Abstract
Wireless body area networks (WBANs) and wireless sensor networks (WSNs) are important concepts for the Internet of Things (IoT). They have been applied to various healthcare services to ensure that users can access convenient medical services by exchanging physiological data between user and medical server. User physiological data is collected by sensor nodes and sent to medical service providers, doctors, etc. using public channels. However, these channels are vulnerable to various potential attacks, and hence, it is essential to design provably secure and lightweight mutual authentication (MA) schemes for medical IoT to protect user privacy and achieve secure communication. A lightweight mutual authentication and key agreement (MAKA) scheme was designed in 2019 to guarantee user privacy, but we found that the scheme does not withstand impersonation, stolen senor node and leaking verification table attacks, and it does not also ensure anonymity, untraceability and secure mutual authentication. This paper proposes a provably secure and lightweight MAKA scheme for medical IoT, called LAKS Non-verification table (NVT), that does not require a server verification table. We assess LAKS-NVT’s security against various potential attacks and demonstrate that it achieves secure MA between sensor node and server using Burrows-Abadi-Needham logic. We employ the well-known Real-Or-Random which is random oracle model to prove that LAKS-NVT provides a session key security. In addition, the formal security verification using the widely-accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) software tool has been performed and the results show that LAKS-NVT is also secure. We compare LAKS-NVT’s performance against contemporary authentication schemes, and verify that it achieves better security and comparable efficiency. The practical perspective of LAKS-NVT is also carried out via the Network Simulator 2 (NS2) simulation study.
Highlights
Xu et al [26] presented a lightweight mutual authentication and key agreement scheme for wireless body area networks (WBANs) and claimed the scheme was secure against various attacks, including manin-the-middle, spoofing, replay, and impersonation attacks
This paper proved that the previous Xu et al.’s scheme does not prevent various attacks, including impersonation, stolen sensor node (SN), and leaking verification table attacks; and does not achieve anonymity, secure mutual authentication (MA), and untraceability
We showed LAKS-Non-verification table (NVT) was secure against impersonation, stolen SN, replay, and leaking verification table attacks since it does not store user sensitive data in a server database
Summary
Secure mutual authentication and key agreement schemes (MAKA) for medical IoT are important security issues to protect user health information while providing efficient healthcare services. Several authentication protocols have been designed for medical IoT to ensure user privacy [24]–[29] These protocols were not secure against stolen verifier and/or leaking verification table attacks, not do they provide secure mutual authentication, untraceability, or anonymity. Xu et al [30] designed a lightweight MAKA scheme for medical IoT to prevent various attacks, including impersonation, replay and sensor node capture attacks. They claimed their scheme provided sensor node anonymity and untraceability.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
