Skip to main content
SpringerLink
Log in

An Improved Certificateless Mutual Authentication and Key Agreement Protocol for Cloud-Assisted Wireless Body Area Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

A Correction to this article was published on 17 July 2023

This article has been updated

Abstract

This paper is based on the work published by Cheng et al. in the journal Mobile Networks and Applications. Cheng et al. proposed a certificateless authentication and key agreement scheme for secure cloud-assisted wireless body area networks. In this paper, we firstly cryptanalyzed Cheng’s scheme in term of various security issues and its errorneous protocol design. We shows that their scheme has various security vulnerabilities such as impersonation attacks, lack of mutual authentication, and so on. Moreover, their claim regarding the certificateless scheme is also doubtful. In addition, there are many problems in the design of their scheme such as the private keys are being shared, incorrect definition of hashes etc. Secondly, we focus on introducing an improved version of certificateless mutual authentication and key agreement protocol with resilience over security against key generator centers as well as existing attackers to mitigate the aforesaid concerns. In addition, we propose a provable security model for the security proofs which proves the robustness of the proposed scheme using the random oracle model. We also done the informal security analysis for the proposed work. It can be easily seen that the proposed protocol provides resistance against attacks like; impersonation, man-in-the-middle, known key secrecy, etc.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Data Availibility

Not applicable.

Change history

  • 11 July 2023

    The original version of this article was revised: In this article the affiliation details for Pooja Verma were incorrect. The original article has been corrected.

  • 17 July 2023

    A Correction to this paper has been published: https://doi.org/10.1007/s11277-023-10596-w

References

  1. Ogundoyin, S. O., & Kamil, I. A. (2021). PAASH: A privacy-preserving authentication and fine-grained access control of outsourced data for secure smart health in smart cities. Journal of Parallel and Distributed Computing, 155, 101–119.

    Article  Google Scholar 

  2. Gupta, D. S., Islam, S. H., Obaidat, M. S., Karati, A., & Sadoun, B. (2020). LAAC: Lightweight lattice-based authentication and access control protocol for e-health systems in IoT environments. IEEE Systems Journal, 15(3), 3620–3627.

    Article  Google Scholar 

  3. Islam, S. H., & Khan, M. K. (2016). Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. International Journal of Communication Systems, 29(17), 2442–2456.

    Article  Google Scholar 

  4. Gupta, D. S., & Biswas, G. (2017). An ECC-based authenticated group key exchange protocol in IBE framework. International Journal of Communication Systems, 30(18), 3363.

    Article  Google Scholar 

  5. Gupta, D. S., Mazumdar, N., Nag, A., & Singh, J. P. (2023). Secure data authentication and access control protocol for industrial healthcare system. Journal of Ambient Intelligence and Humanized Computing, 1–12.

  6. Verma, P., & Gupta, D. S. (2022). A pairing-free data authentication and aggregation mechanism for intelligent healthcare system. Computer Communications, 198, 282–296.

    Article  Google Scholar 

  7. Wang, D., Cheng, H., He, D., & Wang, P. (2016). On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Systems Journal, 12(1), 916–925.

    Article  Google Scholar 

  8. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47–53). Springer.

  9. Gupta, D. S., & Biswas, G. (2015). Identity-based/attribute-based cryptosystem using threshold value without Shamir’s secret sharing. In 2015 International conference on signal processing, computing and control (ISPCC) (pp 307–311). IEEE.

  10. Al-Riyami, S. S., Paterson, K. G., et al. (2003). Certificateless public key cryptography. In Asiacrypt, Vol. 2894 (pp. 452–473). Springer.

  11. Cheng, Q., Li, Y., Shi, W., & Li, X. (2022). A certificateless authentication and key agreement scheme for secure cloud-assisted wireless body area network. Mobile Networks and Applications, 1–11.

  12. Kumar, M., & Chand, S. (2020). A lightweight cloud-assisted identity-based anonymous authentication and key agreement protocol for secure wireless body area network. IEEE Systems Journal, 15(2), 2779–2786.

    Article  Google Scholar 

  13. Gupta, D. S., Islam, S. H., Obaidat, M. S., Vijayakumar, P., Kumar, N., & Park, Y. (2020). A provably secure and lightweight identity-based two-party authenticated key agreement protocol for IIoT environments. IEEE Systems Journal, 15(2), 1732–1741.

    Article  Google Scholar 

  14. He, D., Padhye, S., & Chen, J. (2012). An efficient certificateless two-party authenticated key agreement protocol. Computers & Mathematics with Applications, 64(6), 1914–1926.

    Article  MathSciNet  MATH  Google Scholar 

  15. Sun, H., Wen, Q., & Li, W. (2016). A strongly secure pairing-free certificateless authenticated key agreement protocol under the CDH assumption. Science China Information Sciences, 59(3), 1–16.

    Article  Google Scholar 

  16. Kim, Y.-J., Kim, Y.-M., Choe, Y.-J., et al. (2013). An efficient bilinear pairing-free certificateless two-party authenticated key agreement protocol in the ECK model. arXiv:1304.0383.

  17. Tu, H., Kumar, N., Kim, J., & Seo, J. (2015). A strongly secure pairing-free certificateless authenticated key agreement protocol suitable for smart media and mobile environments. Multimedia Tools and Applications, 74, 6365–6377.

    Article  Google Scholar 

  18. Xiong, H. (2014). Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Transactions on Information Forensics and Security, 9(12), 2327–2339.

    Article  Google Scholar 

  19. Truong, T.-T., Tran, M.-T., & Duong, A.-D. (2012). Improvement of the more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In 2012 26th international conference on advanced information networking and applications workshops, (pp. 698–703) . IEEE.

  20. Gupta, D. S., Parai, K., Obaidat, M. S., & Islam, S. H. (2021). Efficient and secure design of id-3paka protocol using ECC. In 2021 international conference on computer, information and telecommunication systems (CITS) (pp. 1–5). IEEE.

  21. Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117–123.

    Article  Google Scholar 

  22. Amin, R., Islam, S. H., Biswas, G., & Obaidat, M. S. (2018). A robust mutual authentication protocol for WSN with multiple base-stations. Ad Hoc Networks, 75, 1–18.

    Article  Google Scholar 

  23. Abiramy, N., & Sudha, S. (2019). A secure and lightweight authentication protocol for multiple layers in wireless body area network. In Smart intelligent computing and applications (pp. 287–296). Springer.

  24. Kapito, B., Nyirenda, M., & Kim, H. (2021). Privacy-preserving machine authenticated key agreement for internet of things. International Journal of Computer Networks & Communications (IJCNC), 13(2), 99–120.

    Article  Google Scholar 

  25. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Advances in cryptology-CRYPTO 2001: 21st annual international cryptology conference, Santa Barbara, California, USA, August 19–23, 2001 Proceedings (pp 213–229). Springer.

  26. Miller, V. S. (1986). Use of elliptic curves in cryptography. Springer.

  27. Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of Computation, 48(177), 203–209.

    Article  MathSciNet  MATH  Google Scholar 

  28. Gupta, D. S., & Biswas, G. (2017). On securing bi-and tri-partite session key agreement protocol using IBE framework. Wireless Personal Communications, 96, 4505–4524.

    Article  Google Scholar 

  29. Verma, P. (2019). A secure gateway discovery protocol using elliptic curve cryptography for internet-integrated manet. In Cryptographic security solutions for the Internet of Things (pp. 181–210). IGI Global.

  30. Gupta, D. S., & Biswas, G. (2017). A secure cloud storage using ECC-based homomorphic encryption. International Journal of Information Security and Privacy (IJISP), 11(3), 54–62.

    Article  Google Scholar 

  31. Gupta, D.S., Hafizul Islam, S., & Obaidat, M. S. (2020). A secure identity-based three-party authenticated key agreement protocol using bilinear pairings. In Innovative data communication technologies and application: ICIDCA 2019 (pp. 1–11). Springer.

Download references

Funding

The authors did not receive support from any organization for the submitted work.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Rajiv Gandhi Institute of Petroleum Technology, Jais, Amethi, Uttar Pradesh, 229304, India

    Pooja Verma

  2. School of Management, Indian Institute of Technology Mandi, Mandi, Himachal Pradesh, 175075, India

    Daya Sagar Gupta

Authors
  1. Pooja Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daya Sagar Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daya Sagar Gupta.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original version of this article was revised: In this article the affiliation details for Pooja Verma were incorrect. The original article has been corrected.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Verma, P., Gupta, D.S. An Improved Certificateless Mutual Authentication and Key Agreement Protocol for Cloud-Assisted Wireless Body Area Networks. Wireless Pers Commun 131, 2399–2426 (2023). https://doi.org/10.1007/s11277-023-10536-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-023-10536-8

Keywords

Search

Navigation