Abstract
This paper is based on the work published by Cheng et al. in the journal Mobile Networks and Applications. Cheng et al. proposed a certificateless authentication and key agreement scheme for secure cloud-assisted wireless body area networks. In this paper, we firstly cryptanalyzed Cheng’s scheme in term of various security issues and its errorneous protocol design. We shows that their scheme has various security vulnerabilities such as impersonation attacks, lack of mutual authentication, and so on. Moreover, their claim regarding the certificateless scheme is also doubtful. In addition, there are many problems in the design of their scheme such as the private keys are being shared, incorrect definition of hashes etc. Secondly, we focus on introducing an improved version of certificateless mutual authentication and key agreement protocol with resilience over security against key generator centers as well as existing attackers to mitigate the aforesaid concerns. In addition, we propose a provable security model for the security proofs which proves the robustness of the proposed scheme using the random oracle model. We also done the informal security analysis for the proposed work. It can be easily seen that the proposed protocol provides resistance against attacks like; impersonation, man-in-the-middle, known key secrecy, etc.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10536-8/MediaObjects/11277_2023_10536_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10536-8/MediaObjects/11277_2023_10536_Fig2_HTML.png)
Similar content being viewed by others
Data Availibility
Not applicable.
Change history
11 July 2023
The original version of this article was revised: In this article the affiliation details for Pooja Verma were incorrect. The original article has been corrected.
17 July 2023
A Correction to this paper has been published: https://doi.org/10.1007/s11277-023-10596-w
References
Ogundoyin, S. O., & Kamil, I. A. (2021). PAASH: A privacy-preserving authentication and fine-grained access control of outsourced data for secure smart health in smart cities. Journal of Parallel and Distributed Computing, 155, 101–119.
Gupta, D. S., Islam, S. H., Obaidat, M. S., Karati, A., & Sadoun, B. (2020). LAAC: Lightweight lattice-based authentication and access control protocol for e-health systems in IoT environments. IEEE Systems Journal, 15(3), 3620–3627.
Islam, S. H., & Khan, M. K. (2016). Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. International Journal of Communication Systems, 29(17), 2442–2456.
Gupta, D. S., & Biswas, G. (2017). An ECC-based authenticated group key exchange protocol in IBE framework. International Journal of Communication Systems, 30(18), 3363.
Gupta, D. S., Mazumdar, N., Nag, A., & Singh, J. P. (2023). Secure data authentication and access control protocol for industrial healthcare system. Journal of Ambient Intelligence and Humanized Computing, 1–12.
Verma, P., & Gupta, D. S. (2022). A pairing-free data authentication and aggregation mechanism for intelligent healthcare system. Computer Communications, 198, 282–296.
Wang, D., Cheng, H., He, D., & Wang, P. (2016). On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Systems Journal, 12(1), 916–925.
Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47–53). Springer.
Gupta, D. S., & Biswas, G. (2015). Identity-based/attribute-based cryptosystem using threshold value without Shamir’s secret sharing. In 2015 International conference on signal processing, computing and control (ISPCC) (pp 307–311). IEEE.
Al-Riyami, S. S., Paterson, K. G., et al. (2003). Certificateless public key cryptography. In Asiacrypt, Vol. 2894 (pp. 452–473). Springer.
Cheng, Q., Li, Y., Shi, W., & Li, X. (2022). A certificateless authentication and key agreement scheme for secure cloud-assisted wireless body area network. Mobile Networks and Applications, 1–11.
Kumar, M., & Chand, S. (2020). A lightweight cloud-assisted identity-based anonymous authentication and key agreement protocol for secure wireless body area network. IEEE Systems Journal, 15(2), 2779–2786.
Gupta, D. S., Islam, S. H., Obaidat, M. S., Vijayakumar, P., Kumar, N., & Park, Y. (2020). A provably secure and lightweight identity-based two-party authenticated key agreement protocol for IIoT environments. IEEE Systems Journal, 15(2), 1732–1741.
He, D., Padhye, S., & Chen, J. (2012). An efficient certificateless two-party authenticated key agreement protocol. Computers & Mathematics with Applications, 64(6), 1914–1926.
Sun, H., Wen, Q., & Li, W. (2016). A strongly secure pairing-free certificateless authenticated key agreement protocol under the CDH assumption. Science China Information Sciences, 59(3), 1–16.
Kim, Y.-J., Kim, Y.-M., Choe, Y.-J., et al. (2013). An efficient bilinear pairing-free certificateless two-party authenticated key agreement protocol in the ECK model. arXiv:1304.0383.
Tu, H., Kumar, N., Kim, J., & Seo, J. (2015). A strongly secure pairing-free certificateless authenticated key agreement protocol suitable for smart media and mobile environments. Multimedia Tools and Applications, 74, 6365–6377.
Xiong, H. (2014). Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Transactions on Information Forensics and Security, 9(12), 2327–2339.
Truong, T.-T., Tran, M.-T., & Duong, A.-D. (2012). Improvement of the more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In 2012 26th international conference on advanced information networking and applications workshops, (pp. 698–703) . IEEE.
Gupta, D. S., Parai, K., Obaidat, M. S., & Islam, S. H. (2021). Efficient and secure design of id-3paka protocol using ECC. In 2021 international conference on computer, information and telecommunication systems (CITS) (pp. 1–5). IEEE.
Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117–123.
Amin, R., Islam, S. H., Biswas, G., & Obaidat, M. S. (2018). A robust mutual authentication protocol for WSN with multiple base-stations. Ad Hoc Networks, 75, 1–18.
Abiramy, N., & Sudha, S. (2019). A secure and lightweight authentication protocol for multiple layers in wireless body area network. In Smart intelligent computing and applications (pp. 287–296). Springer.
Kapito, B., Nyirenda, M., & Kim, H. (2021). Privacy-preserving machine authenticated key agreement for internet of things. International Journal of Computer Networks & Communications (IJCNC), 13(2), 99–120.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Advances in cryptology-CRYPTO 2001: 21st annual international cryptology conference, Santa Barbara, California, USA, August 19–23, 2001 Proceedings (pp 213–229). Springer.
Miller, V. S. (1986). Use of elliptic curves in cryptography. Springer.
Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48(177), 203–209.
Gupta, D. S., & Biswas, G. (2017). On securing bi-and tri-partite session key agreement protocol using IBE framework. Wireless Personal Communications, 96, 4505–4524.
Verma, P. (2019). A secure gateway discovery protocol using elliptic curve cryptography for internet-integrated manet. In Cryptographic security solutions for the Internet of Things (pp. 181–210). IGI Global.
Gupta, D. S., & Biswas, G. (2017). A secure cloud storage using ECC-based homomorphic encryption. International Journal of Information Security and Privacy (IJISP), 11(3), 54–62.
Gupta, D.S., Hafizul Islam, S., & Obaidat, M. S. (2020). A secure identity-based three-party authenticated key agreement protocol using bilinear pairings. In Innovative data communication technologies and application: ICIDCA 2019 (pp. 1–11). Springer.
Funding
The authors did not receive support from any organization for the submitted work.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The original version of this article was revised: In this article the affiliation details for Pooja Verma were incorrect. The original article has been corrected.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Verma, P., Gupta, D.S. An Improved Certificateless Mutual Authentication and Key Agreement Protocol for Cloud-Assisted Wireless Body Area Networks. Wireless Pers Commun 131, 2399–2426 (2023). https://doi.org/10.1007/s11277-023-10536-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10536-8