Security and privacy issues in wireless medical sensor networks (WMSNs) have attracted lots of attention in both academia and industry due to the sensitiveness of medical system. In the past decade, extensive research has been carried out on these security issues, but no single study exists that addresses them adequately, especially for some important security properties, such as user anonymity and forward secrecy. As a step towards this direction, in this paper, the authors propose a lightweight three-factor anonymous authentication scheme with forward secrecy for personalized healthcare applications using only the lightweight cryptographic primitives. The proposed scheme adopts pseudonym identity technique to protect users' real identities and employs one-way hash chain technique to ensure forward secrecy. Analysis and comparison results demonstrate that the proposed scheme can not only reduce execution time by 34% as compared with the most effective related schemes, but also achieve more security and functional features.
TopIntroduction
The Internet of Things (IoT) is an emerging mode of modern wireless telecommunications, which allows objects to be sensed or controlled remotely over existing network infrastructure. By combining with cloud computing and fog computing (Qi, Zhang, Dou, & Ni, 2017; Gill, Chana, & Buyya, 2017; Qi, Yu, & Zhou, 2017; Gong, Qi, & Xu, 2018; Qi et al., 2018a), IoT devices can be used to build many service-based applications, such as smart devices (Cui, Zhang, Cai, Liu, & Li, 2018; Cheng, Xu, Tang, Sheng, & Cai, 2018), smart home (Liu, et al., 2018) and security-related applications (Wang, Li, Shi, Lian, & Ye, 2016; Qi, Zhou, Yu, & Liu, 2017; Ma, Luo, Li, Bao, & Zhang, 2018; Zhang, Qin, Zhang, Liu, & Luo, 2018; Qi et al., 2018b). IoT devices can also be used to enable remote health monitoring, which is a new field known as wireless medical sensor networks (WMSNs). WMSNs have attracted lots of attention in both academia and industry because of the potential in improving the quality of medical services (Walczak & Mann, 2010; Lee, Ghapanchi, Talaei-Khoei, & Ray, 2015). Through WMSNs, healthcare professionals are able to access the patients’ sensitive data collected from the medical sensor nodes which are placed on/in patients’ bodies, and provide remote medical treatment, emergency medical assistance or give some constructive advice on the patients’ further treatment.
Figure 1. A typical structure of WMSNs
A typical structure of WMSNs for personalized healthcare applications is demonstrated in Figure 1. Although WMSNs bring a lot of convenience to people’s life (Siddesh et al., 2017), security and privacy issues in WMSNs are becoming great challenges due to the sensitiveness of medical system (Ameen, Liu, & Kwak, 2012; Xu, Qi, Dou, & Yu, 2017). The medical data collected from the medical sensor nodes is sensitive, and the privacy of these data is protected legally. Due to the open feature of wireless communication, an adversary can intercept and alter the transmitted messages easily. Once obtaining these sensitive data, an adversary may acquaint the disease what the patient has and profit financially by selling sensitive data, it is a serious violation of the patient’s privacy. Further, the adversary can even misreport or distort the patient’s physiological data to cause physical harm, it may result in improper diagnosis and treatment. Therefore, it is very important to design an effective authentication scheme to guarantee secure communication and protect patients’ privacy in WMSNs.