Abstract
Wireless medical sensor networks (WMSNs) play a major role in remote medical monitoring systems. Generally, in a WMSN, professionals need to obtain real-time physiological data of patients, and these data often encounter various security and privacy issues during the transmission process. Thus, the secure transmission of data is particularly critical. To ensure data security and patient privacy, many authentication schemes have been proposed. However, most of the existing schemes either cannot withstand known attacks (such as privileged-insider attack, desynchronization attack, etc.) or require more communication and computation costs, and are not suitable for resource-constrained WMSNs. Therefore, this paper proposes a new anonymous physically unclonable function (PUF)-based authentication protocol for WMSNs by using PUFs, fuzzy extractor, cryptographic one-way hash functions, and bitwise XOR operations. Formal security analysis under the real-or-random model shows that this scheme is provably secure. And informal security analysis shows that our scheme is secure against various known attacks. At the same time, compared with other existing related schemes, the proposed scheme not only provides more security and functionality features, but also requires less communication (5360 bits) and computation costs (57.047 ms).
Similar content being viewed by others
References
Huang, Y.-M., Hsieh, M.-Y., Chao, H.-C., Hung, S.-H., & Park, J. H. (2009). Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks. IEEE Journal on Selected Areas in Communications, 27(4), 400–411.
Kumar, P., Lee, S.-G., & Lee, H.-J. (2012). E-SAP: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks. Sensors, 12(2), 1625–1647.
Son, S., Lee, J., Kim, M., Yu, S., Das, A. K., & Park, Y. (2020). Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain. IEEE Access, 8, 192177–192191.
Chen, F., Tang, Y., Cheng, X., Xie, D., Wang, T., & Zhao, C. (2021). Blockchain-based efficient device authentication protocol for medical cyber-physical systems. Security and Communication Networks, 6, 66.
Garg, N., Wazid, M., Das, A. K., Singh, D. P., Rodrigues, J. J., & Park, Y. (2020). BAKMP-IoMT: Design of blockchain enabled authenticated key management protocol for Internet of medical things deployment. IEEE Access, 8, 95956–95977.
Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., & Chaudhry, S. A. (2017). Efficient end-to-end authentication protocol for wearable health monitoring systems. Computers & Electrical Engineering, 63, 182–195.
Wu, F., Li, X., Xu, L., Kumari, S., Karuppiah, M., & Shen, J. (2017). A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Computers & Electrical Engineering, 63, 168–181.
Das, A. K., Pathak, P. H., Chuah, C.-N., & Mohapatra, P. (2016). Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the 17th international workshop on mobile computing systems and applications (pp. 99–104).
Majumder, S., Mondal, T., & Deen, M. J. (2017). Wearable sensors for remote health monitoring. Sensors, 17(1), 130.
Pantelopoulos, A., & Bourbakis, N. G. (2009). A survey on wearable sensor-based systems for health monitoring and prognosis. IEEE Transactions on Systems, Man, and Cybernetics Part C (Applications and Reviews), 40(1), 1–12.
Kalid, N., Zaidan, A., Zaidan, B., Salman, O. H., Hashim, M., & Muzammil, H. (2018). Based real time remote health monitoring systems: A review on patients prioritization and related" big data" using body sensors information and communication technology. Journal of Medical Systems, 42(2), 30.
Shuwandy, M. L., Zaidan, B., Zaidan, A., & Albahri, A. S. (2019). Sensor-based mHealth authentication for real-time remote healthcare monitoring system: A multilayer systematic review. Journal of Medical Systems, 43(2), 33.
Darwish, A., & Hassanien, A. E. (2011). Wearable and implantable wireless sensor network solutions for healthcare monitoring. Sensors, 11(6), 5561–5595.
Xu, G., Wang, F., Zhang, M., & Peng, J. (2020). Efficient and provably secure anonymous user authentication scheme for patient monitoring using wireless medical sensor networks. IEEE Access, 8, 47282–47294.
Li, X., Peng, J., Obaidat, M. S., Wu, F., Khan, M. K., & Chen, C. (2019). A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems. IEEE Systems Journal, 14(1), 39–50.
Srinivas, J., Das, A. K., Kumar, N., & Rodrigues, J. J. (2018). Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable and Secure Computing, 17(5), 942–956.
Chen, Y., Ge, Y., Wang, Y., & Zeng, Z. (2019). An improved three-factor user authentication and key agreement scheme for wireless medical sensor networks. IEEE Access, 7, 85440–85451.
Ali, R., Pal, A. K., Kumari, S., Sangaiah, A. K., Li, X., & Wu, F. (2018). An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. Journal of Ambient Intelligence and Humanized Computing, 66, 1–22.
Wu, F., et al. (2018). A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems, 82, 727–737.
Chandrakar, P. (2019). A secure remote user authentication protocol for healthcare monitoring using wireless medical sensor networks. International Journal of Ambient Computing and Intelligence (IJACI), 10(1), 96–116.
Far, H. A. N., Bayat, M., Das, A. K., Fotouhi, M., Pournaghi, S. M., & Doostari, M.-A. (2021). LAPTAS: Lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT. Wireless Networks, 27(2), 1389–1412.
Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., & Ma, J. (2018). Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1061–1073.
Jiang, Q., Qian, Y., Ma, J., Ma, X., Cheng, Q., & Wei, F. (2019). User centric three-factor authentication protocol for cloud-assisted wearable devices. International Journal of Communication Systems, 32(6), e3900.
De Smet, R., Vandervelden, T., Steenhaut, K., & Braeken, A. (2021). Lightweight PUF based authentication scheme for fog architecture. Wireless Networks, 27(2), 947–959.
He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., & Yeo, S.-S. (2015). Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.
Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., & Khan, M. K. (2016). A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Security and Communication Networks, 9(15), 2643–2655.
Das, A. K., Sutrala, A. K., Odelu, V., & Goswami, A. (2017). A secure smartcard-based anonymous user authentication scheme for healthcare applications using wireless medical sensor networks. Wireless Personal Communications, 94(3), 1899–1933.
Amin, R., Islam, S. H., Biswas, G., Khan, M. K., & Kumar, N. (2018). A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Generation Computer Systems, 80, 483–495.
Shuai, M., Liu, B., Yu, N., & Xiong, L. (2019). Lightweight and secure three-factor authentication scheme for remote patient monitoring using on-body wireless networks. Security and Communication Networks, 6, 66.
Mo, J., Hu, Z., & Lin, Y. (2020). Cryptanalysis and security improvement of two authentication schemes for healthcare systems using wireless medical sensor networks. Security and Communication Networks, 6, 66.
Hayajneh, T., Mohd, B. J., Imran, M., Almashaqbeh, G., & Vasilakos, A. V. (2016). Secure authentication for remote patient monitoring with wireless medical sensor networks. Sensors, 16(4), 424.
Mao, D., Zhang, L., Li, X., & Mu, D. (2018). Trusted authority assisted three-factor authentication and key agreement protocol for the implantable medical system. Wireless Communications and Mobile Computing, 6, 66.
Challa, S., et al. (2018). An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers & Electrical Engineering, 69, 534–554.
Soni, P., Pal, A. K., & Islam, S. H. (2019). An improved three-factor authentication scheme for patient monitoring using WSN in remote health-care system. Computer Methods and Programs in Biomedicine, 182, 105054.
Ji, S., Gui, Z., Zhou, T., Yan, H., & Shen, J. (2018). An efficient and certificateless conditional privacy-preserving authentication scheme for wireless body area networks big data services. IEEE Access, 6, 69603–69611.
Xie, Y., Zhang, S., Li, X., Li, Y., & Chai, Y. (2019). Cascp: Efficient and secure certificateless authentication scheme for wireless body area networks with conditional privacy-preserving. Security and Communication Networks, 6, 66.
Kumar, D. A., Mohammad, W., Neeraj, K., Khurram, K. M., Raymond, C.K.-K., & YoungHo, P. (2017). Design of secure and lightweight authentication protocol for wearable devices environment. IEEE Journal of Biomedical and Health Informatics, 6, 66.
Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117–123.
Gupta, A., Tripathi, M., Shaikh, T. J., & Sharma, A. (2019). A lightweight anonymous user authentication and key establishment scheme for wearable devices. Computer Networks, 149, 29–42.
Bringer, J., Chabanne, H., & Icart, T. (2008). Improved privacy of the tree-based hash protocols using physically unclonable function. In International conference on security and cryptography for networks (pp. 77–91). Springer.
Lee, Y. S., Lee, H. J., & Alasaarela, E. (2013). Mutual authentication in wireless body sensor networks (WBSN) based on physical unclonable function (PUF). In 2013 9th International wireless communications and mobile computing conference (IWCMC) (pp. 1314–1318). IEEE.
Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., & Yung, M. (2015). End-to-end design of a PUF-based privacy preserving authentication protocol. In International workshop on cryptographic hardware and embedded systems (pp. 556–576). Springer.
Gope, P., Lee, J., & Quek, T. Q. (2018). Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions. IEEE Transactions on Information Forensics and Security, 13(11), 2831–2843.
Chatterjee, U., et al. (2018). Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database. IEEE Transactions on Dependable and Secure Computing, 16(3), 424–437.
Chatterjee, U., Chakraborty, R. S., & Mukhopadhyay, D. (2017). A PUF-based secure communication protocol for IoT. ACM Transactions on Embedded Computing Systems (TECS), 16(3), 1–25.
Gope, P., & Sikdar, B. (2018). Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet of Things Journal, 6(1), 580–589.
Aman, M. N., Basheer, M. H., & Sikdar, B. (2018). Two-factor authentication for IoT with location information. IEEE Internet of Things Journal, 6(2), 3335–3351.
Banerjee, S., Odelu, V., Das, A. K., Chattopadhyay, S., Rodrigues, J. J., & Park, Y. (2019). Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions. IEEE Access, 7, 85627–85644.
Aman, M. N., Javaid, U., & Sikdar, B. (2020). A privacy-preserving and scalable authentication protocol for the internet of vehicles. IEEE Internet of Things Journal, 8(2), 1123–1139.
Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security (TISSEC), 13(4), 1–16.
Gope, P., Das, A. K., Kumar, N., & Cheng, Y. (2019). Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 15(9), 4957–4968.
Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In International conference on the theory and applications of cryptographic techniques (pp. 523–540). Springer.
Juels, A., & Wattenberg, M. (1999). A fuzzy commitment scheme. In Proceedings of the 6th ACM conference on computer and communications security (pp. 28–36).
Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.
Canetti, R., & Krawczyk, H. (2002). Universally composable notions of key exchange and secure channels. In International conference on the theory and applications of cryptographic techniques (pp. 337–351). Springer.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Roy, S., Chatterjee, S., Das, A. K., Chattopadhyay, S., Kumar, N., & Vasilakos, A. V. (2017). On the design of provably secure lightweight remote user authentication scheme for mobile cloud computing services. IEEE Access, 5, 25808–25825.
Chatterjee, S., Roy, S., Das, A. K., Chattopadhyay, S., Kumar, N., & Vasilakos, A. V. (2016). Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Transactions on Dependable and Secure Computing, 15(5), 824–839.
Wazid, M., Das, A. K., Odelu, V., Kumar, N., Conti, M., & Jo, M. (2017). Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet of Things Journal, 5(1), 269–282.
Padmavathy, R., & Rajkumar, M.-N. (2022). Secured cloud communication using lightweight hash authentication with PUF. Computer Systems Science and Engineering, 43(1), 233–243.
Chaterjee, U., Mukhopadhyay, D., & Chakraborty, R. S. (2020). 3PAA: A private PUF protocol for anonymous authentication. IEEE Transactions on Information Forensics and Security, 16, 756–769.
Gao, Y., Van Dijk, M., Xu, L., et al. (2020). TREVERSE: Trial-and-error lightweight secure reverse authentication with simulatable PUFs. IEEE Transactions on Dependable and Secure Computing, 6, 66.
Qureshi, M. A., & Munir, A. (2021). PUF-RAKE: A PUF-based robust and lightweight authentication and key establishment protocol. IEEE Transactions on Dependable and Secure Computing, 6, 66.
Abdalla, M., Fouque, P.-A., & Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. In International workshop on public key cryptography (pp. 65–84). Springer.
Chang, C.-C., & Le, H.-D. (2015). A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Transactions on Wireless Communications, 15(1), 357–366.
Guo, Y., Zhang, Z., & Guo, Y. (2021). Anonymous authenticated key agreement and group proof protocol for wearable computing. IEEE Transactions on Mobile Computing, 6, 66.
Guo, Y., Zhang, Z., & Guo, Y. (2020). Fog-centric authenticated key agreement scheme without trusted parties. IEEE Systems Journal, 6, 66.
Xie, Q., Wong, D. S., Wang, G., Tan, X., Chen, K., & Fang, L. (2017). Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions on Information Forensics and Security, 12(6), 1382–1392.
Roy, S., Das, A. K., Chatterjee, S., Kumar, N., Chattopadhyay, S., & Rodrigues, J. J. (2018). Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Transactions on Industrial Informatics, 15(1), 457–468.
Wazid, M., Das, A. K., Kumar, N., & Vasilakos, A. V. (2019). Design of secure key management and user authentication scheme for fog computing services. Future Generation Computer Systems, 91, 475–492.
Jia, X., He, D., Kumar, N., & Choo, K.-K.R. (2019). Authenticated key agreement scheme for fog-driven IoT healthcare system. Wireless Networks, 25(8), 4737–4750.
Naoui, S., Elhdhili, M. E., & Saidane, L. A. (2019). Lightweight and secure password based smart home authentication protocol: LSP-SHAP. Journal of Network and Systems Management, 66, 1.
Guo, Y., & Guo, Y. (2021). FogHA: An efficient handover authentication for mobile devices in fog computing. Computers & Security, 66, 102358.
Guo, Y., Zhang, Z., & Guo, Y. (2022). SecFHome: Secure remote authentication in fog-enabled smart home environment. Computer Networks, 207, 108818.
Shen, J., Chang, S., Shen, J., Liu, Q., & Sun, X. (2018). A lightweight multi-layer authentication protocol for wireless body area networks. Future Generation Computer Systems, 78, 956–963.
Shuai, M., Yu, N., Wang, H., & Xiong, L. (2019). Anonymous authentication scheme for smart home environment with provable security. Computers & Security, 86, 132–146.
Sikder, A. K., Aksu, H., & Uluagac, A. S. (2019). A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing, 66, 245–261.
Acknowledgements
The authors are grateful to the anonymous reviewers for their constructive comments. This work was supported by the National Natural Science Foundation of China (Grant No. 62102453) and “the Fundamental Research Funds for the Central Universities”, Zhongnan University of Economics and Law (2722022BQ049).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shao, X., Guo, Y. & Guo, Y. A PUF-based anonymous authentication protocol for wireless medical sensor networks. Wireless Netw 28, 3753–3770 (2022). https://doi.org/10.1007/s11276-022-03070-1
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-022-03070-1