Skip to main content
SpringerLink
Log in

A PUF-based anonymous authentication protocol for wireless medical sensor networks

  • Original Paper
  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Wireless medical sensor networks (WMSNs) play a major role in remote medical monitoring systems. Generally, in a WMSN, professionals need to obtain real-time physiological data of patients, and these data often encounter various security and privacy issues during the transmission process. Thus, the secure transmission of data is particularly critical. To ensure data security and patient privacy, many authentication schemes have been proposed. However, most of the existing schemes either cannot withstand known attacks (such as privileged-insider attack, desynchronization attack, etc.) or require more communication and computation costs, and are not suitable for resource-constrained WMSNs. Therefore, this paper proposes a new anonymous physically unclonable function (PUF)-based authentication protocol for WMSNs by using PUFs, fuzzy extractor, cryptographic one-way hash functions, and bitwise XOR operations. Formal security analysis under the real-or-random model shows that this scheme is provably secure. And informal security analysis shows that our scheme is secure against various known attacks. At the same time, compared with other existing related schemes, the proposed scheme not only provides more security and functionality features, but also requires less communication (5360 bits) and computation costs (57.047 ms).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Huang, Y.-M., Hsieh, M.-Y., Chao, H.-C., Hung, S.-H., & Park, J. H. (2009). Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks. IEEE Journal on Selected Areas in Communications, 27(4), 400–411.

    Article  Google Scholar 

  2. Kumar, P., Lee, S.-G., & Lee, H.-J. (2012). E-SAP: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks. Sensors, 12(2), 1625–1647.

    Article  Google Scholar 

  3. Son, S., Lee, J., Kim, M., Yu, S., Das, A. K., & Park, Y. (2020). Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain. IEEE Access, 8, 192177–192191.

    Article  Google Scholar 

  4. Chen, F., Tang, Y., Cheng, X., Xie, D., Wang, T., & Zhao, C. (2021). Blockchain-based efficient device authentication protocol for medical cyber-physical systems. Security and Communication Networks, 6, 66.

    Google Scholar 

  5. Garg, N., Wazid, M., Das, A. K., Singh, D. P., Rodrigues, J. J., & Park, Y. (2020). BAKMP-IoMT: Design of blockchain enabled authenticated key management protocol for Internet of medical things deployment. IEEE Access, 8, 95956–95977.

    Article  Google Scholar 

  6. Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., & Chaudhry, S. A. (2017). Efficient end-to-end authentication protocol for wearable health monitoring systems. Computers & Electrical Engineering, 63, 182–195.

    Article  Google Scholar 

  7. Wu, F., Li, X., Xu, L., Kumari, S., Karuppiah, M., & Shen, J. (2017). A lightweight and privacy-preserving mutual authentication scheme for wearable devices assisted by cloud server. Computers & Electrical Engineering, 63, 168–181.

    Article  Google Scholar 

  8. Das, A. K., Pathak, P. H., Chuah, C.-N., & Mohapatra, P. (2016). Uncovering privacy leakage in ble network traffic of wearable fitness trackers. In Proceedings of the 17th international workshop on mobile computing systems and applications (pp. 99–104).

  9. Majumder, S., Mondal, T., & Deen, M. J. (2017). Wearable sensors for remote health monitoring. Sensors, 17(1), 130.

    Article  Google Scholar 

  10. Pantelopoulos, A., & Bourbakis, N. G. (2009). A survey on wearable sensor-based systems for health monitoring and prognosis. IEEE Transactions on Systems, Man, and Cybernetics Part C (Applications and Reviews), 40(1), 1–12.

    Article  Google Scholar 

  11. Kalid, N., Zaidan, A., Zaidan, B., Salman, O. H., Hashim, M., & Muzammil, H. (2018). Based real time remote health monitoring systems: A review on patients prioritization and related" big data" using body sensors information and communication technology. Journal of Medical Systems, 42(2), 30.

    Article  Google Scholar 

  12. Shuwandy, M. L., Zaidan, B., Zaidan, A., & Albahri, A. S. (2019). Sensor-based mHealth authentication for real-time remote healthcare monitoring system: A multilayer systematic review. Journal of Medical Systems, 43(2), 33.

    Article  Google Scholar 

  13. Darwish, A., & Hassanien, A. E. (2011). Wearable and implantable wireless sensor network solutions for healthcare monitoring. Sensors, 11(6), 5561–5595.

    Article  Google Scholar 

  14. Xu, G., Wang, F., Zhang, M., & Peng, J. (2020). Efficient and provably secure anonymous user authentication scheme for patient monitoring using wireless medical sensor networks. IEEE Access, 8, 47282–47294.

    Article  Google Scholar 

  15. Li, X., Peng, J., Obaidat, M. S., Wu, F., Khan, M. K., & Chen, C. (2019). A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems. IEEE Systems Journal, 14(1), 39–50.

    Article  Google Scholar 

  16. Srinivas, J., Das, A. K., Kumar, N., & Rodrigues, J. J. (2018). Cloud centric authentication for wearable healthcare monitoring system. IEEE Transactions on Dependable and Secure Computing, 17(5), 942–956.

    Article  Google Scholar 

  17. Chen, Y., Ge, Y., Wang, Y., & Zeng, Z. (2019). An improved three-factor user authentication and key agreement scheme for wireless medical sensor networks. IEEE Access, 7, 85440–85451.

    Article  Google Scholar 

  18. Ali, R., Pal, A. K., Kumari, S., Sangaiah, A. K., Li, X., & Wu, F. (2018). An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. Journal of Ambient Intelligence and Humanized Computing, 66, 1–22.

    Google Scholar 

  19. Wu, F., et al. (2018). A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems, 82, 727–737.

    Article  Google Scholar 

  20. Chandrakar, P. (2019). A secure remote user authentication protocol for healthcare monitoring using wireless medical sensor networks. International Journal of Ambient Computing and Intelligence (IJACI), 10(1), 96–116.

    Article  Google Scholar 

  21. Far, H. A. N., Bayat, M., Das, A. K., Fotouhi, M., Pournaghi, S. M., & Doostari, M.-A. (2021). LAPTAS: Lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT. Wireless Networks, 27(2), 1389–1412.

    Article  Google Scholar 

  22. Jiang, Q., Chen, Z., Li, B., Shen, J., Yang, L., & Ma, J. (2018). Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1061–1073.

    Article  Google Scholar 

  23. Jiang, Q., Qian, Y., Ma, J., Ma, X., Cheng, Q., & Wei, F. (2019). User centric three-factor authentication protocol for cloud-assisted wearable devices. International Journal of Communication Systems, 32(6), e3900.

    Article  Google Scholar 

  24. De Smet, R., Vandervelden, T., Steenhaut, K., & Braeken, A. (2021). Lightweight PUF based authentication scheme for fog architecture. Wireless Networks, 27(2), 947–959.

    Article  Google Scholar 

  25. He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., & Yeo, S.-S. (2015). Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.

    Article  Google Scholar 

  26. Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., & Khan, M. K. (2016). A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity. Security and Communication Networks, 9(15), 2643–2655.

    Article  Google Scholar 

  27. Das, A. K., Sutrala, A. K., Odelu, V., & Goswami, A. (2017). A secure smartcard-based anonymous user authentication scheme for healthcare applications using wireless medical sensor networks. Wireless Personal Communications, 94(3), 1899–1933.

    Article  Google Scholar 

  28. Amin, R., Islam, S. H., Biswas, G., Khan, M. K., & Kumar, N. (2018). A robust and anonymous patient monitoring system using wireless medical sensor networks. Future Generation Computer Systems, 80, 483–495.

    Article  Google Scholar 

  29. Shuai, M., Liu, B., Yu, N., & Xiong, L. (2019). Lightweight and secure three-factor authentication scheme for remote patient monitoring using on-body wireless networks. Security and Communication Networks, 6, 66.

    Google Scholar 

  30. Mo, J., Hu, Z., & Lin, Y. (2020). Cryptanalysis and security improvement of two authentication schemes for healthcare systems using wireless medical sensor networks. Security and Communication Networks, 6, 66.

    Google Scholar 

  31. Hayajneh, T., Mohd, B. J., Imran, M., Almashaqbeh, G., & Vasilakos, A. V. (2016). Secure authentication for remote patient monitoring with wireless medical sensor networks. Sensors, 16(4), 424.

    Article  Google Scholar 

  32. Mao, D., Zhang, L., Li, X., & Mu, D. (2018). Trusted authority assisted three-factor authentication and key agreement protocol for the implantable medical system. Wireless Communications and Mobile Computing, 6, 66.

    Google Scholar 

  33. Challa, S., et al. (2018). An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers & Electrical Engineering, 69, 534–554.

    Article  Google Scholar 

  34. Soni, P., Pal, A. K., & Islam, S. H. (2019). An improved three-factor authentication scheme for patient monitoring using WSN in remote health-care system. Computer Methods and Programs in Biomedicine, 182, 105054.

    Article  Google Scholar 

  35. Ji, S., Gui, Z., Zhou, T., Yan, H., & Shen, J. (2018). An efficient and certificateless conditional privacy-preserving authentication scheme for wireless body area networks big data services. IEEE Access, 6, 69603–69611.

    Article  Google Scholar 

  36. Xie, Y., Zhang, S., Li, X., Li, Y., & Chai, Y. (2019). Cascp: Efficient and secure certificateless authentication scheme for wireless body area networks with conditional privacy-preserving. Security and Communication Networks, 6, 66.

    Google Scholar 

  37. Kumar, D. A., Mohammad, W., Neeraj, K., Khurram, K. M., Raymond, C.K.-K., & YoungHo, P. (2017). Design of secure and lightweight authentication protocol for wearable devices environment. IEEE Journal of Biomedical and Health Informatics, 6, 66.

    Google Scholar 

  38. Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117–123.

    Article  Google Scholar 

  39. Gupta, A., Tripathi, M., Shaikh, T. J., & Sharma, A. (2019). A lightweight anonymous user authentication and key establishment scheme for wearable devices. Computer Networks, 149, 29–42.

    Article  Google Scholar 

  40. Bringer, J., Chabanne, H., & Icart, T. (2008). Improved privacy of the tree-based hash protocols using physically unclonable function. In International conference on security and cryptography for networks (pp. 77–91). Springer.

  41. Lee, Y. S., Lee, H. J., & Alasaarela, E. (2013). Mutual authentication in wireless body sensor networks (WBSN) based on physical unclonable function (PUF). In 2013 9th International wireless communications and mobile computing conference (IWCMC) (pp. 1314–1318). IEEE.

  42. Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., & Yung, M. (2015). End-to-end design of a PUF-based privacy preserving authentication protocol. In International workshop on cryptographic hardware and embedded systems (pp. 556–576). Springer.

  43. Gope, P., Lee, J., & Quek, T. Q. (2018). Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions. IEEE Transactions on Information Forensics and Security, 13(11), 2831–2843.

    Article  Google Scholar 

  44. Chatterjee, U., et al. (2018). Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database. IEEE Transactions on Dependable and Secure Computing, 16(3), 424–437.

    Article  Google Scholar 

  45. Chatterjee, U., Chakraborty, R. S., & Mukhopadhyay, D. (2017). A PUF-based secure communication protocol for IoT. ACM Transactions on Embedded Computing Systems (TECS), 16(3), 1–25.

    Article  Google Scholar 

  46. Gope, P., & Sikdar, B. (2018). Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet of Things Journal, 6(1), 580–589.

    Article  Google Scholar 

  47. Aman, M. N., Basheer, M. H., & Sikdar, B. (2018). Two-factor authentication for IoT with location information. IEEE Internet of Things Journal, 6(2), 3335–3351.

    Article  Google Scholar 

  48. Banerjee, S., Odelu, V., Das, A. K., Chattopadhyay, S., Rodrigues, J. J., & Park, Y. (2019). Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions. IEEE Access, 7, 85627–85644.

    Article  Google Scholar 

  49. Aman, M. N., Javaid, U., & Sikdar, B. (2020). A privacy-preserving and scalable authentication protocol for the internet of vehicles. IEEE Internet of Things Journal, 8(2), 1123–1139.

    Article  Google Scholar 

  50. Sarkar, P. (2010). A simple and generic construction of authenticated encryption with associated data. ACM Transactions on Information and System Security (TISSEC), 13(4), 1–16.

    Article  Google Scholar 

  51. Gope, P., Das, A. K., Kumar, N., & Cheng, Y. (2019). Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks. IEEE Transactions on Industrial Informatics, 15(9), 4957–4968.

    Article  Google Scholar 

  52. Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In International conference on the theory and applications of cryptographic techniques (pp. 523–540). Springer.

  53. Juels, A., & Wattenberg, M. (1999). A fuzzy commitment scheme. In Proceedings of the 6th ACM conference on computer and communications security (pp. 28–36).

  54. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  55. Canetti, R., & Krawczyk, H. (2002). Universally composable notions of key exchange and secure channels. In International conference on the theory and applications of cryptographic techniques (pp. 337–351). Springer.

  56. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  MATH  Google Scholar 

  57. Roy, S., Chatterjee, S., Das, A. K., Chattopadhyay, S., Kumar, N., & Vasilakos, A. V. (2017). On the design of provably secure lightweight remote user authentication scheme for mobile cloud computing services. IEEE Access, 5, 25808–25825.

    Article  Google Scholar 

  58. Chatterjee, S., Roy, S., Das, A. K., Chattopadhyay, S., Kumar, N., & Vasilakos, A. V. (2016). Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Transactions on Dependable and Secure Computing, 15(5), 824–839.

    Article  Google Scholar 

  59. Wazid, M., Das, A. K., Odelu, V., Kumar, N., Conti, M., & Jo, M. (2017). Design of secure user authenticated key management protocol for generic IoT networks. IEEE Internet of Things Journal, 5(1), 269–282.

    Article  Google Scholar 

  60. Padmavathy, R., & Rajkumar, M.-N. (2022). Secured cloud communication using lightweight hash authentication with PUF. Computer Systems Science and Engineering, 43(1), 233–243.

    Article  Google Scholar 

  61. Chaterjee, U., Mukhopadhyay, D., & Chakraborty, R. S. (2020). 3PAA: A private PUF protocol for anonymous authentication. IEEE Transactions on Information Forensics and Security, 16, 756–769.

    Article  Google Scholar 

  62. Gao, Y., Van Dijk, M., Xu, L., et al. (2020). TREVERSE: Trial-and-error lightweight secure reverse authentication with simulatable PUFs. IEEE Transactions on Dependable and Secure Computing, 6, 66.

    Google Scholar 

  63. Qureshi, M. A., & Munir, A. (2021). PUF-RAKE: A PUF-based robust and lightweight authentication and key establishment protocol. IEEE Transactions on Dependable and Secure Computing, 6, 66.

    Google Scholar 

  64. Abdalla, M., Fouque, P.-A., & Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. In International workshop on public key cryptography (pp. 65–84). Springer.

  65. Chang, C.-C., & Le, H.-D. (2015). A provably secure, efficient, and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Transactions on Wireless Communications, 15(1), 357–366.

    Article  Google Scholar 

  66. Guo, Y., Zhang, Z., & Guo, Y. (2021). Anonymous authenticated key agreement and group proof protocol for wearable computing. IEEE Transactions on Mobile Computing, 6, 66.

    Google Scholar 

  67. Guo, Y., Zhang, Z., & Guo, Y. (2020). Fog-centric authenticated key agreement scheme without trusted parties. IEEE Systems Journal, 6, 66.

    Google Scholar 

  68. Xie, Q., Wong, D. S., Wang, G., Tan, X., Chen, K., & Fang, L. (2017). Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Transactions on Information Forensics and Security, 12(6), 1382–1392.

    Article  Google Scholar 

  69. Roy, S., Das, A. K., Chatterjee, S., Kumar, N., Chattopadhyay, S., & Rodrigues, J. J. (2018). Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Transactions on Industrial Informatics, 15(1), 457–468.

    Article  Google Scholar 

  70. Wazid, M., Das, A. K., Kumar, N., & Vasilakos, A. V. (2019). Design of secure key management and user authentication scheme for fog computing services. Future Generation Computer Systems, 91, 475–492.

    Article  Google Scholar 

  71. Jia, X., He, D., Kumar, N., & Choo, K.-K.R. (2019). Authenticated key agreement scheme for fog-driven IoT healthcare system. Wireless Networks, 25(8), 4737–4750.

    Article  Google Scholar 

  72. Naoui, S., Elhdhili, M. E., & Saidane, L. A. (2019). Lightweight and secure password based smart home authentication protocol: LSP-SHAP. Journal of Network and Systems Management, 66, 1.

    Google Scholar 

  73. Guo, Y., & Guo, Y. (2021). FogHA: An efficient handover authentication for mobile devices in fog computing. Computers & Security, 66, 102358.

    Article  Google Scholar 

  74. Guo, Y., Zhang, Z., & Guo, Y. (2022). SecFHome: Secure remote authentication in fog-enabled smart home environment. Computer Networks, 207, 108818.

    Article  Google Scholar 

  75. Shen, J., Chang, S., Shen, J., Liu, Q., & Sun, X. (2018). A lightweight multi-layer authentication protocol for wireless body area networks. Future Generation Computer Systems, 78, 956–963.

    Article  Google Scholar 

  76. Shuai, M., Yu, N., Wang, H., & Xiong, L. (2019). Anonymous authentication scheme for smart home environment with provable security. Computers & Security, 86, 132–146.

    Article  Google Scholar 

  77. Sikder, A. K., Aksu, H., & Uluagac, A. S. (2019). A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing, 66, 245–261.

    Google Scholar 

Download references

Acknowledgements

The authors are grateful to the anonymous reviewers for their constructive comments. This work was supported by the National Natural Science Foundation of China (Grant No. 62102453) and “the Fundamental Research Funds for the Central Universities”, Zhongnan University of Economics and Law (2722022BQ049).

Author information

Authors and Affiliations

  1. School of Computer, Central China Normal University, Wuhan, China

    Xiaowei Shao & Yajun Guo

  2. School of Information and Safety Engineering, Zhongnan University of Economics and Law, Wuhan, China

    Yimin Guo

Authors
  1. Xiaowei Shao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yajun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yimin Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yajun Guo.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shao, X., Guo, Y. & Guo, Y. A PUF-based anonymous authentication protocol for wireless medical sensor networks. Wireless Netw 28, 3753–3770 (2022). https://doi.org/10.1007/s11276-022-03070-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-022-03070-1

Keywords

Search

Navigation