An anonymous mutual authentication and key agreement scheme in WMSN using physiological data

Abstract

Wireless medical sensor network (WMSN) is an application of the Internet of Things (IoT) that plays a very important role in today’s era for the healthcare industry, especially after the COVID-19 pandemic. To maintain the security and privacy of the real-time health information of the users or patients, the proper mutual authentication and key agreement (AKA) is the foremost necessity. In this context, Shadi Nashwan proposed an end-to-end authentication scheme for a healthcare IoT system i.e. WMSN, and claimed that their scheme could resist so many existing possible threats and could maintain a low computational cost too. Unfortunately, during this research, it is found that their scheme can be threatened by eavesdropping and jamming/desynchronization attacks and have many computational flaws, as well. Moreover, they also assumed that the gateway node (GWN) is always trustworthy, but in reality, it is not always feasible, as the GWN may act as a local server. Hence, in this article, a new AKA scheme has been proposed using the user’s physiological information like ECG data in order to make the WMSN more secure and reliable. In addition, the proposed scheme can resist many well-known threats like GWN spoofing attack, key escrow problem and can guard against GWN stolen database problem, also. To proof the superiority of the proposed scheme, the informal and formal security analysis have been performed using automated validation of internet security protocols and applications (i.e. AVISPA) and Burrows–Abadi–Needham (BAN) logic, respectively. Based on the comparative study with existing schemes concerning security features, computational and communicational cost, and storage requirement; the proposed scheme can perform better than the existing schemes and well suitable for practical implementations.