Analysis and Improvement of a Mutual Authentication Scheme for Wireless Body Area Networks
- 91 Downloads
An increase in aging population and the consequent chronic diseases pose not only serious effects to the economy but also a heavy burden to the medical system. Wireless body area networks (WBANs) provide a simple and low-cost strategy for health monitoring and telemedicine of the elderly. Many authentication schemes based on WBAN have been presented to address the sensitivity and privacy of collected data and the open characteristic of wireless networks. Wu et al. recently presented an efficient anonymous authentication scheme for WBANs, in which a one-side bilinear pairing methodology was applied to reduce the burden on the WBAN client side. However, we demonstrate that their scheme suffers from client impersonation attacks and that the adversary can easily forge a legal client to access the network service. In this paper, we analyze the limitations of Wu et al.’s scheme and design a novel mutual authentication scheme for WBANs that adopt asymmetric bilinear pairing to enhance security. Results of security and performance analyses reveal that the new scheme offers more effective security, better performance, and higher efficiency than Wu et al.’s scheme. We also provide a formal security proof of the protocol by using BAN authentication logic.
KeywordsWireless body area network (WBAN) Authentication scheme Security Anonymity
This work was supported in part by the National Natural Science Foundation of China under grants U1435213 and 61172180, and Chengdu International Cooperation Project under grants 2016-GH02-00048-HZ and 2015-GH02-00041- HZ, and General Project of Education Department in Sichan under grants 18ZB0485.
This study was funded by National Natural Science Foundation of China (grant number U1435213 and 61172180), and Chengdu International Cooperation Project (grant number 2016-GH02-00048-HZ and 2015-GH02-00041-HZ), and General Project of Education Department in Sichuan (grant number 18ZB0485).
Compliance with ethical standards
Conflict of interests
Author Dezhong Peng has received research grants from National Natural Science Foundation of China and Chengdu International Cooperation Project. Author Rui Chen has received research grants from General Project of Education Department in Sichuan. Author Dezhong Peng declares that he has no conflict of interest. Author Rui Chen declares that he has no conflict of interest.
This article does not contain any studies with human participants performed by any of the authors.
- 1.WHO, Life expectancy increased by 5 years since 2000, but health inequalities persist. Saudi Med. J. 37(6): 717–717, 2016.Google Scholar
- 3.Ieee standard for local and metropolitan area networks - part 15.6: Wireless body area networks in IEEE Std, 2012Google Scholar
- 4.Toorani, M.: On vulnerabilities of the security association in the ieee 802.15.6 standard. In: International conference on financial cryptography and data security, pp. 245–260, 2015.Google Scholar
- 8.He, D., Zeadally, S., and Wu, L., Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst. J. PP(99):1–10, 2015.Google Scholar
- 9.Jang, C. S., Lee, D. G., and Han, J. W.: A proposal of security framework for wireless body area network. In: International conference on security technology, pp. 202–205, 2008.Google Scholar
- 14.He, D., Kumar, N., and Chilamkurti, N., A secure temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Int. Symposium Wireless Pervasive Comput. 321(1):263–277, 2015.Google Scholar
- 17.Drira, W., Renault, E., and Zeghlache, D.: A hybrid authentication and key establishment scheme for wban. In: IEEE international conference on trust, security and privacy in computing and communications, pp. 78–83, 2012.Google Scholar
- 20.Al-Riyami, S. S., and Paterson, K.G.: Certificateless public key cryptography. In: International conference on the theory and application of cryptology and information security, pp. 452–473, 2003.Google Scholar
- 22.Zhang, L., Liu, J., and Sun, R.: An efficient and lightweight certificateless authentication protocol for wireless body area networks. In: International conference on intelligent networking and collaborative systems, pp. 637–639, 2013.Google Scholar
- 23.Kang, B., Wang, J., and Shao, D.: Certificateless public auditing with privacy preserving for cloud-assisted wireless body area networks, Mobile Information Systems 2017(2017-7-6), 2017Google Scholar
- 24.He, D., Zeadally, S., Kumar, N., and Lee, J. H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. PP(99):1–12, 2016.Google Scholar
- 28.Menezes, A. J., Okamoto, T., and Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. In: ACM symposium on theory of computing, pp. 80–89, 1991.Google Scholar
- 29.Burrows, M., Abadi, M., and Needham, R., A logic of authentication. Acm Sigops Operating Systems Review 8(1):18–36, 1990.Google Scholar