Enabling Secure Communication in Wireless Body Area Networks with Heterogeneous Authentication Scheme

Thanks to the widespread availability of Fifth Generation (5G) wireless connectivity, it is now possible to provide preventative or proactive healthcare services from any location and at any time. As a result of this technological improvement, Wireless Body Area Networks (WBANs) have emerged as a new study of research in the field of healthcare in recent years. WBANs, on the one hand, intend to gather and monitor data from the human body and its surroundings; on the other hand, biomedical devices and sensors interact through an open wireless channel, making them exposed to a range of cyber threats. However, WBANs are a heterogeneous-based system; heterogeneous cryptography is necessary, in which the transmitter and receiver can employ different types of public key cryptography. This article proposes an improved and efficient heterogeneous authentication scheme with a conditional privacy-preserving strategy that provides secure communication in WBANs. In the proposed scheme, we employed certificateless cryptography on the client side and Identity-Based Cryptography on the receiver side. The proposed scheme employs Hyperelliptic Curve Cryptography (HECC), a more advanced variation of Elliptic Curve Cryptography (ECC). HECC achieves the same level of security with a smaller key size and a more efficient approach than its counterpart methods. The proposed scheme not only meets the security and privacy standards of WBANs but also enhances efficiency in terms of computation and communication costs, according to the findings of the security and performance analysis.


Introduction
WBANs (Wireless Body Area Networks) are a collection of medical devices and software applications that collect, analyze, and communicate the physiological data of patients [1,2]. WBANs have recently received more attention as a result of recent technological breakthroughs in the fields of electronics, sensors, and wireless communication technologies. Due to the wide spread availability of 5G wireless technology, patients can now obtain preventative or proactive healthcare treatments from any location and at any time. Blood pressure, heart rate, body temperature, respiratory rate, electrocardiogram, patient posture, breathing rate, and other signals can all be gathered, analyzed, and shared in real time between both the patient's own electronic devices and the medical practitioner [3][4][5][6][7]. required. The transmitter and receiver in heterogeneous cryptography may use various forms of public key cryptography. In some cases, for example, the sender belongs to IBC, and the receivers use PKI, or the sender uses PKI, and the receivers use IBC. Furthermore, it is possible that the sender uses a certificateless cryptosystem and the receivers use IBC or that the sender uses a certificateless cryptosystem and the receivers use PKI. As a result, in the following Figures 2 and 3, we show the functioning capacity of each of these cryptosystems one by one. Figure 2 shows how we give IBC to the PKI cryptosystem, which includes a Wearable Sensor Device (WSD) injected into the patient's body, a Trusted Authority (TA), and Application Providers (AP). The process starts when WSD communicate their identities to TA, who then generates the public and private keys for WSD and sends them via a secure network. Following this, WSD may construct the authentication message and transmit it to AP; AP will then give their public key to TA, who will then generate a certificate based on that public key and publicly proclaim it.  In addition, if we regard AP as a transmitter and WSD as a receiver in Figure 2, the PKI to IBC heterogeneous cryptosystem will be represented. Furthermore, we depict the certificateless cryptosystem to IBC in Figure 3, where WSD belongs to certificateless cryptography, and AP uses IBC. TA will produce a partial private key for WSD and 23, x FOR PEER REVIEW 3 of 16 required. The transmitter and receiver in heterogeneous cryptography may use various forms of public key cryptography. In some cases, for example, the sender belongs to IBC, and the receivers use PKI, or the sender uses PKI, and the receivers use IBC. Furthermore, it is possible that the sender uses a certificateless cryptosystem and the receivers use IBC or that the sender uses a certificateless cryptosystem and the receivers use PKI. As a result, in the following Figures 2 and 3, we show the functioning capacity of each of these cryptosystems one by one. Figure 2 shows how we give IBC to the PKI cryptosystem, which includes a Wearable Sensor Device (WSD) injected into the patient's body, a Trusted Authority (TA), and Application Providers (AP). The process starts when WSD communicate their identities to TA, who then generates the public and private keys for WSD and sends them via a secure network. Following this, WSD may construct the authentication message and transmit it to AP; AP will then give their public key to TA, who will then generate a certificate based on that public key and publicly proclaim it.  In addition, if we regard AP as a transmitter and WSD as a receiver in Figure 2, the PKI to IBC heterogeneous cryptosystem will be represented. Furthermore, we depict the certificateless cryptosystem to IBC in Figure 3, where WSD belongs to certificateless cryptography, and AP uses IBC. TA will produce a partial private key for WSD and  In addition, if we regard AP as a transmitter and WSD as a receiver in Figure 2, the PKI to IBC heterogeneous cryptosystem will be represented. Furthermore, we depict the certificateless cryptosystem to IBC in Figure 3, where WSD belongs to certificateless cryptography, and AP uses IBC. TA will produce a partial private key for WSD and transmit it through a secure channel after receiving identification from WSD and AP. TA will also generate a private key for AP and send it via a private network after receiving identity from WSD and AP. After that, the WSD and the AP may communicate and authenticate with each other. Figure 4 depicts certificateless to PKI cryptography, with WSD belonging to certificateless cryptography and AP using PKI. TA will construct the partial private key for WSD and transmit it via a secure channel after receiving the identification from WSD and the public key from AP. TA will also create the certificate for AP and send it over to a public network. After that, the WSD and the AP may communicate and authenticate with each other.
R PEER REVIEW 4 of 16 transmit it through a secure channel after receiving identification from WSD and AP. TA will also generate a private key for AP and send it via a private network after receiving identity from WSD and AP. After that, the WSD and the AP may communicate and authenticate with each other. Figure 4 depicts certificateless to PKI cryptography, with WSD belonging to certificateless cryptography and AP using PKI. TA will construct the partial private key for WSD and transmit it via a secure channel after receiving the identification from WSD and the public key from AP. TA will also create the certificate for AP and send it over to a public network. After that, the WSD and the AP may communicate and authenticate with each other. In this article, we propose an authentication scheme in heterogeneous settings (certificateless to IBC) based on the discussion above. We considered Hyperelliptic Curve Cryptography (HECC) to create the proposed scheme, which uses just 80-bit keys to give the same level of security in preventing cyber-attacks [16]. As a result, for WBAN devices with limited resources, HECC would be a better option. The following are some of the key contributions of the undertaken research work: 1. We propose a heterogeneous authentication scheme for WBANs that uses the HECC approach, which makes our scheme computationally efficient. 2. Informal security analysis has been used to evaluate the proposed scheme's ability to withstand different attacks. The results support the proposed scheme's resiliency. 3. Finally, in terms of computation and communication costs, we compare the proposed scheme to existing equivalent schemes. The result demonstrates that our approach surpasses its competitors.

Structure of the Paper
The following is how the rest of the article is organized. The related work is detailed In this article, we propose an authentication scheme in heterogeneous settings (certificateless to IBC) based on the discussion above. We considered Hyperelliptic Curve Cryptography (HECC) to create the proposed scheme, which uses just 80-bit keys to give the same level of security in preventing cyber-attacks [16]. As a result, for WBAN devices with limited resources, HECC would be a better option. The following are some of the key contributions of the undertaken research work: We propose a heterogeneous authentication scheme for WBANs that uses the HECC approach, which makes our scheme computationally efficient.

2.
Informal security analysis has been used to evaluate the proposed scheme's ability to withstand different attacks. The results support the proposed scheme's resiliency. 3.
Finally, in terms of computation and communication costs, we compare the proposed scheme to existing equivalent schemes. The result demonstrates that our approach surpasses its competitors.

Structure of the Paper
The following is how the rest of the article is organized. The related work is detailed in Section 2. The network model is provided in Section 3, followed by the proposed scheme in Section 4. Sections 5 and 6 contains a security analysis. Section 7 provides a performance evaluation with existing approaches. Concluding remarks are provided in Section 8.

Related Work
This section covers the existing solutions that have been used to overcome the security and privacy challenges of WBANs that use authentication mechanisms. In 2014, Chen et al. [16] proposed an authentication scheme for medical data exchange in the cloud environment to secure patients' health information. According to Chiou et al. [17], the approach developed by Chen et al. [16] could not ensure patient confidentiality or message authentication. In [17], the authors improved the privacy authentication process in the cloud health environment.
In 2016, Li et al. [18] introduced a network-based electronic medical authentication scheme that includes two-factor authentication using the user's password and smart card. He et al. [19] proposed an authentication scheme that is better suited to the setup of telemedicine information systems on mobile devices with minimal battery consumption. Wei et al. [20] observed that this protocol is vulnerable to password attacks; they proposed an improved authentication protocol for telemedicine information systems and showed that it fits the security criteria of two-factor authentication. Wu et al. [21] introduced a lightweight two-factor medical authentication approach in 2018, claiming that their protocol is secure; however, after further investigation, it was shown that their protocol could not successfully resist perfect forward security.
In 2016, Wu et al. [22] proposed a novel anonymous authentication scheme for WBANs and demonstrated that it is secure in a random oracle model. The proposed scheme, on the other hand, was based on bilinear pairing, which entails computationally intensive operations. He et al. [23] proposed a provable security anonymous authentication scheme for WBAN. The proposed scheme [23], on the other hand, comprises a bilinear pairingbased operation, which is a computationally expensive operation. In 2018, Ji et al. [24] proposed a certificateless conditional privacy-preserving authentication technique for WBAN in a big data environment. The proposed technique allows for batch authentication of multiple clients, considerably reducing the service provider's computing overhead. The proposed scheme supports common security aspects such as user anonymity, unlinkability, mutual authentication, traceability, and forward secrecy. On the basis of assessing the most recently presented certificateless authentication scheme for WBANs, Xie et al. [25] proposed an improved and efficient certificateless authentication scheme with conditional privacypreserving. However, the proposed scheme was based on elliptic curve cryptography, which is not that suitable for WBAN devices.
Liao et al. [26] proposed a certificateless authentication scheme for WBAN, in which they used the concept of online and offline signature methods. However, the proposed scheme failed to provide real-time communication due to the use of bilinear pairing that needs extra machine time and bandwidth space.
Recently, Li et al. [27] proposed a certificateless authentication with the help of an elliptic curve; however, the proposed scheme failed to provide real-time communication due to the use of an elliptic curve that needs extra machine time and bandwidth space.
The schemes outlined above rely on cryptographic techniques such as ECC and bilinear pairing and have high computation and communication costs. On the other hand, the proposed scheme is based on the concept of HECC, which is a more refined variant of ECC. It provides the same amount of security as other methods but with a smaller key size.  Figure 5 depicts the proposed network's working flow, in which we considered three main entities that are client, Application Provider (AP), and Key Generation Center (KGC), respectively. The role of each entity is explained as follows.

Client
The client is the sensors placed in the human body, and the work of these sensors to collect health-related data from the human body. The client sends a request along w their identity for the partial private key to KGC, then by using a secure channel, KG sends a partial private key to the client.
Further, the collected data, along with a partial private key, is sent by the clie through Bluetooth Low Energy (BLE) to PDAs. With the help of the client, PDAs fi generate a signature, secret key, public parameter, cipher text, and hash value. Then PD will send the hash value, public parameter, ciphertext, and signature to AP through technology.

Application Provider (AP)
This entity sends a request along with its identity to KGC, then the KGC genera and sends a private key to AP through a secure channel. Therefore, upon receiving t hash value, public parameter, ciphertext, and signature, AP first verifies the signatu recovers the secret key, and uses the secret key to recover a message from the ciphertex

Key Generation Center (KGC)
This entity is responsible for generating the partial private key for the client and t private key for AP.

Proposed Conditional Privacy-Preserving Authentication Scheme for WBAN
In this section, we first provide Table 1, which includes acronyms used in the arti and symbols utilized in the new algorithm. The five stages of our proposed condition

Client
The client is the sensors placed in the human body, and the work of these sensors is to collect health-related data from the human body. The client sends a request along with their identity for the partial private key to KGC, then by using a secure channel, KGC sends a partial private key to the client.
Further, the collected data, along with a partial private key, is sent by the client through Bluetooth Low Energy (BLE) to PDAs. With the help of the client, PDAs first generate a signature, secret key, public parameter, cipher text, and hash value. Then PDAs will send the hash value, public parameter, ciphertext, and signature to AP through 5G technology.

Application Provider (AP)
This entity sends a request along with its identity to KGC, then the KGC generates and sends a private key to AP through a secure channel. Therefore, upon receiving the hash value, public parameter, ciphertext, and signature, AP first verifies the signature, recovers the secret key, and uses the secret key to recover a message from the ciphertext.

Key Generation Center (KGC)
This entity is responsible for generating the partial private key for the client and the private key for AP.

Proposed Conditional Privacy-Preserving Authentication Scheme for WBAN
In this section, we first provide Table 1, which includes acronyms used in the article and symbols utilized in the new algorithm. The five stages of our proposed conditional privacy-preserving authentication scheme for WBAN are described [24]: the client. Upon reception ( , , ), the KGC can select Ɵ randomly from the finite group of hyper elliptic curve and compute ƕ = Ɵ. , , , ƕ, ) , and = Ɵ + . , respectively. Then, KGC saves ( , , ƕ, , , ℰ) in the memory of the controller. Finally, the client can set ( , ) as their private key and ( , ƕ) as their public key.
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., , ), the KGC can select Ɵ randomly from curve and compute ƕ = Ɵ. , ℰ = 1 ( ) ⊕ , ƕ) , = ⊕ ℓ , = = Ɵ + . , respectively. Then, KGC saves mory of the controller. Finally, the client can set ( , ) ir public key. , , ) then it performs the following step for the from the client and generation of the secret key. if it is qualified, then the client mutually authenticates key as = . and when it receives an encrypted rom the client, it performs the decryption process on ssword change process in [1].
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., / = ( , ), which are shared between the client and AP. Furthermore, / has full access to the following queries: Execute Query: With the help of this query, / can eavesdrop on all the transmitted messages between the client and AP.
Corrupt Device Query: With the help of this query, / can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one. , , ƕ, , , ℰ) in the memory of the controller. Finally, the client can set ( , ) as their private key and ( , ƕ) as their public key.
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., / = ( , ), which are shared between the client and AP. Furthermore, / has full access to the following queries: Execute Query: With the help of this query, / can eavesdrop on all the transmitted messages between the client and AP.
Corrupt Device Query: With the help of this query, / can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one.
When AP receives the triple ( , , ) then it performs the following step verification of the signature received from the client and generation of the secret It computes . = Y + ƞ + r. if it is qualified, then the client mutually auth with AP.
Then AP generates the secret key as = . and when it receives an en message as = ( ) from the client, it performs the decryption pr the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed the widely accepted ROR oracle model during the section, i.e., "4.3. Authentication and Secrete Key Management" between client and AP [28]. In Th we proved that our designed scheme is safeguarded regarding derivations of t key ( = . ƞ and = . ) from both type of attacker, i.e., / = ( , are shared between the client and AP. Furthermore, / has full acces following queries: Execute Query: With the help of this query, / can eavesdrop on transmitted messages between the client and AP.
Corrupt Device Query: With the help of this query, / can physically ex parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed key between the client and AP.
Test Query: With the help of this query, / can verify whether the g session key is a random or real one.
al Authentication and Secrete Key Management ent can select randomly from the finite group of hyper elliptic curve and = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send AP. n AP receives the triple ( , , ) then it performs the following step for the n of the signature received from the client and generation of the secret key. putes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates AP generates the secret key as = . and when it receives an encrypted s = ( ) from the client, it performs the decryption process on secret key.
ord Change Phase phase is the same as the password change process in [1].

Security Analysis
is section, the formal analysis for our proposed scheme is performed through ly accepted ROR oracle model during the section, i.e., "4.3. Mutual ation and Secrete Key Management" between client and AP [28]. In Theorem 1, d that our designed scheme is safeguarded regarding derivations of the secret . ƞ and = . ) from both type of attacker, i.e., l Query: With the help of this query, / has access to a disclosed session en the client and AP. Query: With the help of this query, / can verify whether the generated y is a random or real one.
tication and Secrete Key Management select randomly from the finite group of hyper elliptic curve and , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send eives the triple ( , , ) then it performs the following step for the signature received from the client and generation of the secret key. . = Y + ƞ + r. if it is qualified, then the client mutually authenticates erates the secret key as = . and when it receives an encrypted ( ) from the client, it performs the decryption process on .
ge Phase the same as the password change process in [1].
enerate the secret key and verify the signature as follows:

Analysis
, the formal analysis for our proposed scheme is performed through ted ROR oracle model during the section, i.e., "4.3. Mutual Secrete Key Management" between client and AP [28]. In Theorem 1, r designed scheme is safeguarded regarding derivations of the secret = . ) from both type of attacker, i.e., theorem, we prove that our scheme is a secret key that is secure from the client. Upon reception ( , , ), the KGC can select Ɵ randomly from the finite group of hyper elliptic curve and compute ƕ = Ɵ. , , , ƕ, ) , and = Ɵ + . , respectively. Then, KGC saves ( , , ƕ, , , ℰ) in the memory of the controller. Finally, the client can set ( , ) as their private key and ( , ƕ) as their public key.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one. ) as the secret key of AP.

Pseudo Identity Generation
A client can select σ randomly from the finite group of hyper elliptic curve and compute S = σ.D, and by using a secure network, it sends (S, Client RID , Client PW ) to the KGC, where Client RID is the identity of the client, and Client PW denotes the password of the client. Upon reception (S, Client RID , Client PW ), the KGC can select θ randomly from the finite group of hyper elliptic curve and compute , , ƕ, ) , and = Ɵ + . , respectively. Then, KGC saves ( , , ƕ, , , ℰ) in the memory of the controller. Finally, the client can set ( , ) as their private key and ( , ƕ) as their public key.
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one. Theorem 1. In this theorem, we prove that our scheme is a secret key that is secure from ,
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one. Theorem 1. In this theorem, we prove that our scheme is a secret key that is secure from , as their private key and ( , ƕ) as their public key.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic c compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following ste verification of the signature received from the client and generation of the secre It computes . = Y + ƞ + r. if it is qualified, then the client mutually auth with AP.
Then AP generates the secret key as = . and when it receives an e message as = ( ) from the client, it performs the decryption p the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed the widely accepted ROR oracle model during the section, i.e., "4.3 Authentication and Secrete Key Management" between client and AP [28]. In T we proved that our designed scheme is safeguarded regarding derivations of key ( = . ƞ and = . ) from both type of attacker, i.e., can physically e parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclose key between the client and AP.
Test Query: With the help of this query, / can verify whether the session key is a random or real one.
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e.,

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper ellipt compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following verification of the signature received from the client and generation of the se It computes . = Y + ƞ + r. if it is qualified, then the client mutually a with AP.
Then AP generates the secret key as = . and when it receives a message as = ( ) from the client, it performs the decryptio the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is perform the widely accepted ROR oracle model during the section, i.e., " Authentication and Secrete Key Management" between client and AP [28]. I we proved that our designed scheme is safeguarded regarding derivations key ( = . ƞ and = . ) from both type of attacker, i.e., can physical parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a discl key between the client and AP.
Test Query: With the help of this query, can verify whether th ) as their public key.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e.,

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one. Theorem 1. In this theorem, we prove that our scheme is a secret key that is secure from / , + r.χ, and send (Q, r, S) to AP.
When AP receives the triple (Q, r, S) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes S.D = Y + η + r.Q if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as K = Q.ϕ and when it receives an encrypted message as C = E K (medical data) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through .D + r.χ.D) = (Y + η + r.D), hence proved.

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key (K = χ.η and K = Q.ϕ) from both type of attacker, i.e., A insd/out = (A out , A insd ), which are shared between the client and AP. Furthermore, A insd/out has full access to the following queries: Execute Query: With the help of this query, A insd/out can eavesdrop on all the transmitted messages between the client and AP.
Corrupt Device Query: With the help of this query, A insd/out can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, A insd/out has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, A insd/out can verify whether the generated session key is a random or real one. Theorem 1. In this theorem, we prove that our scheme is a secret key that is secure from A insd/out , which can execute itself in a polynomial time (Pol tm ). Suppose Q hqry , |Hash space | , and Adv A insd/out hecdl p (Pol tm ) denotes the hash query, space for hash value, and advantage of breaking the hardiness of (hecdl p) for A insd/out , respectively, then Proof. In this section, we made three games (Game 1 A insd/out , Game 2 A insd/out , Game 3 A insd/out ), and their explanations are followed.

Game 1
A insd/out : By using this game, A insd/out can launch an actual attack on the proposed scheme and guess a random bit (rdm bits ), so we can obtain the following equation: (1) Game 2 A insd/out : By using the execute query in this game, A insd/out can eavesdrop all the transmitted messages ((Q, r, S), (C)). Then, the attacker A insd/out can try to make the secret shared key (K = χ.η and K = Q.ϕ). Furthermore, A insd/out needs to execute Reveal Query and Test Query to check whether the newly computed secret key is original or fake. Suppose their available outsider attacker (A out ) who is trying to generate K = χ.η and decrypt (C). Suppose in our proposed scheme, A out has no access to the master secret key (
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., / = ( , ), which are shared between the client and AP. Furthermore, / has full access to the following queries: ) and has the capacity to replace the public key of the user. Therefore, in the proposed scheme, A out can extract the original value of the secret key by utilizing K = χ.η and K = Q.ϕ; here, A out failed because, in these two equations, χ and ϕ are not known to them and also equals to find the solution for hyper elliptic curve discrete logarithm problem (hecdl p). Suppose their available insider attacker (A insd ) is trying to generate K = χ.η and decrypt (C). Suppose in our proposed scheme, A insd has access to the master secret key (
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through ) and does not have the capacity to replace the public key of the user. Therefore, in the proposed scheme, A insd can extract the original value of the secret key by utilizing K = χ.η and K = Q.ϕ; here, A insd failed because in these two equations χ and ϕ are not known to them and also equals to find the solution for hyper elliptic curve discrete logarithm problem. Thus, we can obtain the following equation.

Adv A insd/out,Game2
A insd/out proposed scheme = Adv A insd/out,Game1 A insd/out proposed scheme (2) Game 3 A insd/out : By using the Corrupt Device Query, in this game A insd/out can derive the session key (K = χ.η and K = Q.ϕ) by computing a hard problem such as hecdl p. The session key can be revealed in two ways, as follows: (1) Suppose in our proposed scheme, A out has no access to the master secret key (
When AP receives the triple ( , , ) then it performs the following verification of the signature received from the client and generation of the se It computes . = Y + ƞ + r. if it is qualified, then the client mutually a with AP.
Then AP generates the secret key as = . and when it receives a message as = ( ) from the client, it performs the decryptio the same secret key.

Password Change Phase
) and has the capacity to replace the public key of the user. Therefore, in the proposed scheme, A out can extract the original value of the secret key by utilizing K = χ.η and K = Q.ϕ; here, A out failed because in these two equations χ and ϕ are not known to them and also equals to find the solution for hyper elliptic curve discrete logarithm problem (hecdl p). (2) Suppose their available insider attacker (A insd ) who is trying to generate K = χ.η and decrypt (C). Suppose in our proposed scheme, A insd has access to the master secret key (
When AP receives the triple ( , , ) then it performs th verification of the signature received from the client and generat It computes . = Y + ƞ + r. if it is qualified, then the clien ) and does not have the capacity to replace the public key of the user. Therefore, in the proposed scheme, A insd can extract the original value of the secret key by utilizing K = χ.η and K = Q.ϕ; here, A insd failed because in these two equations, χ and ϕ are not known to them and also equals to find the solution for hyper elliptic curve discrete logarithm problem. Moreover, the other credentials are protected through a hash function that is r = H a 3 ( Q.S, T limit ,

Mutual Authentication and Secrete Key Management
, Client PID ), so it is not possible for an attacker to recover these credentials because of the irreversible property of the hash function. Therefore, we can obtain the following equation: It is important to note that A insd/out is the only one who asks the queries; therefore, A insd/out must predict bits properly to win the game Game 3 A insd/out . Therefore, we can obtain the following equation.
From Equation (1), we can obtain the following result.
Then, by using Equations (2)-(4) with the help of triangular inequality, we can make the following results from Equation (5).

Informal Security Analysis
The security analysis of the new scheme is based on the hard problem called hyper elliptic curve discrete logarithm problem, in which both types of attacker (A out and A insd ) trying to extract the unknown value, such as A from B = A.D. We consider two types of attacker, A out and A insd ; furthermore, A out is an outsider attacker who can try to steal information or destroy the forge ability and modify the medical data without having access to the master secret in a Dolev-Yao model channel. The A insd is the insider attacker who can try to steal information or destroy the forge ability and modify the medical data with access to master secret in a Dolev-Yao model channel. Hence, in the following sub phases, we illustrate the security analysis of our proposed scheme on the basis of a hyper elliptic curve discrete logarithm problem.

Confidentiality against A out
Suppose there is an available outsider attacker (A out ) who is trying to generate K = χ.η and decrypt (C). Suppose, in our proposed scheme, A out has no access to the master secret key (

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ) and has the capacity to replace the public key of the user. Therefore, in the proposed scheme, A out can extract the original value of the secret key by utilizing K = χ.η and K = Q.ϕ; here, A out failed because, in these two equations, χ and ϕ are not known ℎ ( ). as their private key and ( , ƕ) as their public key.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutua Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1 we proved that our designed scheme is safeguarded regarding derivations of the secre key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract the parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed session key between the client and AP.
Test Query: With the help of this query, / can verify whether the generated session key is a random or real one.
) and has the capacity to replace the public key of the user. Therefore, in the proposed scheme, A out can extract the original value of S by utilizing S = ϕ + ecurity Analysis section, the formal analysis for our proposed scheme is performed through accepted ROR oracle model during the section, i.e., "4.3. Mutual ion and Secrete Key Management" between client and AP [28]. In Theorem 1, that our designed scheme is safeguarded regarding derivations of the secret ƞ and = . ) from both type of attacker, i.e., In this theorem, we prove that our scheme is a secret key that is secure from

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for verification of the signature received from the client and generation of the secret key It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenti with AP.
Then AP generates the secret key as = . and when it receives an encry message as = ( ) from the client, it performs the decryption proces the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed thro the widely accepted ROR oracle model during the section, i.e., "4.3. Mu Authentication and Secrete Key Management" between client and AP [28]. In Theore we proved that our designed scheme is safeguarded regarding derivations of the s key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extrac parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed ses key between the client and AP.
Test Query: With the help of this query, / can verify whether the gener session key is a random or real one. are not known to them and also equals to find the solution for hyper elliptic curve discrete logarithm problem three times.

Unforgeability against A insd
Suppose their available insider attacker (A insd ) who is trying to generate S = ϕ +

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve a compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and se ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for t verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authentica with AP.
Then AP generates the secret key as = . and when it receives an encrypt message as = ( ) from the client, it performs the decryption process the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed throu the widely accepted ROR oracle model during the section, i.e., "4.3. Mutu Authentication and Secrete Key Management" between client and AP [28]. In Theorem we proved that our designed scheme is safeguarded regarding derivations of the sec key ( = . ƞ and = . ) from both type of attacker, i.e., can physically extract parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed sessi key between the client and AP.
Test Query: With the help of this query, / can verify whether the generat session key is a random or real one.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through the widely accepted ROR oracle model during the section, i.e., "4.3. Mutual Authentication and Secrete Key Management" between client and AP [28]. In Theorem 1, we proved that our designed scheme is safeguarded regarding derivations of the secret key ( = . ƞ and = . ) from both type of attacker, i.e., private key and ( , ƕ) as their public key.
tual Authentication and Secrete Key Management client can select randomly from the finite group of hyper elliptic curve and e = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send to AP. en AP receives the triple ( , , ) then it performs the following step for the tion of the signature received from the client and generation of the secret key. omputes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates . en AP generates the secret key as = . and when it receives an encrypted e as = ( ) from the client, it performs the decryption process on e secret key.
word Change Phase is phase is the same as the password change process in [1].

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic cu compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , a ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step verification of the signature received from the client and generation of the secret It computes . = Y + ƞ + r. if it is qualified, then the client mutually auth with AP.
Then AP generates the secret key as = . and when it receives an en message as = ( ) from the client, it performs the decryption pr the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed the widely accepted ROR oracle model during the section, i.e., "4.3. Authentication and Secrete Key Management" between client and AP [28]. In Th we proved that our designed scheme is safeguarded regarding derivations of th key ( = . ƞ and = . ) from both type of attacker, i.e., can physically ex parameters stored in the device that belongs to the client or AP.
Reveal Query: With the help of this query, / has access to a disclosed are not known to him and also equals to find the solution for hyper elliptic curve discrete logarithm problem three times.

Anonymity
In the proposed scheme, the client send (Q, r, S) to AP through an open network, where S = ϕ + nge Phase s the same as the password change process in [1].
When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].
, Client PID ). In this triple (Q, r, S), the client does not use any of its own or AP real identity, so we can say that our proposed scheme intelligently provides anonymity property.

Mutual Authentication
In the proposed scheme, the client can generate a signature S = ϕ + as their private key and ( , ƕ) as their public key.

Mutual Authentication and Secrete Key Management
A client can select randomly from the finite group of hyper elliptic curve and compute = . , = . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send ( , , ) to AP. When AP receives the triple ( , , ) then it performs the following step for the verification of the signature received from the client and generation of the secret key.
It computes . = Y + ƞ + r. if it is qualified, then the client mutually authenticates with AP.
Then AP generates the secret key as = . and when it receives an encrypted message as = ( ) from the client, it performs the decryption process on the same secret key.

Password Change Phase
This phase is the same as the password change process in [1].

Formal Security Analysis
In this section, the formal analysis for our proposed scheme is performed through + r.χ, and send (Q, r, S) to AP. When AP receives the triple (Q, r, S) it then performs the following step for the verification of the signature received from AP and generation of the secret key. It computes S.D = Y + η + r.Q if it is qualified, then the client mutually authenticates with AP.

Modification Attack
In the proposed scheme, A out and A insd cannot modify the ciphertext because it is protected through a secret key K = χ.η, so they can extract the original value of the secret key by utilizing K = χ.η and K = Q.ϕ; here, A insd and A out failed because, in these two equations, χ and ϕ are not known to them and also equals to find the solution for hyper elliptic curve discrete logarithm problem.

Session Key Establishment
In the proposed scheme, A client can select χ randomly from the finite group of hyper elliptic curve and compute = χ.D, K = χ.η, r = H a 3 ( Q.S, T limit , and Secrete Key Management randomly from the finite group of hyper elliptic curve and . ƞ, = 3 ( . , , ƕ, ), = + Ʈ + . , and send the triple ( , , ) then it performs the following step for the re received from the client and generation of the secret key. + ƞ + r. if it is qualified, then the client mutually authenticates + r.χ, and send (Q, r, S) to the client. When the client receives the triple (Q, r, S)

Conclusions
WBANs have recently received much attention as a result of recent technical developments in the fields of electronics, sensors, and wireless communication technologies, which allow patients to obtain preventative or proactive healthcare treatments from anywhere and at any time. Biomedical equipment, on the other hand, communicate regularly through an open wireless channel, making them vulnerable to a variety of cyber-attacks. In order to solve the security and privacy issues of WBAN, this article proposes an improved and efficient certificateless authentication scheme with a conditional privacy-preserving strategy. Hyperelliptic Curve Cryptography (HECC), a more sophisticated form of Elliptic Curve Cryptography, is used to build the proposed scheme (ECC). HECC offers the same degree of security while using a smaller key size, making it a more efficient solution than its alternatives. The proposed scheme, according to the comparative study, not only fulfills WBAN security and privacy criteria but also improves efficiency in terms of computation and communication costs.
In the future, we will propose a new heterogeneous authentication scheme in which the Key Generation Center can send the private key and partial private key through an open channel to the users without disclosing them to attackers.

Conclusions
WBANs have recently received much attention as a result of recent technical developments in the fields of electronics, sensors, and wireless communication technologies, which allow patients to obtain preventative or proactive healthcare treatments from anywhere and at any time. Biomedical equipment, on the other hand, communicate regularly through an open wireless channel, making them vulnerable to a variety of cyber-attacks. In order to solve the security and privacy issues of WBAN, this article proposes an improved and efficient certificateless authentication scheme with a conditional privacy-preserving strategy. Hyperelliptic Curve Cryptography (HECC), a more sophisticated form of Elliptic Curve Cryptography, is used to build the proposed scheme (ECC). HECC offers the same degree of security while using a smaller key size, making it a more efficient solution than its alternatives. The proposed scheme, according to the comparative study, not only fulfills WBAN security and privacy criteria but also improves efficiency in terms of computation and communication costs.
In the future, we will propose a new heterogeneous authentication scheme in which the Key Generation Center can send the private key and partial private key through an open channel to the users without disclosing them to attackers.