(PDF) An Improved User Anonymous Secure

International Journal of Computing and Digital Systems ISSN (2210-142X) Int. J. Com. Dig. Sys. 11, No.1 (Jan-2022) https://dx.doi.org/10.12785/ijcds/110121 An Improved User Anonymous Secure Authentication Protocol for Healthcare System Using Wireless Medical Sensor Network M. F. Mridha1 , Md. Al Imran2 , Md. Anwar Hussen Wadud1 and Md. Abdul Hamid3 1 Dept. of CSE, Bangladesh University of Business and Technology, Dhaka, Bangladesh 2 Dept. of CSE, Bangladesh University of Professionals, Dhaka, Bangladesh 3 Faculty of Computing and Information Technology, King Abdul Aziz University, Kingdom of Saudi Arabia Received 17 Mar. 2020, Revised 3 Jul. 2021, Accepted 8 Jul. 2021, Published 9 Jan. 2022 Abstract: Wireless Medical Sensor Network (WMSN) consists of biosensors connected with each other implanted within the human body. It transmits data to remote medical centers. Medical professionals can access the sensors of the human body to inquire about his health condition remotely. Transmitting patient data over insecure wireless channels is a major challenge because health data are very sensitive and must not be disclosed to unauthorized users, so ensuring secure authentication and preserving anonymity is very important. To address this issue, many researchers have provided many protocols for WMSNs. An anonymous patient monitoring system using WMSN presented by Amin et al. and demanded that their system preserves mutual authentication, user anonymity and security against stolen smart device attacks. By studying thorough and in-depth analyses, we found that this system is attackable to privileged insider attacks and stolen smart device attacks. In addition, it does not protect user anonymity. Additionally, it fails to protect denial of service attack. Furthermore, it has an error in the password modification stage. To overcome the above limitations of the existing systems we have proposed an advanced and mask identity-based secure mutual authentication protocol using WMSN. An informal security analysis is performed, which shows that our protocol is secure against different types of attacks. Furthermore, in our proposed protocol we have used the BAN logic model to prove the correctness of the mutual authentication feature. In addition, it offers ease login, secure authentication and strong password change phases. Keywords: IoT, Wireless medical sensor network, Healthcare system, BAN logic, Secure authentication. 1. Introduction different information, such as ECG information, information Many small and embedded devices, low-power circuits, on blood pressure, heart rate, body temperature, etc. and sensors, and IoT applications have been created based send this information to medical professionals through gate- on the massive development of the Internet and wireless ways. Then, medical professionals can monitor the patient’s networks. These applications cover the areas of military body condition using the information [8]. As information applications, healthcare applications, vehicular applications, are transmitted through a wireless medium, a large security smart homes, office applications, etc. [1]. Normally, the concern exists. User anonymity, mutual authentication and IoT environment has different components, such as sensors, confidentiality of patient health data are very important. The actuators, and smart devices, to collect the information potential disclosure of healthcare information is discussed transmitted by sensors and network infrastructure. This and described in [3]. Due to the sensitiveness of these data, creates an integrated environment to provide easy access it is very inevitable to protect the communication channel and better facility to human life [1]. Recently, applica- and data [3], [4], [9]. Secure authentication protocols are tions of wireless medical sensor networks have become being developed, and researchers have studied the security a point of fascination to academics and industry experts weaknesses of those protocols [5], [6], [7]. Preserving [2], E-healthcare monitoring systems using MobiHealth [3], the confidentiality of the data encryption is an effective CodeBlue [4], UbiMon [5], LiveNet [6], and SPINE [7] technology [10], [11], [12]. have been the focus of many researches works. Health- care organizations are utilizing different technology such A. Architecture of the healthcare System using Wireless as wireless communication, IoT etc. to provide medical Medical Sensor Network services to patients. Medical professionals can monitor Wireless networks consist of low-power multifunctional patients’ health conditions sitting anywhere in the world sensor nodes. A sensor node is capable of sensing in- any time. Sensors implanted into the human body collect formation, gathering information and communicating with E-mail address:

[email protected]

http://journals.uob.edu.bh 252 M. F. Mridha, et al.: An Improved User .... System Using Wireless Medical Sensor Network base stations and other connected nodes. Base stations are sions where the process of mutual authentication has failed a prominent component of WSNs and act as gateways in its approach. A temporal credential-based authentication between sensor nodes and end users [13]. Presently, WSNs approach [26] was introduced by Xue et. al. in 2013. In the are broadly applied in different types of applications, for same year, cryptanalysis was performed in [27] on the Xue example, forest fire detection, air pollution monitoring, et. al. approach by Lie et. al. They demanded that the Xue enemy intrusion monitoring, and healthcare monitoring. et. al. approach is not protected against guessing offline In this paper, we have provided a model for monitoring password, stolen verifiers, privileged insiders, and stolen patient health using wireless sensor network in Figure 1. smart card attacks. We have found that ECC systems [28] The newly introduced model was composed of three par- [29], RSA cryptosystem [30], bilinierpairing [31], chaoric ticipants: medical professionals, such as doctors, patients, map [32] and hash function [17], [18], [33], [34], [35], nurses, gateways and sensors. Sensors with less power [36], [37], [38] have been used to develop key agreement and resources are placed into the human body, collect and user authentication protocols. A user authentication physical information from the patient body and send this scheme for WMSN is presented in [14]. This scheme is information to gateway via router. The gateway has much not secure against privileged insider attacks and offline more computation power, the core part of communication. password guessing attacks [1]. They proposed an improved It also acts as a secure registration and authentication scheme to overcome the weakness of [14] in 2015. Later, medium between medical professionals and sensors. Before a cryptanalysis was performed in [7] against this protocol exchanging any information between the user and sensor, and found several incorrectness and flaws in their design. they need to register themselves with the help of a gateway. Then, they [7] proposed a new scheme to remove the After authentication by the gateway, medical professionals weakness of the [1] protocol. In 2016, R. Amin et. al. [39] can obtain health information from the sensor to monitor found that their proposed security model is prone to internal patient health conditions. Direct communication [1], [14], attacks and sensor node capture attacks without revealing [15], [16] between sensors and medical professionals’ costs the username. A secure smart card-based anonymous user higher energy and decreases the lifetime of sensor nodes. authentication protocol has been proposed by removing Some protocols have been described in [1], [14], [15], where the drawback of the [7] protocol. In this paper, we have sensor nodes send patient information directly to medical analyzed the paper and found that this protocol does not professionals. So, it incurs higher communication cost. For withstand privileged insider attacks, stolen mobile device this reason, sensor node lifetime decreases gradually and attacks, denial of service attacks and fails to preserve user becomes dead. We have addressed this issue in our proposed anonymity. Moreover, we have shown that there exists a model and modified it in Figure 1, where the exchange of flaw in the password change phase. To secure against the information occurs via the gateway node. above security flaws, we have proposed an improved proto- col that retains the original merits of [40]. Our scheme uses a one-way hash function and lightweight XOR operation. C. Motivation and contribution Our proposed architecture in Figure 1 provides a frame- work to monitor patient health data remotely. As patient data are very sensitive, security and privacy issues are a major concern here. Researchers have paid their attention in this field. They have also focused on different attacks, such as user anonymity, mutual authentication, and stolen device Figure 1. The proposed healthcare monitoring system architecture attacks. Several security protocols have been proposed using WMSN. Sensor inside human body, gateway and medical in recent year to address these limitations, but we have professional, communicate through an access point called router. observed in the related works section that those protocols still have weaknesses against known security attacks. For B. Related works that reason, we are inspired to develop advanced user We have studied the existing research works related anonymous protocols in WMSN that is more efficient, and to WMSNs focusing on security issues. The contributions the main achievement of this article are given below: and limitations of those protocols have been studied in detail. We know that the main property of security is the 1) We have proven that Amin et al.’s system has secu- authenticity of the remote user and integrity of transmitted rity flaws, such as stolen smart device attacks, privi- data [17], [18], [19], [20], [21], [22]. In 2009, Das proposed leged insider attacks, and denial of service attacks. It [23] a two-factor authentication process based on smart card cannot preserve user anonymity. It also has weakness devices. He claimed his protocol achieves protection against in the password change stage. different security threats. However, the node camouflage 2) We have proposed a masked identity with hash invasions, user camouflage invasions, and guessing offline function-based mutual authentication protocol to passwords have been found and described in [24]. In [25], overcome this weakness. the approach is risky in attacks of internal and parallel ses- 3) We have analyzed and found that the proposed http://journals.uob.edu.bh Int. J. Com. Dig. Sys. 11, No.1, 251-263 (Jan-2022) 253 protocol reduces the energy consumption of sensor 1) Privileged insider attack: One type of attack in which nodes. a user operates the activities of Gateway and has 4) To prove the correctness of the mutual authentication access to IoT devices. He can capture the information feature, we have used the BAN model. that an IoT device transmits to the gateway. In this 5) An informal defense analysis has been performed to way, he can compromise the operation and can do show that it protects against various security attacks. any modification to benefit from this environment. 2) Smart device/stolen mobile attack: The smart device D. Construction of the paper is portable and can be lost or stolen. As these devices The rest of the paper is categorized as follows: section 2 are tamper-resistant, if an intruder finds devices, the provides security problems in the IoT for better understand- attackers can extract information from the stolen ing of the paper, security protocol [40] has been reviewed data using Power Analysis Attacks [44], [45]. From in section 3, and section 4 depicts the cryptanalysis of the this information, intruders can extract more sensitive protocol in [40]. The proposed protocol is explained in sec- information that is communicated among different tion 5. Section 6 gives an informal security analysis of the parties. proposed protocol. The correctness of mutual authentication 3) Denial of service attack: Denial of service attack is proven in section 7, and section 8 concludes the paper. occur where the operation of IoT devices is not available because of heavily consumed resources by 2. SECURITY IN IOT ENVIRONMENT intruders. People will not obtain services from this The Internet of Things brings human life into a com- environment. As people are dependent on internet fortable zone. It provides easy access to internet-using services, if it is unavailable, then human life will be devices, smart phones, etc. Devices are connected through hampered. It may cause different human life threat Wi-Fi, Bluetooth, radio frequency identification (RFID), problems. Therefore, security against this type of etc. [41]. With the increase in different communication attack is very important. devices, security is a foremost concern because sensitive in- 4) Password change attack: Password is an authentica- formation is transferred using this network. Security threats tion parameter to prove a user’s claim that he is a and vulnerabilities are also increasing due to the increased real user of the system. This password is needed to number of embedded devices. This can compromise the change after a certain period of time to make the privacy of the user. In addition, IoT environments have system secure. If the password changing mechanism microprocessors, devices, sensors [42], and the devices are is not secure, then any adversary can change the resource constraints. As a result, performance may vary due password using a number of attempts and gain entry to the characteristics of IoT apparatus. The protocol should to the network. Once an opponent obtains entree to be developed by considering resource-constrained apparatus the system, he can modify any information that will in the IoT environment [43]. reflect adverse effects on the system. One of the pressing concerns in IoT networks is to B. Security requirement ensure the authenticity of the user and devices and key man- The security requirement is paramount when we develop agement among them. The IoT security requirement must any authentication protocol. Otherwise, the protocol will provide the reliability of protection to the user [43]. Now, it not be treated as secure. The essential requirements are becomes a challenge to deploy security in this environment. discussed below. Cryptography plays an important role in ensuring security. User credentials are protected using the cryptographic tech- 1) Mutual authentication: Mutual authentication refers nique. Identity management, key management, and user cre- to the authentication where both entities are authen- dential management are often maintained automatically, but ticated by each other. It is very important for any it is still very challenging to deploy in the IoT environment security protocol because the sender or receiver both [42]. needs confirmation that the message comes from a genuine source. Spoofing attacks can be protected A. Threat model using this parameter [42]. IoT devices are now used to operate many applications 2) Confidentiality: Confidentiality means preventing to provide better services. It is also used in many critical unauthorized disclosure of information to unintended infrastructures, such as smart grids and healthcare organi- users. It is one of the basic security requirements for zations. In addition, IoT devices are generally portable in the IoT protocol because the IoT is used to support nature. Many security threats can hamper the activities of many applications, such as healthcare systems and IoT environments. Therefore, we should be aware that it smart grid systems. Therefore, if confidentiality is is not compromised by the adversary; otherwise, the loss compromised, then much sensitive information will encountered will be paramount. As devices use the internet be lost. That is why we have to transmit the data to communicate with each other, they face the same security securely. To achieve confidentiality, we can apply threats, which are as follows: encryption with the aim of only genuine receivers to extract the information. http://journals.uob.edu.bh 254 M. F. Mridha, et al.: An Improved User .... System Using Wireless Medical Sensor Network 3) Availability: This term ensures that the services ⊕P Wi ). then, user sends to gateway will remain available even if any disaster. People G W through TLS protocol. will receive services whenever they want. This re- quirement is very important because many sensitive Step 2: G W calculates U Regi = hf(U IDi || RNi || applications are running using the IoT environment. HP Wi ), AAi = RNi ⊕HP Wi , ABi = H(U IDi || RNi || 4) User anonymity: Anonymity means concealing the S K ), ACi =ABi ⊕h f (U IDi ⊕RNi ⊕HP Wi ), Di = RNi identity of users, such as doctors and patients. The ⊕h f (TU IDi || S K ), where RNi and T U IDi are random importance of user privacy has been addressed in numbers and temporary identities of U i. G W picks recent research papers. The user’s identity is one of different T U IDi for each session to avoid traceability the most important personal information of the user attacks. because leaking this information can lead to the theft of that user’s identity. Step 3: G W uses a table to store < T U IDi , Di > for future her use and forwards < T U IDi , U Regi , AAi , 3. REVIEW OF AMIN ET AL.’ S SCHEME ACi , hf(.) > to U i. Then U i stores < T U IDi , U Regi , AAi , ACi , hf(.) > to user device after getting from G W. In [40], a patient monitoring system for a wireless medical sensor network was proposed. Their authentication C. Patient registration phase and key negotiation scheme consist of five phases which This stage is corresponding to Wu et. al [15] proposed we have discussed through sub-sections. In Table I, we phase with a similar name. described all the symbolizations used in the procedure. D. Login and authentication phase TABLE I. SYMBOL USED IN PROCEDUE [40] At this stage, session key and mutual authentication discussions occur among the candidates engaged. The steps are described below: Step 1: U i enters U IDi and passwords P Wi into smart device. Then, it computes HP Wi∗ = hf(U IDi ⊕P Wi ), RNi =AAi ⊕HP W∗i , U Reg∗i = hf(U IDi ||RNi∗ || HP Wi∗ ). Then, it compares whether U Reg∗i ?= U Regi . The smart device rejects the login invitation when input password is not same, else, it goes to the subsequent stage. Step 2: It generates a arbitrary nonce RNi and computes AB∗i = ACi ⊕h f (U IDi ⊕RN∗i || HP Wi ∗ ), CIDi =U IDi ⊕h f (TU IDi || RNi∗ || T 1 ), U M1 = hf(U IDi || AB∗i ||RNi ||T 1 ), U M2 = hf(RNi || T 1 )⊕RNi . Then, sends < T U IDi , U IDS N j , CIDi , U M1 , U M2 , T 1 > to G W over a doubtful network. Step 3 : G W searches the table T U IDi to re- trieve U IDi and computes RNi∗ =U IDi ⊕h f (TU IDi || S K), U ID∗i = CIDi ⊕h f (TU IDi ||RNi∗ ||T 1 ), AB∗i = hf(U ID∗i ||RNi∗ ||S K), RNi∗ = U M2 ⊕ hf( RNi∗ ||T 1 ), U M1 = hf (U ID∗i || AB∗i || RNi∗ || T 1 ). Now, G W verifies whether A. Setup phase U M1∗ ?= U M1 . If U M1∗ ? = U M1 is true, then G W believes In this segment, a long-term top-secret key S K is that U i sent an authentic message, Otherwise stop the generated by the registration center for gateway G W and continuation. computes a secret key S Kgw−sn j = hf(U IDS N j ||S K) for S N j , where 1 ≤ j ≤ n, n denotes sensor node numbers. Step 4: Subsequently scrutinizing the authentic- It also practices a lightweight cryptographic hash function ity of U i, G W produces a arbitrary number RN2 which is prescribe as hf: {0, 1}∗ → {0, 1}l , where l represents and computes S Kgw−sn j = hf(U IDS N j || S K ), U M3 hf(.) output length. = hf(hf(U IDi || RNi∗ || RN2 )|| 1 )||S Kgw−sn j || RN2 ), U M4 = hf(U IDi ||RNi ||RN2 )⊕SKgw−sn j , U M5 = RN2 B. Medical Professional registration phase ⊕h f (SKgw−sn j ). Then, G W sends Here, medical professionals must be registered with to S N j through an insecure channel. G W to provide health-care services. The steps are shown below: Step 5: S N j computes RN2′ =U M5 ⊕h f (SKgw−sn j ), U M6′ =U M4 ⊕SKgw−sn j , U M3′ = hf(hf(U M6′ || 1 )|| S Kgw−sn j || Step 1: An individual user id U IDi and password RN2′ ) and verifies whether U M3′ ?=U M3 . If it is correct, P Wi select by U i, then apply HP Wi = hf(U IDi S N j generates a random nonce RN3 and computes S K http://journals.uob.edu.bh Int. J. Com. Dig. Sys. 11, No.1, 251-263 (Jan-2022) 255 = hf(U M6′ || RN2 || RN3 ), U M7 = hf(S K || RN3 || S Kgw−sn j ), A. Privileged person attack U M8 = hf(RN2 ) ⊕RN3 . Finally, S N j sends to G W through an insecure network. user U i sends to G W. Assume an insider who is a privileged user plays the role of an Step 6: After receiving , G W cal- attacker. Thus, he can know the information U IDi and culates RN3′ =U M8 ⊕h f (RN2 ), S K ′ = hf(U IDi ||RNi || HP Wi where HP Wi = hf(U IDi ⊕P Wi ). From this RN2 ) || RN2 || RN3′ ), U M7′ = hf(S K ′ || RN3′ || S Kgw−sn j ) and material, the invader can derive the password by executing verifies whether U M7′ ?=U M7 holds. If it is true, then G W the subsequent stages. generates a unique identity T U ID′i (, T U IDi ) and then calculates U M9 =RN2 ⊕h f (U IDi || RNi ), U M10 = Step 1: Guess P Wi∗ hf(U IDi || S K ′ || RN3′ ), and U M11 =T U ID′i ⊕h f (RN2 ⊕RN3 ). Then, G W forwards to U i over a doubtful network. HP Wi∗ matches HP Wi , then the assumed P Wi∗ is the correct password. Therefore, this protocol has failed to Step 7: After getting , protect against attacks against privileged internal users. U i calculates RN2∗ =U M9 ⊕h f (U IDi || RNi ), RN3∗ =U M8 ⊕h f (RN∗2 ), T U ID′i =U M11 ⊕h f (RN∗2 ⊕RN∗3 ), S K ∗ = B. Flaw in password change phase hf(hf(U IDi || RNi || RN2∗ ) || RN2∗ || RN3∗ ), U M10 ∗ = Suppose that the attacker knows the information U IDi hf(U IDi ||S K ∗ || RN3∗ ). Now checks whether U M10 ∗ ? and HP Wi and derives P Wi from this information. =U M10 ∗ holds. If it corrects, then U i assumes that is logical and G W receives a and extract all the information < T U IDi , U Regi , AAi , confirmation. The mobile device then substitutes its old ACi , hf(.) > using a power analysis attack [44], [45]. Using T U IDi with a new T U ID′i . Similarly, the gateway AAi , he can calculate RNi∗ = AAi ⊕HP Wi and U Reg∗i = computes the new value D′i =RNi ⊕h f (TU ID′ i ||S K ) hf(U IDi || RNi∗ || HP Wi ). If U Reg∗i ?=U Regi holds, and exchanges < T U IDi , Di > with the new < T U ID′i , then it send a request to user U i to enter a new password. D′i >. Therefore, an attacker can initiate a new password. He can choose his own password P Wi∗ and consequently controls E. Password change phase the mobile device with his own information. There is a detailed discussion at this stage on how to update passwords regularly. TABLE II. SYMBOL USED IN THE PROPOSED PROCEDUE Step 1: In the mobile device, U i inputs U IDi and P Wi . Then, it performs HP Wi∗ = hf(U IDi ⊕P Wi ), RNi∗ = AAi ⊕HP W∗i , U Reg∗i = hf(U IDi || RNi∗ || HP Wi∗ ) and checks whether U Reg∗i ? =U Regi is cor- rect or not. When the condition is incorrect, the password modification procedure will be canceled otherwise it will proceed to the subsequent step. Step 2: Then the device requested a new password for the U i after verifying the validity of the U i. Step 3: When U i enters PWinew (original key), then it calculates HPWinew = hf(U IDi ⊕PWnew i ), Regi new = ∗ new hf(U IDi ||RNi || HPWi ), Ai new =RNi ⊕HPWi , ABi = ∗ new hf(U IDi || RNi ||S K), Cinew = Anewi ⊕h f (U IDi ⊕RN∗i ⊕HPWi ). Finally, it drops and new stores < Regnew new new i , Ai , C i > into the mobile device. 4. Amin et al.’s Cryptanalysis protocol Here, we demonstrate the security error of [40]. They claimed that their protocol [40] preserves user obscurity, which is the most significant security property in medical systems. Although, we have shown that they have failed C. Denial of service attack to uphold it. We have observed that this procedure is The attacker can initiate the password change phase penetrable to stolen mobile device attacks and privileged and choose a new password. As a result, the original user insider attacks; as a result, it also faces denial of service cannot login into the system. This causes denial of service attacks. It also contains an error in the password change scenarios for authorized users. stage. A detailed explanation is given below: http://journals.uob.edu.bh 256 M. F. Mridha, et al.: An Improved User .... System Using Wireless Medical Sensor Network D. Fails to preserve user anonymity the patient. This phase is described in Figure 2. In this stage, As this protocol transmits medical professionals’ iden- U i and GT W execute the following steps. tity U IDi and sensors identity U IDS N j clear text over an insecure channel, their identity can be exposed by hacker. Step 1: U i chooses an identity IDu , password PWu This will fail to preserve user anonymity. and a arbitrary nonce Ku . Then, MPWu = hf(PWu ||Ku ||IDu ) and MIDu = hf(IDu ||Ku ) are calculated. Now U i sends E. Stolen mobile device attack < MIDu , MPWu > to GT W securely. User U i stores < T U IDi , U Regi , AAi , ACi , hf(.) > to mobile devices. An attacker can extract all the data Step 2: On receiving < MIDu , MPWu >, GT W selects using a power analysis attack [44], [45] when the device is a random number Ru . GT W calculates Regu = hf(MIDu || stolen. This information can be used to point the flaw in RNu || MPWu ), Au =RNu ⊕MIDu , Bu =Au ⊕MPWu , Cu = the password modification stage. hf(MIDu || IDGT W || S Kgu ) ⊕Bu and Du =RNu ⊕h f (IDGT W || S Kgu ). Then, he/she sends < Cu , Regu , Bu > to U.S. 5. Proposed protocol User anonymity and mutual authentication are im- Step 3: Subsequently getting the information, U i again mensely emergent for WMSNs. In this section, we have calculates Xu = hf(IDu ) ⊕Ku , Vu = hf(IDu ||S Kgu || MPWu proposed an enhanced protocol to retreat the security defects ) and Cu∗ =Cu ⊕h f (Ku || S Kgu ) and stores < Vu ,Xu , Cu∗ , Regu , remaining in [40] by introducing masked identity and hash hf(. ) >into the mobile device. function-based mutual authentication. Analogous to the C. Patient registration phase protocol in [40], our protocol uses five phases: as Amin This stage is similar like the [15] protocol. The steps et. al. The explicit representation of the proposed protocol are described below: is described in Table II. A. Setup Step 1: The candidate first enters his/her name and sends to the registration point. The registration point picks the ac- Initially, the recording center is a trusted unit in the curate detecting device and entitles a medical professional. system. It generates a secret shared key S K gu for GT W and U. GT W and S N use S Kgsn shared key. RC uses a one Step 2: At last, patient recognition and medical sensor hash function hf(.) where hf: { 0, 1 } ∗ → { 0, 1 }l, where data sent by the registration center to the mentioned pro- l represents hf(.) output length. fessional. D. Login and authentication phase At this stage, session key and mutual authentication agreement among the parties involved in this procedure is achieved. The steps are depicted below: Step 1: U i inputs its uniqueness IDu and password PWu to the mobile. Following that, it measures Ku∗ =Xu ⊕h f (IDu ), MIDu = hf(IDu || Ku∗ ), MPWu = hf(IDu || Ku∗ ||PWu ). It also calculates A∗u =Bu ⊕MPW∗u , RNu∗ =A∗u ⊕MID∗u , Reg∗u = hf(MID∗u , || RNu∗ || MPWu∗ ) and Vu∗ = hf(IDu || S Kgu || MPWu∗ ). If Reg∗u matches Regu and Vu∗ matches Vu , then U i inputs correct ID and password. Then, it generates RN1 and calculates CIDU = IDu ⊕h f (RN∗u || T 1 ), Eu =Xu ⊕h f (IDu || RNu∗ || S Kgu ), U M1 = hf(IDu ||Xu || RN1 || T 1 ) and U M2 = RN1 ⊕h f (RN∗u || T 1 ). Then, it forwards the information < CIDU , U M1 , U M2 , T 1 > to GT W. Step 2: After receiving the information, GT W compares the validity of timestamp T 1 by |T 1 - T | < ∆T . If the time to receive the message is fewer than the time break for the communication delay ∆T , the message has not been captured by the invader. GT W then computes RNu∗ = Du ⊕h f (IDGT W ||S K ), IDu = CIDU ⊕h f (RN∗u || T 1 ), RN1 = Figure 2. Medical professional registration phase U M2 ⊕h f (RN∗u || T 1 ),Xu = Eu ⊕h f (IDu || RNu∗ || S Kgu ), U M1∗ = hf(IDu ||Xu || RN1 || T 1 ). Then, GT W verifies whether U M1∗ ?= U M1 holds. If it holds, then GT W come B. Medical professional registration stage to the conclusion that U i sent U M1 authentic message; Health professional U i first needs to register else, it terminates the session. If the condition holds, GT W him/herself in the gateway to provide medical services to generates RN2 and computes U M3 = hf( RN2 || T 2 || S Kgsn ), http://journals.uob.edu.bh Int. J. Com. Dig. Sys. 11, No.1, 251-263 (Jan-2022) 257 RNu∗ || S Kgu ) and U M8∗ = hf(Xu || S K ∗ || RN3 ). Then, GT W checks U M8∗ ?= U M8 . If it matches, then U M8 is sent by GT W. Figure 3 shows the explanation of this segment. E. Password change stage In this stage allows users to change the old password with updated password. The steps are described below: Step 1: U i enters IDu and password PWu into the smart device. Step 2: It computes Ku∗ =Xu ⊕h f (IDu ), MIDu = hf(IDu || Ku∗ ), MPWu = hf(IDu || Ku∗ || PWu ). It also calculates A∗u =Bu ⊕MPW∗u , RNu∗ =A∗u ⊕MID∗u , Reg∗u = hf(MID∗u || RNu∗ ||MPWu∗ ). If Reg∗u matches Regu and Vu∗ matches Vu , then U i enters accurate ID and password. Then, it requests for a latest password. Step 3: user U i inputs the latest password PWunew . Step 4: The mobile device calculates Kunew =Xu ⊕h f (IDu Figure 3. Login and authentication phase U M4 = RN2 ⊕SKgsn and U M5 = U M4 ⊕UM3 . Then, sends the information to S N sensor. Step 3: Upon getting S N authen- ticates |T 2 - T | < ∆T . If it holds, then the message has not been intercepted by the intruder. Now S N calculates U M3= U M5 ⊕UM4 , RN2∗ = U M4 ⊕SKgsn , U M3∗ = hf( RN2∗ || T 2 ||S Kgsn ). Then, S N proves the equivalence of U M3∗ with U M3 . If both are the same, S N produces an arbitrary number RN3 and calculates S K= hf( U M3 || RN3 || RN2∗ ), U M6 = hf(S K|| RN3 || S Kgsn ) and U M7 = RN3 ⊕h f (RN∗2 ). Now S N forwards to GT W. Step 4: After receiving the information, S N computes RN2∗ = U M4 ⊕SKgsn , RN3 = U M7 ⊕h f (RN∗2 ), S K ∗ = hf( U M3 || RN3 || RN2∗ ), U M6∗ = hf( S K ∗ || RN3 || S Kgsn ). Now, S N checks whether U M6∗ equals U M6 . If both are equal, then it computes U M8 = hf(Xu || S K ∗ || RN3 ), U M9 = U M3 ⊕h f (SKgu ), U M10 = U M7 ⊕RN3 and U M11 = U M10 ⊕RN∗2 . Finally, it sends to U.S. Step 5: After obtaining the information, GT W cal- culates RN3 = U M7 ⊕UM10 , U M3 = U M3 (S Kgu ), RN2∗ = U M11 ⊕UM10 , S K ∗ = H( U M3 || RN3 || RN2∗ ), Xu = Eu (IDu || Figure 4. Password change phase http://journals.uob.edu.bh 258 M. F. Mridha, et al.: An Improved User .... System Using Wireless Medical Sensor Network ), MIDnewu =hf(IDu || Ku ), MPWu = hf(IDu || Kunew || new new G. Anonymity preservation PWu ). It also calculates Au = Bu ⊕MPWnew new new u , RNu = new This protocol preserves user anonymity because it uses Au ⊕MIDu , Regu = hf( MIDu || RNu || MPWunew ), new new new new new masked identity MIDu and masked password MPWu . Iden- Xunew = Kunew ⊕h f (IDu ), Bnew u = Au new ⊕MPWnew u and Vunew = tity IDu is never sent clear text throughout the communica- hf(IDu || S Kgu || MPWunew ). Finally, the mobile device stores tion. Therefore, it protects the disclosure of user identity. all information < Vunew , Xunew , Regnew u , Bu new > to its memory. This phase is explained in Figure 4. H. Increase in sensor lifetime The proposed protocol architecture increases the lifetime 6. Security analysis and performance of the proposed of the sensor node by introducing a gateway between protocol the communication of the sensor node and the medical In this segment, we have performed an informal secu- profession. Direct communication incurs higher communi- rity investigation of this procedure. This protocol protects cation costs [1], [14], [15]. Therefore, we have modified privileged insider attacks and stolen smart device attacks. our architecture and introduced a gateway between the It preserves user anonymity and achieves mutual authen- sensor node and medical professional so that information tication. It also presents a strong password change phase. is exchanged through the gateway. It reduces the communication cost between the sensor and medical professional. The detailed description is as follows: 7. Correctness of authentication using the BAN logic model A. Privileged insider attack Burrows–Abadi–Needham logic (also known as BAN This protocol is resistant to privileged insider attacks. logic) has some set of guidelines to verify the source IDu and PWu are never sent clear text in this protocol. of message, genuineness of origin, and freshness of the Therefore, the attacker cannot guess the password. Assume authentication protocol. The model is described in [46]. that the attacker knows MIDu and MPWu . To presumption We have used this BAN rule to verify our authentication the password invader needs to know IDu and Ku . Ku is a protocol. Here are some basic points of the BAN model for arbitrary number created by the user and only known to better perception. him. Ku is also hidden inside Xu , and IDu is never sent clear text in the communication channel. Therefore, even • Keys: Keys are used for encryption and decryption privileged insiders are not able to know the password. Principals: The person assigned to the protocol or the agent as the program is called the principal. B. Stolen mobile device attack User U i stores < Vu , Xu , Cu∗ , Regu , Bu , hf(.) > • Public keys: It is similar to keys but has a pair of to mobile devices. With this information, attacker cannot keys for encryption and decryption. extract other information to launch another attack using a • Nonce’s: It is part of message and not to be repeated. power analysis attack [44], [45], such as password change or denial of service attack. • Timestamp: It is similar to nonce but less likely to C. Strong password change stage happen again. The password change stage is well protected in this A. Notation of BAN logic: procedure. As an attacker, even a privileged insider does The symbolization’s for BAN rules are described below: not know the password, so he cannot initiate the password change phase. • Ai | ≡Si : Ai believes S i as true. D. Denial of service attack • Ai ◁Si : Ai can see message S i and read or repeat it. As the attacker cannot initiate the password change phase, there is no option of denial-of-service attack by the • Ai ∼Si : Ai once said the message S i . invader. • Ai ⇒Si : Ai has authority over message S i E. Achievement of mutual authentication This protocol achieves mutual authentication in the sign • #( S i ): Message S i is fresh in and validation stage. Each participant verifies the source • ( S i , T i ): Rule S i or T i is one part of ( S i , T i ). of the message so that U i, GT W and S N authenticate each other before exchanging information. • < S i > T i : Rule S i combined with rule T i . F. Replay attack • {S i } Ki : Rule S i is encrypted under the key Ki . This protocol involves a timestamp in the sign in and au- thentication stage and verifies the freshness of each message • ( S i ) Ki : Rule S i is hashed with the key Ki . on every communication. It also authenticates each other Ki before establishing any session. Therefore, this protocol is • Ai ←→ Di : Ai communicate with Di using shared key resistant to replay attacks. Ki . http://journals.uob.edu.bh Int. J. Com. Dig. Sys. 11, No.1, 251-263 (Jan-2022) 259 Si S Kgu • Ai ⇌ Di : Only Ai and Di know the secret S i . • C1: U i| ≡ U i ←→ GLi S Kgsn B. BAN logic rules • C2: GLi | ≡ GLi ←→ S N The subsequent rules are used in BAN logic. Below is the proof of our protocol by achieving the above- Si Ai |≡Ai ⇌Di ,Ai ◁< S i >Ki mentioned goals • Message-meaning rule: Ai |≡Di |∼S i Ai |≡#(S i ) • U M1 : U i → GLi : CIDU , U M1 , U M2 , T 1 , Eu , • Freshness-conjuncatenation rule: Ai |≡#(S i ,Y) IDS N : < RN1 > S Kgu Ai |≡(S i ),Ai |≡Y • Belief rule: Ai |≡(S i ,Y) • Using the seeing formula: S1: GLi → CIDU , U M1 , U M2 , T 1 , Eu , IDS N : < • Nonce-verification rule: Ai |≡#(S i ),Ai |≡Di |∼S i Ai |≡Di |≡S i RN1 > S Kgu Ai |≡Di ⇒S i ,Ai |≡Di |≡S i • Using C1, S1 message-meaning formula: • Jurisdiction rule: Ai |≡S i S2: GLi | ≡ U i| ∼ RN1 Ai |≡(S i ),Ai |≡Di |≡S i • Session key rule: Ki • Using A2, S2 freshness conjuncatenation name Ai |≡Ai ←→Di verification formula: Our proposed procedure should gratify the subsequent goals S3: GLi | ≡ U i| ≡ RN1 , where RN1 is essential to prove its safety. information to compute the session key. Ki • Using the B3, S3 jurisdiction formula: • Goal 1: GLi | ≡ GLi ←→ U i S4: GLi | ≡ RN1 Ki • Goal 2: GLi | ≡ GLi ←→ S N • Using A2, S3 session-key formula: SK i Ki S5: GLi | ≡ GLi ←→ U i (Goal 1) • Goal 3: S N| ≡ S N ←→ GLi Ki • U M3 : S N → GLi : U M6 , U M7 :< RN3 >S Kgsn • Goal 4: U i| ≡ U i ←→ GLi • Using the seeing formula: Perfect form: The standard version of the proposed proce- Q1: S N → GLi : U M6 , U M7 :< RN3 >S Kgsn dure is given below. • Using C2, Q1 and message-meaning formula: • UM1: U i → GLi : CIDU i , U M1 , U M2 , T 1 , EU i , Q2:GLi | ≡ GLi | ∼ RN3 IDS N :< RN1 >S Kgu • Using A2, Q2 freshness conjuncatenation nonce • UM2: GLi → S N : U M4 , U M5 , T 2 , :< RN2 >S Kgsn authentication formula: Q3:GLi | ≡ S N| ≡ RN3 • UM3: S N → GLi : U M6 , U M7 :< RN3 >S Kgsn • Using B2, Q3 jurisdiction formula: • UM4: GLi → U i : U M7 , U M8 , U M9 , U M10 , Q4:GLi | ≡ RN3 U M11 : < RN1 , RN2 >S Kgu • Using A2, Q3 session-key formula: SK i C. Initial assumption Q5:GLi | ≡ GLi ←→ S N (Goal 2) The subsequent are primary conventions of the proposed procedure. • U M2 :GLi → S N : U M4 , U M5 , T 2 :< RN2 >S Kgsn • A1: U i| ≡ #(RN1 , RN2 , RN3 ) • Using the seeing formula: V1: S N ◁ U M4 , U M5 , T 2 :< RN2 >S Kgsn • A2: GLi | ≡ #(RN2 , RN1 , RN3 ) • Using C2, the V1 message-meaning formula: • A3: S N| ≡ #(RN2 , RN3 ) V2: S N| ≡ GLi | ∼ RN2 • B1: S N| ≡ GLi ⇒ RN2 • Using A3, V2 freshness conjuncatenation nonce verification formula: • B2: GLi | ≡ S N ⇒ RN3 V3: S N| ≡ GLi | ≡ RN2 • B3: GLi | ≡ U i ⇒ RN1 • Using B1, V3 jurisdiction formula: SK i • B4: U i| ≡ GLi ⇒ (RN2 , RN3 ) V4: S N| ≡ S N ←→ GLi (Goal 3) http://journals.uob.edu.bh 260 M. F. Mridha, et al.: An Improved User .... System Using Wireless Medical Sensor Network • Using A3, V3 session-key formula: [5] D. He, S. Chan, and S. Tang, “A novel and lightweight system SK i to secure wireless medical sensor networks,” IEEE Journal of V5: S N| ≡ S N ←→ GLi (Goal 3) Biomedical and Health Informatics, vol. 18, no. 1, pp. 316–326, Jan 2014. • U M4 : U i ◁ U M7 , U M8 , U M9 , U M10 , U M11 :< RN1 , RN2 >S Kgu [6] P. Gope and T. Hwang, “Bsn-care: A secure iot-based modern healthcare system using body sensor network,” IEEE Sensors Jour- • Using the seeing formula: nal, vol. 16, no. 5, pp. 1368–1376, March 2016. W1: U i ◁ U M7 , U M8 , U M9 , U M10 , U M11 :< RN1 , RN2 >S Kgu [7] X. Li, J. Niu, S. Kumari, J. Liao, W. Liang, and M. K. Khan, “A new authentication protocol for healthcare applications using • Accordingly, C1, W1 message-meaning formula: wireless medical sensor networks with user anonymity,” Security and Communication Networks, vol. 9, no. 15, pp. 2643–2655, W2: U i| ≡ GLi | ∼ (RN2 , RN3 ) 2016. [Online]. Available: https://doi.org/10.1002/sec.1214 • Using A1, W2 freshness conjuncatenation nonce [8] M. J. Hossain, M. A. H. Wadud, and M. Alamin, “Hdm-chain: verification formula: A secure blockchain-based healthcare data management framework W3: U i| ≡ GLi | ≡ (RN2 , RN3 ) to ensure privacy and security in the health unit,” in 2021 5th International Conference on Electrical Engineering and Information • Using B4, W3 jurisdiction formula: Communication Technology (ICEEICT), 2021. W4: U i| ≡ (RN2 , RN3 ) [9] M. J. Hossain, M. A. H. Wadud, A. Rahman, J. Ferdous, M. S. • Using A1, W3 session-key formula: Alam, T. M. Amir Ul Haque Bhuiyan, and M. F. Mridha, “A secured SK i patient’s online data monitoring through blockchain: An intelligent W5: U i| ≡ U i ←→ GLi (Goal 4) way to store lifetime medical records,” in 2021 International Con- ference on Science Contemporary Technologies (ICSCT), 2021, pp. Hence, we have achieved our goals, and it is proven that 1–6. our procedure satisfies mutual authentication and session key agreement. [10] Z. Xia, X. Wang, L. Zhang, Z. Qin, X. Sun, and K. Ren, “A privacy-preserving and copy-deterrence content-based image 8. Conclusion retrieval scheme in cloud computing,” Trans. Info. For. Sec., vol. 11, no. 11, pp. 2594–2608, Nov. 2016. [Online]. Available: In this article, we rigorously studied the procedure https://doi.org/10.1109/TIFS.2016.2590944 described in [40] and found that their protocol is prone to different attacks, such as privileged insider attacks and [11] Z. Fu, K. Ren, J. Shu, X. Sun, and F. Huang, “Enabling stolen smart device attacks. It does not protect against personalized search over encrypted outsourced data with denial-of-service attacks and does not disclose usernames. It efficiency improvement,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 9, pp. 2546–2559, Sep. 2016. [Online]. Available: also has flaws in the password change phase. Our endeavor https://doi.org/10.1109/TPDS.2015.2506573 is to remove the limitations of the protocol presented in [40]. We have proposed a masked identity and hash [12] Z. Fu, X. Sun, Q. Liu, L. Zhou, and J. Shu, “Achieving efficient function-based protocol that fixes the referenced security cloud search services: Multi-keyword ranked search over encrypted issues. we have proven that our proposed security model cloud data supporting parallel computing.” IEICE Transactions, contributes better results than the existing security model. vol. 98-B, no. 1, pp. 190–200, 2015. [Online]. Available: http://dblp.uni-trier.de/db/journals/ieicet/ieicet98b.htmlFuSLZS15 An informal security investigation was performed, which express that our proposed security protocol is safe and [13] K. Romer and F. Mattern, “The design space of wireless sensor appropriate for patient monitoring systems using WMSNs. networks,” Wireless Commun., vol. 11, no. 6, pp. 54–61, Dec. 2004. In the future, we will implement it in a cloud environment. [Online]. Available: https://doi.org/10.1109/MWC.2004.1368897 References [14] P. Kumar, S.-G. Lee, and H.-J. Lee, “E-sap: Efficient-strong [1] D. He, N. Kumar, J. Chen, C.-C. Lee, N. Chilamkurti, and S.-S. authentication protocol for healthcare applications using wireless Yeo, “Robust anonymous authentication protocol for health-care medical sensor networks,” Sensors, vol. 12, no. 2, pp. applications using wireless medical sensor networks,” Multimedia 1625–1647, 2012. [Online]. Available: http://www.mdpi.com/1424- Syst., vol. 21, no. 1, pp. 49–60, Feb. 2015. [Online]. Available: 8220/12/2/1625 http://dx.doi.org/10.1007/s00530-013-0346-9 [15] F. Wu, L. Xu, S. Kumari, and X. Li, “An improved and [2] Y. K. Ever, “Secure-anonymous user authentication scheme for anonymous two-factor authentication protocol for health-care e-healthcare application using wireless medical sensor networks,” applications with wireless medical sensor networks,” Multimedia IEEE Systems Journal, pp. 1–12, 2018. Syst., vol. 23, no. 2, pp. 195–205, 2017. [Online]. Available: https://doi.org/10.1007/s00530-015-0476-3 [3] L. X. Hung, M. Khalid, R. Sankar, and S. Lee, “An efficient mutual authentication and access control scheme for wireless sensor [16] M. A. H. Wadud, T. M. Amir-Ul-Haque Bhuiyan, M. A. Uddin, and networks in healthcare,” JNW, vol. 6, pp. 355–364, 2011. M. M. Rahman, “A patient centric agent assisted private blockchain on hyperledger fabric for managing remote patient monitoring,” in [4] F. Wu and L. Xu, “Security analysis and improvement of a privacy 2020 11th International Conference on Electrical and Computer authentication scheme for telecare medical information systems,” J. Engineering (ICECE), 2020, pp. 194–197. Medical Systems, vol. 37, no. 4, p. 9958, 2012. http://journals.uob.edu.bh Int. J. Com. Dig. Sys. 11, No.1, 251-263 (Jan-2022) 261 [17] S. Kumari, M. K. Khan, and M. Atiquzzaman, “User authentication vol. 29, no. 3, pp. 311 – 324, 2017. [Online]. Available: schemes for wireless sensor networks,” Ad Hoc Netw., http://www.sciencedirect.com/science/article/pii/S1319157815000828 vol. 27, no. C, pp. 159–194, Apr. 2015. [Online]. Available: http://dx.doi.org/10.1016/j.adhoc.2014.11.018 [30] R. Amin and G. P. Biswas, “An improved RSA based user authentication and session key agreement protocol usable in [18] T. Maitra, R. Amin, D. Giri, and P. D. Srivastava, “An TMIS,” J. Medical Systems, vol. 39, no. 8, p. 79, 2015. [Online]. efficient and robust user authentication scheme for hierarchical Available: https://doi.org/10.1007/s10916-015-0262-y wireless sensor networks without tamper-proof smart card,” I. J. Network Security, vol. 18, no. 3, pp. 553–564, 2016. [Online]. [31] R. Amin and G. Biswas, “Design and analysis of bilinear pairing Available: http://ijns.femto.com.tw/contents/ijns-v18-n3/ijns-2016- based mutual authentication and key agreement protocol usable in v18-n3-p553-564.pdf multi-server environment,” Wireless Personal Communications, vol. 84, no. 1, pp. 439–462, 2015. [Online]. Available: [19] C. Li, “A secure chaotic maps-based privacy-protection scheme for https://doi.org/10.1007/s11277-015-2616-7 multi-server environments,” Security and Communication Networks, vol. 9, no. 14, pp. 2276–2290, 2016. [32] S. H. Islam, “Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps,” [20] M.-L. Messai, H. Seba, and M. Aliouat, “A lightweight Inf. Sci., vol. 312, no. C, pp. 104–130, Aug. 2015. [Online]. key management scheme for wireless sensor networks,” J. Available: https://doi.org/10.1016/j.ins.2015.03.050 Supercomput., vol. 71, no. 12, pp. 4400–4422, Dec. 2015. [Online]. Available: https://doi.org/10.1007/s11227-015-1534-5 [33] S. Kumari, M. K. Khan, X. Li, and F. Wu, “Design of a user anonymous password authentication scheme without smart card,” [21] P. Rawat, K. D. Singh, J.-M. BONNIN, and H. Chaouchi, “Wireless Int. J. Communication Systems, vol. 29, no. 3, pp. 441–458, 2016. sensor networks: a survey on recent developments and potential [Online]. Available: https://doi.org/10.1002/dac.2853 synergies,” Journal of Supercomputing, p. ., Oct. 2013. [Online]. Available: https://hal.archives-ouvertes.fr/hal-00955283 [34] S. Kumari, M. K. Khan, and X. Li, “An improved remote user authentication scheme with key agreement,” Computers & Electrical [22] P. Rawat, K. Deep Singh, H. Chaouchi, and J.-M. Bonnin, “Wireless Engineering, vol. 40, no. 6, pp. 1997–2012, 2014. [Online]. sensor networks: A survey on recent developments and potential Available: https://doi.org/10.1016/j.compeleceng.2014.05.007 synergies,” The Journal of Supercomputing, vol. 68, 04 2013. [35] S. Kumari and M. K. Khan, “More secure smart card-based remote [23] M. L. Das, “Two-factor user authentication in wireless user password authentication scheme with user anonymity,” Security sensor networks,” Trans. Wireless. Comm., vol. 8, and Communication Networks, vol. 7, no. 11, pp. 2039–2053, no. 3, pp. 1086–1090, Mar. 2009. [Online]. Available: 2014. [Online]. Available: https://doi.org/10.1002/sec.916 http://dx.doi.org/10.1109/TWC.2008.080128 [36] S. Kumari, M. K. Gupta, M. K. Khan, and X. Li, “An improved [24] H. Huang, Y. Chang, and C. Liu, “Enhancement of two-factor timestamp-based password authentication scheme: comments, user authentication in wireless sensor networks,” in 2010 Sixth cryptanalysis, and improvement,” Security and Communication International Conference on Intelligent Information Hiding and Networks, vol. 7, no. 11, pp. 1921–1932, 2014. [Online]. Available: Multimedia Signal Processing, Oct 2010, pp. 27–30. https://doi.org/10.1002/sec.906 [25] S. G. Yoo, K. Y. Park, and J. Kim, “A security- [37] R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, and X. Li, performance-balanced user authentication scheme for wireless “Cryptanalysis and enhancement of anonymity preserving remote sensor networks,” International Journal of Distributed Sensor user mutual authentication and session key agreement scheme for e- Networks, vol. 8, no. 3, p. 382810, 2012. [Online]. Available: health care systems,” J. Medical Systems, vol. 39, no. 11, pp. 140:1– https://doi.org/10.1155/2012/382810 140:21, 2015. [Online]. Available: https://doi.org/10.1007/s10916- 015-0318-z [26] K. Xue, C. Ma, P. Hong, and R. Ding, “A temporal- credential-based mutual authentication and key agreement scheme [38] D. He, N. Kumar, and N. Chilamkurti, “A secure temporal- for wireless sensor networks,” J. Netw. Comput. Appl., credential-based mutual authentication and key agreement scheme vol. 36, no. 1, pp. 316–323, Jan. 2013. [Online]. Available: with pseudo identity for wireless sensor networks,” Inf. Sci., http://dx.doi.org/10.1016/j.jnca.2012.05.010 vol. 321, no. C, pp. 263–277, Nov. 2015. [Online]. Available: https://doi.org/10.1016/j.ins.2015.02.010 [27] C.-T. Li, C.-Y. Weng, and C.-C. Lee, “An advanced temporal credential-based security scheme with mutual authentication and key [39] A. K. Das, A. K. Sutrala, V. Odelu, and A. Goswami, “A agreement for wireless sensor networks,” in Sensors, 2013. secure smartcard-based anonymous user authentication scheme for healthcare applications using wireless medical sensor networks,” [28] R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, and Wireless Personal Communications, vol. 94, no. 3, pp. 1899–1933, N. Kumar, “An efficient and practical smart card based anonymity 2017. [Online]. Available: https://doi.org/10.1007/s11277-016-3718- preserving user authentication scheme for TMIS using elliptic curve 6 cryptography,” J. Medical Systems, vol. 39, no. 11, p. 180, 2015. [Online]. Available: https://doi.org/10.1007/s10916-015-0351-y [40] R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, and N. Kumar, “A robust and anonymous patient monitoring system [29] S. H. Islam, R. Amin, G. Biswas, M. S. Farash, X. Li, using wireless medical sensor networks,” Future Generation and S. Kumari, “An improved three party authenticated key Comp. Syst., vol. 80, pp. 483–495, 2018. [Online]. Available: exchange protocol using hash function and elliptic curve https://doi.org/10.1016/j.future.2016.05.032 cryptography for mobile-commerce environments,” Journal of King Saud University - Computer and Information Sciences, [41] S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad, “Proposed http://journals.uob.edu.bh 262 M. F. Mridha, et al.: An Improved User .... System Using Wireless Medical Sensor Network security model and threat taxonomy for the internet of things (iot),” Md. Al Imran was born on 13th December in Recent Trends in Network Security and Applications Communi- 1987 in a city of Bangladesh named Khulna. cations in Computer and Information Science, vol. 89. Germany: He obtained his B.Sc. in Computer Science Springer, 2010, pp. 420–429. Engineering in 2010 from Khulna Univer- [42] P. Kaur Dhillon and S. Kalra, “A lightweight biometrics based sity of Engineering Technology, Khulna, remote user authentication scheme for iot services,” Journal of Bangladesh and M.Sc. in Information Sys- Information Security and Applications, vol. 34, 01 2017. tems Security in 2017 from Bangladesh Uni- versity of Professionals. He has published [43] J. Lee and H. Kim, “Security and privacy challenges in the internet more than three research papers including of things [security and privacy matters],” IEEE Consumer Electron- international journal. Among them, one jour- ics Magazine, vol. 6, no. 3, pp. 134–136, July 2017. nal was published in Journal of Communication in 2011 and an- [44] P. C. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” other is yet to publish in Journal of Telecommunication, Electronic in Proceedings of the 19th Annual International Cryptology and Computer Engineering. Two conference papers were published Conference on Advances in Cryptology, ser. CRYPTO ’99. Berlin, in 12th International Conference on Computer Information Tech- Heidelberg: Springer-Verlag, 1999, pp. 388–397. nology, Dec. 2009 and 13th International Conference on Computer Information Technology, Dec. 2010, Dhaka, Bangladesh. [45] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card security under the threat of power analysis attacks,” IEEE Trans. Comput., vol. 51, no. 5, pp. 541–552, May 2002. [Online]. Available: https://doi.org/10.1109/TC.2002.1004593 Md. Anwar Hussen Wadud is a lecturer in the Department of Computer Sciecne and [46] M. Burrows, M. Abadi, and R. Needham, “A logic Engineering, Bangladesh University of Busi- of authentication,” ACM Trans. Comput. Syst., vol. 8, ness and Technology, Dhaka, Bangladesh. no. 1, pp. 18–36, Feb. 1990. [Online]. Available: He received his B.Sc. and M.Sc. Engineer- http://doi.acm.org/10.1145/77648.77649 ing degree in CSE from Mawlana Bhashani Science and Technology University, Tan- gail, Bangladesh. He participated in several M. F. Mridha (Senior Member, IEEE) re- ACM ICPC programming contests during ceived the Ph.D. degree in AI/ML from his university life. He worked on several Jahangirnagar University, in 2017. He programming platforms such as Java Spring Hibernate, Android joined the Department of Computer Sci- apps developments, Python NumPy, Keras etc. for big data and ence and Engineering, Stamford University deep learning analysis in several software companies. His area of Bangladesh, in June 2007, as a Lecturer, interest is Big Data Analysis, Deep Learning, Natural Language where he was promoted a Senior Lecturer Processing, Internet of Things and Machine Learning. and an Assistant Professor, in October 2010 and October 2011, respectively. Then, he joined UAP, in May 2012, as an Assistant Professor. He is currently working as an associate professor with the Department of Computer Science and Engineering, Bangladesh University of Business and Technology. He also worked as a faculty member of the CSE Department, University of Asia Pacific, and as a graduate coordinator, from 2012 to 2019. His research experience, within both academia and industry, has resulted in over 80 journal and conference publications. His research interests include artificial intelligence (AI), machine learning, deep learn- ing, big data analysis, and natural language processing (NLP). For more than ten years, he has been with the master’s and undergraduate students, as a supervisor of their thesis work. He has served as a program committee member of several international conferences and workshops. He also served as an associate editor in several journals. http://journals.uob.edu.bh Int. J. Com. Dig. Sys. 11, No.1, 251-263 (Jan-2022) 263 MD. ABDUL HAMID has been work- parts of the globe. He was a lecturer with the Computer Science ing as a Professor with the Department of and Engineering Department, Asian University of Bangladesh, Information Technology, King Abdul Aziz Dhaka, Bangladesh, from 2002 to 2004. He was an assistant University, Jeddah, Kingdom of Saudi Ara- professor with the Department of Information and Communica- bia Since 2019. His research interests in- tions Engineering, Hankuk University of Foreign Studies, South clude network/cyber-security, natural lan- Korea, from 2009 to 2012. He was an Assistant Professor with guage processing, machine learning, wire- the Department of Computer Science and Engineering, Green less communications, and networking pro- University of Bangladesh, from 2012 to 2013. He was an Assistant tocols. He was born in the village Sonatola, Professor with the Department of Computer Engineering, Taibah Pabna, Bangladesh. His education life spans University, Madinah, Saudi Arabia, from 2013 to 2016. He was over different countries wordwide. He received his B.E. degree in an associate professor with the department of Computer Science, Computer and Information Engineering from International Islamic Faculty of Science and Information Technology, American Inter- University Malaysia, from 1996 to 2001, and the combined national University Bangladesh, Dhaka, from 2016 to 2017. He master’s-Ph.D. degree majoring in information communication was an associate professor and a professor with the department from the Computer Engineering Department, Kyung Hee Univer- of Computer Science and Engineering, University of Asia Pacific, sity, South Korea, in August 2009. He has been in the teaching Dhaka, from 2017 to 2019. profession throughout his life, which also spans over different http://journals.uob.edu.bh

(PDF) An Improved User Anonymous Secure Authentication Protocol for Healthcare System Using Wireless Medical Sensor Network