Multimedia Systems

, Volume 21, Issue 1, pp 49–60 | Cite as

Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks

  • Debiao He
  • Neeraj Kumar
  • Jianhua Chen
  • Cheng-Chi Lee
  • Naveen Chilamkurti
  • Seng-Soo Yeo
Regular Paper


With the fast development of wireless communication technologies and semiconductor technologies, the wireless sensor network (WSN) has been widely used in many applications. As an application of the WSN, the wireless medical sensor network (WMSN) could improve health-care quality and has become important in the modern medical system. In the WMSN, physiological data are collected by sensors deployed in the patient’s body and sent to health professionals’ mobile devices through wireless communication. Then health professionals could get the status of the patient anywhere and anytime. The data collected by sensors are very sensitive and important. The leakage of them could compromise the patient’s privacy and their malicious modification could harm the patient’s health. Therefore, both security and privacy are two important issues in WMSNs. Recently, Kumar et al. proposed an efficient authentication protocol for health-care applications using WMSNs and claimed that it could withstand various attacks. However, we find that their protocol is vulnerable to the off-line password guessing attack and the privileged insider attack. We also point out that their protocol cannot provide user anonymity. In this paper, we will propose a robust anonymous authentication protocol for health-care applications using WMSNs. Compared with Kumar et al.’s protocol, the proposed protocol has strong security and computational efficiency. Therefore, it is more suitable for health-care applications using WMSNs.


Wireless medical sensor network Authentication protocol Smart card 


  1. 1.
    Kumar, P., Lee, S., Lee, H.: E-SAP: efficient-Strong authentication protocol for healthcare applications using wireless medical sensor networks. Sensors 12, 1625–1647 (2012)CrossRefGoogle Scholar
  2. 2.
    Kumar, P., Lee, Y.D., Lee, H.J.: Secure health monitoring using medical wireless sensor networks. In: Proceedings of the 6th international conference on networked computing and advanced information management (NCM’10), Seoul, Korea, pp. 491–494, 16–18 August 2010Google Scholar
  3. 3.
    Haque, M.M., Pathan, A.S.K., Hong, C.S.: Securing U-healthcare sensor networks using public key based scheme. In Proceeding of the 10th international conference of advance communication technology (ICACT), Seoul, Korea, pp. 1108–1111, 19–22 Febr 2008Google Scholar
  4. 4.
    Dagtas, S., Pekhteryev, G., Sahinoglu, Z., Cam, H., Challa, N.: Real-time and secure wireless health monitoring. Int. J. Telemed. Appl. (2008). doi:10.1155/2008/135808 Google Scholar
  5. 5.
    Boukerche, A., Ren, Y.: A secure mobile healthcare system using trust-based multicast scheme. IEEE J. Sel. Areas Commun. 27, 387–399 (2009)CrossRefGoogle Scholar
  6. 6.
    Lin, X., Lu, R., Shen, X., Nemoto, Y., Kato, N.: SAGE: a strong privacy-preserving scheme against global evesdropping for ehealth systems. IEEE J. Sel. Areas Commun. 27, 365–378 (2009)CrossRefGoogle Scholar
  7. 7.
    Malasri, K., Wang, L.: Design and implementation of a secure wireless mote-based medical sensor network. Sensors 9, 6273–6297 (2009)CrossRefGoogle Scholar
  8. 8.
    Hu, F., Jiang, M., Wagner, M., Dong, D.C.: Privacy-preserving telecardiology sensor networks: toward a low-cost portable wireless hardware/software codesign. IEEE Trans. Inf Technol. Biomed. 11, 619–627 (2007)CrossRefGoogle Scholar
  9. 9.
    Le, X.H., Khalid, M., Sankar, R., Lee, S.: An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare. J. Netw. 6, 355–364 (2011)Google Scholar
  10. 10.
    Huang, Y.M., Hsieh, M.Y., Chao, H.C., Hung, S.H., Park, J.H.: Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks. IEEE J. Sel. Areas Commun. 27, 400–411 (2009)CrossRefGoogle Scholar
  11. 11.
    Das, M.L.: Two-factor user authentication in wireless sensor networks. IEEE Trans. Wirel. Commun. 8, 1086–1090 (2009)CrossRefGoogle Scholar
  12. 12.
    Nyang, D., Lee, M.: Improvement of Das’s two-factor authentication protocol in wireless sensor networks. Cryptol. ePrint Arch. 2009, 631 (2009)Google Scholar
  13. 13.
    Huang, H., Chang, Y., Liu, C.: Enhancement of two-factor user authentication in wireless sensor networks. In Proceedings of the 6th international conference on intelligent information hiding and multimedia signal processing (IIHMSP’10). 27–30 (2010)Google Scholar
  14. 14.
    Chen, H., Shih, W.: A robust mutual authentication protocol for wireless sensor networks. ETRI J. 32, 704–712 (2010)CrossRefGoogle Scholar
  15. 15.
    Khan, M.K., Alghathbar, K.: Cryptanalysis and security improvement of ‘two-factor user authentication in wireless sensor networks’. Sensors 10, 2450–2459 (2010)CrossRefGoogle Scholar
  16. 16.
    Yoo, S., Park, K., Kim, J.: A security-performance balanced user authentication scheme forwireless sensor networks. Int. J. Distrib, Sens. Netw. (2012) (Article ID 382810)Google Scholar
  17. 17.
    Yeh, H.L., Chen, T.H., Liu, P.C., Kim, T.H., Wei, H.W.: A secure authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 11, 4767–4779 (2011)CrossRefGoogle Scholar
  18. 18.
    Han, W.: Weakness of a secured authentication protocol for wireless sensor networks using elliptic curves cryptography. Cryptol. ePrint Arch. (2011).
  19. 19.
    Shi, W., Gong, P.: A new user authentication protocol for wireless sensor networks using elliptic curves cryptography. Int. J. Distrib. Sens. Netw. (2012) (Article ID 730831)Google Scholar
  20. 20.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In Proceedings of the advances in cryptology, Santa Barbara, pp. 388–397, 15–19 Aug 1999Google Scholar
  21. 21.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card under the threat of power analysis attacks. IEEE Trans. Comput. 51, 540–552 (2002)CrossRefMathSciNetGoogle Scholar
  22. 22.
    He, D., Wu, S., Chen, J.: Note on design of improved password authentication and update scheme based on elliptic curve cryptography. Math. Comput. Model. 55(3–4), 1661–1664 (2012)CrossRefMATHMathSciNetGoogle Scholar
  23. 23.
    He, D., Hu, H.: Cryptanalysis of a dynamic ID-based remote user authentication scheme with access control for multi-server environment. IEICE Trans. Inf. Syst. E96-D(1), 138–140 (2013)CrossRefMathSciNetGoogle Scholar
  24. 24.
    He, D., Chen, J., Zhang, R.: A more secure authentication scheme for telecare medicine information systems. J. Med. Syst. 36(3), 1989–1995 (2012)CrossRefGoogle Scholar
  25. 25.
    He, D., Chen, Y., Chen, J.: Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)CrossRefMATHMathSciNetGoogle Scholar
  26. 26.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)CrossRefGoogle Scholar
  27. 27.
    He, D., Wang, D., Wu, S.: Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards. Inf. Technol. Control 42(2), 170–177 (2013)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Debiao He
    • 1
    • 2
  • Neeraj Kumar
    • 3
  • Jianhua Chen
    • 1
  • Cheng-Chi Lee
    • 5
  • Naveen Chilamkurti
    • 4
  • Seng-Soo Yeo
    • 6
  1. 1.School of Mathematics and StatisticsWuhan UniversityWuhanChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.Department of Computer Science and EngineeringThapar UniversityPatialaIndia
  4. 4.Department of Computer Science and Computer EngineeringLa Trobe UniversityMelbourneAustralia
  5. 5.Department of Library and Information ScienceFu Jen Catholic UniversityNew TaipeiTaiwan
  6. 6.Mokwon UniversityDaejeonKorea

Personalised recommendations