Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Shanvendra Rai,Rituparna Paul,Subhasish Banerjee,Preetisudha Meher

DOI: https://doi.org/10.1007/s11042-024-18625-x

IF: 2.577

2024-03-27

Multimedia Tools and Applications

Abstract:The Internet of Medical Things (IoMT) provides such flexibility in our society where anyone can get medical treatment at any time, from anywhere. IoMT is a type of network where different resource-constraint physiological sensors are deployed in and/or on the human body that connects with the internet through the Gateway node, for monitoring purposes. However, due to the open nature of communication in the IoMT; the security, and privacy of patients' sensed data is very challenging, and that needs to be addressed, because any modification or alteration to it may lead to putting the life of a patient in danger. In this context, Chunka et al. proposed an authentication and key agreement (AKA) scheme for IoMT and claimed that the scheme has many security features and is easy to deploy. Unfortunately, it came to notice during this research that the scheme is vulnerable to multiple attacks, including replay, insider, smart card loss, eavesdropping, and server spoofing attacks, additionally failing to establish the session key agreement. So to overcome this issue, an efficient and improved multi-factor lightweight mutual AKA scheme is proposed through this article by incorporating a PUF-enabled sensor node and smart card for the users. To prove the superiority of the proposed schemes and to demonstrate the security features, the scheme is verified by formal security proof using the ROR model and informal proof using the AVISPA tool kit. In the end, a comprehensive analysis covering security, performance, and a comparative evaluation with existing similar approaches along with the Chunka et al. scheme demonstrates that the suggested approach not only achieves a higher level of protection against commonly recognized threats but also maintains an economically efficient mechanism concerning sensor nodes.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Srijanee Mookherji,Odelu Vanga,Rajendra Prasath,Ashok Kumar Das

DOI: https://doi.org/10.1002/spy2.428

2024-06-07

Security and Privacy

Abstract:Internet of Medical Things (IoMT) enable users to avail healthcare services remotely. In IoMT, sensor nodes (SNs), like blood pressure sensors and temperature sensors, collect health data from patients and communicate it to Health Workers (HWs) such as doctors, nurses, and so on. The HWs cater to the patients remotely, known as remote patient monitoring (RPM), by using data obtained from SNs. The communicated health data between SNs and HWs are sensitive in nature. Leakage and modification of such data leads to huge consequences, particularly patient death during medical emergencies. Hence, ensuring mutual authentication along with data integrity and privacy is of utmost important in the healthcare domain. In the literature, many authentication protocols are presented for healthcare applications specific to IoMT‐RPM. But, most of the existing approaches fail to provide adequate security against well‐known attacks includes impersonation and man‐in‐the‐middle attacks. In this paper, we propose a privacy preserving authentication protocol for IoMT‐RPM which is secure against various known attacks. We present a rigorous formal security analysis of our protocol under the extended Canetti‐Krawczyk (eCK) adversary model. In addition, we also perform formal verification using Tamarin Prover, a symbolic formal analysis tool. The results show that the proposed protocol is secure under eCK‐adversary model. We then present the comparative performance analysis to show the efficiency of the proposed protocol over the existing protocols. As a result, the proposed protocol provides high security without compromising the performance over the existing protocols, and therefore, our protocol is very much suitable for real‐time applications.

Yan-Ping Wang,Xiao-Fen Wang,Hong-Ning Dai,Xiao-Song Zhang,Yu Su,Muhammad Imran,Nidal Nasser

DOI: https://doi.org/10.1109/globecom48099.2022.10000912

2022-01-01

Abstract:As a rapidly growing subset of the Internet of Thing (IoT), the cloud-based Internet of Medical Thing (IoMT) has been widely applied in remote healthcare industries, which allows the physicians to monitor patients' body parameters remotely to offer continuous and timely healthcare. These healthcare parameters usually contain sensitive information, such as heart rates, glucose levels and etc., and the exposure of them may pose serious threats to the patients' health and lives. To guarantee security and privacy, many IoMT data sharing schemes have been proposed. However, most of these schemes either exhibit a one-to-one data sharing structure or fail to protect the patients' privacy. Since the data usually needs to be shared to different physicians, patients may want to be assisted without revealing their identities. To meet these requirements in healthcare systems, we propose a multi-receiver secure healthcare data sharing scheme, in which the patients are allowed to share their IoMT data to multiple physicians simultaneously for a multidisciplinary treatment, and the conditional anonymity is achieved where data source authentication is provided without revealing the patient's identity. When the patient health condition is abnormal, the hospital can correctly and quickly trace the patient's identity and inform him/her immediately. Our scheme is formally proved to achieve multiple security properties including confidentiality, unforgeability and anonymity. Simulation results demonstrate that the proposed scheme is efficient and practical.

Xinzhong Su,Youyun Xu

DOI: https://doi.org/10.3390/s24227119

IF: 3.9

2024-11-06

Sensors

Abstract:Authentication is considered one of the most critical technologies for the next generation of the Internet of Medical Things (IoMT) due to its ability to significantly improve the security of sensors. However, higher frequency cyber-attacks and more intrusion methods significantly increase the security risks of IoMT sensor devices, resulting in more and more patients' privacy being threatened. Different from traditional IoT devices, sensors are generally considered to be based on low-cost hardware designs with limited storage resources; thus, authentication techniques for IoMT scenarios might not be applicable anymore. In this paper, we propose an efficient three-factor cluster-based user authentication protocol (3ECAP). Specifically, we establish the security association between the user and the sensor cluster through fine-grained access control based on Merkle, which perfectly achieves the segmentation of permission. We then demonstrate that 3ECAP can address the privilege escalation attack caused by permission segmentation. Moreover, we further analyze the security performance and communication cost using formal and non-formal security analysis, Proverif, and NS3. Simulation results demonstrated the robustness of 3ECAP against various cyber-attacks and its applicability in an IoMT environment with limited storage resources.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hui Qiao,Xuewen Dong,Yulong Shen

DOI: https://doi.org/10.1007/s10916-019-1442-y

IF: 4.92

2019-10-07

Journal of Medical Systems

Abstract:The technology of Internet of Things (IoT) has appealed to both professionals and the general public to its convenience and flexibility. As a crucial application of IoT, telecare medicine information system (TMIS) provides people a high quality of life and advanced level of medical service. In TMIS, smart card-based authenticated key agreement schemes for multi-server architectures have gathered momentum and positive impetus due to the conventional bound of a single server. However, we demonstrate that most of the protocols in the literatures can not implement strong security features in TMIS, such as Lee et al.'s and Shu's scheme. They store the identity information directly, which fail to provide strong anonymity and suffer from password guessing attack. Then we propose an extended authenticated key agreement scheme (short for AKAS) with strong anonymity for multi-server environment in TMIS, by enhancing the security of the correlation parameters stored in the smart cards and calculating patients' dynamic identities. Furthermore, the proposed chaotic map-based scheme provides privacy protection and is formally proved under Burrows-Abadi-Needham (BAN) logic. At the same, the informal security analysis attests that the AKAS scheme not only could resist the multifarious security attacks but also improve efficiency by 21% compared with Lee et al.'s and Shu's scheme.

health care sciences & services,medical informatics

Xiong Li,Maged Hamada Ibrahim,Saru Kumari,Rahul Kumar

DOI: https://doi.org/10.1007/s11235-017-0340-1

2017-01-01

Abstract:The mobility and openness of wireless communication technologies make Mobile Healthcare Systems (mHealth) potentially exposed to a number of potential attacks, which significantly undermines their utility and impedes their widespread deployment. Attackers and criminals, even without knowing the context of the transmitted data, with simple eavesdropping on the wireless links, may benefit a lot from linking activities to the identities of patient's sensors and medical staff members. These vulnerabilities apply to all tiers of the mHealth system. A new anonymous mutual authentication scheme for three-tier mobile healthcare systems with wearable sensors is proposed in this paper. Our scheme consists of three protocols: Protocol-1 allows the anonymous authentication nodes (mobile users and controller nodes) and the HSP medical server in the third tier, while Protocol-2 realizes the anonymous authentication between mobile users and controller nodes in the second tier, and Protocol-3 achieves the anonymous authentication between controller nodes and the wearable body sensors in the first tier. In the design of our protocols, the variation in the resource constraints of the different nodes in the mHealth system are taken into consideration so that our protocols make a better trade-off among security, efficiency and practicality. The security of our protocols are analyzed through rigorous formal proofs using BAN logic tool and informal discussions of security features, possible attacks and countermeasures. Besides, the efficiency of our protocols are concretely evaluated and compared with related schemes. The comparisons show that our scheme outperforms the previous schemes and provides more complete and integrated anonymous authentication services. Finally, the security of our protocols are evaluated by using the Automated Validation of Internet Security Protocols and Applications and the SPAN animator software. The simulation results show that our scheme is secure and satisfy all the specified privacy and authentication goals.

Chun-Ta Li,Dong-Her Shih,Chun-Cheng Wang

DOI: https://doi.org/10.1016/j.cmpb.2018.02.002

Abstract:Background and objective: With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated. Methods: Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks. Results: The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS. Conclusions: We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency.

Xiao Chen,BaoCheng Wang,Haibin Li

DOI: https://doi.org/10.1016/j.jisa.2024.103708

IF: 4.96

2024-01-25

Journal of Information Security and Applications

Abstract:The Internet of Medical Things (IoMT) has found widespread application in the healthcare system, leveraging the integration of wireless communication and cloud computing to revolutionize modern healthcare practices. This paradigm, however, poses security vulnerabilities since malicious actors might exploit the public channel to impersonate legitimate devices or services and steal sensitive data. Before transmitting sensitive information , it is critical to build authentication between wearable devices and servers. Despite various proposed solutions, present approaches suffer from constraints like as sensitivity to quantum attacks and high computation overhead, necessitating additional advancement. To address these challenges, this article presents a privacy-preserving multi-factor authentication scheme with post-quantum security to enhance the security of cloud-enable IoMT. The proposed scheme utilizes hash operations and error reconciliation technology to provide highly secure and flexible authentication suitable for the cloud environment. The scheme's security is provable under the Real-Or-Random (ROR) model, meeting common security requirements in wireless network. This article also presents a thorough comparison of our proposed scheme with state-of-the-art methods, showcasing a well-balanced trade-off between security and overhead.

computer science, information systems

Kiran Dewangan,Mina Mishra,Naveen Kumar Dewangan

DOI: https://doi.org/10.1007/s11845-020-02425-x

Abstract:Internet of Things is a fast growing technology and a network of devices in which everything (smart objects or smart devices) are associated to the internet for effective exchange of information between these connected objects. Internet of Things (IoT) serves as a method for healthcare and acts as an essential part in broad range of real-time healthcare monitoring applications. Previous work shows networked sensor devices, either equipped on the body or embedded inside living being or a camera, make possible in gathering real-time information to evaluate physical and mental health state of the patient by collecting body temperature, blood pressure, patient's image, etc. Communicating this collected real-time data to the doctor, making accurate assessment on the data gathered and notifying the patient is challenging task in the IoT. The architechture of Internet of Things comprises of three layers, and it is the network of devices embedded with sensor, software, and electronics, enabling this device to communicate with each other and exchange data over a computer network. The IoT-based real-time healthcare systems are highly vulnerable to cyber-attacks as the numbers of sensors are deployed in an unprotected network. These may even introduce the attacks, which cannot be monitored and controlled. This paper attempts to review the previous work done and a new scheme has been proposed, the new lightweight authentication protocol for smart real-time healthcare. The proposed scheme requires implementation with the authentication protocol. It is important to satisfy the major parameters of security: confidentiality, integrity, authentication, and access control. In this paper our focus is on the authentication of devices.

Sangjukta Das,Suyel Namasudra

DOI: https://doi.org/10.1002/ett.4716

IF: 3.6

2023-01-04

Transactions on Emerging Telecommunications Technologies

Abstract:The proposed scheme consists of three entities, namely IoT device (IoTD), gateway, and central administrator (CA). An IoTD is a resource‐constrained device associated with a patient's body. It collects patients' real‐time healthcare data and sends them to the intended entity via a gateway device. The gateway acts as an intermediate entity between the IoTD and user. The CA is the central entity of the proposed scheme. In recent years, Internet of Things (IoT) technology has been adopted in numerous application areas, such as healthcare, agriculture, industrial automation, and many more. The use of IoT and other technologies like cloud computing and machine learning has made the modern healthcare system to be smart, automated, and efficient. However, the continuous proliferation of cyber‐attacks on IoT devices has increased IoT challenges like data security, privacy protection, authentication, and so forth. In smart healthcare systems, due to the lack of authentication protocols, attackers can undermine the availability, confidentiality, and integrity of both smart healthcare devices and data, which can be life‐threatening in some situations. In this article, a privacy‐preserving mutual authentication scheme for IoT‐enabled healthcare systems is proposed to achieve lightweight and effective authentication of network devices. To support the processing capabilities of the IoT devices, this proposed authentication scheme is designed using lightweight cryptographic primitives, namely XOR, concatenation, and hash operation. The proposed scheme can establish a secure session between an authorized device and a gateway, and prevent unauthorized devices from getting access to healthcare systems. The security analysis and performance analysis assess the proposed authentication technique's effectiveness over existing well‐known schemes.

telecommunications

Chun-Ta Li,Tsu-Yang Wu,Chin-Ling Chen,Cheng-Chi Lee,Chien-Ming Chen

DOI: https://doi.org/10.3390/s17071482

2017-06-23

Abstract:In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

Yi Luo,Kuo-Chi Chang,Jian Li,Weimin Zheng

DOI: https://doi.org/10.1007/978-3-030-69717-4_82

2021-01-01

Abstract:Multi-server environments-based telecare medicine information systems (TMIS) using the smart card are widely used. Recently, Barman et al. proposed an authentication protocol in e-Healthcare for a multi-server environment.This paper demonstrates that their protocol is not secure against known session specific temporary information attack, leakage of the session key, and man-in-the-middle attack.

Mingping Qi,Jianhua Chen,Yitao Chen

DOI: https://doi.org/10.1016/j.cmpb.2018.07.008

IF: 6.1

2018-01-01

Computer Methods and Programs in Biomedicine

Abstract:BACKGROUND AND OBJECTIVES:Telecare Medicine Information System (TMIS) enables physicians to efficiently and conveniently make certain diagnoses and medical treatment for patients over the insecure public Internet. To ensure patients securely access to medicinal services, many authentication schemes have been proposed. Although numerous cryptographic authentication schemes for TMIS have been proposed with the aim to ensure data security, user privacy and authentication, various forms of attacks make these schemes impractical.METHODS:To design a truly secure and practical authentication scheme for TMIS, a new biometrics-based authentication key exchange protocol for multi-server TMIS without sharing the system private key with distributed servers is presented in this work.RESULTS:Our proposed protocol has perfect security features including mutual authentication, user anonymity, perfect forward secrecy and resisting various well-known attacks, and these security feathers are confirmed by the BAN logic and heuristic cryptanalysis, respectively.CONCLUSIONS:A secure biometrics-based authentication key exchange protocol for multi-server TMIS is presented in this work, which has perfect security properties including perfect forward secrecy, supporting user anonymity, etc., and can withstand various attacks such as impersonation attack, off-line password guessing attack, etc.. Considering security is the most important factor for an authentication scheme, so our scheme is more suitable for multi-server TMIS.

Shaik Jhani Bhasha,Sunita Panda

DOI: https://doi.org/10.1080/01969722.2024.2343982

IF: 1.859

2024-05-17

Cybernetics & Systems

Abstract:Internet of Medical Things (IoMT) is a promising field that is widely used in healthcare applications nowadays. The IoMT is an extension of the Internet of Things (IoT) that is utilized for the processing, generation, collection, and evaluation of medical data. However, the most concerning issue in IoMT is regarding the privacy and protection of the IoMT data. Because privacy preservation of information is the major concern in IoT-based healthcare systems. Hence, there is a need for a trustworthy end-to-end system, which can tolerate even insider attacks. The core aim of this research work is to promote the latest secure technique for transmitting the data from sink nodes to the server and also to ensure the security level of communication between them. Here, the gathered sink node is authenticated by deep hybrid methods of combining the Auto Encoder (AE) and Bidirectional Long Short-Term Memory (BiLSTM). This hybrid model is named as Auto Encoder-Bidirectional Long Short-Term Memory (AE-Bi-LSTM), in which the parameters are tuned by the Improved Chimp Optimization Algorithm (IChoA). Hence, data privacy preservation makes to secure communication in the networks. The proposed privacy-prevention model is utilized for maintaining communication between sink nodes and servers. The communication is done through three different steps (a) Sanitation, (b) Optimal key generation, and (c) Restoration. Moreover, from the overall result analysis, the accuracy and precision rate of the designed IChoA-AE-Bi-LSTM approach are 95.58 and 91.93%. The experimental analysis shows that the designed model offers a better authentication scheme and guarantees data privacy than traditional models. Moreover, applying a high amount of energy will reduce the lifetime of the sensor nodes. Here, privacy preservation is a challenging task due to fraudulent attacks from third-party service providers. In the future, advanced techniques will be implemented with lightweight encoded mechanisms.

computer science, cybernetics

Rifaqat Ali,Arup Kumar Pal,Saru Kumari,Arun Kumar Sangaiah,Xiong Li,Fan Wu

DOI: https://doi.org/10.1007/s12652-018-1015-9

IF: 3.662

2024-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the rapid growth of wireless medical sensor networks ( WMSNs ) based healthcare applications, protecting both the privacy and security from illegitimate users, are major concern issues since patient’s precise information is vital for the proper diagnosis procedure. So, authentication protocol is one of the efficient mechanisms to deal with trustworthy and authentic users. Several authentication protocols have been proposed in WMSNs environment. However, the most of these protocols are so susceptible to security threats and not suitable for practical use. In this article, recently proposed Amin et al.’s authentication scheme is reviewed and some vulnerabilities like off-line password guessing attack, user impersonation attack, known session-key temporary information attack, the revelation of secret parameters, and identity guessing attack are pointed out. To overcome all the above mentioned vulnerabilities, we have proposed an enhanced three-factor based remote user authentication protocol in WMSNs environment. Further, the proposed protocol is validated using Burrows–Abadi–Needham logic and then simulated using Automated Validation of Internet Security Protocols and Applications tool. Moreover, the security analysis ensures that the proposed protocol is well protected from various types of malicious attacks. In addition, the performance evaluation shows better efficiency and suitability of our protocol over other related protocols.

Ahmed A. Mawgoud,Ahmed I. Karadawy,Benbella S. Tawfik

DOI: https://doi.org/10.6084/m9.figshare.13311479.v2

2020-11-30

Abstract:The rapid growth of the Internet of Things technology in healthcare domain led to the appearance of many security threats and risks. It became very challenging to provide full protection with the expansion in using sensor objects in medical field, this led to the Internet of Medical Things definition, the security part in IoMT poses a perilous problem that keeps growing, because of the data sensitivity and critical information. The lack of providing a secure environment in IoMT may lead to patients privacy issues, not only leaving the data privacy of the patients at risk but also their lives can be in danger. In this paper, we provide a discussion on both definition and architecture of the Internet of Medical Things and Propose a new authentication approach through machine learning, to enhance the security level.

Cryptography and Security

Shengbao Wang,Xin Zhou,Kang Wen,Bosen Weng,Peng Zeng

DOI: https://doi.org/10.1109/jiot.2022.3228921

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Very recently, Masud et al. (2022) proposed a lightweight and anonymity-preserving user authentication scheme to establish secure communication between the doctor, the gateway, and sensor nodes in IoT-based healthcare, aiming to ensure the privacy of the patients’ physiological data. In this article, however, we carefully revisit their scheme and first point out that the scheme is not practically implementable in its current form, and second we show that it is vulnerable to session key disclosure attacks, off-line password guessing attacks, and traceability attacks, under the assumption that the attacker can gain access to the sensor nodes and the doctor’s device. We also propose fixes for each of these issues or vulnerabilities.

Deming Mao,Ling Zhang,Xiaoyu Li,Dejun Mu

DOI: https://doi.org/10.1155/2018/7579161

2018-01-01

Abstract:The application of implantable medical devices (IMDs), which solves the problems of geographical distance limitation and real-time health monitoring that plague patients and doctors, has caused great repercussions in the medical community. Despite the great potential of wide application, it also brings some security and privacy issues, such as the leakage of health data and unauthorized access to IMDs. Although a number of authentication and key agreement (AKA) schemes have been developed, we find that some subtle attacks still remain to be addressed. Then we propose an improved AKA scheme which achieves strong security features including user anonymity and known key security. It is formally proved to be secure under the Real-or-Random model. Moreover, a comprehensive security analysis shows that our scheme can resist various attacks and satisfy the desired requirements. Finally, the performance analysis shows the superiority of our protocol which is suitable for the implantable medical system.

Xiong Li,Jieyao Peng,Mohammad S. Obaidat,Fan Wu,Muhammad Khurram Khan,Chaoyang Chen

DOI: https://doi.org/10.1109/jsyst.2019.2899580

IF: 4.802

2020-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) enables all objects to connect to the Internet and exchange data via different emerging technologies, which makes the intelligent identification and management a reality. Wireless sensor networks (WSNs), as a crucial basis of IoT, have been applied in many fields like smart health care and smart transportation. With the development of WSNs, data security has attracted more and more attention, and user authentication is a popular mechanism to ensure the information security of WSNs. Recently, many authentication mechanisms for wireless medical sensor networks (WMSNs) have been proposed, but most of the protocols cannot achieve the features of local password change and forward secrecy while resisting stolen smart card attack. To enhance the security based on previous work, an ECC-based secure three-factor authentication protocol with forward secrecy for WMSN is proposed in this paper. It utilizes a fuzzy commitment scheme to handle the biometric information. Meanwhile, fuzzy verifier and honey_list techniques are used to solve the contradiction of local password verification and mobile device lost attack. The security of our protocol is evaluated by provable security, Proverif tool, and information analysis. Besides, the comparisons with the relevant protocols are given, and the results indicate that our protocol is robust and secure for WMSN systems.