Wireless Body Area Network (WBAN) ensures high-quality healthcare services by endowing distant and continual monitoring of patients' health conditions. The security and privacy of the sensitive health-related data transmitted through the WBAN should be preserved to maximize its benefits. In this regard, user authentication is one of the primary mechanisms to protect health data that verifies the identities of entities involved in the communication process. Since WBAN carries crucial health data, every entity engaged in the data transfer process must be authenticated. In literature, an end-to-end user authentication mechanism covering each communicating party is absent. Besides, most of the existing user authentication mechanisms are designed assuming that the patient's mobile phone is trusted. In reality, a patient's mobile phone can be stolen or comprised by malware and thus behaves maliciously. Our work addresses these drawbacks and proposes an end-to-end user authentication and session key agreement scheme between sensor nodes and medical experts in a scenario where the patient's mobile phone is semi-trusted. We present a formal security analysis using BAN logic. Besides, we also provide an informal security analysis of the proposed scheme. Both studies indicate that our method is robust against well-known security attacks. In addition, our scheme achieves comparable computation and communication costs concerning the related existing works. The simulation shows that our method preserves satisfactory network performance.
翻译:无线机体地区网络(WBAN)通过对病人健康状况进行远程和持续的监测,确保高质量的保健服务。通过WBAN传送的敏感健康数据的安全性和隐私性应加以维护,以最大限度地扩大其效益。在这方面,用户认证是保护健康数据的主要机制之一,用以核实参与通信过程的实体的身份。由于WBAN携带关键的健康数据,参与数据传输过程的每个实体都必须进行认证。在文献中,没有涵盖每个通信方的端对端用户认证机制。此外,大多数现有用户认证机制的设计假设是病人的移动电话是信任的。事实上,病人的移动电话可能被盗或由恶意软件组成,因此行为不端。我们的工作解决了这些缺陷,并提议了一个终端用户认证和医疗专家之间在病人移动电话为半信任的情况下达成关键协议计划。我们用BAN逻辑进行正式的安全分析。此外,我们还提供了对拟议方案的非正式安全分析。在现实中,病人的移动电话可以被窃取或由恶意软件组成,从而表现为恶意的行为。我们的工作解决了这些缺陷,并提出一个终端用户认证和会议关键协议计划。我们现有的安全计算方法是可靠的。我们现有的计算方法。