Skip to main content

Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network


Wireless body area network (WBAN) provides a medium through which physiological information could be harvested and transmitted to application provider (AP) in real time. Integrating WBAN in a heterogeneous Internet of Things (IoT) ecosystem would enable an AP to monitor patients from anywhere and at anytime. However, the IoT roadmap of interconnected ‘Things’ is still faced with many challenges. One of the challenges in healthcare is security and privacy of streamed medical data from heterogeneously networked devices. In this paper, we first propose a heterogeneous signcryption scheme where a sender is in a certificateless cryptographic (CLC) environment while a receiver is in identity-based cryptographic (IBC) environment. We then use this scheme to design a heterogeneous access control protocol. Formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model is presented. In comparison with some of the existing access control schemes, our scheme has lower computation and communication cost.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4


  1. 1.

    Gope, P., and Hwang, T., An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. J. Netw. Comput. Appl. 62:1–8, 2016.

    Article  Google Scholar 

  2. 2.

    Li, F., Zhang, H., and Takagi, T., Efficient signcryption for heterogeneous systems. IEEE Syst. J. 7(3): 420–429, 2013.

    Article  Google Scholar 

  3. 3.

    Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., and Chaudhry, S. A., Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput Electr. Eng. 63:182–195, 2017.

    Article  Google Scholar 

  4. 4.

    Jiang, Q., Zeadally, S., Ma, J., and He, D., Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392, 2017.

    Article  Google Scholar 

  5. 5.

    Li, X., Niu, J., Bhuiyan, M. Z. A., Wu, F., Karuppiah, M., and Kumari, S.: A robust ECC based provable secure authentication protocol with privacy protection for industrial internet of things. IEEE Transactions on Industrial Informatics., 2017

  6. 6.

    Li, X., Niu, J., Kumari, S., Wu, F., and Choo, K. K. R., A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Futur. Gener. Comput. Syst. 83:607–618, 2018.

    Article  Google Scholar 

  7. 7.

    Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A. K., and Choo, K. K. R., A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J. Netw. Comput. Appl. 103: 194–204, 2018.

    Article  Google Scholar 

  8. 8.

    Li, X., Niu, J., Liao, J., and Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.

    Article  CAS  Google Scholar 

  9. 9.

    Al-Riyami, S. S., and Paterson, K. G., Certificateless public key cryptography. Adv. Cryptol.-ASIACRYPT 2003:452–473, 2003.

    Google Scholar 

  10. 10.

    Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Kumar, N., A robust and anonymous patient monitoring system using wireless medical sensor networks. Futur. Gener. Comput. Syst. 80:483–495, 2018.

    Article  Google Scholar 

  11. 11.

    Barbosa, M., and Farshim, P.: Certificateless signcryption. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS ’08), pp. 369–372, 2008.

  12. 12.

    Barreto, P. S. L. M., Libert, B., McCullagh, N., and Quisquater, J. J., Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. Adv. Cryptol.-ASIACRYPT 2005:515–532, 2005.

    Google Scholar 

  13. 13.

    Cagalaban, G., and Kim, S.: Towards a secure patient information access control in ubiquitous healthcare systems using identity-based signcryption. In: 13Th international conference on advanced communication technology (ICACT2011), pp. 863–867, 2011.

  14. 14.

    Cramer, R., and Shoup, V., A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in Cryptology-CRYPTO ’98 LNCS 1462:13–25, 1998.

    Article  Google Scholar 

  15. 15.

    Daemen, J., and Rijmen, V., The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer Science & Business Media, 2013.

    Google Scholar 

  16. 16.

    He, D., Zeadally, S., Kumar, N., and Lee, J. H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11(4):2590–2601, 2017.

    Article  Google Scholar 

  17. 17.

    Hu, C., Li, H., Huo, Y., Xiang, T., and Liao, X., Secure and efficient data communication protocol for wireless body area networks. IEEE Trans. Multi-Scale Comput. Syst. 2(2):94–107, 2016.

    Article  Google Scholar 

  18. 18.

    Hu, C., Zhang, N., Li, H., Cheng, X., and Liao, X., Body area network security: a fuzzy attribute-based signcryption scheme. IEEE J. Sel. Areas Commun. 31(9):37–46, 2013.

    Article  Google Scholar 

  19. 19.

    Huang, Q., Wong, D. S., and Yang, G., Heterogeneous signcryption with key privacy. Comput. J. 54(4): 525, 2011.

    Article  Google Scholar 

  20. 20.

    Li, F., Han, Y., and Jin, C., Practical access control for sensor networks in the context of the internet of things. Comput. Commun. 89-90:154–164, 2016.

    Article  Google Scholar 

  21. 21.

    Li, F., Han, Y., and Jin, C., Cost-effective and anonymous access control for wireless body area networks. IEEE Syst. J. 12(1):747–758, 2018.

    Article  Google Scholar 

  22. 22.

    Li, F., and Hong, J., Efficient certificateless access control for wireless body area networks. IEEE Sensors J. 16(13):5389–5396, 2016.

    Article  Google Scholar 

  23. 23.

    Liu, J., Zhang, Z., Chen, X., and Kwak, K. S., Certificateless remote anonymous authentication schemes for wireless body area networks. IEEE Trans. Parallel Distrib. Syst. 25(2):332–342, 2014.

    Article  Google Scholar 

  24. 24.

    Li, X., Ibrahim, M. H., Kumari, S., Sangaiah, A. K., Gupta, V., and Choo, K. K. R., Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput. Netw. 129:429–443, 2017.

    Article  Google Scholar 

  25. 25.

    Liu, Y., Zhang, Y., Ling, J., and Liu, Z., Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Futur. Gener. Comput. Syst. 78:1020–1026, 2018.

    Article  Google Scholar 

  26. 26.

    Milenković, A., Otto, C., and Jovanov, E., Wireless sensor networks for personal health monitoring: Issues and an implementation. Comput. Commun. 29(13-14):2521–2533, 2006.

    Article  Google Scholar 

  27. 27.

    Omala, A. A., Kibiwott, K. P., and Li, F., An efficient remote authentication scheme for wireless body area network. J. Med. Syst. 41(2):25, 2016.

    Article  PubMed  Google Scholar 

  28. 28.

    Omala, A. A., Robert, N., and Li, F., A provably-secure transmission scheme for wireless body area networks. J. Med. Syst. 40(11):247, 2016.

    Article  PubMed  Google Scholar 

  29. 29.

    Pointcheval, D., and Stern, J., Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3):361–396, 2000.

    Article  Google Scholar 

  30. 30.

    Shamir, A., Identity-based cryptosystems and signature schemes. Adv. Cryptol.-CRYPTO 84:47–53, 1985.

    Google Scholar 

  31. 31.

    Shen, J., Chang, S., Shen, J., Liu, Q., and Sun, X., A lightweight multi-layer authentication protocol for wireless body area networks. Futur. Gener. Comput. Syst. 78:956–963, 2018.

    Article  Google Scholar 

  32. 32.

    Sun, Y., and Li, H., Efficient signcryption between tpkc and idpkc and its multi-receiver construction. Sci. China Inf. Sci. 53(3):557–566, 2010.

    Article  Google Scholar 

  33. 33.

    Zheng, Y., Digital signcryption or how to achieve cost(signature &encryption) << cost(signature) + cost(encryption). Advances in Cryptology-CRYPTO ’97 LNCS 1294:165–179, 1997.

    Article  Google Scholar 

  34. 34.

    Eom, J., Lee, D. H., and Lee, K., Patient-controlled attribute-based encryption for secure electronic health records system. J. Med. Syst. 40(12):253, 2016.

    Article  PubMed  Google Scholar 

  35. 35.

    Xiong, H., Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Trans. Inf. Forensic. Secur. 9(12):2327–2339, 2014.

    Article  Google Scholar 

  36. 36.

    Lu, Y., Xu, G., Li, L., and Yang, Y.: Anonymous three-factor authenticated key agreement for wireless sensor networks. Wireless Networks., 2017

  37. 37.

    Saeed, M. E. S., Liu, Q., Tian, G., Gao, B., and Li, F.: Hoosc: heterogeneous online/offline signcryption for the internet of things. Wireless Networks., 2017

  38. 38.

    Ting, P. Y., Tsai, J. L., and Wu, T. S.: Signcryption method suitable for low-power iot devices in a wireless sensor network. IEEE Systems Journal., 2017

  39. 39.

    Li, F., Shirase, M., and Takagi, T., Certificateless hybrid signcryption. Math. Comput. Modell. 57(3-4): 324–343, 2013.

    Article  Google Scholar 

  40. 40.

    Boyen, X., Multipurpose identity-based signcryption: a swiss army knife for identity-based cryptography. Adv. Cryptol.-CRYPTO 2003:383–399, 2003.

    Google Scholar 

  41. 41.

    Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V., Wiesmaier, A., and Kikiras, P.: On the security and privacy of internet of things architectures and systems. In: 2015 International workshop on secure internet of things (SIot 2015), pp. 49–57, 2015.

  42. 42.

    Wu, F., Li, X., Sangaiah, A. K., Xu, L., Kumari, S., Wu, L., and Shen, J., A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Futur. Gener. Comput. Syst. 82:727–737, 2018.

    Article  Google Scholar 

Download references


This work is supported by the National Natural Science Foundation of China (Grant No 612725 25), the Fundamental Research Funds for the Central Universities (Grant No. ZYGX2016J081) and the Laboratory for Internet of Things and Mobile Internet Technology of Jiangsu Province (Grant No. JSWLW-2017-006).

Author information



Corresponding author

Correspondence to Fagen Li.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Omala, A.A., Mbandu, A.S., Mutiria, K.D. et al. Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network. J Med Syst 42, 108 (2018).

Download citation


  • Signcryption
  • Certificateless
  • Identity-based cryptography
  • WBAN
  • IoT
  • Access control