A robust authentication scheme with dynamic password for wireless body area networks

Abstract

With the development of wireless technologies, wireless body area networks (WBANs) are widely used in various applications. WBANs bring convenience to both patients and physicians by permitting patients to enjoy high-quality medical resources without the limitations of geographical location. However, as the communication channel is wireless with WBANs, the adversary could intercept the transmitted messages and hack the system. This would be a catastrophic result that would endanger the lives of patients. Therefore, the security performance of WBANs has been widely discussed and is a major concern. In recent years, numbers of security authentication schemes for WBANs have been proposed to improve security. However, these schemes adopt static passwords that have been proven to be insecure methods of authentication. Several studies claim that dynamic passwords, which can be established by humans, are much safer than static passwords. Inspired by these studies, in this paper we propose a robust authentication scheme with dynamic password for WBANs. We adopt a custom password computation algorithm to make the password confidential and dynamic for each login round. This innovation guarantees that our proposed scheme can resist the personal information disclosure attack. To the best of our knowledge, this is the first authentication scheme that adopts a computable dynamic password for WBANs. Furthermore, we find that traditional performance analysis method cannot comprehensively evaluate the superiority of an authentication scheme. In this paper, we adopt the IEEE 802.15.6 standard for computing the energy consumption of schemes in detail. This method provides enhanced accuracy and is a comprehensive way to adopt the energy consumption as the index to evaluate the cost of schemes. The detailed security and performance analyses indicate that our proposed scheme can meet security requirements including authentication, anonymity, untraceability, integrity, non-repudiation and privacy. Furthermore, our proposed scheme can achieve 16 security and functional requirements with relatively small energy consumption and offer improved trade-offs between security and efficiency compared to other schemes.