Lightweight Privacy-Preserving Remote User Authentication and Key Agreement Protocol for Next-Generation IoT-Based Smart Healthcare
Abstract
:1. Introduction
1.1. Motivation and Contribution
- An efficient, cost-effective, and simple IoT-based secure platform is proposed in this research.
- The security model adopts a strong and simple symmetric session key exchange algorithm.
- The effectiveness of the plan against several types of known attacks is demonstrated.
- The proposed system model only allows the registered and verified users to be granted entry into the healthcare network.
- A detailed comparison analysis of the proposed model is conducted with the existing models to compute the cost of the proposed model with respect to communication and computation costs.
1.2. Organization of the Paper
2. Related Works
3. System Model and Security Goals
3.1. IoT-Based System Model
3.1.1. Remote User (Physician)
3.1.2. Gateway/Server
3.1.3. IoT-Based Sensor Nodes
3.1.4. Wireless Access Point
3.1.5. Patient
3.2. Adversary Model
3.3. Security Goals
3.3.1. Key Exchange and Mutual Authentication
3.3.2. Anonymity of Identity
3.3.3. Data Privacy
3.3.4. Freshness and Message Integrity
3.3.5. Lightweightness
4. Proposed Scheme
4.1. User Registration Phase
4.2. Node Registration Phase
4.3. Session Key Exchange Phase
Algorithm 1 Proposed Key Exchange Algorithm |
Require: M is a variable that stores the value of size 128 bits. The server registered the clients and saved the identity and password of the clients HIDC and HPSWC |
1: Client Sends HIDC to Server: HIDC → Server |
2: if HIDC = HIDC then |
3: Server generates N1, N2 and sends to client secretly |
4: Client generates a larger random number as |
5: if NC = 0 then |
6: Go to Step 4 |
7: end if |
8: Set |
9: Set |
10: Client sends |
11: Set |
12: Set |
13: Server generates a larger random number as |
14: if then |
15: Go to Step 13 |
16: end if |
17: Set |
18: Set |
19: Server sends |
20: [Client performs the same process from 11 to 12] |
21: /* Client and server compute the same key as */ |
22: Set |
23: if then |
24: Go to Step 4 |
25: end if |
26: else |
27: |
28: end if |
4.4. Mutual Authentication Phase
5. Security Analysis
5.1. Informal Security Analysis
5.2. Formal Security Analysis
5.2.1. BAN Logic
- Initial Assumptions;
- -
- Doctor D trusts the server S.
- -
- Doctor D chooses a unique identity and a strong password .
- -
- The hash function is used for generating and for secure communication.
- -
- The server S securely stores the secret credentials of users, including email addresses and mobile numbers.
- -
- The server S verifies the identity of the user based on the stored data in its database.
The database is secure and safe. - Idealized Protocol Model;
- Protocol Description;
- Formal Agreement Analysis.
- BAN Logic Formal Analysis for User Registration Phase:
- -
- Doctor D selects a unique identity and a strong password .
- -
- Doctor D computes hash-based identity = hash() and hash-based password = hash(∥).
- Server S receives for Verification:
- -
- Doctor D sends to server S for verification.
- -
- Server S checks the received against its stored database to verify the identity.
- -
- If the identity is correct, server S proceeds; otherwise, it terminates the connection.
- Equations and BAN Logic Analysis:
- Initial Assumptions (Idealization);
- -
- D believes {S, } is secure: D∣S, .
- -
- D chooses a unique identity and strong password: D∣{, }.
- -
- D believes the hash function is secure: D∣hash().
- -
- S securely stores user credentials: S∣{Secrets}.
- -
- S verifies identities based on stored data: S ∣ {Verified}.
- Idealized Protocol Model (Idealization);
- -
- Doctor D sends to server S for verification: D → S: {}.
- -
- Server S verifies in its database and verifies the identity: S → D: {Verified}.
- Protocol Description (Formalization);
- -
- Doctor D believes that the server S has received : D∣S: {}.
- -
- Doctor D believes that the server S has verified the identity: D∣S: {Verified}.
- Formal Agreement Analysis (Inference Rules).
- -
- Doctor D believes that server S has verified the identity based on the received : D∣S: {, Verified}.
- -
- Server S securely stores user credentials: S∣{Secrets}.
- -
- Server S verifies identities based on stored data: S∣{Verified}.
- -
- Doctor D has securely registered with server S: D∣S: {Registered}.
- BAN Logic Analysis
5.2.2. AVISPA
6. Performance and Comparative Analysis
6.1. Computation Costs
6.2. Transmission Costs
7. Conclusions and Future Directions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Ghildiyal, Y.; Singh, R.; Alkhayyat, A.; Gehlot, A.; Malik, P.; Sharma, R.; Akram, S.V.; Alkwai, L.M. An imperative role of 6G communication with perspective of industry 4.0: Challenges and research directions. Sustain. Energy Technol. Assess. 2023, 56, 103047. [Google Scholar] [CrossRef]
- Jayabalan, J.; Jeyanthi, N. Scalable blockchain model using off-chain IPFS storage for healthcare data security and privacy. J. Parallel Distrib. Comput. 2022, 164, 152–167. [Google Scholar] [CrossRef]
- Tawalbeh, L.; Muheidat, F.; Tawalbeh, M.; Quwaider, M. IoT Privacy and security: Challenges and solutions. Appl. Sci. 2020, 10, 4102. [Google Scholar] [CrossRef]
- Mohindru, V.; Vashishth, S.; Bathija, D. Internet of Things (IoT) for Healthcare Systems: A Comprehensive Survey. In Recent Innovations in Computing: Proceedings of ICRIC 2021, Volume 1; Springer: Singapore, 2022; pp. 213–229. [Google Scholar]
- Osama, M.; Ateya, A.A.; Sayed, M.S.; Hammad, M.; Pławiak, P.; Abd El-Latif, A.A.; Elsayed, R.A. Internet of Medical Things and Healthcare 4.0: Trends, Requirements, Challenges, and Research Directions. Sensors 2023, 23, 7435. [Google Scholar] [CrossRef]
- Dwivedi, R.; Mehrotra, D.; Chandra, S. Potential of Internet of Medical Things (IoMT) applications in building a smart healthcare system: A systematic review. J. Oral Biol. Craniofac. Res. 2022, 12, 302–318. [Google Scholar] [CrossRef] [PubMed]
- El-Shafai, W.; Khallaf, F.; El-Rabaie, E.S.M.; Abd El-Samie, F.E. Proposed neural SAE-based medical image cryptography framework using deep extracted features for smart IoT healthcare applications. Neural Comput. Appl. 2022, 34, 10629–10653. [Google Scholar] [CrossRef]
- Sharma, A.; Kumar, R. A constrained framework for context-aware remote E-healthcare (CARE) services. Trans. Emerg. Telecommun. Technol. 2022, 33, e3649. [Google Scholar] [CrossRef]
- Davwar, P.P. Effective Health Care Plan for National Health Insurance Scheme Patients with Non-Communicable Diseases in Plateau North Senatorial District. Am. J. Appl. Stat. Econ. 2023, 2, 1–6. [Google Scholar] [CrossRef]
- Nosouhi, M.R.; Sood, K.; Grobler, M.; Doss, R. Towards spoofing resistant next generation IoT networks. IEEE Trans. Inf. Forensics Secur. 2022, 17, 1669–1683. [Google Scholar] [CrossRef]
- Rawat, R.; Garg, B.; Mahor, V.; Telang, S.; Pachlasiya, K.; Chouhan, M. Organ trafficking on the dark web—the data security and privacy concern in healthcare systems. In Internet of Healthcare Things: Machine Learning for Security and Privacy; Wiley: Hoboken, NJ, USA, 2022; pp. 189–216. [Google Scholar]
- Rehman, A.; Abbas, S.; Khan, M.; Ghazal, T.M.; Adnan, K.M.; Mosavi, A. A secure healthcare 5.0 system based on blockchain technology entangled with federated learning technique. Comput. Biol. Med. 2022, 150, 106019. [Google Scholar] [CrossRef]
- Zhang, L.; Zhu, Y.; Ren, W.; Zhang, Y.; Choo, K.K.R. Privacy-preserving fast authentication and key agreement for e-health systems in iot, based on three-factor authentication. IEEE Trans. Serv. Comput. 2022, 16, 1324–1333. [Google Scholar] [CrossRef]
- Majid, M.; Habib, S.; Javed, A.R.; Rizwan, M.; Srivastava, G.; Gadekallu, T.R.; Lin, J.C.W. Applications of wireless sensor networks and internet of things frameworks in the industry revolution 4.0: A systematic literature review. Sensors 2022, 22, 2087. [Google Scholar] [CrossRef]
- Daoui, A.; Yamni, M.; Karmouni, H.; Sayyouri, M.; Qjidaa, H.; Motahhir, S.; Jamil, O.; El-Shafai, W.; Algarni, A.D.; Soliman, N.F.; et al. Efficient Biomedical Signal Security Algorithm for Smart Internet of Medical Things (IoMTs) Applications. Electronics 2022, 11, 3867. [Google Scholar] [CrossRef]
- Singla, R.; Kaur, N.; Koundal, D.; Bharadwaj, A. Challenges and developments in secure routing protocols for healthcare in WBAN: A comparative analysis. Wirel. Pers. Commun. 2022, 122, 1767–1806. [Google Scholar] [CrossRef] [PubMed]
- Arif, M.S.; Mukheimer, A.; Asif, D. Enhancing the Early Detection of Chronic Kidney Disease: A Robust Machine Learning Model. Big Data Cogn. Comput. 2023, 7, 144. [Google Scholar] [CrossRef]
- Ahmad, N.; Shahzad, B.; Arif, M.; Izdrui, D.; Ungurean, I.; Geman, O. An energy-efficient framework for WBAN in health care domain. J. Sensors 2022, 2022, 5823461. [Google Scholar] [CrossRef]
- Cornet, B.; Fang, H.; Ngo, H.; Boyer, E.W.; Wang, H. An overview of wireless body area networks for mobile health applications. IEEE Netw. 2022, 36, 76–82. [Google Scholar] [CrossRef]
- Zhong, L.; He, S.; Lin, J.; Wu, J.; Li, X.; Pang, Y.; Li, Z. Technological Requirements and Challenges in Wireless Body Area Networks for Health Monitoring: A Comprehensive Survey. Sensors 2022, 22, 3539. [Google Scholar] [CrossRef]
- Jegadeesan, S.; Azees, M.; Babu, N.R.; Subramaniam, U.; Almakhles, J.D. EPAW: Efficient privacy preserving anonymous mutual authentication scheme for wireless body area networks (WBANs). IEEE Access 2020, 8, 48576–48586. [Google Scholar] [CrossRef]
- Peng, K.; Li, M.; Huang, H.; Wang, C.; Wan, S.; Choo, K.K.R. Security challenges and opportunities for smart contracts in Internet of Things: A survey. IEEE Internet Things J. 2021, 8, 12004–12020. [Google Scholar] [CrossRef]
- Abdulmalek, S.; Nasir, A.; Jabbar, W.A.; Almuhaya, M.A.; Bairagi, A.K.; Khan, M.A.M.; Kee, S.H. IoT-Based Healthcare-Monitoring System towards Improving Quality of Life: A Review. Healthcare 2022, 10, 1993. [Google Scholar] [CrossRef]
- Wang, G.; Badal, A.; Jia, X.; Maltz, J.S.; Mueller, K.; Myers, K.J.; Niu, C.; Vannier, M.; Yan, P.; Yu, Z.; et al. Development of metaverse for intelligent healthcare. Nat. Mach. Intell. 2022, 4, 922–929. [Google Scholar] [CrossRef]
- Cheikhrouhou, O.; Mershad, K.; Jamil, F.; Mahmud, R.; Koubaa, A.; Moosavi, S.R. A lightweight blockchain and fog-enabled secure remote patient monitoring system. Internet Things 2023, 22, 100691. [Google Scholar] [CrossRef]
- Radhakrishnan, N.; Muniyandi, A.P. Dependable and provable secure two-factor mutual authentication scheme using ecc for iot-based telecare medical information system. J. Healthc. Eng. 2022, 2022, 9273662. [Google Scholar] [CrossRef] [PubMed]
- Kumar, A.; Saha, R.; Conti, M.; Kumar, G.; Buchanan, W.J.; Kim, T.H. A comprehensive survey of authentication methods in Internet-of-Things and its conjunctions. J. Netw. Comput. Appl. 2022, 204, 103414. [Google Scholar] [CrossRef]
- Challa, S.; Wazid, M.; Das, A.K.; Kumar, N.; Reddy, A.G.; Yoon, E.J.; Yoo, K.Y. Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access 2017, 5, 3028–3043. [Google Scholar] [CrossRef]
- Ashraf, Z.; Sohail, A.; Yousaf, M. Robust and lightweight symmetric key exchange algorithm for next-generation IoE. Internet Things 2023, 22, 100703. [Google Scholar] [CrossRef]
- Ashraf, Z.; Sohail, A.; Yousaf, M. Lightweight and authentic symmetric session key cryptosystem for client–server mobile communication. J. Supercomput. 2023, 79, 16181–16205. [Google Scholar] [CrossRef]
- Jia, X.; He, D.; Li, L.; Choo, K.K.R. Signature-based three-factor authenticated key exchange for internet of things applications. Multimed. Tools Appl. 2018, 77, 18355–18382. [Google Scholar] [CrossRef]
- Zhou, L.; Li, X.; Yeh, K.H.; Su, C.; Chiu, W. Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Gener. Comput. Syst. 2019, 91, 244–251. [Google Scholar] [CrossRef]
- Masud, M.; Gaba, G.S.; Alqahtani, S.; Muhammad, G.; Gupta, B.B.; Kumar, P.; Ghoneim, A. A lightweight and robust secure key establishment protocol for internet of medical things in COVID-19 patients care. IEEE Internet Things J. 2020, 8, 15694–15703. [Google Scholar] [CrossRef] [PubMed]
- Farash, M.S.; Turkanović, M.; Kumari, S.; Hölbl, M. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Netw. 2016, 36, 152–176. [Google Scholar] [CrossRef]
- Amin, R.; Islam, S.H.; Biswas, G.; Khan, M.K.; Leng, L.; Kumar, N. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 2016, 101, 42–62. [Google Scholar] [CrossRef]
- Sharma, G.; Kalra, S. A lightweight user authentication scheme for cloud-IoT based healthcare services. Iran. J. Sci. Technol. Trans. Electr. Eng. 2019, 43, 619–636. [Google Scholar] [CrossRef]
- Subramani, J.; Maria, A.; Rajasekaran, A.S.; Al-Turjman, F. Lightweight privacy and confidentiality preserving anonymous authentication scheme for WBANs. IEEE Trans. Ind. Inform. 2021, 18, 3484–3491. [Google Scholar] [CrossRef]
- Wazid, M.; Das, A.K.; Shetty, S.; JPC Rodrigues, J.; Park, Y. LDAKM-EIoT: Lightweight device authentication and key management mechanism for edge-based IoT deployment. Sensors 2019, 19, 5539. [Google Scholar] [CrossRef]
- Masud, M.; Gaba, G.S.; Choudhary, K.; Hossain, M.S.; Alhamid, M.F.; Muhammad, G. Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare. IEEE Internet Things J. 2021, 9, 2649–2656. [Google Scholar] [CrossRef]
- Rana, M.; Shafiq, A.; Altaf, I.; Alazab, M.; Mahmood, K.; Chaudhry, S.A.; Zikria, Y.B. A secure and lightweight authentication scheme for next generation IoT infrastructure. Comput. Commun. 2021, 165, 85–96. [Google Scholar] [CrossRef]
- Kaul, S.D.; Awasthi, A.K. Security enhancement of an improved remote user authentication scheme with key agreement. Wirel. Pers. Commun. 2016, 89, 621–637. [Google Scholar] [CrossRef]
- Son, S.; Park, Y.; Park, Y. A secure, lightweight, and anonymous user authentication protocol for IoT environments. Sustainability 2021, 13, 9241. [Google Scholar] [CrossRef]
- Rajaram, S.; Maitra, T.; Vollala, S.; Ramasubramanian, N.; Amin, R. eUASBP: Enhanced user authentication scheme based on bilinear pairing. J. Ambient Intell. Humaniz. Comput. 2020, 11, 2827–2840. [Google Scholar] [CrossRef]
- Kumar Chaudhary, R.R.; Chatterjee, K. A Lightweight PUF based Multi-factor Authentication Technique for Intelligent Smart Healthcare System. Peer Peer Netw. Appl. 2023, 16, 1975–1992. [Google Scholar] [CrossRef]
- Chen, C.M.; Liu, S.; Chaudhry, S.A.; Chen, Y.; Khan, M.A. A Lightweight and Robust User Authentication Protocol with User Anonymity for IoT-Based Healthcare. CMES-Comput. Model. Eng. Sci. 2022, 131. [Google Scholar] [CrossRef]
- Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
- Kelly, S.; Frankel, S. Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec; RFC 4868. 2007. Available online: https://www.rfc-editor.org/info/rfc4868 (accessed on 17 September 2023).
- AVISPA Code and Simulation Results. GitHub. 2023. Available online: https://www.github.com/zashraf-sudo/researchpaper-6-code (accessed on 15 October 2023).
- Shuai, M.; Yu, N.; Wang, H.; Xiong, L. Anonymous authentication scheme for smart home environment with provable security. Comput. Secur. 2019, 86, 132–146. [Google Scholar] [CrossRef]
Components | [38] | [39] | [40] | [42] | [44] | [45] |
---|---|---|---|---|---|---|
Computation Cost (ms) | 0.1236 | 0.0853 | 0.1101 | 0.0656 | 0.0749 | 0.0762 |
Communication Cost (bits) | 2976 | 2048 | 3296 | 1600 | 4822 | 1792 |
Number of Messages Exchanged | 4 | 4 | 2 | 3 | 6 | 4 |
Notation | Description |
---|---|
Doctor as a user | |
Sensor node | |
Identity of the sensor node | |
S | Server |
Identity of the doctor | |
Password of the doctor | |
Hash-based identity of the doctor | |
Hash-based password of the doctor | |
, | Randomly generated two secret natural larger numbers |
, | Numbers generated by the doctor and server |
, | Results sent by doctor and the server |
Symmetric session key | |
⨁ | Bitwise XOR |
‖ | Concatenation |
Hash (.) | Hash function |
Hash value sent by the doctor | |
Hash value sent by the server |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ashraf, Z.; Mahmood, Z.; Iqbal, M. Lightweight Privacy-Preserving Remote User Authentication and Key Agreement Protocol for Next-Generation IoT-Based Smart Healthcare. Future Internet 2023, 15, 386. https://doi.org/10.3390/fi15120386
Ashraf Z, Mahmood Z, Iqbal M. Lightweight Privacy-Preserving Remote User Authentication and Key Agreement Protocol for Next-Generation IoT-Based Smart Healthcare. Future Internet. 2023; 15(12):386. https://doi.org/10.3390/fi15120386
Chicago/Turabian StyleAshraf, Zeeshan, Zahid Mahmood, and Muddesar Iqbal. 2023. "Lightweight Privacy-Preserving Remote User Authentication and Key Agreement Protocol for Next-Generation IoT-Based Smart Healthcare" Future Internet 15, no. 12: 386. https://doi.org/10.3390/fi15120386