An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks
Abstract
:1. Introduction
2. Review of the Li’s Protocol
2.1. Registration Phase
- A unique secret identity is generated for the N which is also used as the secret key of the N.
- A unique identity is generated for the . (It is not explicit in their article that would another be generated or not when another is registered. However, if different is generated for the that will immediately fail the ’s traceability since the unencrypted is sent over the air every time the attempts to connect to the server).
- A secret parameter is generated for the N.
- The system computes and .
- The stores the tuple in its memory.
- The N stores the tuple in its memory.
- The stores the in its memory.
2.2. Authentication Phase
- A second level node N selects a random number and computes
- After receiving the message from the N, the places his identity, , in the message and forwards the message to the .
- Once receiving messages from the , the first checks the in its database. The process will be terminated if fails. Then, the checks the timestamp by judging , where is the time when the message is received, with being the maximum transmission delay. Next, the computes the following:
- which checks whether . If the equation holds, the ensures that the N is legal. The picks temporary secret parameters and continues to compute the following:
- Finally, the stores the session key and sends the message to the .
- Once the receives the message from the , it drops his identity and sends the message to the N.
- Now, the N computes and checks to determine whether the is legal or not. The authentication process will terminate if the equation does not hold. Then, the N computes , and . Afterwards, the N stores the session key and replaces the parameters with the parameters .
3. Cryptanalysis of the Li’s Protocol
3.1. The Adversary Model
- The adversary can control the communication channel. It means that it may eavesdrop, modify and replay any messages transmitted on the communication channel. This intends to capture the protocol requirements, e.g., resilient to replay the attack, resilient man-in-middle attack, mutual authentication, resilient to online/offline dictionary attack.
- The adversary can capture any sensor node by some ways and further extract the secret data store in a captured node. This intends to capture the ability of mutual authentication and forward secrecy.
- The hub node, , is always trustworthy. However, an adversary may intrude the ’s database and read and manipulate all the data in the database except for the ’s master key, . This intends to capture the resilient of the hub-node-stolen-database attack where the ’s database is stolen.
- An adversary may intrude a first level node and read all data stored in it. Assuming that both the bottom level and the top level can be compromised by the adversary, the may not remain unintruded for all the time, especially an may be viewed as a smart phone or a smart watch which may be easily stolen.
3.2. Vulnerable against Intruding Attacks
3.3. Vulnerable to the Tracking Attack
4. Repairing the Protocol
4.1. Architecture
4.2. Description of the Repaired Protocol
- , a unique secret identity for the .
- , where is the secret key of the , is a nonce.
- .
- .
- The generates a random number and a timestamp and computes:Then, it sends to the .
- On receiving the request, the first checks if the timestamp is still valid. Then, it computes:Next, it validates by . The protocol will be aborted if this does not hold.
- The continues the protocols by selecting random numbers and computing the following:
- The validates the message by computing and checking whether equals to . If not, it rejects the protocol.
- Finally, the computes the session keys and updates its keys, asThe will compute the same session key as the in the absence of the adversary or noise. It will then replace with in its memory.
5. Security Analysis of the Repaired Protocol
5.1. Intruding on the Attacks
5.2. Impersonation, Man-in-the-Middle and Replay Attacks
- The accepts. This happens if and only if . We assume that the does not generate a after , otherwise it violates definition of Goal 1. If this equation is true but the hash has never been computed, this will happen only with .If this equation is true and the hash has been computed before, we may conclude that it is not produced by a legitimate and . This is due to the fact that is unique and does not produce any at and would never send computed . Therefore, the only possibility is that the adversary computes the hash by itself. This happens only if the adversary has and which are not sent over the network. This is bounded by where is the maximum number of the hashes that are able to query with reasonable resources.
- The accepts. This happens if and only if the value of the is equal to . Similarly, if the hash was never computed, the probability is bounded by p. If the hash is previously computed by the , the same (with ) has already sent a login request with . Since is randomly chosen, this happens only with , where is the total number of the sessions executed by the . Otherwise, the adversary should correctly guess and , which happen only with .
5.3. Tracking Attacks and Anonymity
6. Simulation Verification Using a Proverif Tool
- First, we need to define some variables used in this simulation. is the secret key , and and are the final shared key established by and , respectively—then comes the functions and events (Figure 5),
- Second, we list the goals of this simulation. More specifically, our goals is to ensure that the whole authentication process is successful, the shared key can be established, and the attacker cannot obtain the key anyway (Figure 6),
- The process of (Figure 7),
- The process of (Figure 8),
- The main execution (Figure 9).
7. Performance Evaluation
8. Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Dussault, C.; Toeg, H.; Nathan, M.; Wang, Z.J.; Roux, J.F.; Secemsky, E. Electrocardiographic Monitoring for Detecting Atrial Fibrillation After Ischemic Stroke or Transient Ischemic Attack. Circ. Arrhythm. Electrophysiol. 2015, 8, 263–269. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Epstein, L.J.; Kristo, D.; Strollo, P.J.; Friedman, N.; Malhotra, A.; Patil, S.P.; Ramar, K.; Rogers, R.; Schwab, R.J.; Weaver, E.M.; et al. Clinical guideline for the evaluation, management and long-term care of obstructive sleep apnea in adults. J. Clin. Sleep Med. 2009, 5, 263–276. [Google Scholar] [PubMed]
- Toorani, M. On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard. In Proceedings of the Financial Cryptography and Data Security: FC 2015 International Workshops, BITCOIN, WAHC, and Wearable, San Juan, Puerto Rico, 26–30 January 2015; pp. 245–260. [Google Scholar]
- Li, X.; Ibrahim, M.H.; Kumari, S.; Sangaiah, A.K.; Gupta, V.; Choo, K.K.R. Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput. Netw. 2017, 129, 429–443. [Google Scholar] [CrossRef]
- Kaufman, C.; Hoffman, P.; Nir, Y.; Eronen, P. Internet Key Exchange Protocol Version 2 IKEv2; RFC 5996, RFC Editor; IETF: Fremont, CA, USA, 2010. [Google Scholar]
- Wang, K.H.; Chen, C.M.; Fang, W.; Wu, T.Y. On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 2017, 74, 1–6. [Google Scholar] [CrossRef]
- Wang, D.; Wang, P. On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Comput. Netw. 2014, 73, 41–57. [Google Scholar] [CrossRef]
- Keoh, S.L.; Lupu, E.; Sloman, M. Securing body sensor networks: Sensor association and key management. In Proceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications, PerCom 2009, Galveston, TX, USA, 9–13 March 2009; pp. 1–6. [Google Scholar]
- Liu, J.; Kwak, K.S. Hybrid security mechanisms for wireless body area networks. In Proceedings of the 2010 Second International Conference on Ubiquitous and Future Networks (ICUFN), Jeju, Korea, 16–18 June 2010; pp. 98–103. [Google Scholar]
- Liu, J.; Zhang, Z.; Chen, X.; Kwak, K.S. Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Trans. Parallel Distrib. Syst. 2014, 25, 332–342. [Google Scholar] [CrossRef]
- Zhao, Z. An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. J. Med. Syst. 2014, 38, 13. [Google Scholar] [CrossRef] [PubMed]
- Wu, L.; Zhang, Y.; Li, L.; Shen, J. Efficient and anonymous authentication scheme for wireless body area networks. J. Med. Syst. 2016, 40, 134. [Google Scholar] [CrossRef] [PubMed]
- Xiong, X.; Wong, D.S.; Deng, X. TinyPairing: A Fast and Lightweight Pairing-Based Cryptographic Library for Wireless Sensor Networks. In Proceedings of the 2010 IEEE Wireless Communication and Networking Conference, Sydney, NSW, Australia, 18–21 April 2010; pp. 1–6. [Google Scholar]
- Shen, J.; Gui, Z.; Ji, S.; Shen, J.; Tan, H.; Tang, Y. Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J. Netw. Comput. Appl. 2018, 106, 117–123. [Google Scholar] [CrossRef]
- Venkatasubramanian, K.K.; Banerjee, A.; Gupta, S.K.S. PSKA: Usable and secure key agreement scheme for body area networks. IEEE Trans. Inf. Technol. Biomed. 2010, 14, 60–68. [Google Scholar] [CrossRef] [PubMed]
- Zhang, Z.; Wang, H.; Vasilakos, A.V.; Fang, H. ECG-cryptography and authentication in body area networks. IEEE Trans. Inf. Technol. Biomed. 2012, 16, 1070–1078. [Google Scholar] [CrossRef] [PubMed]
- Shi, L.; Yuan, J.; Yu, S.; Li, M. ASK-BAN: Authenticated secret key extraction utilizing channel characteristics for body area networks. In Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, Budapest, Hungary, 17–19 April 2013; ACM: New York, NY, USA, 2013; pp. 155–166. [Google Scholar]
- Wang, K.H.; Chen, C.M.; Fang, W.; Wu, T.Y. A secure authentication scheme for Internet of Things. Pervasive Mob. Comput. 2017, 42, 15–26. [Google Scholar] [CrossRef]
- Jiang, Q.; Zeadally, S.; Ma, J.; He, D. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 2017, 5, 3376–3392. [Google Scholar] [CrossRef]
- Chaudhry, S.A.; Naqvi, H.; Sher, M.; Farash, M.S.; Hassan, M.U. An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw. Appl. 2017, 10, 1–15. [Google Scholar] [CrossRef]
- Wu, F.; Xu, L.; Kumari, S.; Li, X.; Shen, J.; Choo, K.K.R.; Wazid, M.; Das, A.K. An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. J. Netw. Comput. Appl. 2017, 89, 72–85. [Google Scholar] [CrossRef]
- Abbasinezhad-Mood, D.; Nikooghadam, M. Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans. Ind. Inform. 2018. [Google Scholar] [CrossRef]
- Abbasinezhad-Mood, D.; Nikooghadam, M. Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener. Comput. Syst. 2018, 84, 47–57. [Google Scholar] [CrossRef]
- Panait, C.; Dragomir, D. Measuring the performance and energy consumption of AES in wireless sensor networks. In Proceedings of the 2015 Federated Conference on Computer Science and Information Systems (FedCSIS), Lodz, Poland, 13–16 September 2015; pp. 1261–1266. [Google Scholar]
- Koschuch, M.; Hudler, M.; Saffer, Z. Towards algorithm agility for wireless sensor networks: Comparison of the portability of selected Hash functions. In Proceedings of the 2013 International Conference on Data Communication Networking (DCNET), Reykjavik, Iceland, 29–31 July 2013; pp. 1–5. [Google Scholar]
- Lynn, B. On the Implementation of Pairing-Based Cryptosystems. Ph.D. Thesis, Stanford University Stanford, Stanford, CA, USA, 2007. [Google Scholar]
C1 | C2 | C3 | C4 | C5 | C6 | C7 | C8 | |
---|---|---|---|---|---|---|---|---|
[10] | Y | Y | N | Y | Y | Y | Y | Y |
[11] | N | N | Y | Y | Y | Y | Y | Y |
[12] | Y | Y | Y | Y | Y | Y | Y | Y |
[4] | N | N | N | Y | N | Y | Y | Y |
[14] | Y | Y | Y | Y | Y | Y | Y | Y |
Ours | Y | Y | Y | Y | Y | Y | Y | Y |
C1: Provide anonymity; C2: Withstand tracking attack; C3: Withstand insider attack; C4: Withstand repay attack; C5: Withstand impersonation attack; C6: Withstand man-in-the-middle attack; C7: Mutual authentication; C8: The session key forward secrecy |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chen, C.-M.; Xiang, B.; Wu, T.-Y.; Wang, K.-H. An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks. Appl. Sci. 2018, 8, 1074. https://doi.org/10.3390/app8071074
Chen C-M, Xiang B, Wu T-Y, Wang K-H. An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks. Applied Sciences. 2018; 8(7):1074. https://doi.org/10.3390/app8071074
Chicago/Turabian StyleChen, Chien-Ming, Bing Xiang, Tsu-Yang Wu, and King-Hang Wang. 2018. "An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks" Applied Sciences 8, no. 7: 1074. https://doi.org/10.3390/app8071074
APA StyleChen, C. -M., Xiang, B., Wu, T. -Y., & Wang, K. -H. (2018). An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors in Wireless Body Area Networks. Applied Sciences, 8(7), 1074. https://doi.org/10.3390/app8071074