A secure three factor authentication scheme for wireless healthcare sensor networks based on elliptic curve

Document Type : Original Article

Authors

1 دانشجوی کارشناسی ارشد رایانش امن، گروه کامپیوتر، دانشگاه شاهد، تهران، ایران،

2 Department of Computer Engineering, Shahed University, Tehran, Iran

3 Department of Communication, Islamic Azad University Science and Research Branch, Tehran, Iran

4 Department of Computer Engineering, University of Qom, Qom, Iran

Abstract

Wireless body area networks (WBANs) include many tiny sensor nodes which are planted in or around a patient’s body. These sensor nodes can collect biomedical data from the patient and transmit these valuable data to a data sink or a personal digital assistant. Later, health care service providers can get access to these data through authorization. The biomedical data are usually personal and private. Consequently, data confidentiality and user privacy are of primary concerns for WBAN. One of the most important factors for providing security in e-healthcare networks, is authentication protocols which allow both parties to authenticate each other. Recently, regarding this issue, Challa et al.[1] presented an efficient elliptic curve based provably secure three-factor key agreement and authentication protocol for wireless healthcare sensor networks. In this paper, firstly we identify some security flaws of the Challa et al.’s scheme such as privileged-insider attacks, lack of forward secrecy and user traceability. Then, we present a three-factor authentication scheme for (WBANs) and evaluate the security properties of our scheme formally via “ProVerif”. Presented security analysis and comparisons show that the proposed scheme is an efficient secure authentication scheme for WBANs.

Keywords


[1]     S. Challa, A. K. Das, V. Odelu, N. Kumar, S. Kumari, M. K. Khan, and A. V. Vasilakos, “An efficient   ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks,” Computers & Electrical Engineering, vol. 69, pp. 534-554, 2018.##
[2]     C.-H. Liu and Y.-F. Chung, “Secure user authentication scheme for wireless healthcare sensor networks,” Computers & Electrical Engineering, vol. 59, pp. 250-261, 2017.##
[3]     Q. Jiang, M. K. Khan, X. Lu, J. Ma, and D. He, “A privacy preserving three-factor authentication protocol for e-Health clouds,” The Journal of Supercomputing, vol. 72, no. 10, pp. 3826-3849, 2016.##
[4]     M. U. Aslam, A. Derhab, K. Saleem, H. Abbas, M. Orgun, W. Iqbal, and B. Aslam, “A survey of authentication schemes in telecare medicine information systems,” Journal of medical systems, vol. 41, no. 1, p. 14, 2017.##
[5]     J. Lee, S. Ryu, and K. Yoo, “Fingerprint-based remote user authentication scheme using smart cards,” Electronics Letters, vol. 38, no. 12, pp. 554-555, 2002.##
[6]     C.-H. Lin and Y.-Y. Lai, “A flexible biometrics remote user authentication scheme,” Computer Standards & Interfaces, vol. 27, no. 1, pp. 19-23, 2004.##
[7]     W. Ku, S. Chang, and M. Chiang, “Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards,” Electronics Letters, vol. 41, no. 5, pp. 240-241, 2005.##
[8]     M. K. Khan, and J. Zhang, “Improving the security of ‘a flexible biometrics remote user authentication scheme,” Computer Standards & Interfaces, vol. 29, no. 1, pp. 82-85, 2007.##
[9]     H. S. Rhee, J. O. Kwon, and D. H. Lee, “A remote user authentication scheme without using smart cards,” Computer Standards & Interfaces, vol. 31, no. 1, pp. 6-13, 2009.##
[10]   H.-S. Kim, S.-W. Lee, and K.-Y. Yoo, “ID-based password authentication scheme using smart cards and fingerprints,” ACM SIGOPS Operating Systems Review, vol. 37, no. 4, pp. 32-41, 2003.##
[11]   M. Scott, “Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints,” ACM SIGOPS Operating Systems Review, vol. 38, no. 2, pp. 73-75, 2004.##
[12]   C. L. Chen, C. C. Lee, and C. Y. Hsu, “Mobile device integration of a fingerprint biometric remote authentication scheme,” International Journal of Communication Systems, vol. 25, no. 5, pp. 585-597, 2012.##
[13]   M. K. Khan, S. Kumari, and M. K. Gupta, “More efficient key-hash based fingerprint remote authentication scheme using mobile device,” Computing, vol. 96, no. 9, pp. 793-816, 2014.##
[14]   E.-J. Yoon, and K.-Y. Yoo, “Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem,” The Journal of supercomputing, vol. 63, no. 1, pp. 235-255, 2013.##
[15]   C.-I. Fan, and Y.-H. Lin, “Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics,” IEEE Transactions on Information Forensics and Security, vol. 4, no. 4, pp. 933-945, 2009.##
[16]   F. Wu, L. Xu, S. Kumari, and X. Li, “A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks,” Computers & Electrical Engineering, vol. 45, pp. 274-285, 2015.##
[17]   A. Irshad, and S. A. Chaudhry, “Comments on “A privacy preserving three-factor authentication protocol for e-health clouds”,” The Journal of Supercomputing, vol. 73, no. 4, pp. 1504-1508, 2017.##
[18]   Z. Liu, H. Seo, J. Großschädl, and H. Kim, “Efficient implementation of NIST-compliant elliptic curve cryptography for 8-bit AVR-based sensor nodes,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 7, pp. 1385-1397, 2016.##
[19]   M. Abdorasoul, R. Saed, and R. Alireza, “A New Elliptic Curve Based Electronic Voting Protocol,” Journal Of Electronical & Cyber Defence, vol. 5, no. 2, pp. 67-74, 2017)In Persian(##
[20]   M. Kompara, S. H. Islam, and M. Hölbl, “A robust and efficient mutual authentication and key agreement scheme with untraceability for WBANs,” Computer Networks, vol. 148, pp. 196-213, 2019.##
[21]   A. Gupta, M. Tripathi, T. J. Shaikh, and A. Sharma, “A lightweight anonymous user authentication and key establishment scheme for wearable devices,” Computer Networks, vol. 149, pp. 29-42, 2019.##
[22]   T.-Y. Chen, C.-C. Lee, M.-S. Hwang, and J.-K. Jan, “Towards secure and efficient user authentication scheme using smart card for multi-server environments,” The Journal of Supercomputing, vol. 66, no. 2, pp. 1008-1032, 2013.## 
 [23]  H. Arshad, and M. Nikooghadam, “Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems,” Journal of medical systems, vol. 38, no. 12, pp. 136, 2014.##
[24]   H. Xiong, and Z. Qin, “Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks,” IEEE transactions on information forensics and security, vol. 10, no. 7, pp. 1442-1455, 2015.##
 [25]  S. Ji, Z. Gui, T. Zhou, H. Yan, and J. Shen, “An Efficient and Certificateless Conditional Privacy-Preserving Authentication Scheme for Wireless Body Area Networks Big Data Services,” IEEE Access, vol. 6, pp. 69603-69611, 2018.##
[26]   B. Blanchet, B. Smyth, and V. Cheval, “ProVerif 1.93: Automatic cryptographic protocol verifier, user manual and tutorial,” Internet][cited June 2016], Available from: https://www. bensmyth. com/publications/2010-ProVerif-manualversion-1.93, 2016.##
[27]   B. Blanchet, "Automatic verification of security protocols in the symbolic model: The verifier proverif," Foundations of Security Analysis and Design VII, pp. 54-87: Springer, 2014.##
[28]   C. Cao, Y. Zuo, and F. Zhang, "Research on comprehensive performance simulation of communication IP network based on OPNET." pp. 195-197.##
[29]   C. Zhu, O. W. Yang, J. Aweya, M. Ouellette, and D. Y. Montuno, “A comparison of active queue management algorithms using the OPNET Modeler,” IEEE Communications Magazine, vol. 40, no. 6, pp. 158-167, 2002.##
[30]   K. Salah, P. Calyam, and M. Buhari, “Assessing readiness of IP networks to support desktop videoconferencing using OPNET,” Journal of Network and Computer Applications, vol. 31, no. 4, pp. 921-943, 2008.##
  • Receive Date: 02 December 2018
  • Revise Date: 25 September 2019
  • Accept Date: 18 June 2019
  • Publish Date: 21 May 2020