient Assisted Living System. Accordingly, in this paper, we analyzed the security of this protocol by using formal verification methods -BAN-Logic and AVISPA. As a result, despite the protocol's strong qualities, we found that the protocol is insecure and fell short of other essential such as emergency authentication and key-update procedures.

References

[1]
Chardack, W. M., Gage, A. A., & Greatbatch, W. (1960). A transistorized, self-contained, implantable pacemaker for the long-term correction of complete heart block. Surgery, 48(4), 643--654.
[2]
U.S. Implantable Medical Devices Market Analysis. (2020, May). Retrieved from https://www.coherentmarketinsights.com/market-insight/us-implantable-medical-devices-market-3853.
[3]
Tobón, D. P., Falk, T. H., & Maier, M. (2013). Context awareness in WBANs: a survey on medical and non-medical applications. IEEE Wireless Communications, 20(4), 30--37.
[4]
Salayma, M., Al-Dubai, A., Romdhani, I., & Nasser, Y. (2017). Wireless body area network (WBAN) a survey on reliability, fault tolerance, and technologies coexistence. ACM Computing Surveys (CSUR), 50(1), 1--38.
[5]
Magjarevic, R. (2007). Home care technologies for ambient assisted living. In 11th Mediterranean Conference on Medical and Biomedical Engineering and Computing 2007 (pp. 397--400). Springer, Berlin, Heidelberg.
[6]
Negra, R., Jemili, I., & Belghith, A. (2016). Wireless body area networks: Applications and technologies. Procedia Computer Science, 83, 1274--1281.
[7]
He, D., & Zeadally, S. (2015). Authentication protocol for an ambient assisted living system. IEEE Communications Magazine, 53(1), 71--77.
[8]
Sharma, V., You, I., & Kul, G. (2017, October). Socializing drones for inter-service operability in ultra-dense wireless networks using blockchain. In Proceedings of the 2017 international workshop on managing insider security threats (pp. 81--84).
[9]
Kumar, P., Garg, S., Singh, A., Batra, S., Kumar, N., & You, I. (2018). MVO-based 2-D path planning scheme for providing quality of service in UAV environment. IEEE Internet of Things Journal, 5(3), 1698--1707.
[10]
Korzhuk, V., Groznykh, A., Menshikov, A., & Strecker, M. (2019). Identification of attacks against wireless sensor networks based on behaviour analysis. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 10(2), 1--21.
[11]
Kim, A., Oh, J., Ryu, J., Lee, J., Kwon, K., & Lee, K. (2019). SoK: A Systematic Review of Insider Threat Detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 10(4), 46--67.
[12]
Basnet, R. B., Shash, R., Johnson, C., Walgren, L., & Doleck, T. (2019). Towards Detecting and Classifying Network Intrusion Traffic Using Deep Learning Frameworks. J. Internet Serv. Inf. Secur., 9(4), 1--17.
[13]
Hossain, M. S., Tuj-Johora, F., & Andersson, K. (2019). A Belief Rule Based Expert System to Assess Hypertension under Uncertainty. Journal of Internet Services and Information Security (JISIS), 9(4), 18--38.
[14]
Rushanan, M., Rubin, A. D., Kune, D. F., & Swanson, C. M. (2014, May). Sok: Security and privacy in implantable medical devices and body area networks. In 2014 IEEE symposium on security and privacy (pp. 524--539). IEEE.
[15]
Tanwar, S., Vora, J., Kaneriya, S., Tyagi, S., Kumar, N., Sharma, V., & You, I. (2019). Human arthritis analysis in fog computing environment using Bayesian network classifier and thread protocol. IEEE Consumer Electronics Magazine, 9(1), 88--94.
[16]
Jeong, H. D. J., Hyun, W., Lim, J., & You, I. (2012, September). Anomaly teletraffic intrusion detection systems on hadoop-based platforms: A survey of some problems and solutions. In 2012 15th International Conference on Network-Based Information Systems (pp. 766--770). IEEE.
[17]
Kasyoka, P., Kimwele, M., & Mbandu Angolo, S. (2020). Certificateless pairing-free authentication scheme for wireless body area network in healthcare management system. Journal of Medical Engineering & Technology, 44(1), 12--19.
[18]
Rasmussen, K. B., Castelluccia, C., Heydt-Benjamin, T. S., & Capkun, S. (2009, November). Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM conference on Computer and communications security (pp. 410--419).
[19]
Jang, C. S., Lee, D. G., Han, J. W., & Park, J. H. (2011). Hybrid security protocol for wireless body area networks. Wireless Communications and Mobile Computing, 11(2), 277--288.
[20]
Ellouze, N., Allouche, M., Ben Ahmed, H., Rekhis, S., & Boudriga, N. (2013, November). Securing implantable cardiac medical devices: Use of radio frequency energy harvesting. In Proceedings of the 3rd international workshop on Trustworthy embedded devices (pp. 35--42).
[21]
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., & Mödersheim, S. (2005, July). The AVISPA tool for the automated validation of internet security protocols and applications. In International conference on computer aided verification (pp. 281--285). Springer, Berlin, Heidelberg.
[22]
Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, 426(1871), 233--271.
[23]
Tsai, K. L., Huang, Y. L., Leu, F. Y., You, I., Huang, Y. L., & Tsai, C. H. (2018). AES-128 based secure low power communication for LoRaWAN IoT environments. IEEE Access, 6, 45325--45334.
[24]
Kim, J., Astillo, P. V., & You, I. (2020). DMM-SEP: Secure and efficient protocol for distributed mobility management based on 5G networks. IEEE Access, 8, 76028--76042.
[25]
Boyd, Colin, and Wenbo Mao. "On a limitation of BAN logic." In Workshop on the Theory and Application of Cryptographic Techniques, pp. 240--247. Springer, Berlin, Heidelberg, 1993.
[26]
Sharma, V., You, I., Kumar, R., & Kim, P. (2017). Computational offloading for efficient trust management in pervasive online social networks using osmotic computing. IEEE Access, 5, 5084--5103.

Cited By

View all
  • (2021)Can Formal Security Verification Really Be Optional? Scrutinizing the Security of IMD Authentication ProtocolsSensors10.3390/s2124838321:24(8383)Online publication date: 15-Dec-2021

Index Terms

  1. A Formal Security Verification on He and Zeadally's Authentication Protocol for IMD-Enabled Ambient Assisted Living System

          Recommendations

          Comments

          Information & Contributors

          Information

          Published In

          cover image ACM Conferences
          ACM ICEA '20: Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications
          December 2020
          219 pages
          ISBN:9781450383042
          DOI:10.1145/3440943
          Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

          Sponsors

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          Published: 27 September 2021

          Permissions

          Request permissions for this article.

          Check for updates

          Author Tags

          1. Authentication Protocols
          2. Formal Verification
          3. IMD
          4. and AVISPA

          Qualifiers

          • Research-article
          • Research
          • Refereed limited

          Funding Sources

          Conference

          ACM ICEA '20
          Sponsor:

          Contributors

          Other Metrics

          Bibliometrics & Citations

          Bibliometrics

          Article Metrics

          • Downloads (Last 12 months)12
          • Downloads (Last 6 weeks)8
          Reflects downloads up to 15 Feb 2025

          Other Metrics

          Citations

          Cited By

          View all
          • (2021)Can Formal Security Verification Really Be Optional? Scrutinizing the Security of IMD Authentication ProtocolsSensors10.3390/s2124838321:24(8383)Online publication date: 15-Dec-2021

          View Options

          Login options

          View options

          PDF

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          Figures

          Tables

          Media

          Share

          Share

          Share this Publication link

          Share on social media