Identity-Based Fast Authentication Scheme for Smart Mobile Devices in Body Area Networks

1The School of Computer and Software, Nanjing University of Information Science & Technology, Nanjing 210044, China 2Guangxi Key Laboratory of Cryptography and Information Security, Guilin, China 3The School of Applied Meteorology, Nanjing University of Information Science & Technology, Nanjing 210044, China 4The Jiangsu Engineering Center of Network Monitoring, Nanjing University of Information Science & Technology, Nanjing 210044, China


Introduction
Nowadays, people's quality of life is improving with the development of society and technology [1].People's pursuit of happy life has a broader definition.With the continuous improvement of medical level, the phenomenon of aging has appeared in many developed and developing countries.People are in urgent need of a more complete medical system to ensure health and safety.Real time health monitoring is needed to prevent the possibility of chronic diseases and also for emergency treatment of sudden diseases.
Wireless body area network (WBAN) is a network composed of sensor nodes, personal terminals, and medical cloud platforms [2][3][4][5][6].WBANs can be used to monitor user signs, feed back on real-time data, provide corresponding treatment plan, and make relevant emergency measures.WBANs can not only monitor medical information and vital signs such as body temperature, pulse, and blood pressure through the attachment of sensor nodes, but also inject drugs with the help of embedded actuators to achieve longterm treatment, remote treatment, and emergency treatment.Some researchers consider that WBANs consist of three parties, including patients, doctors, and cloud servers [7][8][9][10].In fact, in some emergency cases, the participation of doctors may not be able to participate in the treatment timely.These emergency cases include falls, myocardial infarction, and stroke.If all the treatments have to wait for the doctor to confirm, the best treatment period might be missed.In this paper, we think that WBAN is mainly composed of three parts: smart mobile devices (SMDs), personal digital assistants (PDAs), and remote cloud servers (RCSs) [11,12].An SMD is a portable sensor or actuator that has certain computing power and can perceive the specific information of the outside world.SMDs are indispensable parts of WBANs.SMDs can be utilized not only as a channel for WBANs to perceive external information, but also as a means for WBANs to intervene in the outside world.PDA can be a kind of mobile computing terminal with personal computers, smart phones, and so on.PDA is responsible for receiving messages collected by SMD or issuing commands to SMD.The RCS is responsible for storing and analyzing medical data and feedback treatment recommendations [13,14].
Motivation of This Paper.Most of the existing schemes for WBAN do not consider how to implement emergency treatment without doctors' participation, so as to alleviate the sudden exacerbation of the patient's disease.The existing authentication scheme cannot be efficient and fast for such situations.
Our Contributions.The contributions of this paper can be concluded as the following three points.We first discuss a special case of how to perform treatment when a patient meets a sudden illness.The case is taken as the environment of the proposed system and scheme.We then propose an emergency medical system without the assistance of medical staff.Based on the system, we present the novel scheme to achieve fast authentication for smart mobile devices in WBANs.The detailed contributions are listed as follows.
(i) A special case is discussed.When the monitored object is suffering from sudden onset of myocardial infarction and stroke, WBANs are needed for emergency treatment.Under such circumstances, the traditional three-party system of patients, doctors, and medical cloud is no longer applicable.This paper discusses the particularity of this case and further studies on it.(ii) An emergency medical system has been proposed.
Based on the discussed case, we provide a system design that can be applied to this case.The novel emergency medical system is mainly composed of smart mobile devices, personal digital assistants, and remote cloud servers.(iii) An identity-based fast authentication scheme is proposed.Finally, we propose an identity-based fast authentication scheme for smart mobile devices in WBANs.The scheme can quickly realize the identity authentication of a device and provide a reliable precondition for further encrypted data transmission of the system.
Organizations.The remainder of this paper is organized as follows.Section 2 presents some related works.Section 3 illustrates some preliminaries of this paper, including bilinear pairing, system model, and system components.Section 4 shows the security models of the novel authentication scheme.Section 5 presents the proposed scheme in detail.Section 6 states the security analysis of the proposed scheme.Section 7 presents the performance analysis of the scheme with simulations on PBC.Finally, the conclusions are drawn in Section 8.

Related Works
Many researchers have studied the authentication of smart mobile devices in WBANs.Wang et al. [15] present an overview of attacks, principle, and solutions on the anonymity of two-factor authentication schemes.To improve the current schemes from being stuck with the security-usability tension, the scheme proposed by Wang et al. [16] can resolve the various issues arising from user corruption and server compromise.
Chiou et al. [17] propose a scheme which guarantees anonymity, unlinkability, and message authentication for uses.The proposed scheme also allows patients to directly and remotely consult with doctors in a safe way.
Li et al. [18] present participant authentication in mobile emergency medical care systems for patients supervision.They propose a secure cloud-assisted architecture for accessing and monitoring health in WBANs.Chaotic maps based authentication and key agreement mechanisms are utilized to provide data security and mutual authentication.Based on the proposed scheme, Li et al. [19] design another dynamic identity and chaotic maps based authentication scheme and a secure data protection approach to prevent illegal intrusions for medical systems.They also propose an improved secure authentication and data encryption scheme for the smart devices in medical systems in [20].
Li et al. [21] propose an anonymous mutual authentication for centralized two-hop WBAN.The scheme allows sensor nodes attached to the patient's body to authenticate with the local server/hub node.
Das et al. [22] find that some existing schemes are still vulnerable to privileged-insider attack.So they present a smartcard-based anonymous user authentication scheme for medical systems to be secure against possible known attacks.
To achieve secure and authorized communication, a symmetric key based authentication protocol is designed for medical system by Srinivas et al. [23].They claimed that the results show that their scheme reaches the level of security requirements and has suitable cost for applications in medical environment.
Some researchers achieve security authentication in WBANs with some novel technologies.For instance, Hayajneh et al. [24] propose a scheme based on the Rabin authentication algorithm.They modify the algorithm to improve its signature signing process for delay-sensitive applications in WBANs.Park et al. [25] propose a selective group authentication scheme using Shamir's threshold technique.They prove that their scheme can achieve efficient user authentication and conditional access authority for devices in medical systems.
Mohit et al. [26] achieve mutual authentication between healthcare center, cloud server, and patients, which can support patient anonymity and resist strong security attacks such as nonrepudiation and confidentiality of data.
Li et al. propose a scheme to resist Denial of Service (DoS) attack [27].To further solve problems in WBANs, Li et al. [28] provide three protocols for different tiers.The three protocols allow the anonymous authentication among mobile users, controller nodes, and the medical server.

Preliminaries
Here are some preliminaries provided for the proposed scheme.

Bilinear Pairing.
Let G 1 and G 2 be two groups of prime order .Let G 1 be an additive group and G 2 be a multiplicative group. is set to be as a mapping on (G 1 , G 2 ) : G 2  1 → G 2 .The cryptographic bilinear map  satisfies the following properties.

System Model.
In this subsection, we provide the introduction of the novel system in this paper.The system is named as emergency medical system.Figure 1 shows a schematic diagram of the system.The system is composed of sensors, actuators, PDA, and the cloud.Sensor nodes are responsible for collecting medical information in the WBAN.All data from the sensor nodes are compiled by PDA.The cloud will receive a summary of the information that PDA sends to it.According to cloud analysis of the current data and comparison of historical data, a treatment plan is chosen.The treatment plan will be directly sent to various actuators in a concise way, and the whole treatment plan will be sent to PDA.

System Components.
The components of the system include smart mobile devices (SMDs), personal digital assistants (PDAs), and remote cloud servers (RCSs).The three main components are introduced as follows.
Smart Mobile Devices (SMDs).SMDs are sensors or actuators with certain computing ability in WBANs.Sensors are responsible for perceiving vital signs of patients.The important user medical data collected is transmitted by sensors in some specific form.The actuators are responsible for specific treatment operations after receiving instructions, such as injection of adrenaline and electric shock.
Personal Digital Assistants (PDAs).PDAs are personal computers or smart phone taken by the patient.As a link between smart devices and cloud servers, PDA is responsible for transmitting SMD's collected information and RCS's instructions.

Remote Cloud Servers (RCSs).
The RCS is often a group of distributed computers with super computing power and large storage space.For ease of interpretation, we usually think that RCS's computing power and storage space are infinite.

Security Model
In this section, the security model of this paper is provided.Note that the key generation center (KGC) utilized in this paper is considered as a trusted third party to generate some system parameters [29][30][31][32].

A Forged SMD.
We assume that a forged SMD may try to send the wrong message with the legal identity of the original SMD.Once such behavior is successful, it will be very dangerous for patients in the medical system.For example, a patient has no stroke, and the node passes the authentication and sends a stroke message to PDA, which could lead to the final error diagnosis of the patient and the treatment of the patient with the wrong medicine.

Men-in-the-Middle Attack.
Men-in-the-Middle (MITM) attack refers to the attack that the attacker intercepts the message and attempted to tamper with the medical message.This kind of attack will cause the original information to be destroyed, which leads the system to be unable to pass the authentication of SMD.We assume that an MITM attacker have the ability to block the message and implement all necessary calculations.

Replay Attack.
Replay attack means that the attacker collects authentication messages sent before SMD and sends to PDA, trying to pass the authentication by PDA.This attack uses a message that has been authenticated.If the scheme is not well designed, the old authentication message is likely to be used by malicious users to achieve their goals.We assume that the attacker have the ability to obtain the historical authentication message and resubmit it.

Our Proposed Authentication Scheme
The proposed scheme is introduced detailedly in this section.

Overview of the Scheme.
The whole scheme consists of three main phases: device fast authentication, secure message transmission, and secure instruction distribution.The whole scheme is shown in Figure 2. The circles in Figure 2 represent SMDs, including sensors and actuators, and the rectangle represents a PDA.A certain amount of SMDs are deployed on the patient.When a sudden illness occurs, one or more SMDs will monitor the change of corresponding parameters and integrate medical data information.Subsequently, SMDs need to prove identities and transmit encrypted information to the PDA.Then, the PDA needs to transmit the message to the RCS.These steps are the device fast authentication and secure message transmission that we mentioned earlier.
RCS analyzes the current data with its powerful computing power and compares the data with the stored historical data.After a corresponding treatment decision is formulated, the RCS reaches the treatment instruction by secure instruction distribution phase.In this paper, we focus on the method of device fast authentication.We will provide some feasible solutions of the other phases for reference.

Device Fast Authentication
. This authentication method is the main innovation of our paper.The detailed exposition will be carried out in this subsection.The device fast authentication consists of three algorithms: registration,  authentication information delivery, and identity authentication.We will provide the detailed description of the three algorithms.The authentication information delivery and identity authentication are illustrated in Figure 3.
Registration.When every SMD enters WBAN, it needs to register with KGC.KGC chooses a random number .Let a point  on G 1 be a generator.The system public key is computed as   = ⋅.Choose two hash functions  1 and  2 as  1 : {0, 1} * → G * 1 and  1 : {0, 1} * → {0, 1}  , where  represents a length of the number.Suppose that the identity of a SMD is .The public key of the SMD is  =  1 () and secret key  =  ⋅ .
The system parameter will be written into the memory of the SMD.
Authentication Information Delivery.If the SMD wants to transmit message, its identity needs to be authenticated.
SMD first chooses a random number .A current timestamp  1 is recorded and hashed as  =  2 ( 1 ).Authentication information  and  will then be calculated as follows.
where  is the hashed timestamp,   is the public key of the system,  is the random number chosen by SMD,  represents the generator of the system,  refers to the hashed , and  is the secret key of SMD.The authentication information file is organized as (, ,  1 ), which is then sent to PDA for authentication.
Identity Authentication.After the authentication information file is received, PDA first checks  1 to figure out whether the message is delayed when being transmitted.Then,   =  2 ( 1 ) is performed to calculate the hash value of the timestamp.Finally, PDA determines whether the device is a trusted one by the following formula.

𝑒 (𝑄𝐹, 𝜏
where  is the hashed identity of the SMD,   is the hashed timestamp calculated by the PDA itself, and (, ) can be computed offline.

Secure Message Transmission and Secure Instruction
Distribution.The two algorithms, which are named as secure message transmission and secure instruction distribution, are both encryption methods.The encryption methods are proven to be safe in WBAN and can be utilized in our system.We consider two entities in these algorithms: sender and receiver.The registration phase of the sender is the same as what is introduced in the algorithm of device fast authentication.The hashed identities of the sender and receiver are  1 and  2 .The secret keys of the sender and the receiver are  1 and  2 .
Then the sender computes encrypted message file  with plaintext : where  3 is a hash function:  3 : {0, 1} * → {0, 1} ℎ and ℎ is the length of the message file .
The final parameter  is calculated as The file (, , ) will be sent to the receiver.The receiver calculates parameter  as Let   = (, ) and  =  ⊕  3 (  ).According to the above steps, the collected medical data or the instruction data can be transmitted to the receiver safely and acquired.

Security Analysis
In this section, the correctness and security against a forged SMD, MITM attack, and replay attack of our proposal are proved.
6.1.Correctness.The correctness of device fast authentication is proved as follows: Obviously, if  =   , (,   ) = (, ).In fact,  and   are computed with the same timestamp and hash function, so the authentication process is correct and efficient.
The correctness of the message transmission scheme for secure message transmission and secure instruction distribution is proved as follows: It can be seen from the proof that the values of  and   are equal; obviously the recalculated  by   is the same as the real one.So the design of the transmission scheme is also correct.

Security against a Forged SMD.
A forged SMD may falsify the authentication information in order to pass the authentication.He can get the current timestamp to calculate .He can also select a random number  to calculate  = (1/)  + / ⋅ .Actually, the forged SMD has no opportunity to obtain the value of .So he cannot calculate  = /( +  ⋅ ).To sum up, our scheme can resist the attack by a forged SMD.In fact, he still cannot pass the authentication.The new   and   can be calculated as follows: The faked file (  ,   ,  2 ) will be sent to the PDA.PDA computes  2 =  2 ( 2 ).(,  2 ) is computed as follows: It is not difficult to see that the new parameters of the MITM can not be certified.

Security against Replay
Attack.An attacker who implements replay attack can try to pass the authentication by collecting files previously sent by SMD and sending an old file to PDA.In fact, there is a timestamp in the file.If the time difference between the timestamp and the time in which the file is accepted by PDA is beyond the range of the delay tolerance, the file will be identified as an invalid one.If the attacker tampered with the timestamp, he could not calculate the  matched with the new timestamp because the random number  is unknown.

Performance Analysis
The performance of the proposed scheme is discussed in this section.The computational cost of different entities in the proposed scheme is shown in Table 1.We take into consideration the computational costs of SMD and PDA.We consider the cost of collision-resistant hash function, bilinear pairing, and scalar multiplication [33].In Table 1, M represents scalar multiplication, P denotes bilinear pairing, and H represents collision-resistant hash function operation.The result comes out that the SMD costs 1 scalar multiplication and 1 collision-resistant hash function operation for sending the authentication message to the PDA.The PDA costs 1 scalar multiplication, 1 bilinear pairing, and 1 collisionresistant hash function operation to certificate the identity of SMD.
The efficiency of the proposed scheme is simulated on GNU Multiple Precision Arithmetic (GMP) library and Pairing-Based Cryptography (PBC) library (https://crypto .stanford.edu/pbc/).C language is utilized on a Linux system with Ubuntu 16.04 TLS, a 2.60 GHz Intel(R) Xeon(R) CPU E5-2650 v2, and 8 GB of RAM.The results are shown in Figure 4.Because SMDs and PDA are resources limited devices, controlling their computing resources consumption is very important.Our simulation reflects the time summation of all SMDs and the time cost of PDA when multiple SMDs send authentication requests to PDA.Because the number of devices in WBAN is limited, the simulation results show that our design can effectively reduce the computational cost of PDA. Figure 5 shows the comparison between the novel protocol and ECQV [34].We can see that when the number of SMDs increase, the computational cost of our novel scheme is lower.

Conclusion
In this paper, we discuss the emergency situations in WBANs where the participation of doctors will seriously reduce the efficiency of treatment.In order to solve the problem of emergency treatment, we propose an emergency medical system.Based on the system, an identity-based fast authentication scheme for smart mobile devices in WBANs is proposed.In addition, we also provide a message transmission scheme to improve the system.The authentication scheme is proven to be secure and efficient in our analysis and simulation.

Figure 1 :
Figure 1: A schematic diagram of the emergency medical system.

Figure 2 :
Figure 2: Illustration of the proposed scheme.

Figure 3 :
Figure 3: The process of device fast authentication.

Figure 4 :Figure 5 :
Figure 4: The time cost of SMD and PDA in the emergency medical system.

Table 1 :
Computational cost comparison.An adversary may calculate a fake secret key   =    and choose a new random number   and replace the value  with a new hashed timestamp  2 , remarked as  2 .