Main Article Content
Data sent from wireless body area networks to healthcare professionals or doctors include sensitive information which needs to be protected from unauthorized access. A mutual authentication protocol is a security feature that can prevent man-in-the-middle and spoofing attacks. A number of mutual authentication protocols based on wireless body area networks have been proposed; however, these impose high cryptographic operation costs, energy costs, and time costs, and also lack some security properties. In this research, we propose an efficient mutual authentication protocol for secure data exchange to send personal health records from a smartphone device to a doctor. The proposed protocol leads to a reduction in the cryptographic operation, energy, and time costs, and uses fewer resources than previous protocols. Although our approach utilizes a one-way hash function rather than encryption, it still provides the necessary security properties, unlike existing protocols. We also formally verify our approach using the Scyther tool and AVISPA. The results show that the proposed protocol has been verified as being resistant to attack as designed.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
I/we certify that I/we have participated sufficiently in the intellectual content, conception and design of this work or the analysis and interpretation of the data (when applicable), as well as the writing of the manuscript, to take public responsibility for it and have agreed to have my/our name listed as a contributor. I/we believe the manuscript represents valid work. Neither this manuscript nor one with substantially similar content under my/our authorship has been published or is being considered for publication elsewhere, except as described in the covering letter. I/we certify that all the data collected during the study is presented in this manuscript and no data from the study has been or will be published separately. I/we attest that, if requested by the editors, I/we will provide the data/information or will cooperate fully in obtaining and providing the data/information on which the manuscript is based, for examination by the editors or their assignees. Financial interests, direct or indirect, that exist or may be perceived to exist for individual contributors in connection with the content of this paper have been disclosed in the cover letter. Sources of outside support of the project are named in the cover letter.
I/We hereby transfer(s), assign(s), or otherwise convey(s) all copyright ownership, including any and all rights incidental thereto, exclusively to the Journal, in the event that such work is published by the Journal. The Journal shall own the work, including 1) copyright; 2) the right to grant permission to republish the article in whole or in part, with or without fee; 3) the right to produce preprints or reprints and translate into languages other than English for sale or free distribution; and 4) the right to republish the work in a collection of articles in any other mechanical or electronic format.
We give the rights to the corresponding author to make necessary changes as per the request of the journal, do the rest of the correspondence on our behalf and he/she will act as the guarantor for the manuscript on our behalf.
All persons who have made substantial contributions to the work reported in the manuscript, but who are not contributors, are named in the Acknowledgment and have given me/us their written permission to be named. If I/we do not include an Acknowledgment that means I/we have not received substantial contributions from non-contributors and no contributor has been omitted.
C. Techapanupreed, W. Kurutach, “Enhancing transaction security for handling accountability in electronic health records,” Security and Communication Networks, 2020.
G. hamilarasu, and A. Odesile, "Securing wireless body area networks: Challenges, review and recommendations," International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 1-7, 2016.
M. Kompara, and M. Hölbl, "Survey on security in intra-body area network communication," Ad Hoc Networks, vol. 70, pp. 23-43, 2018.
D. Vera, N. Costa, L. Roda-Sanchez, T. Olivares, A. Fernández-Caballero, and A. Pereira, "Body area networks in healthcare: A brief state of the art," Applied Sciences, vol. 9, no. 16, pp. 3248, 2019.
F. R. Yazdi, M. Hosseinzadeh, and S. Jabbehdari, “A review of state-of-the-art on wireless body area networks,” International Journal of Advanced Computer Science and Applications, pp. 443-455, 2017.
R. A. Khan, and A. S. K. Pathan, “The state-of-the-art wireless body area sensor networks: A survey,” International Journal of Distributed Sensor Networks, vol. 14, no. 4, 2018.
C. A. Tavera, J. H. Ortiz, O. I. Khalaf, D. F. Saavedra, and T. H. Aldhyani, “Wearable wireless body area networks for medical applications,” Computational and Mathematical Methods in Medicine, 2021.
S. J. Hussain, M. Irfan, N. Z. Jhanjhi, K. Hussain, and M. Humayun, “Performance enhancement in wireless body area networks with secure communication,” Wireless Personal Communications, vol. 116, no. 1, pp. 1-22, 2021.
C. C. Tan, H. Wang, S. Zhong, and Q. Li, “Body sensor network security: an identity-based cryptography approach,” In Proceedings of the first ACM conference on Wireless network security, pp. 148-153, 2008.
K. H. Yeh, “A secure IoT-based healthcare system with body sensor networks,” IEEE Access, vol. 4, pp. 10288-10299, 2016.
IEEE 802.15 WPAN Task Group 6 (TG6) Body Area Networ-ks". IEEE Standards Association. 9 Jun 2011. Retrieved 9 Dec 2021.
IEEE Standard for Information technology-- Local and metropolitan area networks- “Specific requirements-- Part 15.1a: Wireless Medium Access Control (MAC) and Physical Layer (PHY) specifications for Wireless Personal Area Networks (WPAN)," in IEEE Std 802.15.1-2005 (Revision of IEEE Std 802.15.1-2002) , vol., no., pp.1-700, 14 June 2005, doi: 10.1109/IEEESTD.2005.96290.
Approved IEEE Draft Amendment to IEEE Standard for Information Technology-Telecommunications and Information Exchange Between Systems-Part 15.4: “Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (LR-WPANS): Amendment to Add Alternate Phy (Amendment of IEEE Std 802.15.4)," in IEEE Approved Std P802.15.4a/D7, Jan 2007 , 2007.
C. J. Cremers, “The Scyther tool: Verification, falsification, and analysis of security protocols,” In International Conference on Computer Aided Verification, Springer, Berlin, Heidelberg, pp. 414-418, 2008.
C. Thammarat, and W. Kurutach, “A lightweight and secure NFC-base mobile payment protocol ensuring fair exchange based on a hybrid encryption algorithm with formal verification,” International Journal of Communication Systems, vol. 32, no. 12, 2019.
W. Stallings, L. Brown, , M. D. Bauer, and A. K. Bhattacharjee, “Computer security: principles and practice,” Upper Saddle River, NJ, USA: Pearson Education, pp. 978, 2012.
R. Yan, J. Liu, and R. Sun, "An efficient authenticated key exchange protocol for wireless body area network," The Proceedings of the Third International Conference on Communications, Signal Processing, and Systems, Springer, Cham, pp. 51-58, 2015.
J. Liu, Q. Li, R. Yan, and R. Sun, "Efficient authenticated key exchange protocols for wireless body area networks," EURASIP Journal on Wireless Communications and Networking, pp. 1-11, 2015.
D. He, N. Kumar, J. Chen, C. C. Lee, N. Chilamkurti, and S. S. Yeo, "Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks," Multimedia Systems, vol. 21, no. 1, pp. 49-60, 2015.
R. Vishwakarma, and R. K. Mohapatra, "A secure three-party authentication protocol for wireless body area networks," In 2017 Third International Conference on Sensing, Signal Processing and Security (ICSSS), pp. 99-103, 2017.
C. Thammarat, and C. Techapanupreeda, "A secure authentication and key exchange protocol for M2M communication," In 2021 9th International Electrical Engineering Congress (iEECON), pp. 456-459, IEEE, 2021.
C. Thammarat, and C. Techapanupreeda, "A secure mobile payment protocol for handling accountability with formal verification," In 2021 International Conference on Information Networking (ICOIN), pp. 249-254, IEEE, 2021.
N. R. Potlapally, S. Ravi, A. Raghunathan, and N. K. Jha, "A study of the energy consumption characteristics of cryptographic algorithms and security protocols," in IEEE Trans. Mobile computing, vol. 5, no. 2, pp. 128-143, 2006.
X. Zheng, L. Yang, J. Ma, G. Shi, and D. Meng, "TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms," in Proc. on Computers and Communication, pp. 456-462, 2016.