RELAKA: Robust ECC based Privacy Preserving Lightweight Authenticated Key Agreement protocol for healthcare applications

IF 5.1 2区工程技术 Q1 ENGINEERING, MULTIDISCIPLINARY

Engineering Science and Technology-An International Journal-Jestech Pub Date : 2024-11-01 DOI:10.1016/j.jestch.2024.101887

R. Kousalya, G.A. Sathish Kumar

{"title":"RELAKA: Robust ECC based Privacy Preserving Lightweight Authenticated Key Agreement protocol for healthcare applications","authors":"R. Kousalya, G.A. Sathish Kumar","doi":"10.1016/j.jestch.2024.101887","DOIUrl":null,"url":null,"abstract":"<div><div>With the advancement of cutting-edge technologies, the Internet of Medical Things (IoMT) has assisted the healthcare sector by facilitating interaction between healthcare service providers and patients in remote areas. In IoMT, wearable or implantable sensors collect the patient’s record and share the information through a public network. Health-related information about the patient must be protected from a variety of attacks by the adversary since it is sensitive and extremely vulnerable to attacks. The sensor equipment that is implanted in the patient is also resource-constrained and has a low power capacity. The entities involved in the communication must be authenticated with one another in order to protect patients’ health information, anonymity, and reliability. While several authenticated key agreement protocols have been proposed, many suffer from high computational costs and storage cost, making them unsuitable for lightweight applications. This paper proposes a secure three-factor robust Elliptic Curve Cryptography (ECC) based mutually authenticated and key agreement protocol known as RELAKA for the IoMT environment, utilizing the benefits of one-way hash function. In proposed scheme, all entities, including the healthcare service providers and wearable sensors, are authenticated by the medical server. Subsequently, a secret key is established for each communication session and shared between all the entities. Additionally, mechanism for appropriate user revocation and re-registration is integrated to provide additional security in cases where a user’s QR code is tampered with by the attacker. The privacy of the proposed protocol is investigated by the potential use of zero knowledge proof. Furthermore, the efficacy of the authentication is examined by challenge and response mechanism. The informal security analysis demonstrates its resistance to threats such as DoS, impersonation, message modification, password guessing, and so on. The performance evaluation of RELAKA protocol indicates that the execution, communication, and storage costs is reduced by 87.59%, 43% and 60.71% respectively. Moreover, the outcomes of the AVISPA simulation illustrate that the RELAKA successfully evades both active and passive attacks. In addition, real-world testbed environment is developed with Raspberry pi 4 model B and the experimental results verifies the robustness of the proposed protocol. According to theoretical analysis and experimental evaluation, the RELAKA scheme is more secure and efficient than the existing protocols.</div></div>","PeriodicalId":48609,"journal":{"name":"Engineering Science and Technology-An International Journal-Jestech","volume":"59 ","pages":"Article 101887"},"PeriodicalIF":5.1000,"publicationDate":"2024-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering Science and Technology-An International Journal-Jestech","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2215098624002738","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

With the advancement of cutting-edge technologies, the Internet of Medical Things (IoMT) has assisted the healthcare sector by facilitating interaction between healthcare service providers and patients in remote areas. In IoMT, wearable or implantable sensors collect the patient’s record and share the information through a public network. Health-related information about the patient must be protected from a variety of attacks by the adversary since it is sensitive and extremely vulnerable to attacks. The sensor equipment that is implanted in the patient is also resource-constrained and has a low power capacity. The entities involved in the communication must be authenticated with one another in order to protect patients’ health information, anonymity, and reliability. While several authenticated key agreement protocols have been proposed, many suffer from high computational costs and storage cost, making them unsuitable for lightweight applications. This paper proposes a secure three-factor robust Elliptic Curve Cryptography (ECC) based mutually authenticated and key agreement protocol known as RELAKA for the IoMT environment, utilizing the benefits of one-way hash function. In proposed scheme, all entities, including the healthcare service providers and wearable sensors, are authenticated by the medical server. Subsequently, a secret key is established for each communication session and shared between all the entities. Additionally, mechanism for appropriate user revocation and re-registration is integrated to provide additional security in cases where a user’s QR code is tampered with by the attacker. The privacy of the proposed protocol is investigated by the potential use of zero knowledge proof. Furthermore, the efficacy of the authentication is examined by challenge and response mechanism. The informal security analysis demonstrates its resistance to threats such as DoS, impersonation, message modification, password guessing, and so on. The performance evaluation of RELAKA protocol indicates that the execution, communication, and storage costs is reduced by 87.59%, 43% and 60.71% respectively. Moreover, the outcomes of the AVISPA simulation illustrate that the RELAKA successfully evades both active and passive attacks. In addition, real-world testbed environment is developed with Raspberry pi 4 model B and the experimental results verifies the robustness of the proposed protocol. According to theoretical analysis and experimental evaluation, the RELAKA scheme is more secure and efficient than the existing protocols.

查看原文本刊更多论文

RELAKA：适用于医疗保健应用的基于稳健 ECC 的隐私保护轻量级认证密钥协议

随着尖端技术的发展，医疗物联网（IoMT）通过促进医疗服务提供商与偏远地区患者之间的互动，为医疗保健行业提供了帮助。在 IoMT 中，可穿戴或植入式传感器收集病人的记录，并通过公共网络共享信息。由于病人的健康相关信息十分敏感，极易受到攻击，因此必须保护这些信息免受对手的各种攻击。植入患者体内的传感器设备也受到资源限制，功率较低。为了保护患者的健康信息、匿名性和可靠性，参与通信的实体之间必须相互验证。虽然已经提出了几种验证密钥协议，但许多协议都存在计算成本和存储成本高的问题，因此不适合轻量级应用。本文利用单向散列函数的优势，为 IoMT 环境提出了一种基于椭圆曲线加密法（ECC）的安全三因素稳健相互验证和密钥协议协议，即 RELAKA。在提议的方案中，包括医疗服务提供商和可穿戴传感器在内的所有实体都要经过医疗服务器的验证。随后，为每个通信会话建立密钥，并在所有实体之间共享。此外，还集成了适当的用户撤销和重新注册机制，以便在用户的二维码被攻击者篡改时提供额外的安全性。通过可能使用的零知识证明，对所提议协议的隐私性进行了研究。此外，还通过挑战和响应机制检验了身份验证的有效性。非正式安全分析表明，该协议可抵御 DoS、冒名顶替、信息修改、密码猜测等威胁。RELAKA 协议的性能评估表明，其执行成本、通信成本和存储成本分别降低了 87.59%、43% 和 60.71%。此外，AVISPA 仿真结果表明，RELAKA 成功地躲避了主动和被动攻击。此外，还利用 Raspberry pi 4 B 型开发了实际测试平台环境，实验结果验证了所提协议的鲁棒性。根据理论分析和实验评估，RELAKA 方案比现有协议更安全、更高效。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Engineering Science and Technology-An International Journal-Jestech Materials Science-Electronic, Optical and Magnetic Materials

CiteScore

11.20

自引率

3.50%

发文量

153

审稿时长

22 days

期刊介绍： Engineering Science and Technology, an International Journal (JESTECH) (formerly Technology), a peer-reviewed quarterly engineering journal, publishes both theoretical and experimental high quality papers of permanent interest, not previously published in journals, in the field of engineering and applied science which aims to promote the theory and practice of technology and engineering. In addition to peer-reviewed original research papers, the Editorial Board welcomes original research reports, state-of-the-art reviews and communications in the broadly defined field of engineering science and technology. The scope of JESTECH includes a wide spectrum of subjects including: -Electrical/Electronics and Computer Engineering (Biomedical Engineering and Instrumentation; Coding, Cryptography, and Information Protection; Communications, Networks, Mobile Computing and Distributed Systems; Compilers and Operating Systems; Computer Architecture, Parallel Processing, and Dependability; Computer Vision and Robotics; Control Theory; Electromagnetic Waves, Microwave Techniques and Antennas; Embedded Systems; Integrated Circuits, VLSI Design, Testing, and CAD; Microelectromechanical Systems; Microelectronics, and Electronic Devices and Circuits; Power, Energy and Energy Conversion Systems; Signal, Image, and Speech Processing) -Mechanical and Civil Engineering (Automotive Technologies; Biomechanics; Construction Materials; Design and Manufacturing; Dynamics and Control; Energy Generation, Utilization, Conversion, and Storage; Fluid Mechanics and Hydraulics; Heat and Mass Transfer; Micro-Nano Sciences; Renewable and Sustainable Energy Technologies; Robotics and Mechatronics; Solid Mechanics and Structure; Thermal Sciences) -Metallurgical and Materials Engineering (Advanced Materials Science; Biomaterials; Ceramic and Inorgnanic Materials; Electronic-Magnetic Materials; Energy and Environment; Materials Characterizastion; Metallurgy; Polymers and Nanocomposites)