An end-to-end authentication mechanism for Wireless Body Area Networks

Wireless Body Area Network (WBAN) ensures a high-quality healthcare service to patients by providing remote and relentless monitoring of their health conditions. Nevertheless, the patients’ health-related data are very sensitive and require security and privacy while transmitting through WBAN to maximize its benefit. User authentication is one of the primary mechanisms to protect critical data, which verifies the identities of entities involved in data transmission. Hence, in the case of health data, every entity engaged in the data transfer process over WBAN needs to be authenticated. In the literature, an end-to-end user authentication mechanism covering each communicating party must be included. Besides, most of the existing user authentication mechanisms are designed assuming that the patient’s mobile phone is trusted. However, a patient’s mobile phone can be stolen or compromised by various malware, therefore, can behave maliciously. To address these limitations, this paper proposes an end-to-end user authentication and session key agreement scheme between sensors and medical experts where the patient’s mobile phone is semi-trusted. We present a formal security analysis using BAN logic and an informal security analysis of the proposed scheme. Both studies reveal that the proposed methodology is robust against well-known security attacks. We analyze the performance of the proposed scheme by collecting real data in practical deployments and find that our scheme achieves comparable efficiency in computation, communication, and energy usage overheads concerning state-of-the-art methods. Besides, the NS-3 simulation exhibits that our proposed scheme also preserves a satisfactory network performance.