School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea.
School of Computer Engineering, Keimyung University, Daegu 42601, Korea.
Sensors (Basel). 2021 Sep 9;21(18):6039. doi: 10.3390/s21186039.
Wireless medical sensor networks (WMSNs) are used in remote medical service environments to provide patients with convenient healthcare services. In a WMSN environment, patients wear a device that collects their health information and transmits the information via a gateway. Then, doctors make a diagnosis regarding the patient, utilizing the health information. However, this information can be vulnerable to various security attacks because the information is exchanged via an insecure channel. Therefore, a secure authentication scheme is necessary for WMSNs. In 2021, Masud et al. proposed a lightweight and anonymity-preserving user authentication scheme for healthcare environments. We discover that Masud et al.'s scheme is insecure against offline password guessing, user impersonation, and privileged insider attacks. Furthermore, we find that Masud et al.'s scheme cannot ensure user anonymity. To address the security vulnerabilities of Masud et al.'s scheme, we propose a three-factor-based mutual authentication scheme with a physical unclonable function (PUF). The proposed scheme is secure against various security attacks and provides anonymity, perfect forward secrecy, and mutual authentication utilizing biometrics and PUF. To prove the security features of our scheme, we analyze the scheme using informal analysis, Burrows-Abadi-Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Furthermore, we estimate our scheme's security features, computation costs, communication costs, and energy consumption compared with the other related schemes. Consequently, we demonstrate that our scheme is suitable for WMSNs.
无线医疗传感器网络(WMSNs)用于远程医疗服务环境,为患者提供便捷的医疗保健服务。在 WMSN 环境中,患者佩戴一个收集其健康信息的设备,并通过网关传输信息。然后,医生利用健康信息对患者进行诊断。然而,由于信息是通过不安全的通道交换的,因此这些信息可能容易受到各种安全攻击。因此,WMSNs 需要安全的认证方案。2021 年,Masud 等人提出了一种用于医疗保健环境的轻量级和匿名保护的用户认证方案。我们发现 Masud 等人的方案易受到离线密码猜测、用户冒充和特权内部人员攻击。此外,我们发现 Masud 等人的方案无法确保用户匿名。为了解决 Masud 等人方案的安全漏洞,我们提出了一种基于三因素的相互认证方案,该方案使用物理不可克隆函数(PUF)。所提出的方案可以抵御各种安全攻击,并利用生物特征和 PUF 提供匿名性、完美前向保密性和相互认证。为了证明我们方案的安全特性,我们使用非正式分析、Burrows-Abadi-Needham(BAN)逻辑、Real-or-Random(RoR)模型和自动化验证 Internet 安全协议和应用程序(AVISPA)模拟对其进行分析。此外,我们还比较了与其他相关方案相比,我们方案的安全特性、计算成本、通信成本和能量消耗。因此,我们证明了我们的方案适用于 WMSNs。
