RELAKA: Robust ECC based Privacy Preserving Lightweight Authenticated Key Agreement protocol for healthcare applications

Abstract

With the advancement of cutting-edge technologies, the Internet of Medical Things (IoMT) has assisted the healthcare sector by facilitating interaction between healthcare service providers and patients in remote areas. In IoMT, wearable or implantable sensors collect the patient’s record and share the information through a public network. Health-related information about the patient must be protected from a variety of attacks by the adversary since it is sensitive and extremely vulnerable to attacks. The sensor equipment that is implanted in the patient is also resource-constrained and has a low power capacity. The entities involved in the communication must be authenticated with one another in order to protect patients’ health information, anonymity, and reliability. While several authenticated key agreement protocols have been proposed, many suffer from high computational costs and storage cost, making them unsuitable for lightweight applications. This paper proposes a secure three-factor robust Elliptic Curve Cryptography (ECC) based mutually authenticated and key agreement protocol known as RELAKA for the IoMT environment, utilizing the benefits of one-way hash function. In proposed scheme, all entities, including the healthcare service providers and wearable sensors, are authenticated by the medical server. Subsequently, a secret key is established for each communication session and shared between all the entities. Additionally, mechanism for appropriate user revocation and re-registration is integrated to provide additional security in cases where a user’s QR code is tampered with by the attacker. The privacy of the proposed protocol is investigated by the potential use of zero knowledge proof. Furthermore, the efficacy of the authentication is examined by challenge and response mechanism. The informal security analysis demonstrates its resistance to threats such as DoS, impersonation, message modification, password guessing, and so on. The performance evaluation of RELAKA protocol indicates that the execution, communication, and storage costs is reduced by 87.59%, 43% and 60.71% respectively. Moreover, the outcomes of the AVISPA simulation illustrate that the RELAKA successfully evades both active and passive attacks. In addition, real-world testbed environment is developed with Raspberry pi 4 model B and the experimental results verifies the robustness of the proposed protocol. According to theoretical analysis and experimental evaluation, the RELAKA scheme is more secure and efficient than the existing protocols.