The development of Wireless Body Area Network (WBAN) and Wearable Health Monitoring Systems (WHMS) play a key role in healthcare monitoring. WBAN includes medical sensors that monitor vital signs of patients, collect data and usually transmit them to medical servers via wireless channels. Therefore, the patient’s sensitive information sent over the channel can be vulnerable to various attacks. Hence, designing lightweight authentication security protocols for these systems with the lowest computational and communication costs has become a major challenge. Recently, Sowjanya et al. (2020) presented a lightweight authentication scheme for WHMS based on Elliptic Curve Cryptography (ECC), which provides optimal security features and low storage, communication and computational costs. In this paper, the security of their scheme is evaluated and passive insider secret disclosure and replay attacks against their scheme are presented. It is obvious that other attacks such as desynchronization attack and impersonation attack can be applied to this protocol by obtaining the secret value of network manager. The complexity of our proposed attacks is just one run of the protocol and their success probability equals to one. Finally, by remedying the Sowjanya et al. (2020) ’s protocol, a lightweight ECC-based authentication scheme called ECCPWS is proposed. Moreover, the proposed protocol’s security proof is performed via informal methods and also formally through Real-Or-Random (ROR) model, BAN logic, Scyther and AVISPA tools. The security verification results of ECCPWS show that the ECCPWS has complete security against various security vulnerabilities and attacks.
Read full abstract