PurposeA wireless body area network (WBAN) is a collection of sensing devices attached to a person’s body that is typically used during health care to track their physical state. This paper aims to study the security challenges and various attacks that occurred while transferring a person’s sensitive medical diagnosis information in WBAN.Design/methodology/approachThis technology has significantly gained prominence in the medical field. These wearable sensors are transferring information to doctors, and there are numerous possibilities for an intruder to pose as a doctor and obtain information about the patient’s vital information. As a result, mutual authentication and session key negotiations are critical security challenges for wearable sensing devices in WBAN. This work proposes an improved mutual authentication and key agreement protocol for wearable sensing devices in WBAN. The existing related schemes require more computational and storage requirements, but the proposed method provides a flexible solution with less complexity.FindingsAs sensor devices are resource-constrained, proposed approach only makes use of cryptographic hash-functions and bit-wise XOR operations, hence it is lightweight and flexible. The protocol’s security is validated using the AVISPA tool, and it will withstand various security attacks. The proposed protocol’s simulation and performance analysis are compared to current relevant schemes and show that it produces efficient outcomes.Originality/valueThis technology has significantly gained prominence in the medical sector. These sensing devises transmit information to doctors, and there are possibilities for an intruder to pose as a doctor and obtain information about the patient’s vital information. Hence, this paper proposes a lightweight and flexible protocol for mutual authentication and key agreement for wearable sensing devices in WBAN only makes use of cryptographic hash-functions and bit-wise XOR operations. The proposed protocol is simulated using AVISPA tool and its performance is better compared to the existing methods. This paper proposes a novel improved mutual authentication and key-agreement protocol for wearable sensing devices in WBAN.