skip to main content
research-article

Lightweight Multi-party Authentication and Key Agreement Protocol in IoT-based E-Healthcare Service

Authors Info & Claims
Published:14 June 2021Publication History
Skip Abstract Section

Abstract

Internet of Things (IoT) is playing a promising role in e-healthcare applications in the recent decades; nevertheless, security is one of the crucial challenges in the current field of study. Many healthcare devices (for instance, a sensor-augmented insulin pump and heart-rate sensor) collect a user’s real-time data (such as glucose level and heart rate) and send them to the cloud for proper analysis and diagnosis of the user. However, the real-time user’s data are vulnerable to various authentication attacks while sending through an insecure channel. Besides that, the attacks may further open scope for many other subsequent attacks. Existing security mechanisms concentrate on two-party mutual authentication. However, an IoT-enabled healthcare application involves multiple parties such as a patient, e-healthcare test-equipment, doctors, and cloud servers that requires multi-party authentication for secure communication. Moreover, the design and implementation of a lightweight security mechanism that fits into the resource constraint IoT-enabled healthcare devices are challenging. Therefore, this article proposes a lightweight, multi-party authentication and key-establishment protocol in IoT-based e-healthcare service access network to counter the attacks in resource constraint devices. The proposed multi-party protocol has used a lattice-based cryptographic construct such as Identity-Based Encryption (IBE) to acquire security, privacy, and efficiency. The study provided all-round analysis of the scheme, such as security, power consumption, and practical usage, in the following ways. The proposed scheme is tested by a formal security tool, Scyther, to testify the security properties of the protocol. In addition, security analysis for various attacks and comparison with other existing works are provided to show the robust security characteristics. Further, an experimental evaluation of the proposed scheme using IBE cryptographic construct is provided to validate the practical usage. The power consumption of the scheme is also computed and compared with existing works to evaluate its efficiency.

References

  1. Michel Abdalla, Pierre-Alain Fouque, and David Pointcheval. 2005. Password-based authenticated key exchange in the three-party setting. In Proceedings of the Annual Conference on Public Key Cryptography (PKC’05), Serge Vaudenay (Ed.). Springer, Berlin, 65–84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ai-fen Sui, L. C. K. Hui, S. M. Yiu, K. P. Chow, W. W. Tsang, C. F. Chong, K. H. Pun, and H. W. Chan. 2005. An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication. In Proceedings of the IEEE Wireless Communications and Networking Conference, Vol. 4. 2088–2093. DOI:https://doi.org/10.1109/WCNC.2005.1424840Google ScholarGoogle Scholar
  3. Amel Arfaoui, Ali Kribeche, and Sidi-Mohammed Senouci. 2019. Context-aware anonymous authentication protocols in the internet of things dedicated to e-health applications. Comput, Netw. 159 (2019), 23–36. DOI:https://doi.org/10.1016/j.comnet.2019.04.031Google ScholarGoogle ScholarCross RefCross Ref
  4. L. Babai. 1986. On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6, 1 (01 Mar. 1986), 1–13. DOI:https://doi.org/10.1007/BF02579403 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Dan Boneh and Matthew Franklin. 2003. Identity-based encryption from the weil pairing. SIAM J. Comput. 32, 3 (Mar. 2003), 586–615. DOI:https://doi.org/10.1137/S0097539701398521 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ran Canetti and Hugo Krawczyk. 2001. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the Annual Conference on Advances in Cryptology (EUROCRYPT’01), Birgit Pfitzmann (Ed.). Springer, Berlin, 453–474. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Sjouke Mauw Cas Cremers. 2012. Operational Semantics and Verification of Security Protocols (1st ed.). Springer-Verlag, Berlin. DOI:https://doi.org/10.1007/978-3-540-78636-8 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Henri Cohen. 1993. Algorithms for Linear Algebra and Lattices. Springer, Berlin, 45–107. DOI:https://doi.org/10.1007/978-3-662-02945-9_2Google ScholarGoogle Scholar
  9. Cas Cremers and Sjouke Mauw. 2012. Operational Semantics and Verification of Security Protocols (1 ed.). Springer-Verlag, Berlin. 174 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Cas J. Cremers. 2008. The scyther tool: Verification, falsification, and analysis of security protocols. In Proceedings of the 20th International Conference on Computer Aided Verification (CAV’08). Springer-Verlag, Berlin, 414–418. DOI:https://doi.org/10.1007/978-3-540-70545-1_38 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Z. Cui, F. Xue, S. Zhang, X. Cai, Y. Cao, W. Zhang, and J. Chen. 2020. A hybrid blockchain-based identity authentication scheme for multi-WSN. IEEE Trans. Services Comput. 13, 2 (2020), 241–251. DOI:https://doi.org/10.1109/TSC.2020.2964537Google ScholarGoogle Scholar
  12. D. Dolev and A. C. Yao. 1981. On the security of public key protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science (SFCS’81). 350–357. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Léo Ducas, Vadim Lyubashevsky, and Thomas Prest. 2014. Efficient identity-based encryption over NTRU lattices. In Proceedings of the Annual Conference on Advances in Cryptology (ASIACRYPT’14), Palash Sarkar and Tetsu Iwata (Eds.). Springer, Berlin, 22–41.Google ScholarGoogle ScholarCross RefCross Ref
  14. Morris J. Dworkin. 2015. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. National Institute of Standards and Technology. DOI:https://doi.org/10.6028/NIST.FIPS.202Google ScholarGoogle Scholar
  15. M. A. Ferrag, L. Maglaras, and A. Ahmim. 2017. Privacy-preserving schemes for ad hoc social networks: A survey. IEEE Commun. Surv. Tutor. 19, 4 (Fourthquarter 2017), 3015–3045. DOI:https://doi.org/10.1109/COMST.2017.2718178Google ScholarGoogle ScholarCross RefCross Ref
  16. Nicolas Gama and Phong Q. Nguyen. 2008. Predicting lattice reduction. In Proceedings of theAnnual Conference on Advances in Cryptology (EUROCRYPT’08), Nigel Smart (Ed.). Springer, Berlin, 31–51. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Ankur Gupta, Meenakshi Tripathi, Tabish Jamil Shaikh, and Aakar Sharma. 2019. A lightweight anonymous user authentication and key establishment scheme for wearable devices. Comput, Netw, 149 (2019), 29–42. DOI:https://doi.org/10.1016/j.comnet.2018.11.021Google ScholarGoogle ScholarCross RefCross Ref
  18. Yi-Kai Liu Dustin Moody Rene Peralta Ray Perlner Daniel Smith-Tone Lily Chen, Stephen Jordan. 2016. Report on Post-Quantum Cryptography. National Institute of Standards and Technology. DOI:https://doi.org/10.6028/NIST.IR.8105Google ScholarGoogle Scholar
  19. H. Janicke J. Jiang M. A. Ferrag, L. A. Maglaras and L. Shu. 2017. Authentication protocols for internet of things: A comprehensive survey. Secur. Commun. Netw. 1939-0114 (Fourthquarter 2017), 0–6. DOI:https://doi.org/10.1155/2017/6562953Google ScholarGoogle Scholar
  20. Ullah Ata Mahmood Zahid, Ning Huansheng and Yao Xuanxia. 2017. Secure authentication and prescription safety protocol for telecare health services using ubiquitous IoT. Appl. Sci. 7, 10 (2017). DOI:https://doi.org/10.3390/app7101069Google ScholarGoogle Scholar
  21. P. Porambage, A. Braeken, C. Schmitt, A. Gurtov, M. Ylianttila, and B. Stiller. 2015. Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications. IEEE Access 3 (2015), 1503–1511. DOI:https://doi.org/10.1109/ACCESS.2015.2474705Google ScholarGoogle ScholarCross RefCross Ref
  22. Deepak Puthal. 2018. Lattice-modeled information flow control of big sensing data streams for smart health application. IEEE IoT J. 6, 2 (2018), 1312–1320.Google ScholarGoogle Scholar
  23. A. K. Sahu, S. Sharma, D. Puthal, A. Pandey, and R. Shit. 2017. Secure authentication protocol for IoT architecture. In Proceedings of the 2017 International Conference on Information Technology (ICIT’17). 220–224. DOI:https://doi.org/10.1109/ICIT.2017.21Google ScholarGoogle ScholarCross RefCross Ref
  24. Adi Shamir. 1985. Identity-based cryptosystems and signature schemes. In Proceedings of the Advances in Cryptology, George Robert Blakley and David Chaum (Eds.). Springer, Berlin, 47–53. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Suraj Sharma, Shaswat Satapathy, Shivani Singh, Amiya Kumar Sahu, Mohammad S. Obaidat, Sanjay Saxena, and Deepak Puthal. 2018. Secure authentication protocol for 5G enabled IoT network. In Proceedings of the 2018 5th International Conference on Parallel, Distributed and Grid Computing (PDGC’18). IEEE, 621–626.Google ScholarGoogle ScholarCross RefCross Ref
  26. K. Tsai, Y. Huang, F. Leu, and I. You. 2016. TTP based high-efficient multi-key exchange protocol. IEEE Access 4 (2016), 6261–6271. DOI:https://doi.org/10.1109/ACCESS.2016.2613442Google ScholarGoogle ScholarCross RefCross Ref
  27. Muhammad Usman, Mian Ahmad Jan, and Deepak Puthal. 2019. PAAL: A framework based on authentication, aggregation and local differential privacy for Internet of Multimedia Things. IEEE IoT J. 7, 4 (2019), 2501–2508.Google ScholarGoogle Scholar
  28. Mohammad Wazid, Ashok Kumar Das, Neeraj Kumar, and Athanasios V. Vasilakos. 2019. Design of secure key management and user authentication scheme for fog computing services. Fut. Gener. Comput. Syst. 91 (2019), 475–492. DOI:https://doi.org/10.1016/j.future.2018.09.017Google ScholarGoogle ScholarCross RefCross Ref
  29. E. K. Win, T. Yoshihisa, Y. Ishi, T. Kawakami, Y. Teranishi, and S. Shimojo. 2017. A lightweight multi-receiver encryption scheme with mutual authentication. In Proceedings of the 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC’17), Vol. 2. 491–497. DOI:https://doi.org/10.1109/COMPSAC.2017.20Google ScholarGoogle ScholarCross RefCross Ref
  30. Fan Wu, Xiong Li, Arun Kumar Sangaiah, Lili Xu, Saru Kumari, Liuxi Wu, and Jian Shen. 2018. A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Fut. Gener. Comput. Syst. 82 (2018), 727–737. DOI:https://doi.org/10.1016/j.future.2017.08.042Google ScholarGoogle ScholarCross RefCross Ref
  31. Venkata Yanambaka, Saraju Mohanty, Elias Kougianos, Deepak Puthal, and Laavanya Rachakonda. 2019. PMsec: PUF-based energy-efficient authentication of devices in the Internet of Medical Things (IoMT). In Proceedings of the 2019 IEEE International Symposium on Smart Electronic Systems (iSES, Formerly iNiS’19), Vol. 15. IEEE, 420–434.Google ScholarGoogle ScholarCross RefCross Ref
  32. Venkata P. Yanambaka, Saraju P. Mohanty, Elias Kougianos, and Deepak Puthal. 2019. Pmsec: Physical unclonable function-based robust and lightweight authentication in the internet of medical things. IEEE Trans. Consum. Electr. 65, 3 (2019), 388–397.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Y. Zhang, F. Ren, A. Wu, T. Zhang, J. Cao, and D. Zheng. 2019. Certificateless multi-party authenticated encryption for NB-IoT terminals in 5G networks. IEEE Access 7 (2019), 114721–114730. DOI:https://doi.org/10.1109/ACCESS.2019.2936123Google ScholarGoogle ScholarCross RefCross Ref
  34. J. Zhou, Z. Cao, Z. Qin, X. Dong, and K. Ren. 2019. LPPA: Lightweight privacy-preserving authentication from efficient multi-key secure outsourced computation for location-based services in VANETs. IEEE Trans. Inf. Forens. Secur. 15 (2019), 420–434. DOI:https://doi.org/10.1109/TIFS.2019.2923156Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Lightweight Multi-party Authentication and Key Agreement Protocol in IoT-based E-Healthcare Service

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!