Authentication Schemes for Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

Bahache, Anwar Noureddine; Chikouche, Noureddine; Mezrag, Fares

doi:10.1007/s42979-022-01300-z

Cited by 32 publications

(17 citation statements)

References 96 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many authentication studies have analyzed their performance in the following manner [ 9 , 10 , 11 , 12 , 13 , 14 , 15 , 20 , 21 , 22 , 24 , 25 , 26 , 27 , 28 , 29 , 30 , 31 , 32 ]. We compared each computation amount in terms of the research methods used.…”

Section: Performance Analysis Of the Proposed Schemementioning

confidence: 99%

An Improved Lightweight User Authentication Scheme for the Internet of Medical Things

Kim

Ryu

Lee

et al. 2023

Sensors

View full text Add to dashboard Cite

The Internet of Medical Things (IoMT) is used in the medical ecosystem through medical IoT sensors, such as blood glucose, heart rate, temperature, and pulse sensors. To maintain a secure sensor network and a stable IoMT environment, it is important to protect the medical IoT sensors themselves and the patient medical data they collect from various security threats. Medical IoT sensors attached to the patient’s body must be protected from security threats, such as being controlled by unauthorized persons or transmitting erroneous medical data. In IoMT authentication, it is necessary to be sensitive to the following attack techniques. (1) The offline password guessing attack easily predicts a healthcare administrator’s password offline and allows for easy access to the healthcare worker’s account. (2) Privileged-insider attacks executed through impersonation are an easy way for an attacker to gain access to a healthcare administrator’s environment. Recently, previous research proposed a lightweight and anonymity preserving user authentication scheme for IoT-based healthcare. However, this scheme was vulnerable to offline password guessing, impersonation, and privileged insider attacks. These attacks expose not only the patients’ medical data such as blood pressure, pulse, and body temperature but also the patients’ registration number, phone number, and guardian. To overcome these weaknesses, in the present study we propose an improved lightweight user authentication scheme for the Internet of Medical Things (IoMT). In our scheme, the hash function and XOR operation are used for operation in low-spec healthcare IoT sensor. The automatic cryptographic protocol tool ProVerif confirmed the security of the proposed scheme. Finally, we show that the proposed scheme is more secure than other protocols and that it has 266.48% better performance than schemes that have been previously described in other studies.

show abstract

Section: Performance Analysis Of the Proposed Schemementioning

confidence: 99%

An Improved Lightweight User Authentication Scheme for the Internet of Medical Things

Kim

Ryu

Lee

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…But majority of these contributed protocols failed in satisfying the security and privacy requirements of IoMT such as integrity, authentication, anonymity, untraceability, and perfect forward secrecy. 8,9 In general, knowledge, possession and inherent factor associated with the user credentials is considered as the input for the process of secure authentication. Specifically, the knowledge factor represents the values stored in the devices like the secret keys.…”

Section: F I G U R Ementioning

confidence: 99%

“…Over the years, several authentication protocols have existed in the literature to handling the issue of security and privacy that are associated with the data communication in the IoMT environment. But majority of these contributed protocols failed in satisfying the security and privacy requirements of IoMT such as integrity, authentication, anonymity, untraceability, and perfect forward secrecy 8,9 …”

Section: Introductionmentioning

confidence: 99%

Improved Gentry–Halevi's fully homomorphic encryption‐based lightweight privacy preserving scheme for securing medical Internet of Things

Praveen¹,

Pabitha²

2023

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Internet of Medical Things (IoMT) solutions have proliferated rapidly in the COVID-19 pandemic era. The smart medical sensors capture real-time data from remote patients and communicate it to medical servers in a secure and privacy-preserving manner. It is a herculean challenge to guarantee security and privacy in Medical IoT applications. Hence, an improved Gentry-Halevi's fully homomorphic encryption-based (IGHFHE) lightweight privacy preserving user authentication scheme is proposed in this work. The scheme is proposed with an integer matrix computation strategy for securing data computation with privacy protection. It adopts the translation process of Gentry-Halevi's fully homomorphic encryption process for performing homomorphic addition and multiplication, then encrypt an integer matrix modulo that represents a positive integer. Extensive informal investigation and simulation of the proposed IGHFHE scheme shows that it is more resistant to well-known attacks for preventing authentication breaches. Also, the proposed IGHFHE scheme reduced computational and storage overhead by 4.98% and 5.78% respectively on average in comparison to other prevailing schemes. INTRODUCTIONThe pervasiveness of artificial intelligence, 5G/6G wireless communication, and smart sensors is enabling the Internet of Things (IoT) in healthcare to become a new dimension in the field of emerging technology. 1 As in Figure 1, the remote patient monitoring (RPM) applications of IoMT platform are layered as perception, network, data and the application. The perception/sensor layer medical devices such as insulin pumps, cardiac activity monitoring devices, continuous positive airway pressure (CPAP) devices, and other associated equipment's plays an indispensable role in the lifestyle of the patients by connecting in a remote manner. 2 These sensors sense the patient's condition instantly and communicate it to the medical professionals through the network layer components. Then the RPM system in the application layer can able to obtain the real time-data at any time without demanding them to visit a healthcare facility or a hospital at any time. It greatly paves the path for reducing hospital capacity overflow and reduces hospital stays, particularly during pandemics such as COVID. 3 The sensors attached with the patients transmit the physiological signs such as respiration rate, blood pressure, blood glucose level, heart rate variation, blood oxygen saturation level, and an electrocardiogram (ECG) patterns using the networking components such as gateway Ramalingam Praveen and Parameswaran Pabitha are equally contributing authors.

show abstract

“…In 2019, Soni et al [23] proposed a three-factor authentication model for healthcare systems and claimed that it provides all the security requirements. However, Authors in [24] and [25] show that the scheme proposed by [23] cannot provide perfect forward secrecy.…”

Section: Related Workmentioning

confidence: 99%

“…Dharminder et al's scheme includes the followings: (1) Registration phase, (ii) Login and authentication phase, and iii Password change phase. We briefly, describe these phases as follows: Ravanbakhsh & Nazari [33] Utilized ECC a and Fuzzy Extractor Known-session-specific temporary information attacks Perfect forward secrecy [34] Li et al [36] Provides privacy and mutual authentication for TMIS Not provide user anonymity and unlinkability Impersonation attack [37] Giri et al [38] RSA-based authentication for TMIS Off-line password guessing Insider attacks Not provide user anonymity [39] Bin [40] RSA-based authentication for telecare systems Off-line password guessing attack Not provide perfect forward secrecy [41] Lu et al [10] Biometric-based authentication for TMIS, using ECC Off-line identity guessing attack Server impersonation attack Off-line password guessing attack [9] Mishra et al [42] Biometric-based scheme for TMIS Man-in-the-middle attack Not provide perfect forward secrecy [43] Li et al [19] Anonymity preserving authentication for WBAN d Not provide perfect forward secrecy Insider attacks [44] He et al [20] Secure authentication for WBAN Known-session-specific temporary information attack Denial of service attack [44] Sahoo et al [28] Biometric-based authentication using ECC insider attack Not provide anonymity [29] Sahoo et al [26] ECC-based authentication for TMIS replay attack password guessing attack [27] Gupta et al [3] Hash and Biometric-based scheme for WBAN, Known-session-specific temporary information attack Stolen verifier attack Not provide perfect forward secrecy Soni et al [23] Three-factor authentication using ECC Not provide perfect forward secrecy [24], [25] Aghili et al [13] Low computation cost authentication Not provide perfect forward secrecy Server impersonation attack malicios sensor attack [22] Masud et al [30] Low computation cost, hash and Xor-based scheme for WBAN Not provide anonymity insider attack impersonation attack password guessing attack [31],…”

Section: Overview Of Dharminder Et Al's Schemementioning

confidence: 99%

REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

Nikooghadam

Amintoosi

2023

Preprint

View full text Add to dashboard Cite

Crowdsensing systems enlist a group of people to contribute to sensor-based tasks. They involve people, also known as participants, who collect sensor data based on the task requirements specified by the requester, and send it to a server using an application. The sensor data can be either related to the participant and his/her daily activity or collected from the surrounding environment. The crowdsensing-based healthcare system is a sample of a crowdsensing system that provides smart healthcare-related services to patients and elderly people. In such a system, wearable sensors collect sensor data from patients and transmit them to the medical server across a public communication channel. Doctors can then access the data and prepare medical advice, resulting in a drastic reduction in hospital costs. However, patient data generally contain sensitive information that needs to be exchanged securely. Therefore, a significant security challenge is authenticating the sensor device (patient) and generating short-term keys for communicating medical data. Recently, Dharminder et al. and Gupta et al. designed authentication protocols for healthcare systems. In our paper, we show that these schemes are prone to a series of attacks including impersonation and stolen verifier attacks, and cannot provide perfect forward secrecy. We then propose a Robust and Efficient Authentication scheme for Crowdsensing-based Healthcare systems, called REACH. We prove that REACH supports perfect forward secrecy and anonymity and resists well-known attacks. We perform various formal and informal security analyses using the Real-OR-Random (ROR) Model, BAN logic, and the well-known Scyther tool. We also show that REACH outperforms the related methods in incurring the minimum computational overhead and comparable communication overhead.

show abstract

Authentication Schemes for Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

Cited by 32 publications

References 96 publications

An Improved Lightweight User Authentication Scheme for the Internet of Medical Things

An Improved Lightweight User Authentication Scheme for the Internet of Medical Things

Improved Gentry–Halevi's fully homomorphic encryption‐based lightweight privacy preserving scheme for securing medical Internet of Things

REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

Contact Info

Product

Resources

About