Anonymous hybrid mutual authentication and key agreement scheme for wireless body area network

Abstract

Wireless body area networks (WBANs) play a significant role in remote health monitoring as a key application of the Internet of Things (IoT). Mutual authentication and key agreement are vital for the security and privacy of health information involved in the WBAN. Li et al. proposed a lightweight authentication and key agreement scheme for the sensor nodes in WBAN. Their authentication and key agreement scheme protects against various existing attacks. But on detailed analysis, we could find that their scheme is prone to sensor node impersonation attack. Also, security of their scheme relies on the assumption that the hub node is trustworthy, which is practically infeasible. Hence, we propose a hybrid anonymous authentication and key agreement scheme using the physiological signal to overcome the shortcomings in Li et al.’s scheme. The proposed scheme also provides additional security features to resist hub node impersonation attack and key escrow problem. Burrows-Abadi-Needham (BAN) logic is used to prove the correctness of the proposed scheme and the Automated Validation of Internet Security Protocols and Applications (AVISPA) is used to evaluate the security of the proposed scheme.