Abstract
The innovations in the field of wearable medical devices, wireless communication and low cost cloud computing aid the wireless body area network (WBAN) to become a prominent component of future healthcare systems. WBAN consists of medical sensors, which continuously monitor the patients’ vital signs and transfers this data to the remote medical server via the cloud. The continuous monitoring of the patients’ health data improves the quality of the medical service and also provides the source for future medical diagnosis. The medical information collected from WBAN is generally transmitted through wireless channel and therefore vulnerable to various information attacks. In this context, medical data security and privacy are key issues; hence there is a requirement of lightweight end-to-end authentication protocol to ensure secure communication. Recently, Li et al. presented a lightweight end-to-end authentication protocol for WBAN based on elliptic curve cryptography (ECC). However, through cryptanalysis, some security loopholes are found in this protocol. In this paper, an enhanced lightweight ECC based end-to-end authentication protocol is proposed to overcome the security vulnerabilities of Li et al.’s scheme. Further, the formal security analysis of the proposed scheme is done using BAN logic and AVISPA tool. The comparative analysis shows that the proposed scheme not only removes the security loopholes of Li et al.’s scheme but also reduces the overall complexity.
Similar content being viewed by others
References
Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., Chaudhr, S .A.: Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput. Electr. Eng. 63(C), 182–195 (2017). https://doi.org/10.1016/j.compeleceng.2017.03.016
Alder, S., Kelleher, A., Greene, S.: HIPAA compliance guide. HIPAA J 1–65 (2015)
Hipaa basics for providers: privacy, security, and breach notification rules. Centers for Medicare and Medicaid Services, pp 1–7 (2016). https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/MLN-Publications-Items/ICN909001.html
Ray, S., Biswas, G.P.: A certificate authority (CA)-based cryptographic solution for hipaa privacy/security regulations. J. King Saud Univ. Comput. Inf. Sci. 26(2), 170–180 (2014)
Li, X., Peng, J., Kumari, S., Wu, F., Karuppiah, M., Choo, K .K.R.: An enhanced 1-round authentication protocol for wireless body area networks with user anonymity. Comput. Electr. Eng. 61(C), 238–249 (2017). https://doi.org/10.1016/j.compeleceng.2017.02.011
Islam, S.K.H., Amin, R., Biswas, G.P., Farash, M.S., Li, X., Kumari, S.: An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments. J. King Saud Univ. Comput. Inf. Sci. 29(3), 311–324 (2017). https://doi.org/10.1016/j.jksuci.2015.08.002
Amin, R., Islam, S.K.H., Biswas, G.P., Khan, M.K., Li, X.: Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(140), 1–21 (2015). https://doi.org/10.1007/s10916-015-0318-z
Amin, R., Islam, S .K .H., Biswas, G., Khan, M .K., Leng, L., Kumar, N.: Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. Int. J. Comput. Telecommun. Netw. 101(C), 42–62 (2016). https://doi.org/10.1016/j.comnet.2016.01.006
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. (TOCS) 8(1), 18–36 (1990). https://doi.org/10.1145/77648.77649
Kumari, S., Das, A.K., Li, X., Wu, F., Khan, M.K., Jiang, Q., Islam, S.K.H.: A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimedia Tools Appl. 77(2), 2359–2389 (2018). https://doi.org/10.1007/s11042-017-4390-x
Amin, R., Islam, S .K .H., Biswas, G., Khan, M .K., Kumar, N.: A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Gener. Comput. Syst. 80(C), 483–495 (2018). https://doi.org/10.1016/j.future.2016.05.032
Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A .K., Choo, K .K .R.: A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J. Netw. Comput. Appl. 103(C), 194–204 (2018). https://doi.org/10.1016/j.jnca.2017.07.001
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Yeh, C.K., Chen, H.M., Lo, J.W.: An authentication protocol for ubiquitous health monitoring systems. J. Med. Biol. Eng. 33(4), 415–419 (2013). https://doi.org/10.5405/jmbe.1478
Zhao, Z.: An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 38(2), 1–7 (2014). https://doi.org/10.1007/s10916-014-0013-5
He, D., Zeadally, S.: Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1), 71–77 (2015). https://doi.org/10.1109/MCOM.2015.7010518
Amin, R., Islam, S .K .H., Biswas, G., Khan, M .K., Kumar, N.: A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Gener. Comput. Syst. 80(C), 483–495 (2016). https://doi.org/10.1016/j.future.2016.05.032
Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., Chaudhry, S .A.: Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput. Electr. Eng. 63(C), 182–195 (2017). https://doi.org/10.1016/j.compeleceng.2017.03.016
Yessad, N., Bouchelaghem, S., Ouada, F .S., Omar, M.: Secure and reliable patient body motion based authentication approach for medical body area networks. Pervasive Mob. Comput. 42(C), 351–370 (2017). https://doi.org/10.1016/j.pmcj.2017.06.009
Wu, F., Li, X., Xu, L., Kumari, S., Karuppiah, M., Shen, J.: A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Comput. Electr. Eng. 63(C), 168–181 (2017). https://doi.org/10.1016/j.compeleceng.2017.04.012
Das, A.K., Zeadally, S., Wazid, M.: Lightweight authentication protocols for wearable devices. Comput. Electr. Eng. 63(C), 196–208 (2017). https://doi.org/10.1016/j.compeleceng.2017.03.008
Liu, J., Zhang, L., Sun, R.: 1-RAAP: an efficient 1-round anonymous authentication protocol for wireless body area networks. Sensors (2016). https://doi.org/10.3390/s16050728
Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004)
Stallings, W.: Cryptography and Network Security: Principles and Practice, 6th edn, pp. 285–296. Pearson Education, London (2014)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987). https://doi.org/10.1090/S0025-5718-1987-0866109-5
Miller, V.S.: Use of elliptic curves in cryptography. In: Proceeding in CRYPTO ’85 Advances in Cryptology, LNCS (218), pp. 417–426 (1985)
Ray, S., Biswas, G.P., Dasgupta, M.: Secure multi-purpose mobile-banking using elliptic curve cryptography. Wirel. Pers. Commun. 90(3), 1331–1354 (2016). https://doi.org/10.1007/s11277-016-3393-7
Garg, V.K., Mittal, N.: Time and state in asynchronous distributed systems. In: Wiley Encyclopedia of Computer Science and Engineering. Wiley (2008). https://doi.org/10.1002/9780470050118.ecse436
Wallace, K., Moran, K., Novak, E., Zhou, G., Sun, K.: Toward sensor-based random number generation for mobile and iot devices. IEEE Internet Things J. 3(6), 1189–1201 (2016). https://doi.org/10.1109/JIOT.2016.2572638
Syverson, P.: The use of logic in the analysis of cryptographic protocols. In: Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, pp. 156–170. https://doi.org/10.1109/RISP.1991.130784
Syverson, P.F.: A logic for the analysis of cryptographic protocols (No. NRL-9305). Naval Research Lab, Washington DC (1990)
HLPSL Tutorial: A Beginner’s Guide to Modelling and Analysing Internet Security Protocols. The AVISPA Project (2005). www.avispa-project.org/
He, D., Zeadally, S., Kumar, N., Lee, J.H.: Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11(4), 2590–2601 (2017). https://doi.org/10.1109/JSYST.2016.2544805
Liu, J., Zhang, Z., Chen, X., Kwak, K.S.: Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans. Parallel Distrib. Syst. 25(2), 332–342 (2014). https://doi.org/10.1109/TPDS.2013.145
Acknowledgements
The research work is supported by University Grants Commission (UGC) under NET-JRF in Sciences, Humanities and Social Sciences. It was funded by Ministry of Human Resource Development (MHRD), Government of India.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Research involving human participants and/or animals
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sowjanya, K., Dasgupta, M. & Ray, S. An elliptic curve cryptography based enhanced anonymous authentication protocol for wearable health monitoring systems. Int. J. Inf. Secur. 19, 129–146 (2020). https://doi.org/10.1007/s10207-019-00464-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-019-00464-9