Provable secure authentication key agreement for wireless body area networks

doi:10.1007/s11704-023-2548-4

Front. Comput. Sci.

2024, Vol. 18

Issue (5) : 185811 https://doi.org/10.1007/s11704-023-2548-4

RESEARCH ARTICLE

Provable secure authentication key agreement for wireless body area networks

Yuqian MA¹, Wenbo SHI², Xinghua LI³, Qingfeng CHENG¹(

)

¹. Fourth Department, Information Engineering University, Zhengzhou 450001, China
². School of Computer and Communication Engineering, Northeastern University at Qinhuangdao, Qinhuangdao 066004, China
³. School of Cyber Engineering, Xidian University, Xi’an 710071, China

Download: PDF(4080 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract

Wireless body area networks (WBANs) guarantee timely data processing and secure information preservation within the range of the wireless access network, which is in urgent need of a new type of security technology. However, with the speedy development of hardware, the existing security schemes can no longer meet the new requirements of anonymity and lightweight. New solutions that do not require complex calculations, such as certificateless cryptography, attract great attention from researchers. To resolve these difficulties, Wang et al. designed a new authentication architecture for the WBANs environment, which was claimed to be secure and efficient. However, in this paper, we will show that this scheme is prone to ephemeral key leakage attacks. Further, based on this authentication scheme, an anonymous certificateless scheme is proposed for lightweight devices. Meanwhile, user anonymity is fully protected. The proposed scheme is proved to be secure under a specific security model. In addition, we assess the security attributes our scheme meets through BAN logic and Scyther tool. The comparisons of time consumption and communication cost are given at the end of the paper, to demonstrate that our scheme performs prior to several previous schemes.

Keywords wireless body area networks certificateless cryptography BAN logic Scyther

Corresponding Author(s): Qingfeng CHENG

Just Accepted Date: 05 June 2023 Issue Date: 04 August 2023

Cite this article:

Yuqian MA,Wenbo SHI,Xinghua LI, et al. Provable secure authentication key agreement for wireless body area networks[J]. Front. Comput. Sci., 2024, 18(5): 185811.

URL:

https://academic.hep.com.cn/fcs/EN/10.1007/s11704-023-2548-4
https://academic.hep.com.cn/fcs/EN/Y2024/V18/I5/185811

Fig.1 Applications of WBANs

Tab.1 The summary of several schemes for WBANs

Fig.2 Description of system architecture

Notations	Descriptions
$λ$	The secure parameter
$t$	The length of timestamp
$s$	The master key of the system
$P p u b$	The public key of the system
$s i$	The current private key of the $i$ th area
$Q i$	The current public key of the $i$ th area
$T i$	The current timestamp
$I D C (A P)$	The real identity of client (application server)
$(X C (A P), Y C (A P))$	The public keys of $I D C (A P)$
$z C (A P)$	The full private key of $I D C (A P)$
$H 0$	$H : Z p ∗ × {0, 1} l × G → Z p ∗$
$H 1$	$H : Z p ∗ × G × G × G → Z p ∗$
$H 2$	$H : G × G × G × G × {0, 1} t → Z p ∗$
$H 3$	$H : G × G × {0, 1} t → {0, 1} λ$
$E (?) / D (?)$	A symmetric encryption/decryption
$S K$	The session key established between $I D C$ and $I D A P$

Tab.2 Notations used in RC2PAS

Fig.3 The analysis result by Scyther tool

Notations	Descriptions
$λ$	The secure parameter
$t$ , $l$	The length of timestamp and real identity
$G$	The cyclic group based on elliptic curve
$q$	The order of cyclic group $G$
$s$	The master key of the system
$P p u b$	The public key of the system
DCD	The data collection device
AP	The application server
NM	The network management
$I D D C D (A P)$	The real identity of data collection device (application server)
$Z D C D (A P)$	The full public keys of $I D D C D (A P)$
$z D C D (A P)$	The full private key of $I D D C D (A P)$
$S K$	The session key established between $I D D C D$ and $I D A P$

Tab.3 Notations used in the proposed scheme

Fig.4 Description of registration phase

Fig.5 Description of authentication and key agreement phase

Fig.6 The analysis result of the proposed scheme by Scyther tool

Security attribute	[20]	[22]	[25]	[26]	[27]	[28]	Ours
Forward security	$√$	$√$	$√$	$×$	$×$	$×$	$√$
Mutual authentication	$√$	$√$	$√$	$√$	$√$	$√$	$√$
Secure key agreement	$×$	$×$	$√$	$√$	$√$	$√$	$√$
Anonymity and un-traceability	$×$	$√$	$√$	$√$	$×$	$√$	$√$
Resistance to impersonation attack	$√$	$√$	$√$	$√$	$√$	$√$	$√$
Resistance to man-in-the-middle attack	$√$	$√$	$√$	$√$	$√$	$√$	$√$
Resistance to ephemeral key leakage attack	$×$	$×$	$×$	$×$	$×$	$√$	$√$

Tab.4 Comparison of security attributes

Scheme	Computation cost	Communication cost
Jia et al.’s [20]	$2 T m u l + T b p + T e x p ≈ 158.03$ ms	$\| I D \| + \| H \| + \| G \| + \| T \|$ =672 bits
RC2PAS [22]	$7 T m u l ≈ 27.93$ ms	$\| q \| + \| I D \| + 3 \| G \| + \| T \|$ =1312 bits
Shan et al.’s [25]	$8 T m u l ≈ 31.92$ ms	$2 \| I D \| + 2 \| G \|$ =960 bits
Wang et al.’s [26]	$4 T m u l ≈ 15.96$ ms	$\| q \| + \| I D \| + 2 \| H \| + \| T \|$ =672 bits
Rana et al.’s [27]	$2 T m u l + T m t p + T e x p ≈ 72.97$ ms	$2 \| I D \| + \| H \| + 2 \| G \| + \| T \|$ =1152 bits
Xu et al.’s [28]	$6 T m u l ≈ 23.94$ ms	$\| q \| + \| I D \| + 2 \| G \| + \| T \|$ =992 bits
Our scheme	$7 T m u l ≈ 27.93$ ms	$\| q \| + \| I D \| + \| G \| + \| T \|$ =672 bits

Tab.5 Comparisons of the communication efficiency in the client side

Fig.7 Comparison result of total computation cost. (a) Computation cost comparison result of [20, 22, 25–28] and ours; (b) computation cost comparison result of [22, 25, 26, 28] and ours

1	T G Zimmerman . Personal area networks: near-field intrabody communication. IBM Systems Journal, 1996, 35( 3−4): 609–617
2	M A M, El-Bendary H, Kasban A, Haggag M A R El-Tokhy . Investigating of nodes and personal authentications utilizing multimodal biometrics for medical application of WBANs security. Multimedia Tools and Applications, 2020, 79( 33−34): 24507–24535
3	X, Li M H, Ibrahim S, Kumari A K, Sangaiah V, Gupta K K R Choo . Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Computer Networks, 2017, 129: 429–443
4	A M, Koya P P Deepthi . Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network. Computer Networks, 2018, 140: 138–151
5	C-M, Chen B, Xiang T-Y, Wu K-H Wang . An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks. Applied Sciences, 2018, 8( 7): 1074
6	Q, Jiang X, Lian C, Yang J, Ma Y, Tian Y Yang . A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth. Journal of Medical Systems, 2016, 40( 11): 231
7	C, Wang Y Zhang . New authentication scheme for wireless body area networks using the bilinear pairing. Journal of Medical Systems, 2015, 39( 11): 136
8	M H, Ibrahim S, Kumari A K, Das M, Wazid V Odelu . Secure anonymous mutual authentication for star two-tier wireless body area networks. Computer Methods and Programs in Biomedicine, 2016, 135: 37–50
9	Shen J, Chang S. Certificateless authentication protocol for wireless body area network. In: Proceedings of the 10th International Conference on Genetic and Evolutionary Computing. 2016, 29−35
10	C, Hu H, Li Y, Huo T, Xiang X Liao . Secure and efficient data communication protocol for wireless body area networks. IEEE Transactions on Multi-Scale Computing Systems, 2016, 2( 2): 94–107
11	M, Shuai B, Liu N, Yu X Li . Lightweight and secure three-factor authentication scheme for remote patient monitoring using on-body wireless networks. Security and Communication Networks, 2019, 2019: 8145087
12	J, Mo Z, Hu Y Lin . Cryptanalysis and security improvement of two authentication schemes for healthcare systems using wireless medical sensor networks. Security and Communication Networks, 2020, 2020: 5047379
13	J, Subramani A, Maria A S, Rajasekaran F Al-Turjman . Lightweight privacy and confidentiality preserving anonymous authentication scheme for WBANs. IEEE Transactions on Industrial Informatics, 2022, 18( 5): 3484–3491
14	M, Kumar S Chand . A lightweight cloud-assisted identity-based anonymous authentication and key agreement protocol for secure wireless body area network. IEEE Systems Journal, 2021, 15( 2): 2779–2786
15	A, Irshad S A, Chaudhry O A, Alomari K, Yahya N Kumar . A novel pairing-free lightweight authentication protocol for mobile cloud computing framework. IEEE Systems Journal, 2021, 15( 3): 3664–3672
16	D, He S, Zeadally N, Kumar J-H Lee . Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal, 2017, 11( 4): 2590–2601
17	J, Liu Z, Zhang X, Chen K S Kwak . Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Transactions on Parallel and Distributed Systems, 2014, 25( 2): 332–342
18	Y, Chen J Chen . An efficient and privacy-preserving mutual authentication with key agreement scheme for telecare medicine information system. Peer-to-Peer Networking and Applications, 2022, 15( 1): 516–528
19	T-Y, Wu T, Wang Y-Q, Lee W, Zheng S, Kumari S Kumar . Improved authenticated key agreement scheme for fog-driven IoT healthcare system. Security and Communication Networks, 2021, 2021: 6658041
20	X, Jia D, He N, Kumar K K R Choo . Authenticated key agreement scheme for fog-driven IoT healthcare system. Wireless Networks, 2019, 25( 8): 4737–4750
21	M, Alanazi S Nashwan . Secure and anonymous three-factor authentication scheme for remote healthcare systems. Computer Systems Science and Engineering, 2022, 42( 2): 703–725
22	Y M, Wang Y Liu . RC2PAS: revocable certificateless conditional privacy-preserving authentication scheme in WBANs. IEEE Systems Journal, 2022, 16( 4): 5675–5685
23	Swanson C, Jao D. A study of two-party certificateless authenticated key-agreement protocols. In: Proceedings of the 10th International Conference on Cryptology in India. 2009, 57−71
24	M, Burrows M, Abadi R Needham . A logic of authentication. ACM Transactions on Computer Systems, 1990, 8( 1): 18–36
25	C, Shan K, Hu J, Xue C, Hu R Ma . A secure pairing-free certificate-less authenticated key agreement protocol. In: Proceedings of the 1st International Conference on Real Time Intelligent Systems. 2016, 205−216
26	W, Wang H, Huang F, Xiao Q, Li L, Xue J Jiang . Computation-transferable authenticated key agreement protocol for smart healthcare. Journal of Systems Architecture, 2021, 118: 102215
27	S, Rana M S, Obaidat D, Mishra A, Mishra Y S Rao . Efficient design of an authenticated key agreement protocol for dew-assisted IoT systems. The Journal of Supercomputing, 2022, 78( 3): 3696–3714
28	Y, Xu Y, Zhou B, Yang Z, Qiao Z, Wang Z, Xia M Zhang . An efficient identity authentication scheme with provable security and anonymity for mobile edge computing. IEEE Systems Journal, 2023, 17( 1): 1012–1023

[1]

FCS-22548-OF-YM_suppl_1

Download

Viewed

Full text

Abstract

Cited

Shared

Discussed