An Improved and Untraceable Lightweight Authentication and Key Agreement Scheme for Wireless Body Area Networks

Wireless body area networks (WBANs) are an important component of Medical 4.0, as they can use sensors to collect real-time data on a patient's vital signs and transmit this information over the internet to healthcare providers, greatly improving the quality and efficiency of medical care. However, Since WBANs typically collect human physiological information, which involves personal privacy, and the collected data are usually used by medical professionals for medical diagnosis. If the transmitted data are tampered with by attackers, it may lead to errors in medical diagnosis. Therefore, we must ensure the privacy, integrity, and reliability of the data during the transmission process. As a result, identity authentication and session key negotiation become crucial for secure communication in this context. Moreover, due to the constraints of sensors in terms of memory, computation, and battery life, a lightweight and efficient authentication scheme is required. Previously, Narwal et al. proposed a scheme called SAMAKA, which allows for anonymous authentication and session key establishment between sensor nodes and a control node. However, in-depth analysis has revealed that their scheme is vulnerable to sensor node capture attacks and does not provide session unlinkability or forward secrecy. To address the security flaws in Narwal et al.'s protocol, we have proposed an improved and untraceable mutual authentication and key negotiation scheme. We have also formally verified the security of our scheme using BAN logic and the AVISPA tool. Performance analysis shows that our scheme has significant advantages over other related schemes in terms of computational and communication costs, making it more suitable for the resource-constrained WBAN environment.