An improved biometric authentication and key agreement scheme based on fuzzy extractor for Wireless Body Area Networks

Wireless Body Area Networks (WBANs) support data communication between devices around the human body and are widely used in areas such as healthcare and health monitoring. Due to the sensitivity of transmitted data in WBANs, the restriction of device resources, and the requirement of communication efficiency in emergencies, it remains a great challenge to construct an efficient and secure authentication and key agreement scheme to meet the needs of WBANs. Recently, for the secure exchange of sensitive data in WBANs, Zhang et al. (2024) designed a biometric authentication and key agreement protocol using fuzzy extractor. However, an in-depth analysis reveals that the scheme cannot effectively withstand man-in-the-middle attacks and is insufficient in stability. To address the issues, we propose an improved biometric authentication and key agreement scheme. The solution mainly uses fuzzy extraction techniques, biometrics and elliptic curve cryptography. The user is not required to store any information and only requires to send the message once to complete the authentication, which protects the user’s privacy and is more appropriate for WBANs devices with limited resources. The security of our scheme is demonstrated by formal and informal security analysis. Additionally, we comprehensively evaluate the calculation complexity and security characteristics of this scheme. The evaluation shows our scheme provides both better security as well as reduced computational and communication overheads compared with Zhang et al. (2024)’s scheme.