Abstract

The development of Wireless Body Area Network (WBAN) and Wearable Health Monitoring Systems (WHMS) play a key role in healthcare monitoring. WBAN includes medical sensors that monitor vital signs of patients, collect data and usually transmit them to medical servers via wireless channels. Therefore, the patient’s sensitive information sent over the channel can be vulnerable to various attacks. Hence, designing lightweight authentication security protocols for these systems with the lowest computational and communication costs has become a major challenge. Recently, Sowjanya et al. (2020) presented a lightweight authentication scheme for WHMS based on Elliptic Curve Cryptography (ECC), which provides optimal security features and low storage, communication and computational costs. In this paper, the security of their scheme is evaluated and passive insider secret disclosure and replay attacks against their scheme are presented. It is obvious that other attacks such as desynchronization attack and impersonation attack can be applied to this protocol by obtaining the secret value of network manager. The complexity of our proposed attacks is just one run of the protocol and their success probability equals to one. Finally, by remedying the Sowjanya et al. (2020) ’s protocol, a lightweight ECC-based authentication scheme called ECCPWS is proposed. Moreover, the proposed protocol’s security proof is performed via informal methods and also formally through Real-Or-Random (ROR) model, BAN logic, Scyther and AVISPA tools. The security verification results of ECCPWS show that the ECCPWS has complete security against various security vulnerabilities and attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.