Wireless body area networks play an indispensable role in the medical Internet of Things. It is a network of several wearables or implantable devices that use wireless technologies to communicate. These devices usually collect the wearer's physiological data and send it to the server. Some health care providers can access the server over the network and provide medical care to the wearer. Due to the openness and mobility of the wireless network, the adversary can easily steal and forge information, which exchanged in the communication channel that leaks wearer's privacy. Therefore, a secure and reliable authentication scheme is essential. Most of the existing authentication schemes are based on asymmetric encryption. However, since the sensor devices in wireless body area networks are typically resource-constrained devices, their computing resources cannot afford to use asymmetric encryption. In addition, most of the existing lightweight authentication schemes have various security vulnerabilities, especially the lack of forwarding secrecy. Therefore, we propose a secure lightweight authentication scheme for the wireless body area networks. With this scheme, forward secrecy can be guaranteed without using asymmetric encryption. We use the automatic security verification tool ProVerif to verify the security of our scheme and analyze informal security. The experimental results and the theoretical analysis indicate that our scheme significantly reduces the computational cost compared with the schemes using asymmetric encryption and that it has a lower security risk compared with the lightweight schemes. INDEX TERMS Authentication, IoT, security, wireless body area network.
Summary
Wireless body area network (WBAN) is a special wireless mobile sensor network, which is mainly applied to the medical field. It can monitor the physical condition of patients and send this vital and sensitive information to a server that provides medical and health services. Because of the openness and mobility of WBAN, it is easier for the adversary to obtain, corrupt, or replace the data transmitted in the channel, or launch various attacks. Therefore, data security and privacy issues are the most challenging problems in WBANs. Moreover, most wearable sensors in WBAN are resource‐constrained devices, traditional security schemes may not be suitable for WBAN. Therefore, in this paper, we propose a lightweight anonymous mutual authentication and key agreement scheme for WBAN. This scheme uses only hash function operations and XOR operations. We use the automatic security verification tool ProVerif to verify the security properties of our scheme and informal security analysis is discussed. We also compared the proposed scheme with many related works and the results indicate that our scheme has either more advantages in terms of computation cost, energy consumption, and communication cost or lower security risk.
Institute of Mathematics of the Czech Academy of Sciences provides access to digitized documents strictly for personal use. Each copy of any part of this document must contain these Terms of use.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.