Abstract
Wireless medical sensor networks (WMSNs) are used in remote medical service environments to provide patients with convenient healthcare services. In a WMSN environment, patients wear a device that collects their health information and transmits the information via a gateway. Then, doctors make a diagnosis regarding the patient, utilizing the health information. However, this information can be vulnerable to various security attacks because the information is exchanged via an insecure channel. Therefore, a secure authentication scheme is necessary for WMSNs. In 2021, Masud et al. proposed a lightweight and anonymity-preserving user authentication scheme for healthcare environments. We discover that Masud et al.’s scheme is insecure against offline password guessing, user impersonation, and privileged insider attacks. Furthermore, we find that Masud et al.’s scheme cannot ensure user anonymity. To address the security vulnerabilities of Masud et al.’s scheme, we propose a three-factor-based mutual authentication scheme with a physical unclonable function (PUF). The proposed scheme is secure against various security attacks and provides anonymity, perfect forward secrecy, and mutual authentication utilizing biometrics and PUF. To prove the security features of our scheme, we analyze the scheme using informal analysis, Burrows–Abadi–Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Furthermore, we estimate our scheme’s security features, computation costs, communication costs, and energy consumption compared with the other related schemes. Consequently, we demonstrate that our scheme is suitable for WMSNs.
Highlights
With the development of wireless communication and sensor minimization technology, wireless sensor networks (WSNs) have been widely used in various environments, such as industrial Internet of Things [1], healthcare [2], and smart homes [3]
We review Masud et al.’s scheme and prove that their scheme is vulnerable to offline password guessing, impersonation, and privileged insider attacks
To improve the security level and overcome the security weaknesses of Masud et al.’s scheme, we propose a provably secure three-factor-based mutual authentication and key agreement scheme for wireless medical sensor networks (WMSNs)
Summary
With the development of wireless communication and sensor minimization technology, wireless sensor networks (WSNs) have been widely used in various environments, such as industrial Internet of Things [1], healthcare [2], and smart homes [3]. In 2021, Masud et al [7] proposed a lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare environments They claimed that their scheme is lightweight and prevents various security attacks (e.g., replay, privileged insider, and impersonation attacks). We prove that their scheme cannot ensure user anonymity Their scheme has a device update problem, where the doctor cannot perform a login process on his own smart device. To overcome these security vulnerabilities of Masud et al.’s scheme, we propose a secure three-factor-based mutual authentication scheme with physical unclonable function (PUF). Our scheme uses hash functions and exclusive-OR operations to ensure real-time communication
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
