Time dependency: an efficient biometric-based authentication for secure communication in wireless healthcare sensor networks
Tóm tắt
Healthcare systems promise a significant impact in the field of quality of life. However, security is one of the hottest topics that must be guaranteed in these systems. One of the effective ways to provide security is through cryptographic protocols. The keys generated by these protocols must be disposable and time-dependent to resist replay attacks. In this paper, we show that not only secret keys must be time-dependent, but also the existence of a time-independent variable in authentication protocols can compromise users' privacy. Recently, an elliptic curve cryptography-based authentication protocol with time-independent variables has been proposed for wireless healthcare sensor networks. This paper intends to secure the previous protocol. We simulate our proposed scheme using AVISPA, a well-known formal method to validate security protocols, and the result shows that our proposed protocol is provably safe. Besides, we prove that our protocol preserves mutual authentication property using the widely-used BAN logic, and low complexity makes our protocol suitable for practical applications. We show that users can securely agree on a shared key within
$$387\mu $$
s with a 256-byte overhead.
Tài liệu tham khảo
Amin, R., Islam, S.H., Biswas, G.P., Khan, M.K., Kumar, N.: A robust and anonymous patient monitoring system using wireless medical sensor networks. Futur. Gener. Comput. Syst. 80, 483–495 (2018)
Ibrahim, M.H., Kumari, S., Das, A.K., Wazid, M., Odelu, V.: Secure anonymous mutual authentication for star two-tier wireless body area networks. Comput. Methods Progr. Biomed. 135, 37–50 (2016)
Roman, L.F.A., Gondim, P.R.L.: Authentication protocol in CTNs for a CWD-WPT charging system in a cloud environment. Ad Hoc Netw. 97, 102004 (2020)
Ghahramani, M., Javidan, R., Shojafar, M.: A secure biometric-based authentication protocol for global mobility networks in smart cities. J. Supercomput. (2020). https://doi.org/10.1007/s11227-020-03160-x
Lara-Nino, C.A., Diaz-Perez, A., Morales-Sandoval, M.: Lightweight elliptic curve cryptography accelerator for internet of things applications. Ad Hoc Netw. 103, 102159 (2020)
Aghili, S.F., Mala, H.: New authentication/ownership transfer protocol for RFID objects. J. Inf. Secur. Appl. 49, 102401 (2019)
Wu, L., Wang, J., Raymond Choo, K.K., Li, Y., He, D.: An efficient provably-secure identity-based authentication scheme using bilinear pairings for Ad hoc network. J. Inf. Secur. Appl. 37, 112–121 (2017)
Shariq, M., Singh, K.: A novel vector-space-based lightweight privacy-preserving RFID authentication protocol for IoT environment. J. Supercomput. (2021). https://doi.org/10.1007/s11227-020-03550-1
Palit, S.K., Chakraborty, M., Chakraborty, S.: AUGChain: blockchain-based mobile user authentication scheme in global mobility network. J. Supercomput. (2021). https://doi.org/10.1007/s11227-021-04139-y
Kumari, A., Jangirala, S., Abbasi, M.Y., Kumar, V., Alam, M.: ESEAP: ECC based secure and efficient mutual authentication protocol using smart card. J. Inf. Secur. Appl. 51, 102443 (2020)
Abbasinezhad-Mood, D., Ostad-Sharif, A., Nikooghadam, M., Mazinani, S.M.: Novel certificateless Chebyshev chaotic map-based key agreement protocol for advanced metering infrastructure. J. Supercomput. 77, 8082–8110 (2021)
Liu, J.W., Zhang, L., Sun, R.: 1-RAAP: an efficient 1-round anonymous authentication protocol for wireless body area networks. Sensors (Switzerland) 16(5), 728 (2016). https://doi.org/10.3390/s16050728
Ghahramani, M., Javidan, R., Shojafar, M., Taheri, R., Alazab, M., Tafazolli, R.: RSS: an energy-efficient approach for securing IoT service protocols against the DoS attack. IEEE Internet Things J. 8, 3619–3635 (2020)
Li, X., Peng, J., Kumari, S., Wu, F., Karuppiah, M., Raymond Choo, K.K.: An enhanced 1-round authentication protocol for wireless body area networks with user anonymity. Comput. Electr. Eng. 61, 238–249 (2017)
Wu, F., Xu, L., Kumari, S., Li, X.: A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput. Electr. Eng. 45, 274–285 (2015)
Xie, Q., Tang, Z., Chen, K.: Cryptanalysis and improvement on anonymous three-factor authentication scheme for mobile networks. Comput. Electr. Eng. 59, 218–230 (2017)
Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., Chaudhry, S.A.: Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput. Electr. Eng. 63, 182–195 (2017)
Li, X., Ibrahim, M.H., Kumari, S., Sangaiah, A.K., Gupta, V., Choo, K.K.R.: Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput. Netw. 129, 429–443 (2017)
Wu, F., et al.: A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Futur. Gener. Comput. Syst. 82, 727–737 (2018)
Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A.K., Choo, K.-K.R.: A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J. Netw. Comput. Appl. 103, 194–204 (2018)
Li, W., Li, B., Zhao, Y., Wang, P., Wei, F.: Cryptanalysis and security enhancement of three authentication schemes in wireless sensor networks. Wirel. Commun. Mob. Comput. (2018). https://doi.org/10.1155/2018/8539674
Liu, C.H., Chung, Y.F.: Secure user authentication scheme for wireless healthcare sensor networks. Comput. Electr. Eng. 59, 250–261 (2017)
Challa, S., et al.: An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Comput. Electr. Eng. 69, 534–554 (2018)
Abbasinezhad-Mood, D., Ostad-Sharif, A., Nikooghadam, M.: Efficient provably-secure privacy-preserving signature-based key establishment protocol. Ad Hoc Netw. 100, 102062 (2020)
Harbi, Y., Aliouat, Z., Refoufi, A., Harous, S., Bentaleb, A.: Enhanced authentication and key management scheme for securing data transmission in the internet of things. Ad Hoc Netw. 94, 101948 (2019)
Mehmood, A., Umar, M.M., Song, H.: ICMDS: Secure inter-cluster multiple-key distribution scheme for wireless sensor networks. Ad Hoc Netw. 55, 97–106 (2017)
Wu, F., et al.: An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. J. Netw. Comput. Appl. 89, 72–85 (2017)
Guo, H., Gao, Y., Xu, T., Zhang, X., Ye, J.: A secure and efficient three-factor multi-gateway authentication protocol for wireless sensor networks. Ad Hoc Netw. 95, 101965 (2019)
Santos, M.L.B.A., Carneiro, J.C., Franco, A.M.R., Teixeira, F.A., Henriques, M.A.A., Oliveira, L.B.: Flat: federated lightweight authentication for the internet of things. Ad Hoc Netw. 107, 102253 (2020)
Qi, M., Chen, J.: Authentication and key establishment protocol from supersingular isogeny for mobile environments. J. Supercomput. 78, 6371–6385 (2021)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: International conference on the theory and applications of cryptographic techniques, 2004, pp. 523–540
Hankerson, D., Menezes, A., Vanstone, S., Guide to Elliptic Curve Cryptography Springer, ISBN 0-387-95273-X; 332 pages web, 2003
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)
Reddy, A.G., Yoon, E.-J.J., Das, A.K., Odelu, V., Yoo, K.-Y.Y.: Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5, 3622–3639 (2017)
He, D., Kumar, N., Chilamkurti, N.: A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf. Sci. (Ny) 321, 263–277 (2015)
Jiang, Q., Ma, J., Wei, F., Tian, Y., Shen, J., Yang, Y.: An untraceable temporal-credential-based two-factor authentication scheme using ECC for wireless sensor networks. J. Netw. Comput. Appl. 76, 37–48 (2016)
Chaturvedi, A., Mishra, D., Jangirala, S., Mukhopadhyay, S.: A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme. J. Inf. Secur. Appl. 32, 15–26 (2017)
Farash, M.S., Turkanović, M., Kumari, S., Hölbl, M.: An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 36, 152–176 (2016)
Amin, R., Kumar, N., Biswas, G.P., Iqbal, R., Chang, V.: A light weight authentication protocol for IoT-enabled devices in distributed cloud computing environment. Futur. Gener. Comput. Syst. 78, 1005–1019 (2018)
Mahmood, K., Chaudhry, S.A., Naqvi, H., Kumari, S., Li, X., Sangaiah, A.K.: An elliptic curve cryptography based lightweight authentication scheme for smart grid communication. Futur. Gener. Comput. Syst. 81, 557–565 (2018)
Li, X., Wu, F., Kumari, S., Xu, L., Sangaiah, A.K., Choo, K.-K.R.: A provably secure and anonymous message authentication scheme for smart grids. J. Parallel Distrib. Comput. 132, 242–249 (2017)
Automated Validation of Internet Security Protocols and Applications. [Online]. http://www.avispa-project.org/. Accessed 20 Jul 2020
Arshad, H., Nikooghadam, M.: Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12), 136 (2014)
Koblitz, N., Menezes, A., Vanstone, S.: The state of elliptic curve cryptography. Des. Codes Cryptogr. 19(2–3), 173–193 (2000)
He, D., Kumar, N., Lee, J.-H., Sherratt, R.S.: Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1), 30–37 (2014)
Nikooghadam, M., Amintoosi, H., Kumari, S.: A provably secure ECC-based roaming authentication scheme for global mobility networks. J. Inf. Secur. Appl. 54, 102588 (2020)
Jain, S., Nandhini, C., Doriya, R.: ECC-based authentication scheme for cloud-based robots. Wirel. Pers. Commun. 117(2), 1557–1576 (2021)
Shin, S., Kwon, T.: A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5G-integrated internet of things. IEEE Access 8, 67555–67571 (2020)
Qi, M., Chen, J.: Two-pass privacy preserving authenticated key agreement scheme for smart grid. IEEE Syst. J. 15, 3201–3207 (2020)
Yahuza, M., Idris, M.Y.I., Wahab, A.W.A., Nandy, T., Bin Ahmedy, I., Ramli, R.: An edge assisted secure lightweight authentication technique for safe communication on the Internet of drones network. IEEE Access 9, 31420–31440 (2021)
Ghahramani, M., Javidan, R.: A Robust Anonymous Remote User Authentication Protocol for IoT Services. Wirel. Pers. Commun. (2021). https://doi.org/10.1007/s11277-021-08826-0
Gaikwad, V.P., Tembhurne, J.V., Meshram, C., Lee, C.-C.: Provably secure lightweight client authentication scheme with anonymity for TMIS using chaotic hash function. J. Supercomput. (2021). https://doi.org/10.1007/s11227-020-03553-y
Roychoudhury, P., Roychoudhury, B., Saikia, D.K.: Provably secure group authentication and key agreement for machine type communication using Chebyshev’s polynomial. Comput. Commun. 127, 146–157 (2018)
Cui, J., Wang, Y., Zhang, J., Xu, Y., Zhong, H.: Full session key agreement scheme based on chaotic map in vehicular ad hoc networks. IEEE Trans. Veh. Technol. 69(8), 8914–8924 (2020)
Gupta, A., et al.: A lightweight anonymous user authentication and key establishment scheme for wearable devices. Comput. Netw. 149, 29–42 (2019)
Gupta, A., Tripathi, M., Sharma, A.: A provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN. Comput. Commun. 160, 311–325 (2020)