Abstract:The IEEE Std 802.15.6 is an international standard for wireless body area networks (WBANs). It contains many aspects of communications, and also provides security services, since some communications in WBANs can carry sensitive information. In this standard, the password authenticated association is a protocol for two participants to identify each other and establish a new master key based on a pre-shared short password. However, recent research shows that this protocol is vulnerable to several attacks. In this paper, we propose an improved protocol which can resist all of these attacks. Moreover, the improved protocol alleviates computational burden on one side of the two participants, the node, which is usually less powerful compared with the other side, the hub.