- Email: [email protected]
Authentication Techniques and Methodologies used in Wireless Body Area Networks
Journal Pre-proof
A Survey on Authentication Techniques for Wireless Body Area Networks Munir Hussain , Amjad Mehmood , Shafiullah Khan , M. Altaf Khan , Zeeshan Iqbal PII: DOI: Reference:
S1383-7621(19)30462-X https://doi.org/10.1016/j.sysarc.2019.101655 SYSARC 101655
To appear in:
Journal of Systems Architecture
Received date: Revised date: Accepted date:
8 July 2019 26 September 2019 4 October 2019
Please cite this article as: Munir Hussain , Amjad Mehmood , Shafiullah Khan , M. Altaf Khan , Zeeshan Iqbal , A Survey on Authentication Techniques for Wireless Body Area Networks, Journal of Systems Architecture (2019), doi: https://doi.org/10.1016/j.sysarc.2019.101655
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2019 Elsevier B.V. All rights reserved.
1
A Survey on Authentication Techniques for Wireless Body Area Networks Munir Hussain, Amjad Mehmood, Shafiullah Khan, M. Altaf Khan and Zeeshan Iqbal Institute of Computing, Kohat University of Science and Technology, KPK, Pakistan Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected] Abstract: Wireless body area network (WBAN), got the IEEE standard in February 2012, is the most significant and highly focused research area among researchers, academicians, and practitioners; applied to the patient's body for monitoring various physiological parameters and then the sensitive measured data is passed to the concerned medical doctor or server for taking the necessary actions. In order to pass the sensitive data securely, authentication is the first step towards it. The authentication schemes help network to reduce unwanted users and prevent from deceptions effectively since the authentication process identifies the user’s identity that he or she claims to be. In connection to the safe communication, authentication is one of the key aspects. So, it is important to design novel authentication schemes; those offer secure authentication and prevent various security attacks in WBANs. A lot of methods and techniques have been proposed for authentication in WBANs. In this survey paper for improving the authentication process in WBANs, an overview of WBAN and their characteristics, various authentication types and classification of authentication schemes has been done. It further provides a complete comparison of different authentication schemes and highlights their pros, cons, limitations, challenges, performance evaluation and their robustness against different security attacks which open doors of new opportunities. This finally ends with the most significant open issues, future research directions and draw interesting conclusions. Keywords: Authentication; Biometric; Security; Wireless Body Area Network; Smart Card;
1. INTRODUCTION Recent advancement in information and communication technologies (ICTs) makes it possible for people of different ages to utilize this technology for look after their health etc. Today many people can enjoy benefits of cloud computing, the Internet of things (IoT) and big data [1] and now there is no need to go to hospital and other medical centers for their routine medical check-up. People can utilize suitable e-health services everywhere in world at anytime because of the rapid development in WBAN. WBAN is just a part of wireless sensor networks (WSNs) and it connects services like hospitals and medical centers etc by mean of the internet. WBANs are consisting of several small size and low power implanted and wearable sensors for sensing crucial signs of the human body. Every sensor of WBAN is designed with biosensors such blood pressure (BP), motion, thermometer, electroencephalography (EEG), electromyography (EMG) and electrocardiogram (ECG) etc. Sensors are also designed with Wi-Fi and Bluetooth technologies etc. for communicating with each other and with central device or sink node. Although WBANs are offering many advantages to us but they are still facing a lot of technical issues like small power transceivers, power source miniaturization, secure data transfer, biocompatibility, high quality of service and less communication delay. All these issues need to be considered when designing new authentication schemes for WBANs [2]. Sensors attached to the patient body collect different physiological parameters and passed them to a central device on the body known as local processing unit (LPU). Here LPU can be a smartphone, PDA and any other portable device capable of processing and storing information. This central device on the body acts as a router between sensor nodes and health-care central server and LPU forwards all collected information to server through wireless communication technologies like mobile network, 3G/CDMA/GPRS. Information collected by biomedical sensors are passed to sink node/LPU then from LPU information are passed to the medical service providers in order to diagnose a disease and takes necessary steps towards patient treatment. This new technology is not only helpful in monitoring and improving health of people of all ages but this is also more appropriate for elder and disabled people etc surveillance. Moreover, it can improve people or
2 patient life by regularly observing and investigating the crucial signs such as blood pressure, blood sugar level testing and heart-beat rate etc of people in order to avoid unpleasant health issues. Security, privacy and authentication are the most critical and challenging issues in WBANs [3]. Security is a key imperative aspect in the development of a WBAN system because the communication in WBANs is mostly wirelessly. So it is required to secure sensitive biomedical data and node communication and any security breaches (e.g. improper/unauthorized change of drug dosage, treatment procedures or emergency response) could be of adverse effect or result in the death of the host. Data privacy is also important issue in WBANs. Patients do not want their personal data to be misused and WBAN should provide the privacy of the wireless communication channels to prevent eavesdropping. WBANs should not leak patient’s vital information to external or neighboring networks. Authentication is also important issue because it helps network to reduce unwanted users and prevents various security attacks in WBANs. IoT-based healthcare applications, sensor nodes collect and forward sensitive data to a coordinator. An adversary can eavesdrop on the communication, and can overhear critical information. This eavesdropping may cause severe damage to the patient since the adversary can use the acquired data for many illegal purposes. Although WBAN is a subset of WSN but still it has the following few dissimilarities as compare to WSN [4]. Deployment: Number of sensor nodes are deployed inside or around the human body in WBAN for different health applications, while in WSN sensor nodes are sometimes installed in harsh environment where they cannot be easily accessible. Density: WBANs are not node-dense i.e. these have low node density; on the other hand WSNs have high node density. Data Rate: Data rate in WBANs are more stable due to their period manner and in WSNs nodes are most installed for event-based applications where events occur at uneven periods. Mobility: Sensor nodes in WBANs have some sort of mobility while in WSN they are generally considered stationary. Latency: Charging and replacement of sensor nodes batteries in WBANs are easily done while in WSN nodes are mostly deployed in harsh or inaccessible environment, so it is not possible or sometimes very difficult to recharge or replace nodes batteries. It is very important for WSN to save as much as battery power for maximize battery life time. Various kinds of sensor nodes are used to collect various body characteristics for maintaining their healthy life style. The following are some characteristics of WBANs are [5]: Typically, WBANs are using star topology and all sensors forward information to LPU. Sensors are resources constrained as they have limited battery power, computation power and memory. LPU has more resources than normal sensors. Generally, short distance communication about 3 meters between sensors and LPU. For long distance communication between LPU and main Server, it uses different Internet technologies like UMTS Base Station (BS), CDMA BS, GPRS BS and Satellite etc. Data speed varies from 10 kilo bit per second to 10 Mega bit per second. Sensors inside or around the body also have their own communication capability. WBAN sensors detect and collect different biomedical data and finally pass it to the desired destination. Security mechanisms must be designed in a way to minimize overall sensor nodes calculations i.e. support authentication and encryption processes with minimal overhead. To design a proper secure and mutual authentication system for WBAN is one of the big challenge tasks as compare to tradition networks. An ideal system for a WBAN needs to achieve the following performances [6]. Usability: Generally, users are unable or unskilled to fully understand the WBAN devices operations, so it will be difficult for them to understand complex types of operations. So, it is important to design a security or other mutual authentication systems in a simple way that can be easily understandable and executable by the users. Complicated systems and operations may direct users to wrong configuration on the devices and may face a lot of problems in operating. So there is possibility that he/she might get bore from these devices and throw away in the dust bin. Efficiency: It is enormously difficult for sensor nodes in WBAN to perform complex and energy consuming cryptographic operations because these nodes are small in sizes and also have other limitations like limited battery power, computational power and limited memory. So, it is important that the designing of security and mutual authentication system must be lightweight in order to minimize energy consumption and reduce communication overheads.
3 Scalability: Scalability is another big challenging issue for WBAN for example let us looks at the device compatibility issue; it is not possible for all devices to run one common mutual authentication system or cryptographic material. Also, users are always in motion and nodes can join and leave the WBAN network on the regular basis, so cumbersome security and mutual authentication operations are inappropriate for WBAN. Now, it is important to avoid too much depending on previous security and mutual authentication systems when designing new security and mutual authentication system for WBAN. Motivation and related work: WBANS are an important research area and continuously researched from last few years. For this motive, a lot of survey and overview papers have been collected research on various topics in this field. They include: [4-7], [15], [25], [30], [44], [69] and [72]. The survey paper proposed in [50] is closely related to our work. Fig. 1, presents some exiting related work classification and it is concluded that in recent time, a secure authentication in WBAN topic is more focused by many surveys because authentication is the most important and initial step towards secure communication. The work proposed by W. Meng et al. [50] is limited to discuss the perspective of biometric approaches utilized on mobile phones. The second section of the proposed survey discussed the expansion of biometric authentication methods incorporating physiological and behavioral methods on smartphone and examining their viability of employment on touch mobile phones. The third section described topics such as generic biometric authentication structure on mobile phones, identifying eight potential attacks for mobile phones, discussed adversarial procedures and practical attacks and finally discussed potential countermeasures only on mobile phones. Fourth section of the survey paper introduced framework for establishing a secure biometric user authentication system on mobile phones. Finally, the fifth section has discussed some challenges and future research directions in this field. Our Goals: Our survey paper covers a lot of material related to authentication in WBANs in great detail those might be helpful for readers and new researchers in this specialized field. The key contributions of our work are discussing well-known applications of WBAN, characteristics of WBANs, list of security requirements, classification of security schemes, different authentication types, detail overview of different well-known authentication protocols, classification of authentication schemes based on non-biometric and biometric features, classification of authentication schemes into machine based learning and game theory based authentication schemes and finally, we give some important future research directions those are very crucial need to be researched in near future. The rest of paper is organized as follows: Section-2 of the paper discusses WBAN applications and security requirements. Section-3 describes various authentication types and protocols. Section-4 gives an overview of classification of the authentication schemes. Section-5 discusses authentication based on advanced methodologies. Section-6 gives a summary of the entire survey paper. Finally Section-7 concludes the paper and mentions future research directions. Related Surveys
2014
S. Pathania et al. [4]
2015
P. Niksaz et al. [5]
2016
S.G. Yoo
et al. [30]
2017
2018
S. Zou
et al. [6]
et al. [44]
S.S. Tote
N. Masdari et al. [15]
W. Meng et al. [50]
P. Kumar et al. [25]
A.K. Sharma et al. [69]
J.P. Singh et al. [72]
Fig. 1: Classification of related surveys
M. I. Angel et al. [7]
4
2. WBAN APPLICATIONS AND SECURITY REQUIREMENTS WBANs are playing important role in our lives due to their promising characteristics. This section is the vital section of the proposed paper for understanding the role of WBANs in our lives. Here, in the section various WBAN applications, various security requirements and their importance in WBAN have been discussed. Alongside these topics, we have also given the overview of the classification of the WBAN security schemes.
2.1 WBAN Applications Different types of sensors are used in WBAN for measuring different physiological parameters of the human body e.g. glucose level checking sensor can be used to maintain the glucose level of the human body and if the glucose level is high then insulin can be injected into body automatically. Similar other sensors like ECG, BP, EMG and EEG etc can be used to measure other physiological parameters of the human body. The following are some applications of WBAN [7]. 2.1.1. WBAN working as a Virtual Doctor WBAN can act as virtual doctor because it can provide different healthcare services to the humans having abnormalities like high/low blood pressure, cardiovascular infections, diabetes and cancer etc. In WBAN all information about patients are kept in the main server of the network which provides valuable information about the patient past history and present situation. In case of any health issue, it can provide valuable suggestions at anytime and in case of emergency, it can also inform the concern doctor, nurse, hospital and patient family member. 2.1.2. E-Healthcare monitoring systems for Homely Elders This application of WBAN monitors elder people who are living separately for any uncertain health situation. A ZigBee-WSN intelligent system for home monitoring is specially designed for the monitoring of old people health issues in the home environment. Different types of MEMS sensors are used for elder people to observe any irregularity activities during walking, sleeping, eating and bathing or at any moment of their life. In the case of any abnormality happens, it informs straight away the concerned emergency service to deal with the occurring issue. 2.1.3. WBANs used as death Intimation Device This WBAN application is generally designed for unfit elder people e.g. for paralyzed or immobile people. Recently, many people in different countries prefer to live separately and therefore, it is important in the case of death to immediately inform the right authority in order to avoid unpleasant situation. In this type of application, TinyOS based MEMS sensors are utilized for this kind of application to measure body parameters like pulse-rate or heart-beat etc. and forwards collected information to main server through cellular network on regular basis and in the case of death, it generates immediate alters and inform the concerned authority. 2.1.4. Cloud-based Healthcare Systems Cloud computing is one of the leading technology for various applications. WBANs based healthcare schemes are developed on cloud-based computing with great impact on society and today this cloud-based healthcare concept has turned out to be extremely promising technology to look after human fitness level. 2.2. Security Requirements WBANs need to have all essential security methods which help to prevent, detect, and respond to different security attacks immediately. This section presents major security requirements by Fig. 2, those are important in order to maintain network reliability and secure infrastructure-less environment. They are mainly [8,9]: 2.2.1. Authentication As we know in WBANs, an adversary can easily inject malicious information. So when data arrives at the receiver end, it is important for it to know exactly which node sent the data? Therefore, there should be some mechanism that authenticates the message and for this particular purpose, communication networks use Message Authentication Code (MAC). 2.2.2. Integrity
5 Integrity is maintaining data consistency and it is equally important as authentication. It is vital to detect the adversary that has altered or changed the messages otherwise this adversary can cause catastrophes in these networks. Fortunately; data integrity can be achieved with authentication without any extra mechanisms required.
2.2.3. Confidentiality Data confidentiality is protecting information from disclosure to un-authorize persons and can be easily achieved by encryption. The data confidentiality is compromised normally by privacy attacks. 2.2.4. Availability There should be mechanisms that guarantee the network services are available all the time. Specially, in ad-hoc networks, we need appropriate security methods to provide the availability of service all the time; otherwise, their service performances and availability could be easily compromised. Suppose, a signal jamming attack at physical and MAC layers could dangerously hamper the communication or even it can bring down the entire physical channels. A malicious device may also dislocate routing services, which can cause the network partition. 2.2.5. Freshness Freshness ensures that data is recent and not replayed by an adversary. There are two types of freshness; weak and strong freshness. Weak freshness provides partial message ordering, but there is no information on the delay, while strong freshness provides total message ordering and allows for delay estimation. Strong freshness is useful for time synchronization in a network [10]. As sensor networks are vulnerable to reply attacks, therefore at minimum, weak freshness is needed. 2.2.6. Non-Repudiation It guarantees that senders and receivers could never deny of sending and receiving of the data or information, which they have sent and received. 2.2.7. Secure Localization Many WBANs services need the correct estimation of the network node location. Lack of smart tracking system permits an attacker to forward untruthful details regarding the node location by reporting wrong signal strength. 2.2.8. Anonymity Here anonymity means un-traceability and it is difficult for an attacker to know exactly the conversation originate that is either two conversations are originated from same patient or two different patients. It means that anonymity hides the source of data and can make possible confidentiality. Authentication
Integrity
Confidentiality
Availability
Freshness
Non-Repudiation
Secure Location
Anonymity
Fig. 2: Various security requirements
2.3. Security Concerns Security is vital issue in WBANs and their proper management is awfully essential, otherwise, important secrete information would be corrupted or might be mixed with other users data through various security attacks, sometimes that may be resulted in patient death. Due to WBANs ad-hoc and wirelessly communication nature among different entities create more security issues than traditional wired connected
6 networks. In these networks, it is easy for attackers to gain access to the secret information; they can read secret information, add malicious information and delete important information etc. A number of active and passive threats are possible i.e. include signal jamming, eavesdropping, impersonation and DoS attacks etc. Information security is one of the big concerns in WBANs. Recent development in security area is not with equal pace as compare to the growing use of wireless technology. Each day a new security threat comes in existence to the already available wireless standards. WBANs security is the avoidance of unauthorized access to network resources. Security of WBANs is equally important for both patients and doctors or hospital services etc. in order to maintain their data/information confidentiality. Today WBANs have many security problems, an eavesdropper can easily enter into the wireless network due to the radio waves spreading in the whole coverage area and even now it is possible for wireless technology to break into wired networks in order to utilize their different resources e.g. an attacker can hack a server and steal confidential information or can perform some other illegal tasks. There is also chance that an attacker may read wirelessly exchanging information by using sniffers etc. So therefore, it is important for WBANs to identify efficient wireless security techniques that limit the unauthorized access to important network resources.
2.4. Classification of the WBAN Security Schemes Recently, various security schemes are used for WBANs as shown by Fig. 3, in order to protect networks against various security threats. Some of the well-known are the following: 2.4.1. Intrusion Detection System (IDS) Recently, this is one of the best security scheme used in WBANs to fight against various violations of the security strategy at different levels. An IDS deals with monitoring system activities and detect defective, offensive or abnormal and other malicious activities in the WBANs [11]. When any malicious activity is detected, a response is commenced in order to evade harm to the network. Although, other security methods like authentication and encryption are used to minimize malicious activities in the network but none of them can fully eliminate them. Most common types of IDS are Misuse-based Intrusion Detection (MID), Anomalybased Intrusion Detection (AID) and Specification-based Intrusion Detection (SID). Misuse-based Intrusion Detection (MID) In this type of intrusion detection, different methods are used to make comparison between observed system behaviors and existing stored known threats signatures in order to detect malicious activities. This approach is also known as signature based approach [12]. Anomaly-based Intrusion Detection (AID) AID is used to detect users behaviors and system activities. At the initial stage, it produces users, servers and entire network connection profiles by utilizing the well-known normal behaviors. This detection mechanism works on the basis that if new data is different from previously stored data of users and system profiles then the alarm is generated [13]. Specification-based Intrusion Detection (SID) SID uses the method that knows the state of the protocol that is why it is also known as Stateful Protocol Analysis (SPA). Specification is actually a set of regulations and thresholds described for expected behavior of the network components such as nodes, routing table and protocols. SID mechanism would discover intrusion whenever observed detected network behavior is different from the specified behavior for it. This intrusion detection method is unlike the MID where comparison is made only between observed behavior and existing stored behavior, however in SID method of intrusion detection deep understanding of how applications and protocols will work together [14].
2.4.2. Key Management Scheme This scheme permits us to create different keys for data encryption purpose in order to keep data or communication secure from unauthorized users. A well-established key management scheme is very important for the security of a cryptosystem. Key management schemes can be further divided into nonbiometric and biometric key management schemes [15]. Non-biometric Key Management Scheme
7 Non-Biometric key management schemes are not based on the people physiological or behavioral characteristics. These key management schemes depend on mutual shared numerical key among sensor nodes. Since WBANs sensor nodes are resource constraints, therefore, it is expensive to use complex type of encryption schemes. New security systems need to be designed with key management schemes those reduce overheads at WBAN sensor nodes. Non-Biometric key management scheme can be further sub-divided into cryptography-based, channel-based and clock-based key management schemes. Cryptography-based Scheme It is further sub-divided into Symmetric-based, Asymmetric-based and Hash function-based schemes. Symmetric-based key management scheme is also known private key scheme because it only uses one common private key for cryptography purposes and can be further sub-divided into AES, DES and IJS based Schemes. Where asymmetric-based key management scheme uses pair of keys for maintaining security among nodes that is one private key and other is public key which will be known to all involved nodes in the network. This can further sub-divided into ECC, ECDH, ECDSA, RSA and IBE based Schemes. Hash Function-based key management scheme can be sub-divided into MD5, SHA, MAC and HMAC based schemes. Channel-based Scheme Channel-based scheme uses the signal strength for authentication purpose and here received signal strength deviations are used to make difference among the legitimate nodes and attacker nodes [6]. Clock-based Scheme Clock-based scheme uses clock frequency of a device is applied as dynamic and distinctive data achieved every time under the authority of sink and a pair of key is produced between two devices via sharing particular clock frequency in a secure environment [16]. Biometric Key Management Scheme This key management scheme is based on the people physiological or behavioral characteristics and every person has their own unique physiological and behavioral characteristics [7]. This scheme can be further divided into ECG or EKG and hybrid based schemes. Hybrid based scheme can be sub-divided into: (i) Fingerprint, Iris scan, and ECG based schemes. (ii) HRV and ECG based schemes. (iii) Photoplethysmograph (PPG) and ECG based schemes. Fingerprint-based Scheme Fingerprint scanning method is functioning with human finger images or vascular patterns templates stored in digital form. Fingerprint identification is also known as dactyloscopy and in this type of identification, a new scan or extract fingerprint template is compared with existing stored fingerprint templates in order to validate a user because every individual finger or palm print is vary from one another [17]. Iris-based Scheme Iris-based authentication method utilizes mathematical and statistical based algorithms allow identification on iris images of one or both eyes of an individual. It is important to note that every individuals or even identical twins do not have unique iris images. ECG-based Scheme ECG based schemes work on the recording of the electrical activity of a heart and it is a suitable choice for WBANs because ECG signals are easily collected and hard to copy by other people as compare to simple passwords. It is more secure because it requires a user to be available at the time of authentication process [18]. HRV-based Scheme Heart Rate Variability (HRV) schemes are based on physiological phenomenon of difference in the time interval between consecutive heartbeats [19]. An autonomic nervous system (ANS) is a part of nervous system that controls the uneven behavior of heartbeat. The ANS is further divided into two sub-parts, the first one is called sympathetic and second one is called parasympathetic also called the fight-or-flight system and relaxation response. Sympathetic behaviors may be resulted in heat rate increasing while parasympathetic behaviors are opposite and they may be resulted in decreasing heart rate. PPG-based Scheme PPG is short for photoplethysmograph and it may be utilized as a substitute to ECG. It is a quite simple non-persistent and inexpensive optical procedure that could be utilized to identify blood level transforms in the micro vascular cot of tissue. The PPG signals can be used in variety of medical devices for many different reasons for example it can be used for measuring oxygen saturation. Besides measuring oxygen saturation, it can be used to measure blood pressure and cardiac output, and detecting peripheral vascular
8 disease etc [20]. PPG signals have many advantages, therefore, recently PPG signals are using as biometric identifier for human authentication. PPG signals can be collected via placing sensor devices on the ear or finger and utilizing light to illuminate the body and observed transforms in light absorption as blood circulate in the body. MID Based Scheme AID Based Scheme
Intrusion Detection System (IDS)
Digital Signature Scheme
Security Schemes use in WBAN
Digital Certificate Scheme Key Management Schemes
Direct Reputation Based Scheme Reputation- based Scheme
InDirect Reputation Based Scheme Biometric Key Management
Non-Biometric Key Management
Cryptography Based Scheme
SID Based Scheme
Clock-based Scheme
ECG or EKG based Scheme Hybrid Schemes
Channel-based Scheme Fingerprint, Iris scan & ECG based schemes
HRV & ECG based schemes
PPG & ECG based schemes
Fig. 3: Various security schemes
2.4.3. Digital Signature Scheme Digital signature scheme is a mathematical technique used in the world of network security by using hash function over the message/data in order to provide integrity, non-repudiation and authenticity [21]. This technique generally utilizes public key cryptography to manage the network security. Whenever, a node wants to send message to other node, at the initial stag original message is hashed with hash function to produce message digest, the digest message is then signed with the help of private key and forwards towards the destination. Due to the private key, it is impossible for intermediate nodes to read or alter the original message. Once the message is received at the other end, first signature is verified with the help of public key and if it is valid then hash function is applied on the message digest in order to extract original message, otherwise, it will be considered an attack. 2.4.4. Digital Certificate Scheme This scheme utilizes public key infrastructure to manage digital certificate. Digital certificate is a kind of electronic file issued by a Certification Authority (CA) and this electronic file is commonly consisting of public key and private information of the certificate owner. The most common information belong to a certificate are the expiration date, public key, the subject identifier and issuer identifier. A digital certificate is signed by CA private key and it is used for identifying resources and people over the network in order to enable confidential and secure communication between two nodes by using encryption [22]. The main function of CA is to authenticate the certificate holder identity and sign the digital certificate so that it could not be interfered or tempered with. Once the CA provides a signed digital certificate to a person then he/she can use on the network to obtain different services and prove his/her identity for establishing secure and confidential communication. It is expensive for WBANs due to sensor nodes constraints to use public keys accompanied by digital certificates [23].
9
2.4.5. Reputation-based Schemes Reputation-based schemes can be used to find the node reliability by considering their reputation. The reputation of a network node is calculated and denoted by a numeric value relied on the node past observations about their behavior. This scheme can be further divided into whether it uses indirect or direct recommendations [24]. Direct Recommendation Scheme This scheme is based on local observation and it does not require collaboration with other nodes for deciding whether other node is reliable or not. In Indirect Recommendation Scheme In indirect recommendation scheme, node observation not only depends on the local observations but also cooperate with other nodes in order to find the node is reliable or not.
3. AUTHENTICATION IN WBAN Authentication process is very crucial aspect for both achieving data integrity and confidentiality. Generally, three ways of authentication are used for authentication in the field of networking [25]. One-way Authentication Process This is one-side authentication process, a single authentication message is passed from sender to the receiver node and there is no acknowledgement message from the receiver end, it only stored the sender identity.
Two-way/mutual Authentication Process The two-way or mutual authentication process is actually three way handshake process in which sender forwards a challenge to the receiver node, once the receiver receive the challenge from the sender, it is solved by the receiver and response is sent back to the sender and in the final step, after receiving the challenge solution value from the receiver, the sender starts comparison of their calculated value with receiving challenge solution value. If both are matched then mutual authentication process is successful, otherwise, the authentication process is unsuccessful. Three-way Authentication Process This authentication process is a bit different from the above authentication processes because here the authentication process is based on the third party. Before the communication, a sender will forward request to third party for communicate with the second party (receiver), once the third party received the request from the sender then it will forward require authentication process parameters to both parties ( sender and receiver). Here the sender and receiver authenticate each other on the basis of third party authentication parameters and this three-way authentication process is utilized in the situations when the nodes clocks are incapable to synchronize. Why authentication is important? Authentication is a procedure which compares user provided credentials with already stored credentials of the user and if the result is yes (matched) then authorization to that particular user is granted to use various resources, otherwise it will not. For example, online banking authentication system decides whether the particular user enters into the system allows to transfer money or pay utility bills etc and if the user provided credentials are matched with the stored credentials on the bank server then that particular user is allowed to transfer money or pay their utilities bills, otherwise, request for transferring money and paying bills would be discard. Now suppose if there was no proper authentication system at the bank then there are enormous chances of fraud etc. Since WBANs nodes are typically resource-constraint that is a node has limited battery power, memory and computation power [1], so developing a good authentication scheme is a challenging task because traditional network cryptography techniques are expensive in term of memory, battery and computational utilization and almost impossible to be used for WBANs. Due to the limited resources and wireless communication, WBANs are suffering from many issues and there are a lot of issues still open for research. Among these issues, authentication is one of the major issues and it is a very important service that must be established among various devices in the network to ensure the originality and integrity of different messages share among devices. The authentication process is very important for WBANs, otherwise, without any authentication system in the network would guide towards misuse of services and resources e.g. the patients’ data originality and integrity are important for their treatment diagnosis otherwise, it may lead to a serious issue.
3.1. Authentication Types
10 User authentication is a critical issue in the field of WBAN and without proper authentication mechanism, it is not possible to identify legitimate user. It is important to have a proper authentication mechanism that might offers a high level of security and privacy of the network. Authentication can be described as a procedure in which a user uses his/her credentials to prove their identity and legitimacy. Today authentication plays very important role in our life and we use almost everywhere for example today we use authentication process to unlock our smartphones or laptop or unlock house doors etc. Without having proper authentication mechanism, it may lead to fraud and malicious activities, suppose if we do not use password or fingerprint authentication etc on the smartphone then there is strong possibility that unknown person may get access to our valuable data in the case of the smartphone lost or stolen. Similarly, the authentication process is very important in WBAN because sensitive information are exchanged among different parties and any lapse in authentication process may lead to person death. The following notations are used in this section for denoting different attacks and other features. Attacks: A1: User impersonation, A2: Man-in-the-middle, A3: Offline dictionary, A4: Privileged-insider, A5: Password guessing, A6: Illegal logged-in user using legal identity, A7: Sensor-node impersonation, A8: Stolen smart card, A9: Data leakage vulnerability, A10: Replay, A11: Denial-of-service, A12: Online or Stolen-verifier, A13: Offline password guessing, A14: Forgery, A15: Many logged-in users with the same login-ID, A16: Resilience against node capture, A17: Masquerade, A18: Smart card breach attack, A19: Service misuse, A20: Online password guessing, A21: Data disclosure, A22: Password disclosure, A23: Stolen verifier table, A24: Session key disclosure, A25: Server Impersonation, A26: Stolen verifier and modification, A27: Fake sink/sensor, A28: Plain-text Other Features: F1: Mutual authentication or authenticity, F2: User anonymity, F3: User untracability, F4: No Verification table, F5: Secure session key establishment/agreement, F6: Forward secrecy, F7: Security, F8: Privacy, F9: Efficient login-phase, F10: Local password verification, F11: user-friendliness, F12: Biometric template privacy, F13: Wrong password detection, F14: Group key secrecy, F15: Session key secrecy, F16: Nonreputation, F17: Key escrow resilience The following are the most common types of authentication used in the WBANs.
3.1.1. Password Based Authentication The password based authentication is the simplest type of authentication and can be easily managed by all entities of the network. This process of authentication is using from long time because its all operations are simple and can be easily implemented. J. Zhang et al. [26] proposed an improved protocol for the password authenticate association of IEEE 802.15.6 based on set up a novel master key between two parties based on a pre-sharing short password to authenticate each other. This protocol is somehow good as it decreases the computational cost at the sensor nodes side of the network because more computations are carried out at the hub node. The proposed protocol is safe against impersonation, man-in-the-middle, offline-dictionary and forward secrecy types of attacks. Demerits of this protocol are using insecure links for sharing different keys, public and secrete key are reused many times, password must be secretly pre-shared in a secure way and finally it slow down the communication process due to the message size is increased because of ECC technique is used. F. Wei et al. [1] have introduced a secure password based anonymous authentication scheme for WBANs using lowentropy password and for security proof they have used most widely used random oracle model (ROM). The proposed authentication scheme provides mutual authentication, client anonymity, user untractability, no verification table, session key establishment, forward security and attack resistance. Storage and Computation costs are lowest as compare to other related scheme described in the paper, which makes it more suitable for resource-constrained sensor nodes. However, according to the proposed scheme authors their scheme has more communication cost which makes the bandwidth of the proposed scheme less efficient as compare to other related schemes described in the paper because the proposed scheme requires 3 rounds for authentication between user/client and AP requires the help of Network Manager (NM). M.K. Khan et al. [27] presented an improved user authentication protocol for WBAN using only one shared secrete key between gateway node and other sensor nodes, in this protocol a password is entered into a gateway node through the secure channel during the user registration phase then it is utilized during the login phase to gateway node to access patient medical data. It provides user anonymity, secure session key and mutual authentication between entities. Also it is safe against various attacks like insider, user impersonation, password guessing, illegal logged-in users using legal identity and sensor-node impersonation. However according to J. Nam et al. [28], this protocol is suffering from user anonymity problem, forward secrecy and
11 resistance to stolen smart card attacks. Also computation consumption is higher as compare to protocol proposed in [28] and extra memory is needed by smart card as compare to previous protocols. Similarly, S. Shin et al. [29] introduced an authentication scheme for health services which could be utilized as a basic security building block for WBANs applications and this scheme is very similar to M.K. Khan et al. [27] scheme using the password based authentication during the login phase and this protocol is safe against password guessing attack, provides user anonymity, forward secrecy and secure session key among different entities involved in the communication. However according to S.G. Yoo et al. [30], this scheme is still suffering from various attacks like data leakage, vulnerability, password guessing attacks and managing insecure gateway key and secrete key of gateway problem. S. Chatterjee et al. [31] presented a novel user access control system for wireless body area sensor networks (WBASNS) based on asymmetric (public) key based cryptography and guarantee that only authentic users could access the information. This is offering group-based user and password based authentication depends on the access privileges for the authentic WBAN users. Also, this scheme offers to change user password locally facility without requiring the assist from the medical server. It provides security, mutual authentication among users, base stations (BS) and sensor nodes and resists against DoS, privileged-insider smart card breach and man-in-the-middle attacks. However, according to A.K. Das et al. [32], this system has flaws in formal security analysis. C. Li et al. [33] proposed a chaotic maps and smart card based password-based mutual authentication system for medical area is based on the small modification on Lee’s protocol in order to remove flaws associated with it. In the proposed work authors have studied Lee’s and Jiang et al.’s authentication protocols and found that their protocols are suffering from security issue e.g. a registered users confidential information might be deliberately uncovered to non-registered users which can be caused in service misuse attack. This new proposed mutual authentication system inherits good points of both Lee’s and Jiang et al.’s protocols and provides user anonymity, mutual authentication and ideal forward secrecy. Also it is safe against insider, manin-the-middle and smart card stolen attacks. Although it has less computation cost as compare to other protocols but according to G. Gao et al. [34], it suffers from efficient password change phase and session key verification issues. The main characteristics of related password based authentication schemes discussed in this section are represented in table 1. User Login Request 1b User Enter IDU , PSW U
2b
Main Server
3b 4b. IDU , PSWU
Terminate Session
No
1a 2a Validate IDU, PSWU Format
If User Enter Details Match Stored Yes
New User Registration Enter IDU , PSW U
4b. IDU , PSW U
Authentication Process Successful
No
Try Again
Yes IDU , PSW U
Fig. 4: Password based authentication The complete process of password based authentication can be divided into two main phases: Registration Phase: During this phase, a new user is register with main server by forwarding their identity alongside password. The main server validates the identity and password format; if the format is matched then registration process is completed, otherwise, ignore the request or display the try again message. Authentication Phase: The following steps are occurred during the authentication phase.
12 Step 1: User forwards login request to main server. Step 2: Main server provides interface to user for entering ID and Password. Step 3: User enter their ID and Password and forwards to main server. Step 4: After receiving patient ID and Password at main server, now it is validated by comparing against stored User ID and password. If both are matched then the authentication process is completed, otherwise, terminate the session as shown in the Fig4.
Table 1: Characteristics of password based authentication schemes Name of Scheme
Methodology
Advantages
Disadvantages
Usage Area
Our Remarks
Ref [26]
Diffie-Hellman key exchange method using ECC Elliptic curve Diffie-Hellman protocol SHA-256 hash algorithm
Resists against A1, A2 and A3. Also provides F.
Using Insecure Links. Public and secrete keys are reused many times. Password must be secretly preshared. Message size is increased due to ECC technique. It has not used any simulation tool for implementation.
WBAN
Everything is shared in plaintext format and if pre-shared password of a node is known by third party then it is easy for them to lunch different type of attacks. It can resist attacks like A1, A2 and A3. Finally, it is suitable for providing forward secrecy.
Ref [1]
Using ROM under
Provides F1, F2, F3, F4, F5
Communication cost is more as
WBANs
Although the storage and computation costs are low which suits sensor networks but it has more communication cost which makes the bandwidth of the scheme less efficient.
WMSNs
Proposed protocol does not provide F6, which is very important for key agreements based schemes. Although it has more security and other features but it is only using one shared secrete session key between gateway and other nodes. If one of the sensor nodes is compromised then the security of the entire network is lost. It is not secure and can be used as an elementary security building block for healthcare applications. It is using discrete logarithm problem for computing session keys. However, it has not explained the session key creation process in details. It is comparatively offering more security and other features. The prevention of users of lower level to access the resources of next level makes it even more secure.
Ref [27]
the DDH (Decisional Diffie– Hellman) & qstrong DiffieHellman (q-SDH) Game Theory Symmetric cryptography Smart card Using key agreement methods of E. C. Chen et al. & Z. L. Ping et al.
and F6. Storage. Computation costs are low.
Resists against A4, A1,
A5, A6 and A7. Providing F2, F5 and F1.
Ref [29]
Cryptography Hash function Combination of
Resists against A5. Provides F2, F6 and F5
among different entities.
smart card & password
Ref [31]
Using an ECC
based public key cryptosystem Game theory AVISPA tool HLPSL & SHA-2
Provides F5 and F1
between sensor nodes and BS or user. Resists against A12, A15, A16, A17, A10, A4, A18 and A11.
compare to other related schemes. Using public key. Implementation has not been done through any simulation tool. It is suffering from F2, F6 and A8 [28]. Also the computation cost is higher as compare to [28]. Extra memory space is required by SC as compare to previous protocol. Only one secrete key is shared between gateway node and other sensor nodes. It has not used any simulation tool for implementation. This protocol suffers from A9, A5, A10 and manages insecure keys Kg and Kgs [30]. Implementation has not been done through any simulation tool. It has not explained the session key creation process in details.
It has flaws in formal security
analysis [32]. Communication cost is more than Mahmud et al.’s scheme.
WBANs
WBASN
13 Ref [33]
Chebyshev chaotic Provides F2, F1, F5 and
map Smart card Symmetric key algorithm
F6. Resists against A4, A8, A1, A13, A19 and A11. Also has less computation cost.
It is suffering from efficient
password change phase and session key verification [34]. Implementation has not been done through any simulation tool.
TMIS
Proposed protocol enhances security features by eliminating flaws in Lee’s and Jiang et al. protocols. Despite few positive, it is still facing password change and session key issues.
3.1.2. Smart Card Based Authentication A smart card has electronic chip on it that could be either a secure microcontroller or equilvant intelligence capabilities with some internal storage and it can be used in terminal either has a direct physical connection or wireless to read information. Smart card based authentication is the most popular method for authentication used in the era of modern networks because of their elegant characteristics like computational capability, memory ability and portability etc. [35]. C. Liu et al. [36] proposed a secure user authentication protocol using smart card based authentication scheme for monitoring health conditions and it provides both data security and privacy. It is secure against some well known attacks like replay, impersonation, online or stolen-verifier and online or offline password guessing. However, according to C. Li et al. [37], it is still suffering from password disclosure, replay, sense data disclosure and forgery, stolen smart card and offline password guessing attacks. Also it computation cost is higher. C. Li et al. [37] presented an efficient user authentication and anonymity scheme with provably security for IoT-based medical care system using smart card based authentication during login which eliminates the security weakness associated with Liu-Chung’s scheme known as a bilinear pairing-based password authentication for WBAN. The proposed work has improved secure authentication and data encryption system for medical care area, which could also offer user anonymity and eliminates security attacks like replay and password data discovery attacks. The proposed scheme is lightweight and has very less computation cost as compare to protocol proposed in [36]. D. He et al. [38] have used smart card technology during login and authentication phase for health professional to access patient data and this new protocol is based on an efficient-strong authentication scheme for wireless medical sensor networks (WMSNs) proposed by Kumar et al. The proposed protocol not only provides strong security at very little computational and communication costs but also provides users anonymity, resistance against attacks associated with Kumar et al. protocol like off-line password guessing and privileged insider attacks. It is also safe against other attacks as well like replay, stolen verifier table, stolen smart card, impersonation and man-in-the-middle. However according to X. Li et al. [39], it has no wrong password detection mechanism and suffers from DoS. Also according to A.K. Das et al. [40], it has design issue in password change phase and it suffers from privileged-insider and sensor node capture attacks. It fails to support user anonymity and protect new password. Also According to T. Maitra et al. [41], it is suffering from replay, stolen, session key disclosure and insider attacks. It has also an issue of a single or same secrete key is used for all sensor nodes in the network, so if one of the node is compromised then the entire network security is compromised. The identity of the user is also exposed to an adversary due to same secrete key compromising. S. Qiu et al. [42] introduced a robust mutual authentication scheme based on ECC for Telecare Medical Information System (TMIS) based on Chaudhry et al.’s scheme in order to eliminate different flaws like off-line password guessing, man-in-the-middle and user/server impersonation attacks. Not only this new proposed protocol eliminates flaws associated with Chaudhry et al.’s scheme but also helpful to resist most well-known attacks. The Burrows-Abadi-Needham Logic (BAN-Logic) is used to prove the security of the proposed scheme and it is concluded that it resists against well-known off-line password guessing, privileged insider, user impersonation, server impersonation, replay and man-in-middle attacks. The proposed scheme also provides user anonymity, mutual authentication and perfect forward secrecy. In terms of computational cost efficiency, it is also efficient as compare to related TMIS schemes discussed in the paper. However, according to [43], it suffers from insider attack and has very similar computational cost to the scheme presented in [43] which makes it more efficient in term of computational cost as compare to other related schemes. Similarly, authors in [43] presenting a mutual authentication protocol based on Lee et al. proposed mutual authentication protocol for TMIS is utilizing smart card technology for authentication purpose. The new proposed protocol not only fix different flaws associated with Lee et al. proposed protocol but also provides user anonymity, session key agreement , local password verification, user-friendliness, forward secrecy and
14 mutual authentication. The security of the proposed protocol is proved by most widely used random Oracle model (ROM) and found that it is safe against most well-known attacks like offline password guessing, replay, man-in-the-middle, forgery, stolen verifier and modification, Insider, and smart card loss. Although it achieves more security features than scheme presented in [42] but the computational cost is a little bit higher as compare to scheme proposed in [42]. Also the communication cost is higher compare to other related schemes presented in the proposed paper. The main characteristics of related smart card based authentication schemes discussed in this section are represented in table 2. 1. Request ( IDU , PSW U ) User 2a. (Smartcard, IDU , CID) 3. Store
Key Information System (KIC)
Smartcard, IDU , PSW U , CID
4. Enter ( IDU , PSW U )
IDU , PSW U , CID
2.b Send (IDU , CID)
7. PSWU
Login Rejected No
IDU , CID
If IDU , CID Matched
Card Machine
6 Remote Host
Login Rejected No
Yes
If Enter Password Matched
Yes Login Successful
5. Send( IDU , PWSU , CID)
Fig. 5: Smart Card based authentication In this method of authentication, a smart card is issued to a user when a user join the system for first time by third party known as key information system (KIC). The KIC is a trusted authority that issues a smart card to a user who request for it and also calculates require parameters and secrete information interrelated to the user. This KIC is not liable for user authentication but only issuing a smart card to a new user and handles password changing requests for the registered user. This smart card can be used in specific card terminals with ID and password options to complete authentication process. The smart card based authentication method can be divided into three phases. Registration Phase: In the registration phase, a user enters their request with parameters including user identity IDU and chosen password PSWU to the KIC. In reply KIC issues a smart card to the user along with ID U and CID parameters. At the same time, information like IDU and CID are also forwarded to the remote host. Both remote host and KIC store these information in their storage areas for authentication process etc. Login Phase: In this phase, a user enters their smart card into a card reader (terminal) and uses available options on screen to enter their identity and password. If the entered identity is the same to the one stored on smart card ship then the terminal forwards parameters PSWU, IDU and CID for login request to the remote host. Authentication Phase: In the authentication phase, desire parameters are validated by the remote host for permitting a user to login or not. Once these information are received by the remote host, first it validates IDU and CID against the parameters provided earlier by the KIC. If these parameters are not matched then the request for login is straightaway rejected, otherwise, in the case of both parameters matching, there is still one more check need to be performed of password matching. In the case of entering password matched with KIC stored password then remote host allows successful login, otherwise, the request for login is rejected as shown in the Fig.5.
15
Table 2 Characteristics of smart card based authentication schemes
Name of Scheme Ref [36]
Methodology
Bilinear map
based on ECC Smart card Bilinear Diffie– Hellman problem (BDHP)
Disadvantages
Usage Area
It is still suffering from A5, A10,
WHSNs
A14, A8, A21 and A13 [37]. Its computation cost is also higher [37]. Also does not provide F2, F9 and F5. It has not used any simulation tool for implementation. It requires secure channel during the registration phase. Implementation has not been done through any simulation tool.
Although proposed protocol provides mutual authentication, but unfortunately it suffers from a lot of security attacks and also computation cost is higher.
IoTBased Medical Care System
The proposed protocol is much more secure than Liu–Chung’s protocol because it eliminates various issues associated with Liu-Chung’s protocol and also it supports more features.
WMSNs
This protocol inherits all plus points of Kumar et al. protocol and tries to eliminate flaws associated with it. But unluckily, it is still suffering from many issues. Also it is using single secrete key for entire network nodes, so if one node is compromised then the security of the entire network can be compromised. It eliminates A1, A2 and A13 attacks associated with Chaudhry et al. and Islam et al. protocols. Even though, it is more secure and efficient but it has more computational cost as compare to other schemes and also it suffers from A4 attack. Proposed protocol is based on Lee et al. protocol and eliminates few drawbacks associated with it. Although it is efficient than related protocols but its communication and computational costs are highs.
Advantages
Resists against A1, A10,
A12, A20 and A13. Provides both data F7 and F8. According to [37] it also provides F1.
Ref [37]
ROM under
Ref [38]
elliptic curve Diffie–Hellman problem (ECDHP) Elliptic curve discrete logarithm problem (ECDLP) Bilinear map SC & ECC Symmetric key algorithm Smart card Hash algorithms BAN logic
Resists against A22, A5,
A10, A21, A14, A8 and A13. Supports F9, F2, F1 and F5. Computational cost is less as compare to Yeh et al. and Liu–Chung.
Provides F2 at very low
communication and computational costs. Safe against A5, A10, A23, A8, A4, A13, A1 and A2 attacks.
It has no wrong password
Ref [42]
ECC Smart card Burrows-Abadi
Ref [43]
Needham Logic (BAN-Logic) Fuzzy-verifiers technique ROM Smart card Hash-oracle IFP-Oracle SHA-1 Game theory
Provides F2, F1 and
perfect F6. Safe against A13, A4, A1, A25, A10 and A2 attacks. Efficient in term of computational cost as compare to other schemes. Provides F2, F5, F10, F11, F6 and F1. Safe against A13, A10, A2, A14, A26, A4 and A8 attacks.
detection mechanism and suffers from A11 [39]. It has designed issue in password change phase and also it suffers from A4 and A16 attacks [40]. It fails to support F2 and protect new password. It is suffering from A10, A8, A24 and A4 attacks [41]. It suffers from A4 attack [43]. Also the proposed scheme has more computational as compared to scheme proposed in [43].
Computational cost is slightly
higher than the protocol proposed in [42]. Also communication cost is higher as compare to other related schemes discussed in the proposed paper.
TMIS
TMIS
Our Remarks
3.1.3. Biometric Based Authentication Biometric based authentication system can be defined by physiological and/or behavioral characteristics of human body for their unique identification because every individual has their own unique identifiers and it is not possible for two persons to have same identifiers and people have their own unique fingerprints, voice,
16 hand geometry, earlobe geometry, DNA, retina and iris pattern, signatures and facial [44]. The general rule of biometric based authentication is to determine and compare the physiological signals at both the sender and receiver node of the network. Biometric based authentication system is no doubt more competent authentication system as compare to password and smart card based authentication system or the mixture of both. Here it is not necessary for people to remember passwords for authentication and accessing information. Also it is not a convenient method for people to remember and change passwords time to time for security reasons. This method has an advantage over traditional cryptosystems because it is more secure and also eliminates the issue of pre-distribution of secrete shared keys among entities in WBANs. S. N. Ramlil et al. [45] proposed a scheme known as a biometric-based security for data authentication in WBAN based on biometric based hybrid authentication model in order to secure data exchanging in WBAN and decrease the computational and power expenditure costs. A.K. Das et al. [46] presented a light-weight biometric based user authentication protocol for hierarchical WBANs and enables authorized users to retrieve information from any cluster head. This protocol is using biometric authentication alongside the password authentication to authenticate a user and also according to proposed work, it is more efficient because it uses symmetric key based encryption and decryption mechanism and cryptographic hash function. The proposed scheme supports good mutual authentication mechanism with low computational cost as compare to conventional password based schemes. Security of the protocol is proved under the random oracle models and it stands against well-known attacks like node capture, denial of service, many logged-in users with the same login-id, stolen-verifier, replay, masquerade, smart card breach, man-in-the-middle and privileged-insider attacks. P. Abina et al. [47] proposed biometric scheme is based on securing the ECG information in WBANs prior to communication. In this scheme, all neighbors nodes have to distribute a common key produced through ECG signals. The enhanced ECG-IJS system is introduced to arrange the key agreement for the secure data communication and authentication in WBANs. The proposed key agreement ECG-IJS scheme provides both authenticity and privacy in an energy competent way. The main contributions like ECG-IJS scheme could allocate a key in efficient way in terms of energy, a new hash function supported authentication scheme utilizing ECG signals at both sending and receiving ends and a security analysis framework of WBANs are included in this paper. R. Sudha et al. [48] introduced a novel biometric fusion based trusted anonymous protocol using iris with DNA code to create dynamic multifarious set of signatures for routing request packets authentications. Many of the existing schemes are using RSA for public key generation, however, this protocol or scheme is using Elgamal algorithm and it has a plus point that the same plaintext generates a different cipher text every time it is encrypted. The proposed biometric based protocol provides authenticity, anonymity and security. It has also more throughputs, data packet delivery ratio and reduces end to end average delay. A. Arya et al. [49] presented an advanced version of salam et al. protocol for WBANs based on biometric based mutual authentication scheme between the sink and sensor nodes in order to eliminate plain-text, insider and stolen verifiers attacks associated with previous version. In addition, it also stands against internal, fake sink/sensor and DoS attacks. The proposed protocol is using public key cryptosystem for eliminating fake sink attack which is more resources consuming and hence it is not suitable for recourse constrains sensor networks. In this new version of mutual authentication protocol, the biometric based verification could be accomplished by utilizing fingerprint based verification. The main characteristics of related biometric based authentication schemes discussed in this section are represented in table 3.
17
Enrollment Process
Authentication Process
Start : Biometric Data Acquisition
Terminate Session
Start : Biometric Data Acquisition
No
User Features Extraction
User Features Extraction If Re-enter Template Match Stored Template
Template Generation
Template Generation
Yes
Stored Template
Authentication Process Successful Stop
Fig. 6: Biometric based authentication The following are the most common methods in biometric based authentication system which can be used for user authentication [50]. Fingerprint scans method is working with digital version of human fingers images as every individual finger has their own unique vascular pattern. This system has been in working for last few decades by many government and private organizations for the reliability and unique identification of human. Voice recognition method depends on the voice print that analysis a particular word or sentence of the speaker’s mouth and throat in order to uniquely identified an individual. Facial recognition method works with face structure or numeric codes called face-prints that can recognize about eighty nodal spots on a person face for their unique identification. Retina or iris scans method for individual identification is based on the unique patterns of blood vessels in the retina or color in the iris. The complete process of biometric based authentication can be divided into two main phases known as enrollment and authentication: Enrollment Phase: During this phase, a new user is registered by extracting user biometric features from the user body and a unique biometric based template is created and stored in database. Authentication phase: In this phase, a user biometric feature is extracted from their body, a template is generated and finally the new generated template is compared with already stored templates. If the regenerated template is matched with stored ones then authentication process is successfully completed, otherwise, the request for authentication is rejected as shown in the Fig. 6. Table 3: Characteristics of biometric based authentication schemes Name of Scheme Ref [45]
Methodology
ECG Biometric
Ref [46]
Provides data F1and F7 at
feature Cryptographic hash algorithm
Symmetric key
Advantages
algorithm Cryptographic hash function
low computational complexity and high power efficiency.
Supports good F1
mechanism at low computational cost. Stands against A16, A11,
Disadvantages
No security proof and
results are available. No experiment and comparisons have been done with existing systems. Implementation has not been done through any simulation tool. It does not provide user
Usage Area WBAN
WBAN
Our Remarks It is using ECG feature that provides mutual authentication and security at very low computational complexity with high power efficiency. It is a secure light-weight remote authentication protocol because it stands against many attacks and it is using efficient
18 ROMs AVISPA tool Ref [47]
ECG MIT-BIH
Ref [48]
Ref [49]
Arrhythmia database Cryptographic algorithm SHA-1 or SHA-2 Iris feature DNA coding Symmetric and asymmetric cryptography Digital signature The Onion Routing network Routing algorithm NS2 simulator Fingerprint verification Diffie- Hellman technique Public-key cryptosystems Private (secrete) key cryptography
A15, A12, A10, A17, A18, A2 and A4 attacks.
Provides both F1 and F8 in
an energy competent way. It saves the transmission energy that increases the life time of the battery of senor nodes because it decreases the transmission overheads. Provides F1, F2 and F7. It has a plus point that the same plaintext generates a different cipher text every time it is encrypted.
Provides F1. Safe against A10, A27, A28, A12, A4 and A11.
Fake sink attack can be achieved by employing public-key cryptosystem.
anonymity.
Neighboring nodes share
single common key produced by ECG. If one of the neighbor node gets compromised then entire neighboring nodes are easily compromised. Using Elgamal algorithm for public key generation which might be expensive for sensor nodes.
Using Public key cryptosystem for fake sink elimination which is extremely expensive for resource constrains sensor nodes.
cryptography hash functions and symmetric key algorithm. WBAN
WBAN
WBAN
Although proposed protocol provides F1 and F8 efficiently but neighbors nodes are sharing a common key which might create problems. It saves the battery power of nodes by reduces transmission overhead. Proposed work provides F1, F2 and F7. It also reduces average end to end packet delivery delay ratio and provides high throughput by authorized nodes of the network. Finally, the same plaintext generates a different cipher text whenever it is encrypted which is clearly an advantage. Although proposed scheme eliminates some well-known attacks but it is not suitable for resources-constrained network because it is using public key cryptosystem for fake sink attack elimination.
3.1.4. Multi-Layer Authentication Multi-layer authentication method provides user identification by combining more than one method of authentication. This method of authentication provides more important advantages to a system that utilize them i.e. make the system more secure against various types of security attacks, but these methods are complex and can be varied from domain to domain. For example, bank ATM card can be made more secure by using mutlti-layer authentication i.e. by using password in conjunction with finger print etc for user authentication. In the case of WBAN, at the same time two or more different authentication schemes can be used for authentication purpose for example, a separate system based on key establishment approach can be used for authentication between LPU and sensor nodes and other approach using biometric types of authentication like ECC algorithm can be used for authentication between LPU and application provider (AP). Fig. 7 shows multi-layer authentication process by first entering a simple password and then biometric based authentication scheme for login request to a system. If user entered password matches already stored password then login process will continue to next phase of biometric authentication and in the case of no password matching, the login request will be simply rejected at the initial stage of authentication. Once the password based authentication stage is successful, now the biometric based authentication phase is taken place as: first user biometric feature is extracted and then a template is generated. After the generation of template, it is compared with stored templates and if it matches already stored templates then login to the system is successful; otherwise, it will reject the login request. In order to utilize the resource or system, the multi-layer authentication desires the following three diverse security system layers and layouts: Physical based Security: In this security approach, a user is validated and authenticated based on service card or other kind of physical token. Logical/Knowledge based Security: Recently, this approach is most widely used for a user validation and authentication purposes and it is based on password or PIN which is easily remembered by a user. Biometric based Security: Here a user validation and authentication is based on ECC, retina or iris scan and fingerprints etc.
19 Some of the most recent multi-layer based WBAN authentication schemes are the following. User Enter User PSW U
1
Start : Biometric Data Acquisition
User Features Extraction
8. No
3. No If User Enter Password Match Stored
3. Yes
If Re-enter Template Match Stored Template 7. Stored Template
2. Stored Password
4
Login Rejected
Login Rejected
Store PSW U Template
5 6
Template Generation
8. Yes Login Successfully
Fig. 7: Multi-layer based authentication Q. Jiang et al. [51] have closed look at a dynamic identity based three factors authentication protocol proposed by Islam et al. Although Islam et al. proposed protocol has more advantages over some existing protocols but Q. Jiang et al. argue that Islam et al. scheme is still suffering from password verification during the login issue, impersonation attack, preserve biometric template privacy and off-line password guessing issue in the case of smart card is stolen or lost. To overcome these issues, Q. Jiang et al. presented a more secure protocol known as a robust three factors authentication system using smart card, password and biometric based authentication mechanisms. This proposed protocol provides mutual authentication, user anonymity, user untracability, forward secrecy, security and biometric template privacy at low computational cost. This is also safe against various attacks like privileged-insider, stolen verifier, offline password guessing, online password guessing, replay, modification, user impersonation, server impersonation, man-in-the-middle and DoS. X. Li et al. [39] have introduced an enhanced authentication scheme to resolve the privacy and security concerns in WMSNs. The proposed scheme is based on He et al. scheme in order to eliminate different flaws associated with the He et al. scheme at the low computation and communication costs. This new protocol is based on smart card, password and biometric based authentication methods and it has enhanced the security by having proper wrong password detection method which sometimes caused unnecessary communication and computations costs in the He et al. scheme. It provides security features like mutual authentication, user anonymity, session key establishment and user-friendliness. Also resists against well known attacks such as privileged-Insider, stolen verifier, identity and password guessing, replay, stolen smart card, DoS and forgery. D. Das et al. [52] proposed In-field remote fingerprint authentication system utilizing human body communication (HBC) and on-hub analytics is based conventional password and fingerprint mechanisms in order to provide strong security of critical information exchange among different entities of WBAN and also it provides optimal solution for resource distribution at minimum energy consumption cost. The proposed authentication system is utilizing HBC for on-body communication alongside template extraction (TE) algorithm on the hub device which increases the battery life of the sensor devices. A.K. Das et al. [40] proposed a secure anonymous user authentication protocol for WMSNs is using smart card technology alongside password and biometric based user authentication mechanisms for secure authentication. This work is compared with the He et al. and Li et al. protocols for WBANs and found that this proposed protocol is more proficient in term of communication and computation costs. The proposed protocol has features such as efficient in unauthorized login detection with wrong password, mutual authentication, session key agreement, user anonymity, user and friendly password change phase. The formal and informal security analysis are proofed under BAN logic and well-known ROM and found that it is safe against privileged-insider, stolen smart card, stolen verifier, identity and password guessing, replay and forgery attacks. The proposed protocol has more total computational time as compare to other schemes discussed in the paper.
20 J. Shen et al. [53] presented a proficient multilayer authentication scheme and a secure session key creation scheme for WBAN. This authentication protocol is actually the combination of two protocols. 1: One-to-many group authentication protocol and set of keys organization algorithm are designed between LPU and sensor nodes with minimum energy consumption and computational costs. 2: A novel certificate-less authentication scheme is designed that uses ECC algorithm between LPU and AP and it provides minimal computational cost with high level of security. It provides security features like group authenticity, key secrecy, session key secrecy, Non-reputation, Key escrow resilience and forward secrecy. The main characteristics of related multilayer based authentication schemes discussed in this section are represented in table 4.
Table 4: Characteristics of multi-layer based authentication Schemes Usage
Name of Scheme Ref [[51]]
Methodology
BAN logic Combination of
Ref [39]
(Password, smart card & biometric ) Chebyshev chaotic maps Fuzzy verifier Fuzzy extractor
Hash operations Symmetric key cryptography
Advantages
Provides F1, F2, F3,
Provides F1, F2, F5,
Combination of (password, smart card & biometric ) Ref [52]
TE algorithm Data encryption algorithm
Combination of
Ref [40]
Ref [53]
(password and fingerprint biometric) AVISPA tool Dolev–Yao threat model Combination of (smart card, password & biometric) ROM Symmetric cryptography Fuzzy extractor BAN logic A group key establishment algorithm Certificateless Cryptography ECC algorithm Intractability Problems (ECDLP], Computation Diffie-Hellman Problem [CDHP] & Elliptic Curve Factorization Problem
F6, F7 and F12 at low computational cost. Safe against A4, A12, A13, A20, A10, A26, A1, A25, A2 and A11.
F7, F11 and F13. Resists against A4, A12, A5, A10, A8, A11 and A14. Low communication & computation costs. Provides F1 and strong F7. It enhances the battery life time of both hub device and sensor nodes. Resists against A4, A8, A12, A5, A10, A11 and A14. Also provides F1, F2, F5, F13 and F11.
It provides security
features like F1, F5, F6, F14, F15, F16 and F17. Low computational cost due ECC encryption technique instead of RSA etc.
Disadvantages
Security features are only
compared with Lee et al. and Islam et al. schemes. Only remedies flaw associated with Islam’s scheme.
It suffers from DoS attack
[39]. No simulation tool is used for implementation. It requires more hashing and symmetric key cryptographic operations. Implementation has not been done through any simulation tool. No comparison has been done with other schemes. Use only on-hub analytics It requires more total computational time and communication cost as compare to related Kumar et al. and He et al. schemes discussed in the proposed paper.
Using public key which is
expensive for WSNs. Computational cost is only compared with Li’s scheme. Computational cost of protocol two is only compared with Xiong’s protocol. No simulation tool is used
Area
Our Remarks
Real-life Application Environments
Proposed authentication scheme is better than other related schemes because it provides more features and resistance against many well-known attacks at very low computational cost.
WMSNs
It removes flaws associated with He et al. scheme and it is more superior in terms of security features, communication and computation costs.
WBANs
This scheme is not only providing F1 and F7 but also provides optimize solution for enhancing battery lifetime of both the hub and sensor nodes. Although it eliminates security flaws associated with He et al. and Li et al. Schemes, and offers some extra features but it needs more computational time and communication cost. Also registration center needs to be trustworthy. Proposed scheme is efficient because it is using ECC algorithm instead of expensive RSA etc. Although it has more security features but it is only compared with two other related schemes.
WMSNs
WBANs
21 [ECFP])
for implementation.
4. CLASSIFICATION OF THE AUTHENTICATION SCHEMES Authentication schemes can be broadly divided into non-biometric and biometric based authentication schemes. The following section will discuss some of the well-known sub-types of both authentication schemes types in detail as shown by Fig. 8.
4.1. Non-Biometric Based Authentication Schemes Non-Biometric key management schemes are not based on the people physiological or behavioral characteristics. These authentication schemes are based on numerical values from which different keys for encryption and decryption are calculated by using various types of algorithms or techniques. The following are some types of non-biometric based authentication schemes. 4.1.1. Asymmetric Key Based Authentication Schemes Asymmetric key based cryptography is also known as public key based cryptography was first introduced by W. Diffie and M. Hellman. This cryptography scheme is comparatively new and complex because it is using a pair of keys which comprises of public and private keys for data/information encryption and decryption between two entities involved in the communication to implement information security. The public key is available to anyone in the network and private key is kept secure from unauthorized access, only known to particular entity and generally shared through a large network or internet. In this method of cryptography, a message is encrypted with a public key and could only be decrypted with a private key. Although, it improves data security but existing asymmetric cryptography authentication schemes designed for WBANs have larger overheads as compare to symmetric key based authentication schemes and we know that WBANs/WSN are consisting of various resources constrains sensor nodes, so it is not feasible to implement these kinds of authentication schemes in WBANs/WSNs [54]. Some well-known of the asymmetric key cryptography algorithms are RSA, DSA, PKCS, Elliptic Curve techniques and EIGamal etc. N. H. Kamarudin et al. [55]proposed a secure and efficient lightweight identity based authentication scheme for mobile e-health is utilizing IBE_Trust algorithm and Pluse_Sensor mobile program which would get rid of many security attacks related to mobile e-health system. The proposed protocol for mobile e-health monitoring is utilizing public keys linked with the mobile identity and sensor device identity are authenticated through recording the identity on the ECC in order to create a cryptographic hash function during the login phase. M.H. Salama et al. [56] introduced a mutual authentication protocol for WBANs is using TTP for distribution public and private keys among sensor nodes, cellular phone and the main server. This protocol is based on the amended suggestion of Diffie-Hellman key exchange method and claimed that their proposed protocol is safe against most well-known attacks. Q. Jiang et al. [57] presented a bilinear pairing based anonymous authentication protocol for WBANs that eliminates security drawbacks associated Wang and Zhang’s scheme and survives many well-known attacks. This scheme is using both public and private keys for authentication purpose and a network manager (NM) act as TTP is responsible for generating various system parameters and secret keys for clients and APs. 4.1.2. Symmetric Key Based Authentication Schemes Symmetric cryptography is a conventional technique of encryption and it is also known secrete (private) key cryptography utilizing identical secrete key for encryption and decryption. Although this cryptography is straightforward and competent, but it is not easy for key management [15]. Symmetric key cryptography shares one common secrete key for encryption and decryption of information between two parties those want to communicate. It is lightweight, simple approach and consumes less amount of time for cryptographic process; hence it is preferable approach for maintaining WBANs/WSNs security. Caesar’s Cipher is an excellent example of symmetric encryption. Most well-known symmetric key based algorithms are DES, AES, RC4, Blowfish, QUAD and 3DES etc.
22 N. Khernane et al. [58] presented a secure, lightweight and energy efficient authentication system known as BANZKP for WBAN is using secrete key approach for maintaining both security and privacy. BANZKP verifies sensor nodes identities using symmetric key approach with minimum computational cost which is very much in the favour of limited resource constraints body sensors and also eliminates various replay attacks. It decreases the memory utilization by 56.13 % as compare to TinyZKP scheme. It is more competent in term, if execution time by 5 and 17 times and also the energy consumption is very less that is 80% and 94.11% as compare to W-ECDSA and TinyZKP respectively. C.M. Chen et al. [59] introduced an anonymous mutual authentication key agreement scheme for WBAN is utilizing secrete key among different entities for mutual authentication, data security and privacy purposes. J. Liu et al. [60] presented efficient authentication and secure key exchange protocol for WBANs using layered network model approach with two-hop star topology network. In this paper, J. Liu et al. has presented two new authentication key sharing schemes based on symmetric key based cryptography. These introduced schemes provide selective authentication among nodes in WBANs and two pairs of session keys are efficient produced at the same time and quickly in every certification process.
4.1.3. Elliptic Curve Cryptography (Signature) Based Authentication Schemes Elliptic curve cryptography (ECC) is using public key encryption method based on elliptic curve theory and this is quicker, lightweight and more proficient method for cryptographic keys generation. This cryptography method for key generation is using elliptic curve equations as an alternative to conventional methods like product of two large prime numbers etc. ECC method can be combined with other asymmetric key encryption methods. This is more suitable method for different types of resource constrains WSNs because it achieves high level or equal security with just smaller number of bits (164-bits) key instead of large number of bits (1024-bits) using by other methods. Today, ECC is most widely used method for security in mobile applications or WSNs because it consumes very little amount of computational power and battery power as compare to other key generation schemes. ECC was original introduced by a mobile electronic business (e-business) security provider known as Certicom and in recent times it was licensed by a manufacturing of integrated circuitry (IC) and network security products organization known as Hifn. RSA has introduced their possess version of ECC. Today several manufacturing companies like Pitney Bowes, TWR, Motorola, Siemens, Cylink, VeriFone and 3COM have developed their products with ECC support. S.K. Shankar et al. [61] has proposed a system for secure key sharing and securing medical data among different entities with the help of using ECC method. In addition, proposed protocol is providing mutual authentication between sink node and BS server by using hash value of sink node ID, timestamp and registered random number. C. L. Priya et al. [62] presented a scheme based on ECC algorithm for efficient and securing data communication between wearable/implanted sensor nodes and sink node in WBAN. A. Ibrahim et al. [63] introduced mutual authentication system for RFID tags based on ECC for securing data transmission among different entities involved in the communication. The proposed protocol has an advantage because it achieves or completes the mutual authentication process only in two steps and satisfies the entire crucial security requirements of the RFID-based healthcare scheme. 4.1.4. Hash-Based Message Authentication Code Schemes Hash-based Message Authentication Code (HMAC) is a tool used for generating message authentication codes. A HMAC is a particular kind of MAC that uses the conjunction of a cryptographic key and hash functions. It provides secrete or private key to both sender and receiver which is only known to the particular sender and receiver. In this method of authentication, whenever a sender wants to send data to a receiver, first it generates a unique HMAC for this particular request by hashing the sending data with the private key and finally forwards it as a part of a request. Cryptographic hash functions like SHA-3 or SHA256 might be used for calculating HMAC. The MAC algorithm result is generally denoted by HMAC-X where X denotes the hash function that has been used such as HMAC-SHA3 or HAMC-SHA256. The HMAC strength depends on the factors like strength of hash function, quality of the key and size of the hash output. MAC can be used for both data integrity and message authentication.
23 X. Li et al. [64] introduced an enhanced version of 1-round authentication scheme for WBANs with user anonymity that remove flaws associated with previous version is using the MAC during authentication phase in order to validate server by a user. J. Shen et al. [53] proposed a lightweight multi-layer authentication system for WBANs is using MAC during authentication and group key agreement for providing the mutual authentication between PDA and sensor nodes. S. N. Ramli et al. [45] presented biometric based security for data authentication in WBAN is utilizing MAC at the data authentication model. Here MAC is calculated from the input biometric feature and hash which is created on the original message. After that the message would be forwarded to the destination and once that message is received by the receiver, it starts signal matching statistically. If it is matched then the authentication is successful, otherwise, message is discarded.
4.1.5. Anonymous Based Authentication Schemes Anonymous based authentication methods allow users to get access to the restricted resources without knowing the real identity of users. F. Wu et al. [65] proposed an improved and anonymous 2-factor authentication scheme for e-health not only provides resistance against off-line guessing, user impersonation and sensor nodes capture attacks but also at the same time provides user authentication with user anonymity feature and it is not possible for an attacker to track the user location. T. Li et al. [66] presented efficient anonymous authenticated key agreement protocol for WBANs is using cryptographic algorithm in order to encrypt user secrete information in order to accomplish user anonymity and it is guaranteed that a user privacy information are not leaked whenever a user is requiring medical treatment. D. He et al. [67] proposed anonymous based authentication protocol for WBANs to overcome flaws associated with existing anonymous authentication scheme proposed by Liu et al. The proposed scheme provides client anonymity by denying AP and network manager to get the real identity of client during the communication or from the captured message.
4.2. Biometric Based Authentication Schemes
Biometric types of authentication schemes are using physiological and/or behavioral features of the individual body in order to uniquely identify a person because every person has unique identifiers and there is no chance that two or more person have same type of identifiers like have same fingerprints, voice, hand geometry, earlobe geometry and DNA etc. Biometric characteristics could be separated into physiological class consisting of structure of the body parts such as hand geometry and fingerprints etc. and other class is behavioral consisting of personal behaviors such as voice and writing etc. [68] . This method of authentication is easy to implement and more secure because here it is not important to remember password or other authentication credentials for authentication. The following section describes most well-known authentication methods used in WBANs.
4.2.1. Iris Scan Based Authentication Schemes Iris is a thin rounded structure which takes place between the cornea and lens of the eye and it is responsible for controlling the amount of light reaching the retina. The eyes color is described via the iris. Iris scan based authentication method utilizes mathematical and statistical based algorithms allow identification on iris images of one or both eyes of an individual. It is important to note that every individuals or even identical twins do not have unique iris images. In this type of authentication, all iris templates are enrolled and stored in databases. For authentication purpose, the new extracted iris generated template is compared with stored databases templates in order to authenticate a person. Today this method of authentication is used in many countries of the world for many purposes for example; it is used by many immigrations or border-crossing agencies for individual’s authentication. Iris based authentication method is more accurate, stable, highly secure and trustworthy method because it is less prone to various attacks as compare to other biometric based methods like finger print. It is notable that right and left eye of an individual has different iris pattern combination [69]. R. Sudha et al. [48] proposed enhanced bio-trusted anonymous authentication routing method of WBAN and the purpose of the proposed work to protect unlinkabilitly and unidentifiably factors because these two factors have importance in WBAN. The proposed authentication routing method provides resistance against
24 many security attacks by using iris fused with DNA coding to produce a complex set of signatures for route packets authentication. K. Seetharaman et al. [70] presented a competent authentication watermarking system to preserve the ownership of digital images is utilizing biometric Watermarking method. A new lossless iris code hiding approach for digital images is utilizing integer wavelet transform (IWT) and threshold embedded approaches. The original images could be easily backed up with no loss, if the watermarked images have not been properly or lossy processed and the visual superiority of the watermarked-images and the authorization precision even after attacks are the greatest amongst the many available lossless data hiding approaches. Finally, according to K. Seetharaman et al., proposed iris code based reversible watermarking is an efficient and valuable approach to verify images. P.T. Selvi et al. [71] proposed authentication scheme using iris and palmprint features of a boy in order to make this scheme safe against dictionary attacks. In the proposed multimodal biometric scheme texture properties are pulled out from the iris and palm images are stored in the main server database in the form of encrypted binary templates in order to eliminate the dictionary attacks. The image processing methods are utilized to pull out biometric information from the iris and palmprint. During the login phase the mutual authentication between user and the server is done. At the same time, a symmetric key is produced on each side of the communication which can be utilized for security purposes between parties involved in the communication process. Finally, the proposed scheme may be used in existing biometric or password based authentication schemes without involving extra computation.
4.2.2. HRV Based Authentication Schemes Every person has unique HRV characteristic and means that it can be utilized for secure communication between two parties. In HRV, heartbeats are measured at time interval and suppose if a person has 60 beats per minute then it does not mean one beat per second. Actually, there is different time variation is involved between the two heartbeats rate intervals for example the first heartbeat interval is 0.85 second and the next interval may take 1.35 seconds for heartbeat interval. This difference between two or more heartbeats intervals makes it suitable choice for HRV based authentication in WBANs. The HRV measurement offers a nonpersistent measurement of the automatic nervous system (ANS) action that composed of two fundamental parts: first one is known as the sympathetic and other is parasympathetic. Sympathetic activities may be caused of increasing heart rate while parasympathetic activities may decrease heart rate. These alterations in the sympathetic and parasympathetic control of heartbeats rate would outcome in measuring HRV changes [72]. Although different methods such as BP, ECG, pulse wave signals derived from PPG and ballistocardiograms may be used to distinguish beats but the most superior is ECG because it offers an apparent waveform that makes it simpler to keep out heartbeats not originating in the sinoatrial node. S. Pirbhulal et al. [73] proposed a new biometric based algorithm for WBANs using HRV in key generation phase for making system secure and the proposed algorithm is compared with three other well known authentication methods use in WBAN are Rivest Shamir Adleman (RSA), Physiological Signal based Key Agreement (PSKA) and Data Encryption Standard (DES). Result shows that the proposed algorithm is more competent in terms of power utilization, transmission time utilization and average remaining energy. Previous protocols have similar objectives to H2H but they are facing a lot of serious issues which make them weak for deployment. To overcome some of the serious limitations associated with previous H2H protocols, M. Rostami et al. [74] introduced lightweight heart-to-heart (H2H) authentication system for implanted medical sensors is utilizing heartbeats (ECG) data for key generation, key agreement and authentication is well suited for authentication to cardiac IMDs. The proposed protocol takes out time-varying arbitrariness from ECG signals and utilizes this arbitrariness to resist against many security attacks. This H2H authentication protocol is lightweight because it only needs a low-exponent RSA encryption and only few AES invocations and hash calculations by IMD. K. Cho et al. [75] presented a lightweight key establishment protocol known as “Efficient Secret Key Delivery Using Heartbeats” is utilizing inter-pulse interval (IPI) of PPG physiological signals with the intention of eliminating demerits of the fuzzy vault protocol. The proposed protocol establishes a secret key using IPIs and it is shared between sender and receiver nodes. The proposed protocol is consisting of many phases: i. witness generation ii. ECC encoding and decoding iii. Key generation iv. Key transmission v. Key derivation vi. Key verification and vii. Key confirmation. The main advantage of the proposed protocol is reducing the key generation time by decreasing the length of witness and at the same time, it is preserving the benefits of the
25 IPI based key establishment protocols. The proposed protocol supports basic prerequisite of the security of the medical services like treatment, diagnosis and prevention etc. Although some existing key establishment schemes are facing problems like high communication and computational costs for maintaining the network security but the proposed protocol is efficient as compare to previous protocols because it needs comparatively less time while maintaining good level of security.
4.2.3. Fingerprints Based Authentication Schemes The concept of fingerprints authentication is using from many years and it was utilized in 19th century for the identification of expected criminals by the criminologists. However, the computerized fingerprint scanning technology and its authorization was primarily emerged in the 1970s. Before fingerprint scanning authentication method, simple authentication methods such as token and password authentication methods were used and still in use in some areas, but they are extremely susceptible to lost or stolen attacks. Password based authentications are also not preferable by many organizations for their security system due to weak or easily compromised passwords and even strong passwords could not force resistance to hacker attacks. The maintaining cost of token and password based authentication methods are high and incompetent. Also it is time consuming for IT support team to reset forgotten or lost passwords and decrease employee productivity. Although biometric based authentication schemes are more secure and reliable as compare to simple password and token based authentication schemes but still they are not entirely safe and have some privacy issues [76]. Fingerprint scanning method is functioning with human finger images or vascular patterns templates store in digital form and this is competent method as compare to password based authentication method because it is not important for individuals to remember the password because every individual finger has their own unique vascular pattern. The unique vascular pattern of the individual finger make fingerprints based authentication schemes more accurate and highly reliable. This method has been in working for last few decades by many government and private organizations for their security management. It can be used by government sector for border control, voter registration, national ID and e-password etc. and can be used by organization for their workforce management such as time and attendance, payroll management and human resources management. It can also be used by bank industry for customer identification, non-account holder identification and employee identification. Verification and identification are the two methods used to determine the individual identification by utilizing biometric technology. Verification authenticates that an individual is reliable who claims for the resources and execute one-to-one comparison of an individual fingerprint generated sample template against stored templates. However, the identification method execute one-to-many comparison at a time in order to authenticate the individual identity and the identification process is carried out by comparing an individual generated sample template against then entire stored templates in a file. N. Zhao et al. [77] proposed a novel biometric behavior authentication system is worked at the physical layer based on the users fingerprint using dissemination characteristics of wireless channel to provide highly level security by forcing resisting against various types of well-known security attacks. The proposed authentication algorithm is evaluated through experiments and proved that it is not only increasing availability and reliability but at the same time, it is much more suitable for limited resources constraint WBANs. A. Arya et al. [49] introduced an improved remote user verification scheme for WBANs in which they have used asymmetric key concept using Diffie-Hellman technique for security and declared that their proposed system is safe against reply, plain text, internal, stolen verifier, fake sensor, fake sink and DoS attacks. In this scheme, public and private keys are distributed by a trust third party (TTP) to cellular phone or sink device and sensor nodes. These keys are regenerated and redistributed periodically and would be done in a secure manner. Addition to asymmetric cryptography, fingerprint based biometric authentication is also included in the proposed scheme for retrieving information from mobile phone devices and this way it makes the mobile phone devices more secure against stolen verifier and internal attacks. X. Li et al. [78] presented a robust biometric based on 3-factors authentication protocol for mobile network in smart city can be also utilized for e-health applications. Apart from bilinear pairing and ECC, the proposed authentication protocol is also utilizing fingerprint based identification for global mobile network in smart city with the goal to achieve high level security. During the mobile user (MU) registration phase of the protocol, a fingerprint is scanned and registered at a mobile device. Now during the authentication phase of the protocol, imprint the fingerprint for making entry to the mobile device and calculating different parameters for authentication purpose.
26 4.2.4. ECG Based Authentication Scheme ECG based authentication schemes utilize the electrical activity and muscular functions of a heart to make authentication of users and it is one of the best option for WBANs authentication schemes. It is one of the easiest way of collecting electrical activity and muscular functions of a heart. ECG measures the rate and regularity of heartbeat. At the same time, it also offers indirect proof of blood circulation in the heart muscle. The ECG based signals can be collected through attachment of electrodes to the body and these electrodes observed electric impulse generated by heart. ECG signals are mostly represented in the form ECG wave. An unsecure ECG signals based authentication schemes without anonymous property can be vulnerable to man-in-the-middle attack [79]. ECG-based authentication is most helpful in the case of patient in serious condition such as in heart attack case and it will be not possible for patient to supply authentication necessary credentials based on biometrics. Unlike traditional authentication approaches such as fingerprints, passwords, face and smart card etc. ECG signals can’t be copied, captured and allows nonstop identification. E. K. Zaghouani et al. [18] proposed ECG based authentication scheme for e-healthcare system, it authenticates patient while protecting the privacy of the sending ECG signals. The proposed authentication scheme permits authentication node and the target application to make a secure authentication even though the authentication process is completed by using an untrusted channel. Finally, this scheme is using linear prediction code (LPC) to hide the important ECG data and this scheme emerges as a substitute to the fuzzy vault method. S. Zebboudj et al. [80] presented competent and secure ECG based authentication system for e-healthcare system based on new biometric feature extraction mechanism which accomplishes higher proficiency of authentication amongst the sensor nodes. This scheme permits every pair of sensor nodes in the identical medical body area sensor networks (MBASNs) to share one secrete key that has been shared securely between them. In this proposed work, Elliptic-Curve Diffie-Hellman (ECDH) key agreement protocol is used to produce a common secrete key which not only guarantees encryption but at the same time, it also ensures the biometric based authentication of the sensor devices in the network. According to Sofia Zebboudj et al., the proposed authentication scheme feature extraction technique accomplishes superior performances as compare to the improved fast Fourier transform (FFT) technique because it reduces false acceptance rate (FAR), false recognition rate (FRR) and the period of time of the ECG signal. Y. Chen et al. [81] introduced finger ECG-based authentication scheme for healthcare using two-phases authentication utilizing artificial neural network (NN) models that balance the inaccurate performance of rejection and acceptance. In the first phase, a “General” NN model is created based on the data from the cohort and utilized it for first round screening and in the second phase, personal NN models are created from each particular user data as fine-grained recognition. The proposed algorithm allows very quick authentication by utilizing just 3 beats within 3 seconds. The proposed authentication algorithm is tested in a laboratory experiment with 50 subjects and result in average FRR and FAR under 10%. This performance will be more superior for less than 30 groups of cohort and result in average FRR and FAR below 5%. This algorithm is checked on the entire data set and various sizes of subsets containing 5, 10, 20, 30 and 40. From the results it is cleared that the introduced algorithm is trustworthy and very much realistic for user authentication and have average FRR and FAR under 10% for the entire data set. 4.2.5. PPG Based Authentication Scheme PPG can be also used as authentication method instead of ECG in WBANs and PPG is quite uncomplicated non-persistent and inexpensive optical process use in authentication schemes. It could be also utilized to discover blood level varies on the micro vascular cot of individual tissue [82]. PPG signals are collected via attaching sensors to ear or finger and light is used to illuminate the body and observed blood flow in the user body. PPG signals are produced because of unintentional body processes and that is why it is impossible to be copied. The PPG signals might be utilized in healthcare system for a lot of reasons because they offers many benefits such as it may be utilized to measure blood pressure and oxygen etc. as compare to other type of biometric systems and due to these benefits, it is preferable approach for authentication schemes use in WBANs. Recently, V. R. Reddy et al. [83] proposed enhanced biometric security system via two-level authentication based on PPG signals and PPG signals are collected via face and finger of the subject of cross-relationship. Finger print and face detection is carried out at first level, however, the security of both of them could be easily violated by using 3D printed finger tips or using face masking through surgery or through 3D printed face masks wearing. For these reasons, a second level security is required and therefore, proposed authentication scheme has utilized PPG signals to improve security.
27 T. Choudhary et al. [20] introduced authentication scheme for WBANs and mobile health applications is based on noise-robust PPG based biometric utilizing pulsatile waveform relationship. The introduced authentication scheme has four different phases and it is tested and validated utilizing PPG signal got from twenty-four real and six pretender subjects. The performance assessment outcomes illustrate that the proposed authentication scheme utilizing NCC metric get a FRR of 0.32 and FAR of 0.32 for the threshold of 0.997 and it means that the proposed authentication scheme is far better because it has lower computational cost as compare to other PPG based authentication schemes. N. Karimian et al. [84] proposed non-fiducial PPG based authentication for healthcare system and the proposed work looks over non-fiducail characteristic extraction for PPG based authentication scheme for the first. In the proposed scheme, two steps feature selection procedure has been used which could result in a degree of freedom to eliminate the interrelated feature that may reduce authentication performance. In the first step, Kolmogorov-Smirnov (KS-test) is used to eliminate interrelated features because a feature will be judged superior if it is well interrelated to a class without any connection to other features and in the second step, Kemal PCA (KPCA) is a nonlinear method utilized for dimensionality decline and the authentication precision get better when dimensionality declines. Finally, supervised and unsupervised machine learning methods are used for authentication performance evolution. The performance outcome shows that 99.84% precision with EER of 1.31% could be attained based on non-fiducial extraction. Authentication Schemes Biometric Based
Non-Biometric Based Asymmetric Key
[55]
[56]
Symmetric Key
[58]
[57]
ECC
[61]
[62]
[59]
[60]
Hash Based MAC
[63]
[64]
[53]
[45]
Iris Scan
[48]
[70]
HRV
[77]
[49]
[66]
[67]
[74]
[75]
ECG
Fingerprints
[18]
[78]
Anonymous
[65]
[73]
[71]
[80]
[81]
PPG
[83]
[20]
[84]
Fig. 8: Various authentication schemes
5. AUTHENTICATION BASED ON ADVANCED METHODOLOGIES Authentication is the very basic requirement for achieving integrity and security of a network. Although there are many methodologies are used in WBANs but in this section of the paper, we are only discussing advanced authentication methodologies like machine learning and game theory based authentication.
5.1. Machine Learning Based Authentication Schemes The majority of existing conventional authentication protocols are working on non-machine learning based authentication, so it is impossible for them to resist against ever-changing attacks. This issue demands an adaptive validation/authentication and risk aware solutions. This demand causes the creation of an autonomously authentication protocols those able to change and modify it automatically. Recently, various types of technologies and authentication methods are used in WBANs. The involving of the broadcast nature of traffic in wireless network and at the same time, it must also think about the resource constrained devices those have to perform heavy authentication jobs are the most important issues for WBANs. To overcome the abovementioned issues, a lot of researches have been done over the last many years on WBANs authentication solutions in order to find the efficient solution. Out of these solutions; one is a machine learning based authentication. Machine learning based authentication schemes are those where some sort of
28 artificial intelligence (AI) is involved that gives the ability to the system to learn and improve automatically from experience without requiring any explicitly programming. Machine learning based authentication is mainly focus on the development of authentication schemes that could retrieve information and utilize it for automatic learning. The majority of machine learning applications for maintaining security are utilizing the method of anomaly detection, which is utilized to identify incidents those don’t equal to an anticipated pattern. Anomaly detection is a valuable procedure in many situations but most of the time developers misapply it. The most useful machine learning methods/algorithms use in the wireless networks are Artificial Neural Network, Support Vector Machines, Naïve Bayes, KNN, Decision Tree, K-Mean, Deep Learning and Random Forest [85]. Some of the well known machines learning based authentication schemes for WBANs are the following: M. T. Gebrie et al. [86] proposed risk based adaptive authentication scheme for IoT in smart home based ehealth system based on machine learning technique and it is used to recognize the behaviors of a user and authenticate the legitimacy of the sensor devices. This solution verified the legitimacy of a device and user. The proposed design utilizes a Naïve Bayes machine learning algorithm to constantly observe the channel features deviation, examines a possible threat and carry out adaptation of the authentication solution. Based on the channel features deviation observation, it evaluates the threat in order to find out the likelihood of a device in query being compromised and based on the threat score get from the assessment, the model choose the authentication judgment appropriate for the specific threat score. Moreover, requires elected authentication decision resource is evaluated against the existing resource of the authenticator device and in the case of insufficiency; the validation procedure is offloaded to a device that has sufficient resource ability. O. Salem et al. [87] presented anomaly detection framework for medical WSNs is utilizing support vector machine (SVM) and linear regression models for patient and healthcare monitoring. The proposed framework combines both machine learning and data mining algorithms with recent sensor fusion methods and proposed framework can be utilized for differentiate between uneven deviation in the examined patient physiological parameters and defective sensor data to guarantee consistent operations and real-time large-scale monitoring from smart devices. According to the proposed anomaly detection framework, anomalous measurement information can be resulted from spoiled sensor devices or it can be caused by some external malicious activities which could lead to wrong diagnosis or even in patients’ death. Therefore, for eliminating these kinds of issues, SVM has been proposed in order to categorize abnormal behaviors in the receiving sensor data. If any abnormal behavior is found, the responsibility of linear regressive model is to find out if the patient is entering a serious condition or if a sensor device is reporting wrong measurement. The experimental analysis of the proposed framework shows that it has the ability to quickly recognize sensor device anomalies and also it provides higher true positive and lower false negative rates as compare to many other algorithms. According to S.A. Haque et al. [88], sliding window has not been utilized for training data which can decrease the complexity. However, this can have an effect on the strength of the system due to inadequacy in the data update process. Also according to S.A. Haque et al. [88], the linear regression is not a competent prediction tool for WBAN applications where physiological parameters can change rapidly. T. Ali et al. [89] proposed dynamic remote verification via efficient behavior capturing for health applications by implementing a lightweight Linux Kernel security module in IoT devices. The proposed module of attestation is capable of measuring and reporting several applications static and dynamic behavior at the same time to the challenger for recognizing the behavior purpose. For this reason, a technique is developed which is responsible of storing corporation’s personal applications in a single platform configuration registers (PCR) and stored measurement log (SML) which eventually eliminate the privacy concerns associated with behavior log. In the proposed technique, the behaviors of applications are verified through machine learning methods and the result demonstrates that differing behavior could be discovered effectively by the verifier. The main characteristics of related machine learning based authentication schemes discussed in this section are represented in table 5.
29
Table 5: Characteristics of machine learning based authentication Schemes Usage
Name of Scheme Ref [86]
Methodology
Naive Bayes machine
Advantages
Validates both the
learning algorithm Naive Bayesian network
Ref [87]
Support vector machine Data mining Linear regressive
algorithms
Decision tree Physiological
parameters
Ref [89]
Lightweight Linux
kernel security module Machine learning techniques SHA-1 and SHA-256 Bayes class algorithms WEKA tool
authenticity of a user and a device. Provides an offloading functionality. Quickly able to recognize abnormality and compare with other algorithms. Maintains a higher positive and lower false negative rates. Sliding window has not been utilized for training data which can decrease the complexity [88]. It can report and measure several applications dynamic and static activities at the same time.
Disadvantages
No simulation tool is used
for Implementation. No mathematical proof and comparison is available with other schemes. It can affect the strength of the system due to deficiency in the data update process because it does not utilized sliding window for data training. [88]. The linear regression is not a competent prediction tool for WBAN applications where physiological parameters can change rapidly [88]. Comparison is not available with other authentication schemes.
Area
Our Remarks
E-Health
Although it provides authenticity of both a user and a device but it has not used any simulation tool for implementation. The proposed anomaly detection method is quick to recognize abnormality and also it has higher positive and lower false negative rates. Even though it has few benefits but it is still suffering from few issues.
MWSNs
IoT
It supports both static and dynamic activities. The outcome comparisons are calculated through measurement and reporting log comparisons with window-based approach.
5.2. Game Theory Based Authentication Schemes A game theory is a part of mathematics that deals with different strategies looking for competitive situation where the result of one player choice of action is based on the action selection of another player. Or Game theory is a mathematical model which allows users to analyze situation where people or competitors in the same area take decisions that would affect each other interests or outcomes. In the early twenty century, mathematicians introduced different simple games, afterward they introduced more complicated games and this way finally the importance of game theory begins. A game is consisting of players and their strategies. Generally, a game consists of at least 2-players and a player to make successful strategies options depends upon the strategies options of another players. Every player wants to adopt a strategy that maximizes their benefits and it means a strategy adopted by one player can influence the result of other player strategies. There are many types of games; one of them is a game perfect information in which a player always aware the strategy adopted by another player and on the other hand, the game in which a player does not have knowledge of other player strategy is known as imperfect a game of imperfect information because either these strategies are made at the same time or hidden. Various kinds of games in game theory are helpful in order to analysis various kinds of problems. The various kinds of games can be formed on the basis of players participates in the game, collaboration among the players and symmetry of the game [90]. Cooperative and Non-Cooperative Games: In cooperative games, players are agreed to take on a specific commitment via negotiations and contracts among players. One example of cooperative game is the garments organizations; assume they want to minimize their advertisement expenditures and they negotiate the situation and try to agree on same conditions. However, the organizations are not certain whether all organizations will follow these conditions or not. This situation creates a problem among garments organizations. On the other hand, the government limits the advertisements of garment organizations on TV or through other media of communication. Thus it would help in minimizing the advertisements expenditure of garment organizations.
30
On the other side, non-cooperative games are referred to games where each player uses their own approach/strategy in order to capitalize on their revenue [91]. Best example of non-cooperative game is prisoner’s dilemma, where each prisoner wants to maximize their profit by trying to reduce their penalty. Generally, non-cooperative games give perfect result as compare to cooperative game because noncooperative games are based on extremely deep analysis of a problem. Non-cooperative game theory looks at how negotiation dealings would influence the division of payoffs inside each alliance, whereas cooperative game theory gives advance approach because it explains the structure, policies and payoffs of alliance. Symmetric and Asymmetric Games: In symmetric based games, policies/strategies accepted by every player are identical. Symmetric games only could exist in temporary/short-term games because the number of choices/options with a player gets higher in long-term games. The decision to be made in this type of game does not depend on the players of the game but it relies on the strategies utilized. The decision will stay the same even in the case of substitution players in the symmetric games and one example of this type of game is prisoner’s dilemma. However, asymmetric games use different strategies for different player and in asymmetric games, it is not necessary that one strategy that is useful for one player might be useful for other player. On the other hand, decision relies on various strategies adopted by players and decision of the players. One example of the asymmetric game is the entrance of novel business in a marketplace since various businesses take on various strategies to make entry into the same marketplace. Constant Sum, Zero Sum and Non-Zero Sum Games: In the constant sum games, sum of the results remains constant or same even though if the results of individual’s players are dissimilar. Zero sum game is the one in which sum of results of all players remains zero. It means that various strategies of various players can’t have an effect on the available resources. Furthermore, the profit of a player is all the time remains equal to the loss of another player in the zero sum game. Best examples of this kind of the game theory are gambling and chess where the gain of one player is equal to the loss of another player. In non-zero sum games, the sum of the results of entire players will be not equal to zero. To covert the nonzero sum to zero sum game can be done by adding up one dummy player in the game. The losses of the dummy player can be superseding by other player’s net earnings. Examples of the non-zero games are the cooperative games. Normal Form and Extensive Form Games: Normal form games represent the strategies and payoff in the form of a matrix or in a tabular form. The matrix represents the strategies take up by various players and their plausible result. These kinds of games are helping in identifying the dominated strategy and Nash equilibrium. However, extensive form games represent different strategies adopted by various players and their possible outcomes in the form of the decision tree. In the tree structure, different nodes represent different names of the players participate in the game. Simultaneous Move Games and Sequential Move Games: The simultaneous games are the one in which a strategy adopted by two or more players is simultaneous. In these types of games, players have no knowledge about the strategy of other players. However, sequential games are opposite to the simultaneous in that strategies adopted by the players are known other players. In the sequential games, strategies adopted by different players are partially known to other player. It means that a player does not have sufficient knowledge about the strategy of other player because a single player may not be using a single strategy and other player is not sure that how many strategies are followed by the competitive player. Sequential move games are denoted in the extensive form while simultaneous are denoted in the normal form.
Game theory cannot be only applicable to economics, political science, law, biology, sociology and philosophy fields but it is equally applicable to computer science field. In the computer science field, it cannot be only applied to distributed computers, algorithms and formational theory etc. but equally important in the area of networking as well. In the networking area, it can be applied to both wired connected and wireless networks. Security, authentication and privacy are the most key challenges in the WBANs. Biomedical data of patients collected by WBANs are very crucial and sensitive; therefore, its proper security management is significant, otherwise, collected biomedical data might be mixed with each other and this mixing of data or corrupted data through various security attacks can be extremely dangerous especially in the case of diseases diagnosis. The mixing of data could be result in wrong prescription suggestion to a wrong patient which may
31 caused serious issues to the patient and sometime cause in his/her death. Different fields have different security requirement and challenges for example; a patient monitoring system may require more security than smart parking solution. Authentication is also a key challenge in WBAN and patients data originality and integrity are important for their treatment. Finally, the privacy of the patients or users is important aspect as well in WBANs because patients or users do not want their personal data to be misused and WBANs would provide the privacy of the wireless communication channels to prevent eavesdropping. To design a lightweight secure authentication protocol for WBAN is a tough challenge due to limited resources availability. Game theory can be used in WBANs as one the most popular tool for security management. In the field of WBAN security, game theory can be utilized to capture the nature of different network security attacks. A security strategy model is created in order to maximum the security performance and tries to eliminate different security issues as much as possible. Today, many methods are used in game theory to carry out strategic analysis of the choices of WBAN attacks formed either by an organized group or a single attacker. Game theory is a key concept used in various fields to observe large number of possible attacks scenarios in WBANs. A number of methods and suggestions of numerous possible actions are also provided by game theory alongside the possible outcomes to control happening of security attacks in future. This way, researchers could evaluate all possible combinations of security attacks in WBANs and fix general rules for them. Some of the most recent well-know game theory based authentications schemes in WBANs are the following: F. Wei et al. [1] proposed secure password based anonymous authentication protocol for WBANs and verifies their security through ROM. This protocol is more suitable for WBANs because it is based on simple human rememberable password. In this paper, AKE security game and anonymity attack game are used to improve the security of the protocol. S. Chatterjee et al. [31] introduced an efficient user access control protocol for WBANs is secure against many passive and active attacks and it is using AVISPA tool for simulation. This protocol is also using game theory for enhancing security performances. A. K. Das et al. [32] proposed secure key agreement authentication protocol for health monitoring and it is utilizing the most commonly accepted BAN logic and ROM for formal security analysis. The proposed protocol is using AVISPA simulation tool for formal security confirmation and shows that the proposed protocol is secure against passive and active attacks. Furthermore, game theory is used to enhance the security performance of the proposed protocol. G.Gao et al. [34] presented a chaotic maps-based authentication system for WBANs and BAN logic is used for the formal security analysis and also using software implementation technique of Chebyshev polynomial. In the proposed protocol, the technique of provable security is used for resistance against well-known attacks. The verification of security is under ROM based on the Abdalla and Pointcheval model. Game theory is again used in the proposed protocol for improving security performances as well as for security proof. A. K. Das et al. [40] proposed user anonymous authentication scheme for healthcare system has reviewed Li et al. protocol and developed an advance version of Li et al. protocol that eliminates the flaws associated with previous version. The formal security verification is done by using AVISPA simulation tool and it is concluded that it is safe against many active and passive attacks. Furthermore, it uses game theory for formal security analysis. T. Maitra et al. [41] introduced an efficient and secure communication protocol for patient monitoring (SecPMS) for healthcare system is using ROM for SecPMS security analysis and it confirms that proposed proctol is much more secure against well-known attacks. Also in this paper, game theory is used to enhance the security performance of the proposed protocol. N. Radhakrishnan et al. [43] proposed remote user mutual authentication scheme is utilizing smart cart for TIMS is providing the formal security analysis through some well known models like real-or-random (ROR) and proves the security of the proposed scheme by ROM and AVISPA tools. Furthermore, game theory is used for improving security performances as well as for security proof. D. He et al. [67] presented anonymous authentication scheme for WBANs has overviewed most recent anonymous authentication scheme proposed by Liu et al. and mentioned that their scheme is not secure for WBANs. The proposed scheme is more secure as it eliminates the security flaws associated with Liu et al. proposed scheme at the similar computation costs at the client side. The proposed scheme is based on most recognized security model proposed by M. Bellare et al. for key exchange schemes and the security of the proposed scheme is based on a game between a simulator S and challenger A.
32 X. Li et al. [78] proposed a biometric based three-factor authentication protocol for smart city has reviewed Gope and Hwang proposed authentication scheme for global mobility networks and it has identified weakness associated with their scheme. The proposed fingerprint based three-factor authentication protocol can be also used for e-health. This protocol is using six consecutive games (G0, G1,… G5) to improve the security and the comparison results demonstrate that the proposed scheme is more secure as compared with other related schemes. A. Arfaoui et al. [92] proposed a stochastic game for adaptive security in WBANs to stable the tradeoff between security level and network performance while considering dynamics circumstance. In the proposed work, a smart object takes a judgment to authenticate receiving packets or not after surroundings scrutiny. The proposed game theoretic system is more competent in terms of security, throughput and network energy consumption than benchmark algorithm. Also the proposed system is more efficient than Node Capture Game (NCG) security game and MμTesla authentication scheme in terms of throughput and energy consumption. M. Wazid et al. [93] introduced key management authentication scheme for cloud based BASN and the informal security and formal security of the proposed scheme have been thoroughly analyzed under the wellknown Real-or-Random (RoR) model. In this proposed work, a series of four games has been also used to improve the security level of the proposed authentication scheme and NS2 simulator is used for measuring the network performances. M. Hamdi et al. [94] presented a Markov game theoretic model for adaptive security in the IoT for e-health is focusing on authentication to assess the network performances. The proposed model is utilizing the authentication method known as multilevel μ-TESLA discussed in D. Liu et al. [95]. This work signified the tradeoff between enhancing the security abilities of the BAN and energy efficiency of smart devices and from the simulation results, it is deduce that the battery lifetime of the smart devices increased by 47% as compare to existing models. J. Liu et al. [96] proposed competent and lightweight certificateless remote anonymous authentication schemes for WBANs are using game theory for enhancing the security. The proposed authentication schemes are rooted with a new certificateless signature (CLS) protocol which is competent in computational cost and secure against forgery attack in the random oracle model. Also, it provides anonymity of the users by preventing disclosing of the actual identities and even the network manager is not permitted to impersonate legal users. L. Wu et al. [97] introduced efficient and anonymous authentication protocol for WBANs and claimed that their protocol is more secure under a ROM than Wang et al. anonymous authentication protocol. In this proposed paper, first Libing Wu et al. have identified the weakness associated with Wang et al. protocol then they proposed solutions for eliminating weakness. In order to improve the security parameters, the work proposed by Libing Wu et al. has designed the security model by playing game between certificate authority (CA) and a challenger C and other game is used between C and AP. The proposed work claimed their authentication protocol is more suitable for WBANs applications than Wang et al. protocol because it is more secure and also the computation cost is decreasing approximately by 31.58%. A. A. Omala et al. [98] presented a secure heterogeneous access control protocol for WBAN. First, heterogeneous signcryption system is proposed which uses two different types of environments, where the user (sender) is in a certificateless cryptographic (CLC) environment forwards a query message to the receiver is in identity based cryptography (IBC) environment. Here signcryption presents both privacy and legitimacy in just one logical machine step. In the second step, heterogeneous access control protocol is designed by using heterogeneous signcryption scheme. In the proposed scheme, a series of games are played between an adversary and challenger in order to improve and prove the security of the scheme against adaptive chosen cipher text attack. The proposed scheme is using Gap Diffie-Hellman (GDH) assumption for privacy purpose and discrete logarithm assumption for legitimacy purpose in the random oracle model. Finally, the proposed work is compared with previous available access control protocols and it is concluded that the proposed protocol has low communication and computation costs. J. Liu et al. [99] proposed an efficient and secure 1-round anonymous authentication protocol (1-RAAP) for WBANs is based on game theory, where different games are used to enhance the protocol security. The proposed 1-RAAP provides user anonymity, non-reputation, session key establishment and mutual authentication which permit users to securely retrieve all of the important services whenever they want. To evaluate the performance, proposed protocol is compared with some other available authentication protocols and it is concluded that the proposed authentication protocol is secure with just few inexpensive computational operations.
33 F. Li et al. [100] introduced cost effective and anonymous access control for WBANs is using different games for improving the security features of the proposed protocol. First, they proposed a new certificateless signcryption protocol and in the next step they designed a cost effective and anonymous access control protocol for WBANs utilizing the new signcryption. The proposed protocol has been compared with existed three access control protocols and it is found that the proposed protocol is not only accomplishes all wellknown security requirements but also its energy consumption and computation costs on the controller are comparatively low. M. Mana et al. [101] proposed biometric based scheme in order to preserve the location privacy service in WBANs and also provides authentication service between a node and BS. The proposed energy efficient scheme is using two attack games; the first attack game is used to differentiate between a node and BS of the WBANs and second attack game is used to identify which node or BS belongs to a particular WBAN. M. Mittal et al. [102] presented mobility maintenance in WBAN protocol for increasing power life-time of network devices and provides better security alongside authentication. The proposed system has used two different algorithms for achieving their aims, the first algorithm is cooperative based power control game algorithm is utilized to solve the power control issues in order to improve the efficiency of transmission power and increase the battery /power life time of the network devices and the second algorithm is ECC algorithm which provides security of transmitting information of patient and authentication of communication entities ahead of transmission. B. Indrani et al. [103] introduced two-factor mutual authentication protocol for healthcare utilizing ECC for session key production with smart card and password offers high level security with lowest computational cost as compare to related smart card based authentication protocols. The introduced protocol is verified under ROM for security evidence and also it is using four different types of games (G1, G2, G3 and G4) for enhancing the security of the protocol. The main characteristics of related game theory based authentication schemes discussed in this section are represented in table 7. Table 6: Characteristic of games theory based authentication schemes Name of Scheme Ref[1]
Methodology
ROM Game theory Simple Password Cryptographic hash functions
Advantages
It is competent in term of
Ref [31]
ECC-based public
Ref [32]
key cryptosystem AVISPA tool Dolev–Yao threat model Game theory SHA-2 User access privilege mask (APM) Symmetric key algorithm BAN logic Game theory AVISPA tool Dolev-Yao threat model Smart card
computation cost. It is more secure than other related schemes discussed in the paper. Requires less storage cost. Provides strong client anonymity feature during authentication phase. It is secure against many well-known passive and active attacks. Provides good security as compare to other related access control schemes. User password can be changed locally. Proposed scheme is competent in terms of computation and energy consumption costs. Provides more security and other features. Computational and communication costs are less as compare to other schemes discussed in the
Disadvantages
Communication cost is
higher as compared to related schemes discussed in the paper. It is using humanrememberable password that can be easily guessed. No simulation tool is used for Implementation. Communication cost is higher of the proposed scheme as compare to related schemes discussed in the paper.
Computational and communications costs are higher as compare to few schemes discussed in the paper.
Usage Area WBANs
WBANs
TMIS
Our Remarks It is secure and has less computation cost. Despite of having some security features, it has higher communication cost and also authentication of an entity is depending on human rememberable password that makes this scheme vulnerable to password guessing attacks. The presented authentication scheme is secure and also competent in terms of energy consumption and computational costs as compare to other related schemes discussed in the paper. Despite of these benefits, it is still suffering from communication cost which is a little bit higher as compare to Mahmud et al. scheme discussed in the paper. The proposed scheme is based on Amin-Biswas’s scheme, it is more security features as compare to other and AminBiswas’s schemes. At the same time, it has higher computational
34 Biometric Fuzzy extractor Ref[34]
Ref [40]
Ref [41]
Ref [43]
Ref [67]
algorithms Chaotic Maps Game theory BAN logic Smart card Chebyshev polynomial
Biometric Based Smart card AVISPA tool Dolev–Yao threat model Symmetric key algorithms One-way cryptographic hash function Fuzzy extractor algorithms BAN logic Game theory Dolev-Yao threat model Hash function Game theory MIRACL C/C++ Library Private key cryptography SHA-1 ROM Hash function Smart card Game theory Integer factorization problem (IFP) Discrete logarithm & Diffie-Hellman problems. Bilinear pairings Asymmetric key algorithm Symmetric key algorithm Hash function Computational Diffie–Hellman (CDH) problem
paper.
It has more security
features and also has less computational cost than other related schemes discussed in the paper. It doesn’t require public key encryption setting in advance between two parties in communication. Proposed scheme is secure against many wellknown security attacks. It is efficient than He et al. scheme, Li et al. scheme and other related schemes in terms of security, communication and computation costs. Do not use public key algorithms.
Using public-key
Some sensitive information
Provides user anonymity
and good facility with respect to continuously monitoring patient. It has efficient password update phase. Also it has less computation complexity than related schemes. It is secure against many well-known attacks. It has less computational and communication costs as compare to other related schemes.
well-known attacks and satisfies all well-known security requirements. Provides user anonymity. Storage overhead, communication and computational costs are low than related schemes.
need to be pre-loaded into sensor nodes memories prior to deployment and should be executed offline. Though computation and communication costs are less but still its computation and communication costs are high as compare to few schemes. Well-known DoS security and password change phase attacks are not analyzed. Some of the well-known attacks such as forgery, replay and stolen etc are not satisfied by the proposed system.
Computational cost is a little
It is secure against few
WBANs
cryptosystems
bit higher than Qiu et al. authentication scheme discussed in the paper. Communication cost is also a little bit higher than Lee et al. scheme. Implementation has not been done through any simulation tool. Proposed work has not mentioned some other wellknown security attacks such as DoS etc. Different features of the scheme are only compared with just two Liu et al. proposed schemes.
WMSN
EHealth
TMIS
WBANs
and communication costs as compare to few schemes discussed in the paper. Although it is more secure at low computational cost as compare to other related schemes and also doesn’t need to establish public key encryption organization in advance between two parties but still it is using public key cryptosystems at later stages which can cause overheads. The proposed scheme shows significant improvement by preserving the good points of both He et al. and Li et al. schemes. Although it is secure and has less computational and communication costs as compare to some related schemes but still the computational and communication costs are high than few schemes discussed in the paper. Also, the well-known DoS and password change phase attacks are not considered. Even though proposed scheme is better in term of computation cost as compare to other related schemes discussed in the paper but it does not provide good security because it is not safe against few well-known attacks.
It is secure against well-known attacks and also it has less computational and communication costs as compare to few related schemes discussed in the paper. At the same time, it has a little extra computational cost as compare to Qiu et al. scheme and communication cost as compare to Lee et al. scheme. Proposed work provides user anonymity, security, low computational and communication costs as compare to other related schemes. Some attacks like DoS etc. are not discussed and also the scheme performances are only compared with two other schemes.
35 Ref[78]
ECC & Biometric Fuzzy extractor technique
Secure against many well
Game theory Bilinear pairing Hash operations Asymmetric
known attacks. It is more efficient in term of security because it has more security features as compare to other related schemes.
Using asymmetric
cryptographic operations. It has more computational cost than other related schemes.
Smart City
Although proposed scheme is more secure against many attacks but it is using asymmetric cryptography operations which make the computational cost higher.
cryptography Ref [92]
Epidemiological
Ref [93]
Ref[94]
Ref[96]
Ref [97]
Ref [98]
model Game theory Matlab Analytical models (transition probabilities model) RoR model NS2 Key management technique Game theory Decentralized architecture. Dolev-Yao (DY) threat model Mathematical model Markov gametheoretic model Matlab Implemented in ASSET testbed ROM CLS Consists of Setup, Set-PartialPrivate-Key, SetPartial-PublicKey, PartialPrivate-KeyExtract, CL-Sign and CL-Verify algorithms Game theory ROM Game theory Symmetric and asymmetric cryptography Ate pairing CLC IBC ROM Game theory
Balanced network
performance among various parameters. Capable of preserving energy proficiency as much as possible. Offers satisfactory level security. It permits mutual authentication between user and personal server. Offers some extra features and improves security at low computation cost. Computation cost is low as compare to other existing related schemes. Increases security level. Increases energy efficiency.
Security and privacy threats
Total communication cost is
Maintains remote user’s anonymity. Safe against forgery on an adaptive elected message attack in ROM. Outclass some existing protocols in terms of security and overhead or computational cost. Security proofs are only available of few wellknown attacks. More secure than Wang et al. scheme. Provides user anonymity.
Provides authentication, anonymity, integrity confidentiality and nonrepudiation.
The proposed paper is focusing on increasing the battery life time, throughput and security level. However, they have not considered security and privacy threats.
BASNs
Although the proposed protocol is much more secure as compare to other related protocols discussed in the paper but the communication cost is still higher.
EHealth
The proposed protocol is based on smart devices could be in the secure mode (passive mode) assumption This protocol is more focusing on energy consumption than maintaining the network security and also the security comparison has not been done. Although proposed work offers some good features like user anonymity, security and superior computational cost as compare to some existing schemes but still it does not has clear proof of improve performance and in the case of second group, it requires more storage space and also has weaker anonymity property.
higher as compare to Gao et al. scheme.
WBANs
are not considered.
Security comparison is not available with other related schemes. More focusing on energy consumption than maintaining the network security.
According to the proposed paper, it does not evidently show improve performance. Consume more computational resources as compare to some other related protocols. In second group, it consumes more storage space and user anonymity property is not stronger.
WBANs
Computation and communication costs are higher than Wang et al. scheme. Features are only compared with Wang et al. scheme. Using public key. Using public key generator algorithm. Only covers few security
WBANs
WBANs
The proposed protocol provides user anonymity is based on Wang et al. scheme. Although computation and communication costs are higher but it is more secure than Wang et al. The proposed scheme is utilizing several algorithms for several reasons e.g. public key generator algorithm is used for generating
36
Ref [99]
Ref[100]
Ref[101]
Ref[102]
Ref[103]
Symmetric and asymmetric keys generating algorithm, Key extraction, Unsigncryption & Probabilistic algorithms ROM Bilinear pairings map SHA-1 Game theory Public key & Private key generator algorithms
Gives better computation and communication costs.
Certificateless cryptography ROM Game theory MICA2 tool Private and public key generator algorithms
Biometric Adversarial model Game theory Cryptographic hash function SHA-1 algorithm Power control game algorithm ECC algorithm ECG signals Social Interference Network algorithm Game theory ECC Smart card Symmetric cryptography ROM Game theory ECDLP
Computational cost is low It achieves better efficiency. Provides user anonymity, mutual authentication, non-repudiation, session key establishment, immunity of key escrow, forward security and unforgeability. It has the minimum total computational time and energy consumption cost. It achieves confidentiality, anonymity, integrity, nonrepudiation and authenticity. It does not use key escrow problem and public key certification. Protects location privacy. Efficient and energy saving.
Increases the life-time of WBAN communication. ECC algorithm is used to carry out authentication, encryption and decryption which produce better security of user information. It offers high security with less computational cost as compare to other related schemes. Also it has minimum communication cost than other related schemes.
requirements.
public keys which can be expensive for sensor networks due to their limited resources. Also this scheme is only covering few basic security requirements.
Using public key. The message size greater as compare some related authentication schemes discussed in the paper. Energy consumption is higher as compare to some related schemes. Analysis of DoS, replay etc. attacks are missing. Communication cost of the controller is higher than other related schemes. Computational energy cost on the controller is higher. Security resistance against different attacks have not been discussed or analyzed.
WBANs
Comparison has not done
WBANs
with other related authentication schemes. Implementation has not been done through any simulation tool. Using public key. Comparison has not done with other authentication scheme. Implementation has not been done through any simulation tool.
Implementation has not
been done through any simulation tool. Only small number of attacks has been analyzed for security reasons.
WBANs
WBANs
EHealth
Although this scheme has low computational cost, better efficiency due to simplified operations and secure against few well-known attacks but still its energy consumption is higher, few security attacks are not considered and also the message size is greater which may slow down the authentication process. It has low total computational and energy consumption costs. Also It doesn’t utilized escrow problem and public key certificate which makes it more efficient. However, the communication and computational costs are higher on the controller and also it does not mentioned different attacks. Although the proposed scheme is lightweight, protect location privacy and energy efficient but it is not compared with other related schemes and also no simulation tool is used. The proposed scheme improves the power which can increase the life-time of WBAN communication and also provides better security due to the utilization of ECC algorithm. Its features are not compared with other related schemes The proposed scheme is more focusing on computational and communication costs rather than security attacks. Only very few security attacks resistance have been discussed or mentioned through various games.
6.. CONCLUSION AND FUTURE RESEARCH DIRECTIONS Authentication is a key aspect of the secure communication, it is the first step towards secure communication which helps networks to reduce unwanted users and stop from deceptions efficiently because the authentication process identifies the user identity that he or she claims to be. This survey almost took one year to complete and the survey has been revised about 40 times in order to add some useful information. Until
37 today, no survey paper has covered secure authentication in WBAN topic in complete detail, the proposed survey is the only survey that covers this topic in much more detail and it might be helpful for reader and new researcher in this specialized filed. We have represented useful information or characteristics of different authentication schemes in the tables forms. Apart from the tables, we have also drawn several diagrams for representing the working mechanism of various authentication protocols discussed in the paper. The survey begins with some useful basic information related to WBAN such as WBAN dissimilarities as compare to WSN, characteristics of WBANs, challenges, WBAN applications, security requirements and security concerns. These information are important for new reader to build up their skills about WBAN architecture and at the same time, it also helps different designers in the process of designing various schemes or protocols. Our survey classifies WBAN authentication schemes into IDS, key management, digital signature, digital certificate and reputation-based schemes. IDS is further sub-divided into three types and similarly key management schemes are also sub-divided into biometric and non-biometric based schemes those help individuals to understand various authentication scheme procedures and their characteristics. This survey also explain the importance of secure authentication in WBANs, different ways of authentication and divided authentication into password based authentication, smartcard based authentication, biometric based authentication and mutlti-layer authentication types. Each and every authentication type is described in full detail by explaining every single step of authentication type involved in the authentication process with the help of diagram and also some exiting related authentication schemes are discussed with each type of authentication. Furthermore, the survey divides authentication schemes into certificate based authentication schemes (Kerberos, SSL and EAP) and password based authentication schemes (PAP, SPAP, CHAP, MS-CHAP and Microsoft NTLM). Here each authentication protocol type is discussed in detail alongside their comprehensive diagram that helps readers to quickly understand the working mechanism of each protocol. At the end of the section, a comprehensive table is drawn that shows various characteristics of each types of authentication protocol. The very next section of the survey classifies authentication schemes into biometric and non-biometric based authentication types and these types are further sub-divided into different sub-types. Here again each sub-type of authentication scheme is explained in detail alongside some existing related work. The section before this section divides authentication based on advanced methodologies such as machine learning and game theory based authentication schemes. This section does not only explain game theory concept but also explain different type of games involved in the game theory. Furthermore, some existing related work is added to each advanced authentication methodology type alongside a table that shows different characteristics of each single related authentication scheme. Finally, the survey is concluded with conclusion and future research directions section and in this section not only few conclusions are drawn but also identify some valuable research areas those need to be explored in near future. WBAN is one of the emerging and promising technologies use in the field of E-health and in near future it will completely transform people healthcare system by offering them a lot of services and make people free from visit to traditional hospitals. Apart from the key role in the field of E-health, WBAN is exposed to many security threats due to the wireless communication. In connection to the secure communication in WBANs, authentication is an increasingly significant concern, so therefore, it is important to have secure authentication methods; those help network to reduce unwanted users and prevent it from malicious activities. In this survey paper, we have discussed the current development of WBAN and targeted in authentication issues faced by this network. During this survey paper, we presented various existing authentication methods and schemes used in WBANs. However, there is no authentication method and scheme which can offer complete secure authentication. Designing a secure authentication scheme for WBAN needs suitable mapping of authentication methods or schemes with diverse authentication parameters. In this survey paper, we studied various authentication schemes, divided them based on authentication types and highlight their pros, cons, limitations and their robustness against different security attacks; those might be helpful for improving the authentication process in WBANs. Also, we have classified authentication schemes based on machine learning and game theory based. We presented a comprehensive overview of existing authentication methods and schemes used for WBANs. However, extra endeavors are required to design and implement novel authentication level that would convince the severe secure communication and authentication requirements of WBANs applications. WBANs have many issues because they are still in its initial stage of development. So, it is important to introduce efficient solutions to overcome these issues. Recently, secure authentication is one of the big challenges in this field and in future, more efforts are required to overcome this issue. More and more efforts are required to design simple and lightweight secure authentication schemes for resources constrained devices.
38 Future research requires to enhance the biometric feature extraction techniques and also in future, it is required to introduce WBANs schemes based-on to maintain a tradeoff among efficiency, usability, flexibility and security. When secure authentication schemes are designed for WBA, they may need to provide flexibility and higher compatibility among different vendor’s sensor devices. In the future work, lightweight secure schemes are required for smart city especially in the area of WBANs for managing security and quick response to users. Biometric system merging with password of users for enhancing the security level is important as well. It is also required to design authentication schemes with better trade-off between energy and computational costs and it is possible through decreasing the complexity of the authentication schemes. Finally, there are still a lot of issues remaining on the way to accomplish unobtrusive, user-friendly and secure WBANs system and alongside these issues, many other research directions are still open in WBANs those require to be explored in near future.
Conflict of interest: We (all the authors) declare that there is no conflict of interest
REFERENCES [1]
Fushan Wei, P. Vijayakumar , Jian Shen , Ruijie Zhang and Li Li, "A provably secure password-based anonymous authentication scheme for wireless body area networks," International Journal of Computers and Electrical Engineering, vol. 65, pp. 322-331, April 2017.
[2]
Maryam el Azhari, Ahmed Toumanari, Rachid Latif and Nadya el Moussaid, "Relay Based Thermal Aware and Mobility Support Routing Protocol for Wireless Body Sensor Networks," International Journal of Communication Networks and Information Security (IJCNIS), vol. 8, no. 2, pp. 64-73, August 2016.
[3]
Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das, Mohammad Wazid and Vanga Odelu, "Secure anonymous mutual authentication forstar two-tier wireless body area networks," International Jornal of computer methods and programs in bio medicine, vol. 135, pp. 37-50, July 2016.
[4]
Shikha Pathania and Naveen Bilandi, "Security Issues In Wireless Body Area Network," International Journal of Computer Science and Mobile Computing, vol. 3, no. 4, pp. 1171-1178, April 2014.
[5]
Sourav Sinha, Neeraj Kumar Goyal, Rajib Mall,, "Early prediction of reliability and availability of combined hardware-software systems based on functional failures,," Journal of Systems Architecture, vol. 92, pp. 23-38, 2019.
[6]
Shihong Zou, Yanhong Xu, Honggang Wang, Zhouzhou Li, Shanzhi Chen and Bo Hu, "A Survey on Secure Wireless Body Area Networks," International Journal of Security and Communication Networks, vol. 2017, p. 9, March 2017.
[7]
Marisol García-Valls, Abhishek Dubey, Vicent Botti,, "Introducing the new paradigm of Social Dispersed Computing: Applications, Technologies and Challenges," Journal of Systems Architecture, vol. 91, pp. 83-102, 2018.
[8]
Gautam M. Borkar and Anjali R. Mahajan, "Security Aware Dual Authentication based Routing Scheme using Fuzzy Logic with Secure data Dissemination for Mobile Ad-hoc Networks," International Journal of Applied Security Research, vol. 13, no. 2, pp. 223-249, March 2018.
[9]
Prosanta Gope and Tzonelih Hwang, "BSN-Care: A Secure IoT-based Modern Healthcare System Using Body Sensor Network," IEEE Sensors Journal , vol. 16, no. 5, pp. 1368-1376, March 2016.
[10]
Kunal M pattani and Palak J Chauhan, "Spin Protocol For Wireless Sensor Network," International Journal of Advance Research in Engineering, Science & Technology(IJAREST), vol. 2, no. 5, pp. 1-3, May 2015.
[11]
Geethapriya Thamilarasu, "iDetect: an intelligent intrusion detection system for wireless body area networks," International Journal of Security and Networks , vol. 11, no. 1-2, pp. 82-93, March 2016.
[12]
Megha Gupta, "Hybrid Intrusion Detection System: Technology and Development ," International Journal of Computer Applications, vol. 115, no. 9, pp. 5-8, April 2015.
[13]
Kajal Rai and M. Shyamala Devi, "Intrusion Detection Systems: A Review," Journal of Network and Information Security, vol. 1, no. 2, December 2013.
[14]
Ibrahim Ghafir, Martin Husak and Vaclav Prenosil, "A Survey on Intrusion Detection and Prevention Systems," International Conference on Student Conference Zvůle 2014, IEEE/UREL, August, 2014.
[15]
Mohammad Masdari , Safiyyeh Ahmadzadeh and Moazam Bidaki, "Key Management in Wireless Body Area Network:Challenges and Issues," Journal of Network and Computer Applications, vol. 91, no. 1, pp. 36-51, August 2017.
[16]
Tan Jin and Wang Yijing, "The Research of Secure Transport Protocol Based on Node’s Clock Characteristics for Body Area Networks," International Journal of Security and Its Aplications , vol. 8, no. 5, pp. 457-470, 2014.
39
[17]
Qiuyan lin, Woongryul leon, Changwhan Lee, Youngchul Choi and Dongho Woni, "Fingerprint-based user authentication scheme for," in Fifth International Conference on Ubiquitous and Future Networks (ICUFN), Da Nang, Vietnam, July, 2013, pp. 178-183.
[18]
Emna Kalai Zaghouani, Adel Benzina and Rabah Attia, "ECG based authentication for e-healthcare systems: Towards a secured ECG features transmission," in 13th International Wireless Communications and Mobile Computing Conference (IWCMC), Valencia, Spain, June, 2017.
[19]
Rollin McCraty and Fred Shaffer, "Heart Rate Variability: New Perspectives on Physiological Mechanisms, Assessment of Selfregulatory Capacity, and Health Risk," Global Advances In Health And Medicine, vol. 4, no. 1, pp. 46-61, January 2015.
[20]
Tilendra Choudhary and M. Sabarimalai Manikandan, "Robust Photoplethysmographic (PPG) Based Biometric Authentication for Wireless Body Area Networks and m-Health Applications," in Twenty Second National Conference on Communication (NCC), Guwahati, India, March, 2016.
[21]
M. Anwar , A. H. Abdullah, R. A. Butt, M. W. Ashraf, K. N. Qureshi and F. Ullah, "Securing Data Communication in Wireless Body Area Networks Using Digital Signatures," Technical Journal, vol. 23, no. 2, pp. 50-55, August 2018.
[22]
Zakia El uahhab and Hanan El bakkali, "Calculating and Evaluating Trustworthiness of," International Journal of Communication Networks and Information Security (IJCNIS), vol. 8, no. 3, pp. 136-146, December 2016.
[23]
Mohsen Toorani, "Cryptanalysis of Two PAKE Protocols for Body Area Networks and Smart Environments ," International Journal of Network Security, vol. 17, no. 5, pp. 629-636, September 2015.
[24]
Ms. I.Shanmugapriya and Dr. K.Karthikeyan, "Reputation based Incentive Scheme for Secured Data Privacy in Wireless Body Area Network Communication," International Journal of Advances in Computational Sciences and Technology, vol. 10, no. 7, pp. 2095-2117, 2017.
[25]
Pradeep Kumar and Anand Sharma, "Survey on Authentication Process in Body Area Network," International Journal of Electronics Engineering Research, vol. 9, no. 6, pp. 913-921, 2017.
[26]
Jie Zhang, Xin Huang, Paul Craig, Alan Marshall and Dawei Liu, "An Improved Protocol for the Password Authenticated Association of IEEE 802.15.6 Standard that Alleviates Computational Burden on the Node," Symmetry, vol. 8, no. 11, November 2016.
[27]
Muhammad Khurram Khan and Saru Kumari, "An Improved User Authentication Protocol for Healthcare Services via Wireless Medical Sensor Networks," International Journal of Distributed Sensor Networks, vol. 10, no. 4, pp. 1-10, April 2014.
[28]
Junghyun Nam, Kim-Kwang Raymond Choo, Sangchul Han, Moonseong Kim,Juryon Paik and Dongho Won, "Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation," Plos One, vol. 10, no. 4, pp. 1-21, April 2015.
[29]
Seulgi Shin, Sung Woon Lee and Hyunsung Kim, "Authentication Protocol for Healthcare Services over Wireless Body Area Networks," International Journal of Computer and Communication Engineering, vol. 5, no. 1, pp. 50-61, January 2016.
[30]
Sang Guun Yoo, "Cryptanalysis of Several Authentication Schemes forHealthcare Applications Using Wireless Medical Sensor Networks," in ICNCC '16 Proceedings of the Fifth International Conference on Network, Communication and Computing, Kyoto, Japan, Decemebr, 2016, pp. 282-286.
[31]
Santanu Chatterjee, Ashok Kumar Das and Jamuna Kanta Sing, "A novel and efficient user access control scheme for wireless body area sensor networks," Journal of King Saud University – Computer and Information Sciences, vol. 26, no. 2, pp. 181-201, October 2013.
[32]
Ashok Kumar Das, Vanga Odelu and Adrijit Goswami, "A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS," Journal of Medical Systems, vol. 39, no. 9, pp. 1-24, July 2015.
[33]
Chun-Ta Li, Cheng-Chi Lee and Chi-Yao Weng, "A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems," Journal of Medical Systems, vol. 39, no. 9, pp. 111, Septmeber 2014.
[34]
Gaimei Gao, Xinguang Peng, Ye Tian and Zefeng Qin, "A Chaotic Maps-Based Authentication Scheme for Wireless Body Area Networks," International Journal of Distributed Sensor Networks, vol. 12, no. 7, pp. 1-12, April 2016.
[35]
Saru Kumari, Mridul K. Gupta, Muhammad Khurram Khan and Xiong Li, "An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement," Journal of Security and Communication Networks , vol. 7, no. 11, pp. 1921-1932, November 2014.
[36]
Chia-Hui Liu and Yu-Fang Chung, "Secure user authentication scheme for wireless healthcare sensor networks," Journal of Computers and Electrical Engineering, vol. 59, pp. 250-261, February 2016.
[37]
Chun-Ta Li, Tsu-Yang Wu, Chin-Ling Chen , Cheng-Chi Lee and Chien-Ming Chen, "An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System," Sensors, vol. 17, no. 7, pp. 1-18, June 2017.
[38]
Debiao He, Neeraj Kumar, Jianhua Chen, Cheng-Chi Lee, Naveen Chilamkurti and Seng-Soo Yeo, "Robust anonymous authentication
40
protocol for health-care applications using wireless medical sensor networks," Journal of Multimedia Systems, vol. 21, no. 1, pp. 49-60, December 2013. [39]
Xiong Li, Jianwei Niu, Saru Kumari, Junguo Liao, Wei Liang and Muhammad Khurram Khan, "A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity," International Journal of Security and Communication Networks, vol. 9, no. 15, pp. 2643-2655, February 2015.
[40]
Ashok Kumar Das, Anil Kumar Sutrala, Vanga Odelu and Adrijit Goswami, "A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks," Wireless Personal Communications, vol. 94, no. 3, pp. 1899-1933, June 2017.
[41]
Tanmoy Maitra and Sarbani Roy, "SecPMS: An Efficient and Secure Communication Protocol for Continuous Patient Monitoring System Using Body Sensors," 9th International Conference on Communication Systems and Networks (COMSNETS), Bangalore, India, 2017, pp. 322-329.
[42]
Shuming Qiu , Guoai Xu, Haseen Ahmad and Licheng Wang, "A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems," IEEE Access, vol. 6, pp. 7452-7463, December 2017.
[43]
Niranchana Radhakrishnan and Marimuthu Karuppiah, "An efficient and secure remote user mutual authentication scheme using smart cards for Telecare medical information systems,"Informatics in Medicine Unlocked, pp. 1-11, February 2018.
[44]
Shreyas S. Tote, Sameer M. Khupse and Kunal S. Bhutwani, "Data Authentication in Wireless Body Area Network (WBAN) Using A Biometric-Based Security," International Journal of Research In Emerging Science and Technology, vol. 2, no. 1, pp. 136-142, March 2015.
[45]
Sofia Najwa Ramli, Rabiah Ahmad, Mohd Faizal Abdollah and Eryk Dutkiewicz, "A Biometric-based Security for Data Authentication in Wireless Body Area Networl< (WBAN)," 15th International Conference on Advanced Communications Technology (ICACT), PyeongChang, South Korea, January 2013, pp. 998-1001.
[46]
Ashok Kumar Das, Santanu Chatterjee and Jamuna Kanta Sing, "A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks," Ad Hoc & Sensor Wireless Networks, vol. 28, no. 3, pp. 221-256, September 2015.
[47]
P.Abina, K.Dhivyakala, L.Suganya and S.Mary Praveena, "Biometric Authentication System for Body Area Network," Journal of Advanced Research in Electrical, Electronics and Instrumentation Engineering, vol. 3, no. 3, pp. 7954-7964, March 2014.
[48]
R. Sudha and M. Devapriya, "Enhanced bio-trusted anonymous authentication routing technique of wireless body area network," Journal of Biomedical Research, vol. 2016, no. 2, pp. 276-282, September 2016.
[49]
Aakriti Arya, Chaitanya Reddy and Trupil Limbasiya, "An Improved Remote User Verification Scheme in Wireless Body Area Networks," 8th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN 2017), 2017, pp. 113-120.
[50]
Weizhi Meng, Duncan S. Wong, Steven Furnell, and Jianying Zhou, "Surveying the Development of Biometric User Authentication on Mobile Phones," IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1268-1293, 2015.
[51]
Qi Jiang, Fushan Wei, Shuai Fu, Jianfeng Ma, Guangsong Li and Abdulhameed Alelaiwi, "Robust extended chaotic maps-based threefactor authentication scheme preserving biometric template privacy," Journal of Nonlinear Dynamics, vol. 83, no. 4, pp. 2085-2101, October 2015.
[52]
Debayan Das, Shovan Maity, Baibhab Chatterjee and Shreyas Sen, "In-field Remote Fingerprint Authentication using Human Body Communication and On-Hub Analytics," Signal Processing, Cryptography and Security, IEEE Engineering in Medicine and Biology Society, arXiv:1804.10278, pp. 1-4, April 2018.
[53]
Jian Shen, Shaohu Chang, Jun Shen, Qi Liu and Xingming Sun, "A Lightweight Multi-layer Authentication Protocol for Wireless Body Area Networks,"Future Generation Computer Systems, vol. 78, no. 3, pp. 956-963, Novemebr 2016.
[54]
Mike Yuliana, Wirawan and Suwadi, "Performance Improvement of Secret Key Generation Scheme in Wireless Indoor Environment," International Journal of Communication Networks and Information Security (IJCNIS), vol. 9, no. 3, pp. 474-483, December 2017.
[55]
Nazhatul Hafizah Kamarudin and Yusnani Mohd Yussoff, "Authentication scheme interface for mobile e-health monitoring using unique and lightweight identity-based authentication," International Conference on Advanced Science, Engineering and Technology (ICASET) , Penang, Malaysia, December, 2015.
[56]
Marwa H. Salama, Sanaa Taha and Hesham N. Elmahdy, "PMAS: A Proposed Mutual Authentication Scheme for Wireless Body Area Networks," International Conference on Information and Communication Technology Convergence (ICTC), Jeju, South Korea, October, 2015, pp. 636-641.
[57]
Qi Jiang, Xinxin Lian, Chao Yang, Jianfeng Ma, Youliang Tian and Yuanyuan Yang, "A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth," Journal of Medical Systems, vol. 40, no. 231, pp. 1-10, November 2016.
[58]
Nesrine Khernane, Maria Potop-Butucaru and Claude Chaudet, "BANZKP: a Secure Authentication Scheme Using Zero Knowledge
41 Proof for WBANs," 13th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS), Brasilia, Brazil, October, 2016, pp. 1-9. [59]
Chien-Ming Chen, Bing Xiang, Tsu-Yang Wu and King-Hang Wang, "An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors inWireless Body Area Networks," Journal of Applied Science , vol. 8, no. 7, pp. 1-15, June 2018.
[60]
Jingwei Liu, Qian Li, Rui Yan and Rong Sun, "Efficient authenticated key exchange protocols for wireless body area networks," EURASIP Journal of Wireless Communications and Networking, Vol. 2015:188, pp. 1-11, December 2015.
[61]
Shashi Kant Shankar, Anurag Singh Tomar and Gaurav Kumar Tak, "Secure Medical Data Transmission by using ECC with Mutual Authentication in WSNs," 4thInternational Conference on Eco-friendly Computing and Communication Systems, Volume 70, India, 2015, pp. 455-461.
[62]
C.L.Priya and U.Shantha Visalakshi, "Secure and Efficient Communication Using ECC Algorithm in Wireless Body Area Network," International Journal of Engineering Science and Computing, vol. 7, no. 4, pp. 10073-10080, April 2017.
[63]
Alaauldin Ibrahim and Gokhan Dalkilic, "An Advanced Encryption Standard Powered Mutual Authentication Protocol Based on Elliptic Curve Cryptography for RFID, Proven on WISP," Journal of Sensors, vol. 2017, pp. 1-11, July 2017.
[64]
Xiong Li, Jieyao Peng , Saru Kumari , Fan Wu , Marimuthu Karuppiah and Kim-Kwang Raymond Choo, "An enhanced 1-round authentication protocol for wireless body area networks with user anonymity," Journal of Computers and Electrical Engineering, vol. 61, no. C, pp. 238-249, February 2017.
[65]
Fan Wu, Lili Xu, Saru Kumari and Xiong Li, "An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks," Journal of Multimedia Systems, vol. 23, no. 2, pp. 195-205, July 2015.
[66]
Tong Li, Yuhui Zheng and Ti Zhou, "Efficient Anonymous Authenticated Key Agreement Scheme for Wireless Body Area Networks," Journal of Security and Communication Networks, vol. 2017, no. 1, pp. 1-8, October 2017.
[67]
Debiao He, Sherali Zeadally, Neeraj Kumar and Jong-Hyouk Lee, "Anonymous Authentication for Wireless Body Area Networks With Provable Security," IEEE Systems Journal, vol. 11, no. 4, pp. 2590-2601, December 2017.
[68]
Qeethara Al-Shayea and Muzhir Al-Ani, "Biometric Face Recognition Based on Enhanced Histogram Approach," International Journal of Communication Networks and Information Security (IJCNIS), vol. 10, no. 1, pp. 48-54, April 2018.
[69]
Abhilash Kumar Sharma, Ashish Raghuwanshi and Vijay Kumar Sharma, "Biometric System- A Review," International Journal of Computer Science and Information Technologies (IJCSIT), vol. 6, no. 5, pp. 4616-4619, September 2015.
[70]
K. Seetharaman and R. Ragupathy, "Iris Recognition based Image Authentication," International Journal of Computer Applications, vol. 44, no. 7, pp. 1-8, April 2012.
[71]
P.Tamil Selvi and N.Radha, "Palmprint and Iris based Authentication and Secure Key Exchange against Dictionary Attacks," International Journal of Computer Applications (0975 – 8887), vol. 11, no. 11, pp. 7-12, Decemeber 2010.
[72]
Japinder Pal Singh and Naveen Bilandi, "Analysis of Biometric-based Security in Wireless Body Area Network (WBAN)," in Proceedings of International Conference on Information Technology and Computer Science, July, 2015, pp. 50-56.
[73]
Sandeep Pirbhulal, Heye Zhang, Subhas Chandra Mukhopadhyay, Chunyue Li, Yumei Wang, Guanglin Li, Wanqing Wu and Yuan-Ting Zhang, "An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks," Sensors , vol. 15, no. 7, pp. 15067-15089, June 2015.
[74]
Masoud Rostami, Ari Juels and Farinaz Koushanfar, "Heart-to-Heart (H2H): Authentication for Implanted Medical Devices," in Proceeding CCS '13 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, Berlin, Germany , November 2013, pp. 1099-1112.
[75]
Kwantae Cho and Byungho Chung, "Efficient Secret Key Delivery Using Heartbeats," in 21st International Conference on Circuits, Systems, Communications and Computers (CSCC 2017), 2017, pp. 1-6.
[76]
Mahesh Joshi, Bodhisatwa Mazumdar and Somnath Dey, "Security Vulnerabilities Against Fingerprint Biometric System," in Security Vulnerabilities Against Biometric System arXiv, May, 2018, pp. 1-27.
[77]
Nan Zhao, Aifeng Ren, Masood Ur Rehman, Zhiya Zhang, Xiaodong Yang and Fangming hu, "Biometric Behavior Authentication Exploiting Propagation Characteristics of Wireless Channel," IEEE Access, vol. 4, pp. 4789-4796, July 2016.
[78]
Xiong Li, Jianwei Niu, Saru Kumari, Fan Wu and Kim-Kwang Raymond Choo, "A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city,"Future Generation Computer Systems, vol. 83, no. C, pp. 607-618, April 2017.
[79]
Jusak Jusak and Seedahmed S. Mahmoud, "A Novel and Low Processing Time ECG Security," International Journal of Communication Networks and Information Security (IJCNIS), vol. 10, no. 1, pp. 213-222, April 2018.
[80]
Sofia Zebboudj, Feriel Cherifi, Mohamed Mohammedi and Mawloud Omar, "Secure and efficient ECG-based authentication scheme for medical body area sensor networks," Journal of Smart Health, vol. 3, no. 4, pp. 75-84, July 2017.
42
[81]
Ying Chen and Wenxi Chen, "Finger ECG-based Authentication for Healthcare Data Security Using Artificial Neural Network," in IEEE 19th International Conference on e-Health Networking, Applications and Services (Healthcom), Dalian, China, October, 2017, pp. 1-6.
[82]
Francesco Rundo, Sabrina Conoci, Alessandro Ortis and Sebastiano Battiato, "An Advanced Bio-Inspired PhotoPlethysmoGraphy (PPG) and ECG Pattern Recognition System for Medical Assessment," Journal of Sensors, vol. 18, no. 2, pp. 1-22, February 2018.
[83]
V Ramu Reddy, Parijat Deshpande and Arpan Pal, "Simultaneous Measurement and Correlation of PPG Signals Taken from Two Different Body Parts for Enhanced Biometric Security via Two-level Authentication," in Proceedings of the 1st ACM Workshop on the Internet of Safe Things , Delft, Netherlands, November November, 2017, pp. 32-37.
[84]
Nima Karimian, Mark Tehranipoor and Domenic Forte, "Non-Fiducial PPG-based Authentication for Healthcare Application," in IEEE EMBS International Conference on Biomedical & Health Informatics (BHI), Orlando, FL, USA, February, 2017, pp. 429-432.
[85]
Darko Androcec and Neven Vrcek, "Machine Learning for the Internet of Things Security: A Systematic Review," in 13th International Conference on Software Technologies, Porto, Portugal, 2018, pp. 563-570.
[86]
Mattias T. Gebrie and Habtamu Abie, "Risk-Based Adaptive Authentication for Internet of Things in Smart Home eHealth," in Proceedings of the 11th European Conference on Software Architecture: Companion Proceedings, Canterbury, United Kingdom, September, 2017, pp. 102-108.
[87]
Osman Salem, Alexey Guerassimov, Ahmed Mehaoua, Anthony Marcus and Borko Furht, "Anomaly Detection in Medical Wireless Sensor Networks using SVM and Linear Regression Models," International Journal of E-Health and Medical Communications, vol. 5, no. 1, pp. 20-45, January 2014.
[88]
Shah Ahsanul Haque, Mustafizur Rahman and Syed Mahfuzul Aziz, "Sensor Anomaly Detection in Wireless Sensor Networks," Sensors , vol. 15, no. 4, pp. 8764-8786, April 2015.
[89]
Toqeer Ali, Muhammad Nauman and Salman Jan, "Trust in IoT: dynamic remote attestation through efficient behavior capture," Cluster Computing, vol. 21, no. 2, pp. 1-13, April 2017.
[90]
Mohamed S. Abdalzaher, Karim Seddik, Maha Elsabrouty, Osamu Muta, Hiroshi Furukawa and Adel Abdel-Rahman, "Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey," Sensors, vol. 16, no. 7, pp. 1-27, June 2016.
[91]
Sanaa Oulaourf, Abdelfatteh Haidine, Abdelhak Aqqal and Hassan Ouahmane, "Review on Radio Resource Allocation Optimization in LTE/LTE-Advanced using Game Theory," International Journal of Communication Networks and Information Security (IJCNIS), vol. 9, no. 1, pp. 117-156, April 2017.
[92]
Amel Arfaoui, Asma ben Letaifa, Ali Kribeche, Sidi Mohammed Senouci and Mohamed Hamdi, "A Stochastic Game for Adaptive Security in Constrained Wireless Body Area Networks," in 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 2018, pp. 1-7.
[93]
Mohammad Wazid, Ashok Kumar Das and Athanasios V. Vasilakos, "Authenticated key management protocol for cloud-assisted body area sensor networks," Journal of Network and Computer Applications, vol. 123, pp. 112-126, September 2018.
[94]
AshkanYousefpoura, Caleb Fung, Tam Nguyen, Krishna Kadiyala, Fatemeh Jalalid, Amirreza Niakanlahiji, Jian Kong, Jason P.Jue, All one needs to know about fog computing and related edge computing paradigms: A complete survey, Journal of Systems Architecture, vol. 98, pp. 289–330, 2019.
[95]
Donggang Liu and Peng Ning, "Multi-Level μTESLA: Broadcast Authentication for Distributed Sensor Networks," ACM Transactions on Embedded Computing Systems (TECS), vol. 3, no. 4, pp. 800-836, Novemeber 2004.
[96]
Jingwei Liu, Zonghua Zhang, Xiaofeng Chen and Kyung Sup Kwak, "Certificateless Remote Anonymous Authentication Schemes for Wireless Body Area Networks," IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 2, pp. 332-342, February 2014.
[97]
Libing Wu, Yubo Zhan, Li Li and Jian Shen, "Efficient and Anonymous Authentication Scheme for Wireless Body Area Networks," Journal of Medical Systems, vol. 40, no. 6, pp. 1-12, June 2016.
[98]
Anyembe Andrew Omala, Angolo Shem Mbandu, Kamenyi Domenic Mutiria, Chunhua Jin and Fagen Li, "Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network," Journal of Medical Systems, vol. 42, no. 6, pp. 1-14, April 2018.
[99]
Jingwei Liu, Lihuan Zhang and Rong Sun, "1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks," Journal of Sensors, vol. 16, no. 5, pp. 1-16, May 2016.
[100] Fagen Li, Yanan Han, and Chunhua Jin, "Cost-Effective and Anonymous Access Control for Wireless Body Area Networks," IEEE Systems Journal, vol. 12, no. 1, pp. 747-758, March 2018. [101] Mohammed Mana, Mohamed Feham and Boucif Amar Bensaber, "A New Scheme Based Biometric to Protect Location Privacy in Wireless Body Area Networks," International Journal of Computer Science Issues (IJCSI), vol. 10, no. 2, pp. 331-337, March 2013.
43
[102] A Moravejosharieh, J Lloret, A survey of IEEE 802.15. 4 effective system parameters for wireless body sensor networks, Communication Systems, 29 (7), 1269-1292. 2016. [103] B. Indrani, M. Karthigai Veni and M. Amutha Prabakar, "Provably Secure Two-Factor Authentication Scheme for E-Health using Smart Card," IACR Cryptology ePrint Archive, Vol. 2017, pp. 512-590, 2017.
44
Authors Biographies
Munir Hussain is currently pursuing his PhD research at Institute of Computing, Kohat University of Science and Technology (KUST), Pakistan. His research is mainly focused on wireless networks and wireless networks security issues.
Dr. Amjad Mehmood is serving as Assistant Professor in Institute of Computing, Kohat University of Science and Technology (KUST), Pakistan. He has served as a Post-doc researcher in University of Aeronautical, USA and Guangdong Provincial Key Laboratory on Petrochemical Equipment Fault Diagnosis, Guangdong Petrochemical University Technology, Maoming, China. His research interests include Cyber Physical Systems, IoT, connected vehicles, wireless, optical communications and networking, smart grid communications and networking, Network management issues and security issues, big data, cloud computing, and fault diagnosis in industrial infrastructure.
Dr. Shafiullah Khan is currently serving as an Associate Professor in Institute of Computing (IoC), Kohat University of Science and Technology (KUST), Pakistan. His research mainly focuses on wireless broadband network architecture, security, privacy, threats and mitigating techniques.
Dr. Muhammad Altaf Khan is currently serving as an Assistant Professor at Institute of Computing, Kohat University of Science and Technology (KUST), Pakistan. Moreover, he is also performing duties as Graduate-Programs-Coordinator at Institute of Computing, KUST. His main area of research is security in wireless networks.
Dr. Zeeshan Iqbal is currently serving as an Assistant Professor at Institute of Computing, Kohat University of Science and Technology (KUST) Pakistan. His research areas include wireless networks, networks security, internet of things and wireless sensor networks.
A Survey on Authentication Techniques for Wireless Body Area Networks Munir Hussain , Amjad Mehmood , Shafiullah Khan , M. Altaf Khan , Zeeshan Iqbal PII: DOI: Reference:
S1383-7621(19)30462-X https://doi.org/10.1016/j.sysarc.2019.101655 SYSARC 101655
To appear in:
Journal of Systems Architecture
Received date: Revised date: Accepted date:
8 July 2019 26 September 2019 4 October 2019
Please cite this article as: Munir Hussain , Amjad Mehmood , Shafiullah Khan , M. Altaf Khan , Zeeshan Iqbal , A Survey on Authentication Techniques for Wireless Body Area Networks, Journal of Systems Architecture (2019), doi: https://doi.org/10.1016/j.sysarc.2019.101655
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2019 Elsevier B.V. All rights reserved.
1
A Survey on Authentication Techniques for Wireless Body Area Networks Munir Hussain, Amjad Mehmood, Shafiullah Khan, M. Altaf Khan and Zeeshan Iqbal Institute of Computing, Kohat University of Science and Technology, KPK, Pakistan Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected] Abstract: Wireless body area network (WBAN), got the IEEE standard in February 2012, is the most significant and highly focused research area among researchers, academicians, and practitioners; applied to the patient's body for monitoring various physiological parameters and then the sensitive measured data is passed to the concerned medical doctor or server for taking the necessary actions. In order to pass the sensitive data securely, authentication is the first step towards it. The authentication schemes help network to reduce unwanted users and prevent from deceptions effectively since the authentication process identifies the user’s identity that he or she claims to be. In connection to the safe communication, authentication is one of the key aspects. So, it is important to design novel authentication schemes; those offer secure authentication and prevent various security attacks in WBANs. A lot of methods and techniques have been proposed for authentication in WBANs. In this survey paper for improving the authentication process in WBANs, an overview of WBAN and their characteristics, various authentication types and classification of authentication schemes has been done. It further provides a complete comparison of different authentication schemes and highlights their pros, cons, limitations, challenges, performance evaluation and their robustness against different security attacks which open doors of new opportunities. This finally ends with the most significant open issues, future research directions and draw interesting conclusions. Keywords: Authentication; Biometric; Security; Wireless Body Area Network; Smart Card;
1. INTRODUCTION Recent advancement in information and communication technologies (ICTs) makes it possible for people of different ages to utilize this technology for look after their health etc. Today many people can enjoy benefits of cloud computing, the Internet of things (IoT) and big data [1] and now there is no need to go to hospital and other medical centers for their routine medical check-up. People can utilize suitable e-health services everywhere in world at anytime because of the rapid development in WBAN. WBAN is just a part of wireless sensor networks (WSNs) and it connects services like hospitals and medical centers etc by mean of the internet. WBANs are consisting of several small size and low power implanted and wearable sensors for sensing crucial signs of the human body. Every sensor of WBAN is designed with biosensors such blood pressure (BP), motion, thermometer, electroencephalography (EEG), electromyography (EMG) and electrocardiogram (ECG) etc. Sensors are also designed with Wi-Fi and Bluetooth technologies etc. for communicating with each other and with central device or sink node. Although WBANs are offering many advantages to us but they are still facing a lot of technical issues like small power transceivers, power source miniaturization, secure data transfer, biocompatibility, high quality of service and less communication delay. All these issues need to be considered when designing new authentication schemes for WBANs [2]. Sensors attached to the patient body collect different physiological parameters and passed them to a central device on the body known as local processing unit (LPU). Here LPU can be a smartphone, PDA and any other portable device capable of processing and storing information. This central device on the body acts as a router between sensor nodes and health-care central server and LPU forwards all collected information to server through wireless communication technologies like mobile network, 3G/CDMA/GPRS. Information collected by biomedical sensors are passed to sink node/LPU then from LPU information are passed to the medical service providers in order to diagnose a disease and takes necessary steps towards patient treatment. This new technology is not only helpful in monitoring and improving health of people of all ages but this is also more appropriate for elder and disabled people etc surveillance. Moreover, it can improve people or
2 patient life by regularly observing and investigating the crucial signs such as blood pressure, blood sugar level testing and heart-beat rate etc of people in order to avoid unpleasant health issues. Security, privacy and authentication are the most critical and challenging issues in WBANs [3]. Security is a key imperative aspect in the development of a WBAN system because the communication in WBANs is mostly wirelessly. So it is required to secure sensitive biomedical data and node communication and any security breaches (e.g. improper/unauthorized change of drug dosage, treatment procedures or emergency response) could be of adverse effect or result in the death of the host. Data privacy is also important issue in WBANs. Patients do not want their personal data to be misused and WBAN should provide the privacy of the wireless communication channels to prevent eavesdropping. WBANs should not leak patient’s vital information to external or neighboring networks. Authentication is also important issue because it helps network to reduce unwanted users and prevents various security attacks in WBANs. IoT-based healthcare applications, sensor nodes collect and forward sensitive data to a coordinator. An adversary can eavesdrop on the communication, and can overhear critical information. This eavesdropping may cause severe damage to the patient since the adversary can use the acquired data for many illegal purposes. Although WBAN is a subset of WSN but still it has the following few dissimilarities as compare to WSN [4]. Deployment: Number of sensor nodes are deployed inside or around the human body in WBAN for different health applications, while in WSN sensor nodes are sometimes installed in harsh environment where they cannot be easily accessible. Density: WBANs are not node-dense i.e. these have low node density; on the other hand WSNs have high node density. Data Rate: Data rate in WBANs are more stable due to their period manner and in WSNs nodes are most installed for event-based applications where events occur at uneven periods. Mobility: Sensor nodes in WBANs have some sort of mobility while in WSN they are generally considered stationary. Latency: Charging and replacement of sensor nodes batteries in WBANs are easily done while in WSN nodes are mostly deployed in harsh or inaccessible environment, so it is not possible or sometimes very difficult to recharge or replace nodes batteries. It is very important for WSN to save as much as battery power for maximize battery life time. Various kinds of sensor nodes are used to collect various body characteristics for maintaining their healthy life style. The following are some characteristics of WBANs are [5]: Typically, WBANs are using star topology and all sensors forward information to LPU. Sensors are resources constrained as they have limited battery power, computation power and memory. LPU has more resources than normal sensors. Generally, short distance communication about 3 meters between sensors and LPU. For long distance communication between LPU and main Server, it uses different Internet technologies like UMTS Base Station (BS), CDMA BS, GPRS BS and Satellite etc. Data speed varies from 10 kilo bit per second to 10 Mega bit per second. Sensors inside or around the body also have their own communication capability. WBAN sensors detect and collect different biomedical data and finally pass it to the desired destination. Security mechanisms must be designed in a way to minimize overall sensor nodes calculations i.e. support authentication and encryption processes with minimal overhead. To design a proper secure and mutual authentication system for WBAN is one of the big challenge tasks as compare to tradition networks. An ideal system for a WBAN needs to achieve the following performances [6]. Usability: Generally, users are unable or unskilled to fully understand the WBAN devices operations, so it will be difficult for them to understand complex types of operations. So, it is important to design a security or other mutual authentication systems in a simple way that can be easily understandable and executable by the users. Complicated systems and operations may direct users to wrong configuration on the devices and may face a lot of problems in operating. So there is possibility that he/she might get bore from these devices and throw away in the dust bin. Efficiency: It is enormously difficult for sensor nodes in WBAN to perform complex and energy consuming cryptographic operations because these nodes are small in sizes and also have other limitations like limited battery power, computational power and limited memory. So, it is important that the designing of security and mutual authentication system must be lightweight in order to minimize energy consumption and reduce communication overheads.
3 Scalability: Scalability is another big challenging issue for WBAN for example let us looks at the device compatibility issue; it is not possible for all devices to run one common mutual authentication system or cryptographic material. Also, users are always in motion and nodes can join and leave the WBAN network on the regular basis, so cumbersome security and mutual authentication operations are inappropriate for WBAN. Now, it is important to avoid too much depending on previous security and mutual authentication systems when designing new security and mutual authentication system for WBAN. Motivation and related work: WBANS are an important research area and continuously researched from last few years. For this motive, a lot of survey and overview papers have been collected research on various topics in this field. They include: [4-7], [15], [25], [30], [44], [69] and [72]. The survey paper proposed in [50] is closely related to our work. Fig. 1, presents some exiting related work classification and it is concluded that in recent time, a secure authentication in WBAN topic is more focused by many surveys because authentication is the most important and initial step towards secure communication. The work proposed by W. Meng et al. [50] is limited to discuss the perspective of biometric approaches utilized on mobile phones. The second section of the proposed survey discussed the expansion of biometric authentication methods incorporating physiological and behavioral methods on smartphone and examining their viability of employment on touch mobile phones. The third section described topics such as generic biometric authentication structure on mobile phones, identifying eight potential attacks for mobile phones, discussed adversarial procedures and practical attacks and finally discussed potential countermeasures only on mobile phones. Fourth section of the survey paper introduced framework for establishing a secure biometric user authentication system on mobile phones. Finally, the fifth section has discussed some challenges and future research directions in this field. Our Goals: Our survey paper covers a lot of material related to authentication in WBANs in great detail those might be helpful for readers and new researchers in this specialized field. The key contributions of our work are discussing well-known applications of WBAN, characteristics of WBANs, list of security requirements, classification of security schemes, different authentication types, detail overview of different well-known authentication protocols, classification of authentication schemes based on non-biometric and biometric features, classification of authentication schemes into machine based learning and game theory based authentication schemes and finally, we give some important future research directions those are very crucial need to be researched in near future. The rest of paper is organized as follows: Section-2 of the paper discusses WBAN applications and security requirements. Section-3 describes various authentication types and protocols. Section-4 gives an overview of classification of the authentication schemes. Section-5 discusses authentication based on advanced methodologies. Section-6 gives a summary of the entire survey paper. Finally Section-7 concludes the paper and mentions future research directions. Related Surveys
2014
S. Pathania et al. [4]
2015
P. Niksaz et al. [5]
2016
S.G. Yoo
et al. [30]
2017
2018
S. Zou
et al. [6]
et al. [44]
S.S. Tote
N. Masdari et al. [15]
W. Meng et al. [50]
P. Kumar et al. [25]
A.K. Sharma et al. [69]
J.P. Singh et al. [72]
Fig. 1: Classification of related surveys
M. I. Angel et al. [7]
4
2. WBAN APPLICATIONS AND SECURITY REQUIREMENTS WBANs are playing important role in our lives due to their promising characteristics. This section is the vital section of the proposed paper for understanding the role of WBANs in our lives. Here, in the section various WBAN applications, various security requirements and their importance in WBAN have been discussed. Alongside these topics, we have also given the overview of the classification of the WBAN security schemes.
2.1 WBAN Applications Different types of sensors are used in WBAN for measuring different physiological parameters of the human body e.g. glucose level checking sensor can be used to maintain the glucose level of the human body and if the glucose level is high then insulin can be injected into body automatically. Similar other sensors like ECG, BP, EMG and EEG etc can be used to measure other physiological parameters of the human body. The following are some applications of WBAN [7]. 2.1.1. WBAN working as a Virtual Doctor WBAN can act as virtual doctor because it can provide different healthcare services to the humans having abnormalities like high/low blood pressure, cardiovascular infections, diabetes and cancer etc. In WBAN all information about patients are kept in the main server of the network which provides valuable information about the patient past history and present situation. In case of any health issue, it can provide valuable suggestions at anytime and in case of emergency, it can also inform the concern doctor, nurse, hospital and patient family member. 2.1.2. E-Healthcare monitoring systems for Homely Elders This application of WBAN monitors elder people who are living separately for any uncertain health situation. A ZigBee-WSN intelligent system for home monitoring is specially designed for the monitoring of old people health issues in the home environment. Different types of MEMS sensors are used for elder people to observe any irregularity activities during walking, sleeping, eating and bathing or at any moment of their life. In the case of any abnormality happens, it informs straight away the concerned emergency service to deal with the occurring issue. 2.1.3. WBANs used as death Intimation Device This WBAN application is generally designed for unfit elder people e.g. for paralyzed or immobile people. Recently, many people in different countries prefer to live separately and therefore, it is important in the case of death to immediately inform the right authority in order to avoid unpleasant situation. In this type of application, TinyOS based MEMS sensors are utilized for this kind of application to measure body parameters like pulse-rate or heart-beat etc. and forwards collected information to main server through cellular network on regular basis and in the case of death, it generates immediate alters and inform the concerned authority. 2.1.4. Cloud-based Healthcare Systems Cloud computing is one of the leading technology for various applications. WBANs based healthcare schemes are developed on cloud-based computing with great impact on society and today this cloud-based healthcare concept has turned out to be extremely promising technology to look after human fitness level. 2.2. Security Requirements WBANs need to have all essential security methods which help to prevent, detect, and respond to different security attacks immediately. This section presents major security requirements by Fig. 2, those are important in order to maintain network reliability and secure infrastructure-less environment. They are mainly [8,9]: 2.2.1. Authentication As we know in WBANs, an adversary can easily inject malicious information. So when data arrives at the receiver end, it is important for it to know exactly which node sent the data? Therefore, there should be some mechanism that authenticates the message and for this particular purpose, communication networks use Message Authentication Code (MAC). 2.2.2. Integrity
5 Integrity is maintaining data consistency and it is equally important as authentication. It is vital to detect the adversary that has altered or changed the messages otherwise this adversary can cause catastrophes in these networks. Fortunately; data integrity can be achieved with authentication without any extra mechanisms required.
2.2.3. Confidentiality Data confidentiality is protecting information from disclosure to un-authorize persons and can be easily achieved by encryption. The data confidentiality is compromised normally by privacy attacks. 2.2.4. Availability There should be mechanisms that guarantee the network services are available all the time. Specially, in ad-hoc networks, we need appropriate security methods to provide the availability of service all the time; otherwise, their service performances and availability could be easily compromised. Suppose, a signal jamming attack at physical and MAC layers could dangerously hamper the communication or even it can bring down the entire physical channels. A malicious device may also dislocate routing services, which can cause the network partition. 2.2.5. Freshness Freshness ensures that data is recent and not replayed by an adversary. There are two types of freshness; weak and strong freshness. Weak freshness provides partial message ordering, but there is no information on the delay, while strong freshness provides total message ordering and allows for delay estimation. Strong freshness is useful for time synchronization in a network [10]. As sensor networks are vulnerable to reply attacks, therefore at minimum, weak freshness is needed. 2.2.6. Non-Repudiation It guarantees that senders and receivers could never deny of sending and receiving of the data or information, which they have sent and received. 2.2.7. Secure Localization Many WBANs services need the correct estimation of the network node location. Lack of smart tracking system permits an attacker to forward untruthful details regarding the node location by reporting wrong signal strength. 2.2.8. Anonymity Here anonymity means un-traceability and it is difficult for an attacker to know exactly the conversation originate that is either two conversations are originated from same patient or two different patients. It means that anonymity hides the source of data and can make possible confidentiality. Authentication
Integrity
Confidentiality
Availability
Freshness
Non-Repudiation
Secure Location
Anonymity
Fig. 2: Various security requirements
2.3. Security Concerns Security is vital issue in WBANs and their proper management is awfully essential, otherwise, important secrete information would be corrupted or might be mixed with other users data through various security attacks, sometimes that may be resulted in patient death. Due to WBANs ad-hoc and wirelessly communication nature among different entities create more security issues than traditional wired connected
6 networks. In these networks, it is easy for attackers to gain access to the secret information; they can read secret information, add malicious information and delete important information etc. A number of active and passive threats are possible i.e. include signal jamming, eavesdropping, impersonation and DoS attacks etc. Information security is one of the big concerns in WBANs. Recent development in security area is not with equal pace as compare to the growing use of wireless technology. Each day a new security threat comes in existence to the already available wireless standards. WBANs security is the avoidance of unauthorized access to network resources. Security of WBANs is equally important for both patients and doctors or hospital services etc. in order to maintain their data/information confidentiality. Today WBANs have many security problems, an eavesdropper can easily enter into the wireless network due to the radio waves spreading in the whole coverage area and even now it is possible for wireless technology to break into wired networks in order to utilize their different resources e.g. an attacker can hack a server and steal confidential information or can perform some other illegal tasks. There is also chance that an attacker may read wirelessly exchanging information by using sniffers etc. So therefore, it is important for WBANs to identify efficient wireless security techniques that limit the unauthorized access to important network resources.
2.4. Classification of the WBAN Security Schemes Recently, various security schemes are used for WBANs as shown by Fig. 3, in order to protect networks against various security threats. Some of the well-known are the following: 2.4.1. Intrusion Detection System (IDS) Recently, this is one of the best security scheme used in WBANs to fight against various violations of the security strategy at different levels. An IDS deals with monitoring system activities and detect defective, offensive or abnormal and other malicious activities in the WBANs [11]. When any malicious activity is detected, a response is commenced in order to evade harm to the network. Although, other security methods like authentication and encryption are used to minimize malicious activities in the network but none of them can fully eliminate them. Most common types of IDS are Misuse-based Intrusion Detection (MID), Anomalybased Intrusion Detection (AID) and Specification-based Intrusion Detection (SID). Misuse-based Intrusion Detection (MID) In this type of intrusion detection, different methods are used to make comparison between observed system behaviors and existing stored known threats signatures in order to detect malicious activities. This approach is also known as signature based approach [12]. Anomaly-based Intrusion Detection (AID) AID is used to detect users behaviors and system activities. At the initial stage, it produces users, servers and entire network connection profiles by utilizing the well-known normal behaviors. This detection mechanism works on the basis that if new data is different from previously stored data of users and system profiles then the alarm is generated [13]. Specification-based Intrusion Detection (SID) SID uses the method that knows the state of the protocol that is why it is also known as Stateful Protocol Analysis (SPA). Specification is actually a set of regulations and thresholds described for expected behavior of the network components such as nodes, routing table and protocols. SID mechanism would discover intrusion whenever observed detected network behavior is different from the specified behavior for it. This intrusion detection method is unlike the MID where comparison is made only between observed behavior and existing stored behavior, however in SID method of intrusion detection deep understanding of how applications and protocols will work together [14].
2.4.2. Key Management Scheme This scheme permits us to create different keys for data encryption purpose in order to keep data or communication secure from unauthorized users. A well-established key management scheme is very important for the security of a cryptosystem. Key management schemes can be further divided into nonbiometric and biometric key management schemes [15]. Non-biometric Key Management Scheme
7 Non-Biometric key management schemes are not based on the people physiological or behavioral characteristics. These key management schemes depend on mutual shared numerical key among sensor nodes. Since WBANs sensor nodes are resource constraints, therefore, it is expensive to use complex type of encryption schemes. New security systems need to be designed with key management schemes those reduce overheads at WBAN sensor nodes. Non-Biometric key management scheme can be further sub-divided into cryptography-based, channel-based and clock-based key management schemes. Cryptography-based Scheme It is further sub-divided into Symmetric-based, Asymmetric-based and Hash function-based schemes. Symmetric-based key management scheme is also known private key scheme because it only uses one common private key for cryptography purposes and can be further sub-divided into AES, DES and IJS based Schemes. Where asymmetric-based key management scheme uses pair of keys for maintaining security among nodes that is one private key and other is public key which will be known to all involved nodes in the network. This can further sub-divided into ECC, ECDH, ECDSA, RSA and IBE based Schemes. Hash Function-based key management scheme can be sub-divided into MD5, SHA, MAC and HMAC based schemes. Channel-based Scheme Channel-based scheme uses the signal strength for authentication purpose and here received signal strength deviations are used to make difference among the legitimate nodes and attacker nodes [6]. Clock-based Scheme Clock-based scheme uses clock frequency of a device is applied as dynamic and distinctive data achieved every time under the authority of sink and a pair of key is produced between two devices via sharing particular clock frequency in a secure environment [16]. Biometric Key Management Scheme This key management scheme is based on the people physiological or behavioral characteristics and every person has their own unique physiological and behavioral characteristics [7]. This scheme can be further divided into ECG or EKG and hybrid based schemes. Hybrid based scheme can be sub-divided into: (i) Fingerprint, Iris scan, and ECG based schemes. (ii) HRV and ECG based schemes. (iii) Photoplethysmograph (PPG) and ECG based schemes. Fingerprint-based Scheme Fingerprint scanning method is functioning with human finger images or vascular patterns templates stored in digital form. Fingerprint identification is also known as dactyloscopy and in this type of identification, a new scan or extract fingerprint template is compared with existing stored fingerprint templates in order to validate a user because every individual finger or palm print is vary from one another [17]. Iris-based Scheme Iris-based authentication method utilizes mathematical and statistical based algorithms allow identification on iris images of one or both eyes of an individual. It is important to note that every individuals or even identical twins do not have unique iris images. ECG-based Scheme ECG based schemes work on the recording of the electrical activity of a heart and it is a suitable choice for WBANs because ECG signals are easily collected and hard to copy by other people as compare to simple passwords. It is more secure because it requires a user to be available at the time of authentication process [18]. HRV-based Scheme Heart Rate Variability (HRV) schemes are based on physiological phenomenon of difference in the time interval between consecutive heartbeats [19]. An autonomic nervous system (ANS) is a part of nervous system that controls the uneven behavior of heartbeat. The ANS is further divided into two sub-parts, the first one is called sympathetic and second one is called parasympathetic also called the fight-or-flight system and relaxation response. Sympathetic behaviors may be resulted in heat rate increasing while parasympathetic behaviors are opposite and they may be resulted in decreasing heart rate. PPG-based Scheme PPG is short for photoplethysmograph and it may be utilized as a substitute to ECG. It is a quite simple non-persistent and inexpensive optical procedure that could be utilized to identify blood level transforms in the micro vascular cot of tissue. The PPG signals can be used in variety of medical devices for many different reasons for example it can be used for measuring oxygen saturation. Besides measuring oxygen saturation, it can be used to measure blood pressure and cardiac output, and detecting peripheral vascular
8 disease etc [20]. PPG signals have many advantages, therefore, recently PPG signals are using as biometric identifier for human authentication. PPG signals can be collected via placing sensor devices on the ear or finger and utilizing light to illuminate the body and observed transforms in light absorption as blood circulate in the body. MID Based Scheme AID Based Scheme
Intrusion Detection System (IDS)
Digital Signature Scheme
Security Schemes use in WBAN
Digital Certificate Scheme Key Management Schemes
Direct Reputation Based Scheme Reputation- based Scheme
InDirect Reputation Based Scheme Biometric Key Management
Non-Biometric Key Management
Cryptography Based Scheme
SID Based Scheme
Clock-based Scheme
ECG or EKG based Scheme Hybrid Schemes
Channel-based Scheme Fingerprint, Iris scan & ECG based schemes
HRV & ECG based schemes
PPG & ECG based schemes
Fig. 3: Various security schemes
2.4.3. Digital Signature Scheme Digital signature scheme is a mathematical technique used in the world of network security by using hash function over the message/data in order to provide integrity, non-repudiation and authenticity [21]. This technique generally utilizes public key cryptography to manage the network security. Whenever, a node wants to send message to other node, at the initial stag original message is hashed with hash function to produce message digest, the digest message is then signed with the help of private key and forwards towards the destination. Due to the private key, it is impossible for intermediate nodes to read or alter the original message. Once the message is received at the other end, first signature is verified with the help of public key and if it is valid then hash function is applied on the message digest in order to extract original message, otherwise, it will be considered an attack. 2.4.4. Digital Certificate Scheme This scheme utilizes public key infrastructure to manage digital certificate. Digital certificate is a kind of electronic file issued by a Certification Authority (CA) and this electronic file is commonly consisting of public key and private information of the certificate owner. The most common information belong to a certificate are the expiration date, public key, the subject identifier and issuer identifier. A digital certificate is signed by CA private key and it is used for identifying resources and people over the network in order to enable confidential and secure communication between two nodes by using encryption [22]. The main function of CA is to authenticate the certificate holder identity and sign the digital certificate so that it could not be interfered or tempered with. Once the CA provides a signed digital certificate to a person then he/she can use on the network to obtain different services and prove his/her identity for establishing secure and confidential communication. It is expensive for WBANs due to sensor nodes constraints to use public keys accompanied by digital certificates [23].
9
2.4.5. Reputation-based Schemes Reputation-based schemes can be used to find the node reliability by considering their reputation. The reputation of a network node is calculated and denoted by a numeric value relied on the node past observations about their behavior. This scheme can be further divided into whether it uses indirect or direct recommendations [24]. Direct Recommendation Scheme This scheme is based on local observation and it does not require collaboration with other nodes for deciding whether other node is reliable or not. In Indirect Recommendation Scheme In indirect recommendation scheme, node observation not only depends on the local observations but also cooperate with other nodes in order to find the node is reliable or not.
3. AUTHENTICATION IN WBAN Authentication process is very crucial aspect for both achieving data integrity and confidentiality. Generally, three ways of authentication are used for authentication in the field of networking [25]. One-way Authentication Process This is one-side authentication process, a single authentication message is passed from sender to the receiver node and there is no acknowledgement message from the receiver end, it only stored the sender identity.
Two-way/mutual Authentication Process The two-way or mutual authentication process is actually three way handshake process in which sender forwards a challenge to the receiver node, once the receiver receive the challenge from the sender, it is solved by the receiver and response is sent back to the sender and in the final step, after receiving the challenge solution value from the receiver, the sender starts comparison of their calculated value with receiving challenge solution value. If both are matched then mutual authentication process is successful, otherwise, the authentication process is unsuccessful. Three-way Authentication Process This authentication process is a bit different from the above authentication processes because here the authentication process is based on the third party. Before the communication, a sender will forward request to third party for communicate with the second party (receiver), once the third party received the request from the sender then it will forward require authentication process parameters to both parties ( sender and receiver). Here the sender and receiver authenticate each other on the basis of third party authentication parameters and this three-way authentication process is utilized in the situations when the nodes clocks are incapable to synchronize. Why authentication is important? Authentication is a procedure which compares user provided credentials with already stored credentials of the user and if the result is yes (matched) then authorization to that particular user is granted to use various resources, otherwise it will not. For example, online banking authentication system decides whether the particular user enters into the system allows to transfer money or pay utility bills etc and if the user provided credentials are matched with the stored credentials on the bank server then that particular user is allowed to transfer money or pay their utilities bills, otherwise, request for transferring money and paying bills would be discard. Now suppose if there was no proper authentication system at the bank then there are enormous chances of fraud etc. Since WBANs nodes are typically resource-constraint that is a node has limited battery power, memory and computation power [1], so developing a good authentication scheme is a challenging task because traditional network cryptography techniques are expensive in term of memory, battery and computational utilization and almost impossible to be used for WBANs. Due to the limited resources and wireless communication, WBANs are suffering from many issues and there are a lot of issues still open for research. Among these issues, authentication is one of the major issues and it is a very important service that must be established among various devices in the network to ensure the originality and integrity of different messages share among devices. The authentication process is very important for WBANs, otherwise, without any authentication system in the network would guide towards misuse of services and resources e.g. the patients’ data originality and integrity are important for their treatment diagnosis otherwise, it may lead to a serious issue.
3.1. Authentication Types
10 User authentication is a critical issue in the field of WBAN and without proper authentication mechanism, it is not possible to identify legitimate user. It is important to have a proper authentication mechanism that might offers a high level of security and privacy of the network. Authentication can be described as a procedure in which a user uses his/her credentials to prove their identity and legitimacy. Today authentication plays very important role in our life and we use almost everywhere for example today we use authentication process to unlock our smartphones or laptop or unlock house doors etc. Without having proper authentication mechanism, it may lead to fraud and malicious activities, suppose if we do not use password or fingerprint authentication etc on the smartphone then there is strong possibility that unknown person may get access to our valuable data in the case of the smartphone lost or stolen. Similarly, the authentication process is very important in WBAN because sensitive information are exchanged among different parties and any lapse in authentication process may lead to person death. The following notations are used in this section for denoting different attacks and other features. Attacks: A1: User impersonation, A2: Man-in-the-middle, A3: Offline dictionary, A4: Privileged-insider, A5: Password guessing, A6: Illegal logged-in user using legal identity, A7: Sensor-node impersonation, A8: Stolen smart card, A9: Data leakage vulnerability, A10: Replay, A11: Denial-of-service, A12: Online or Stolen-verifier, A13: Offline password guessing, A14: Forgery, A15: Many logged-in users with the same login-ID, A16: Resilience against node capture, A17: Masquerade, A18: Smart card breach attack, A19: Service misuse, A20: Online password guessing, A21: Data disclosure, A22: Password disclosure, A23: Stolen verifier table, A24: Session key disclosure, A25: Server Impersonation, A26: Stolen verifier and modification, A27: Fake sink/sensor, A28: Plain-text Other Features: F1: Mutual authentication or authenticity, F2: User anonymity, F3: User untracability, F4: No Verification table, F5: Secure session key establishment/agreement, F6: Forward secrecy, F7: Security, F8: Privacy, F9: Efficient login-phase, F10: Local password verification, F11: user-friendliness, F12: Biometric template privacy, F13: Wrong password detection, F14: Group key secrecy, F15: Session key secrecy, F16: Nonreputation, F17: Key escrow resilience The following are the most common types of authentication used in the WBANs.
3.1.1. Password Based Authentication The password based authentication is the simplest type of authentication and can be easily managed by all entities of the network. This process of authentication is using from long time because its all operations are simple and can be easily implemented. J. Zhang et al. [26] proposed an improved protocol for the password authenticate association of IEEE 802.15.6 based on set up a novel master key between two parties based on a pre-sharing short password to authenticate each other. This protocol is somehow good as it decreases the computational cost at the sensor nodes side of the network because more computations are carried out at the hub node. The proposed protocol is safe against impersonation, man-in-the-middle, offline-dictionary and forward secrecy types of attacks. Demerits of this protocol are using insecure links for sharing different keys, public and secrete key are reused many times, password must be secretly pre-shared in a secure way and finally it slow down the communication process due to the message size is increased because of ECC technique is used. F. Wei et al. [1] have introduced a secure password based anonymous authentication scheme for WBANs using lowentropy password and for security proof they have used most widely used random oracle model (ROM). The proposed authentication scheme provides mutual authentication, client anonymity, user untractability, no verification table, session key establishment, forward security and attack resistance. Storage and Computation costs are lowest as compare to other related scheme described in the paper, which makes it more suitable for resource-constrained sensor nodes. However, according to the proposed scheme authors their scheme has more communication cost which makes the bandwidth of the proposed scheme less efficient as compare to other related schemes described in the paper because the proposed scheme requires 3 rounds for authentication between user/client and AP requires the help of Network Manager (NM). M.K. Khan et al. [27] presented an improved user authentication protocol for WBAN using only one shared secrete key between gateway node and other sensor nodes, in this protocol a password is entered into a gateway node through the secure channel during the user registration phase then it is utilized during the login phase to gateway node to access patient medical data. It provides user anonymity, secure session key and mutual authentication between entities. Also it is safe against various attacks like insider, user impersonation, password guessing, illegal logged-in users using legal identity and sensor-node impersonation. However according to J. Nam et al. [28], this protocol is suffering from user anonymity problem, forward secrecy and
11 resistance to stolen smart card attacks. Also computation consumption is higher as compare to protocol proposed in [28] and extra memory is needed by smart card as compare to previous protocols. Similarly, S. Shin et al. [29] introduced an authentication scheme for health services which could be utilized as a basic security building block for WBANs applications and this scheme is very similar to M.K. Khan et al. [27] scheme using the password based authentication during the login phase and this protocol is safe against password guessing attack, provides user anonymity, forward secrecy and secure session key among different entities involved in the communication. However according to S.G. Yoo et al. [30], this scheme is still suffering from various attacks like data leakage, vulnerability, password guessing attacks and managing insecure gateway key and secrete key of gateway problem. S. Chatterjee et al. [31] presented a novel user access control system for wireless body area sensor networks (WBASNS) based on asymmetric (public) key based cryptography and guarantee that only authentic users could access the information. This is offering group-based user and password based authentication depends on the access privileges for the authentic WBAN users. Also, this scheme offers to change user password locally facility without requiring the assist from the medical server. It provides security, mutual authentication among users, base stations (BS) and sensor nodes and resists against DoS, privileged-insider smart card breach and man-in-the-middle attacks. However, according to A.K. Das et al. [32], this system has flaws in formal security analysis. C. Li et al. [33] proposed a chaotic maps and smart card based password-based mutual authentication system for medical area is based on the small modification on Lee’s protocol in order to remove flaws associated with it. In the proposed work authors have studied Lee’s and Jiang et al.’s authentication protocols and found that their protocols are suffering from security issue e.g. a registered users confidential information might be deliberately uncovered to non-registered users which can be caused in service misuse attack. This new proposed mutual authentication system inherits good points of both Lee’s and Jiang et al.’s protocols and provides user anonymity, mutual authentication and ideal forward secrecy. Also it is safe against insider, manin-the-middle and smart card stolen attacks. Although it has less computation cost as compare to other protocols but according to G. Gao et al. [34], it suffers from efficient password change phase and session key verification issues. The main characteristics of related password based authentication schemes discussed in this section are represented in table 1. User Login Request 1b User Enter IDU , PSW U
2b
Main Server
3b 4b. IDU , PSWU
Terminate Session
No
1a 2a Validate IDU, PSWU Format
If User Enter Details Match Stored Yes
New User Registration Enter IDU , PSW U
4b. IDU , PSW U
Authentication Process Successful
No
Try Again
Yes IDU , PSW U
Fig. 4: Password based authentication The complete process of password based authentication can be divided into two main phases: Registration Phase: During this phase, a new user is register with main server by forwarding their identity alongside password. The main server validates the identity and password format; if the format is matched then registration process is completed, otherwise, ignore the request or display the try again message. Authentication Phase: The following steps are occurred during the authentication phase.
12 Step 1: User forwards login request to main server. Step 2: Main server provides interface to user for entering ID and Password. Step 3: User enter their ID and Password and forwards to main server. Step 4: After receiving patient ID and Password at main server, now it is validated by comparing against stored User ID and password. If both are matched then the authentication process is completed, otherwise, terminate the session as shown in the Fig4.
Table 1: Characteristics of password based authentication schemes Name of Scheme
Methodology
Advantages
Disadvantages
Usage Area
Our Remarks
Ref [26]
Diffie-Hellman key exchange method using ECC Elliptic curve Diffie-Hellman protocol SHA-256 hash algorithm
Resists against A1, A2 and A3. Also provides F.
Using Insecure Links. Public and secrete keys are reused many times. Password must be secretly preshared. Message size is increased due to ECC technique. It has not used any simulation tool for implementation.
WBAN
Everything is shared in plaintext format and if pre-shared password of a node is known by third party then it is easy for them to lunch different type of attacks. It can resist attacks like A1, A2 and A3. Finally, it is suitable for providing forward secrecy.
Ref [1]
Using ROM under
Provides F1, F2, F3, F4, F5
Communication cost is more as
WBANs
Although the storage and computation costs are low which suits sensor networks but it has more communication cost which makes the bandwidth of the scheme less efficient.
WMSNs
Proposed protocol does not provide F6, which is very important for key agreements based schemes. Although it has more security and other features but it is only using one shared secrete session key between gateway and other nodes. If one of the sensor nodes is compromised then the security of the entire network is lost. It is not secure and can be used as an elementary security building block for healthcare applications. It is using discrete logarithm problem for computing session keys. However, it has not explained the session key creation process in details. It is comparatively offering more security and other features. The prevention of users of lower level to access the resources of next level makes it even more secure.
Ref [27]
the DDH (Decisional Diffie– Hellman) & qstrong DiffieHellman (q-SDH) Game Theory Symmetric cryptography Smart card Using key agreement methods of E. C. Chen et al. & Z. L. Ping et al.
and F6. Storage. Computation costs are low.
Resists against A4, A1,
A5, A6 and A7. Providing F2, F5 and F1.
Ref [29]
Cryptography Hash function Combination of
Resists against A5. Provides F2, F6 and F5
among different entities.
smart card & password
Ref [31]
Using an ECC
based public key cryptosystem Game theory AVISPA tool HLPSL & SHA-2
Provides F5 and F1
between sensor nodes and BS or user. Resists against A12, A15, A16, A17, A10, A4, A18 and A11.
compare to other related schemes. Using public key. Implementation has not been done through any simulation tool. It is suffering from F2, F6 and A8 [28]. Also the computation cost is higher as compare to [28]. Extra memory space is required by SC as compare to previous protocol. Only one secrete key is shared between gateway node and other sensor nodes. It has not used any simulation tool for implementation. This protocol suffers from A9, A5, A10 and manages insecure keys Kg and Kgs [30]. Implementation has not been done through any simulation tool. It has not explained the session key creation process in details.
It has flaws in formal security
analysis [32]. Communication cost is more than Mahmud et al.’s scheme.
WBANs
WBASN
13 Ref [33]
Chebyshev chaotic Provides F2, F1, F5 and
map Smart card Symmetric key algorithm
F6. Resists against A4, A8, A1, A13, A19 and A11. Also has less computation cost.
It is suffering from efficient
password change phase and session key verification [34]. Implementation has not been done through any simulation tool.
TMIS
Proposed protocol enhances security features by eliminating flaws in Lee’s and Jiang et al. protocols. Despite few positive, it is still facing password change and session key issues.
3.1.2. Smart Card Based Authentication A smart card has electronic chip on it that could be either a secure microcontroller or equilvant intelligence capabilities with some internal storage and it can be used in terminal either has a direct physical connection or wireless to read information. Smart card based authentication is the most popular method for authentication used in the era of modern networks because of their elegant characteristics like computational capability, memory ability and portability etc. [35]. C. Liu et al. [36] proposed a secure user authentication protocol using smart card based authentication scheme for monitoring health conditions and it provides both data security and privacy. It is secure against some well known attacks like replay, impersonation, online or stolen-verifier and online or offline password guessing. However, according to C. Li et al. [37], it is still suffering from password disclosure, replay, sense data disclosure and forgery, stolen smart card and offline password guessing attacks. Also it computation cost is higher. C. Li et al. [37] presented an efficient user authentication and anonymity scheme with provably security for IoT-based medical care system using smart card based authentication during login which eliminates the security weakness associated with Liu-Chung’s scheme known as a bilinear pairing-based password authentication for WBAN. The proposed work has improved secure authentication and data encryption system for medical care area, which could also offer user anonymity and eliminates security attacks like replay and password data discovery attacks. The proposed scheme is lightweight and has very less computation cost as compare to protocol proposed in [36]. D. He et al. [38] have used smart card technology during login and authentication phase for health professional to access patient data and this new protocol is based on an efficient-strong authentication scheme for wireless medical sensor networks (WMSNs) proposed by Kumar et al. The proposed protocol not only provides strong security at very little computational and communication costs but also provides users anonymity, resistance against attacks associated with Kumar et al. protocol like off-line password guessing and privileged insider attacks. It is also safe against other attacks as well like replay, stolen verifier table, stolen smart card, impersonation and man-in-the-middle. However according to X. Li et al. [39], it has no wrong password detection mechanism and suffers from DoS. Also according to A.K. Das et al. [40], it has design issue in password change phase and it suffers from privileged-insider and sensor node capture attacks. It fails to support user anonymity and protect new password. Also According to T. Maitra et al. [41], it is suffering from replay, stolen, session key disclosure and insider attacks. It has also an issue of a single or same secrete key is used for all sensor nodes in the network, so if one of the node is compromised then the entire network security is compromised. The identity of the user is also exposed to an adversary due to same secrete key compromising. S. Qiu et al. [42] introduced a robust mutual authentication scheme based on ECC for Telecare Medical Information System (TMIS) based on Chaudhry et al.’s scheme in order to eliminate different flaws like off-line password guessing, man-in-the-middle and user/server impersonation attacks. Not only this new proposed protocol eliminates flaws associated with Chaudhry et al.’s scheme but also helpful to resist most well-known attacks. The Burrows-Abadi-Needham Logic (BAN-Logic) is used to prove the security of the proposed scheme and it is concluded that it resists against well-known off-line password guessing, privileged insider, user impersonation, server impersonation, replay and man-in-middle attacks. The proposed scheme also provides user anonymity, mutual authentication and perfect forward secrecy. In terms of computational cost efficiency, it is also efficient as compare to related TMIS schemes discussed in the paper. However, according to [43], it suffers from insider attack and has very similar computational cost to the scheme presented in [43] which makes it more efficient in term of computational cost as compare to other related schemes. Similarly, authors in [43] presenting a mutual authentication protocol based on Lee et al. proposed mutual authentication protocol for TMIS is utilizing smart card technology for authentication purpose. The new proposed protocol not only fix different flaws associated with Lee et al. proposed protocol but also provides user anonymity, session key agreement , local password verification, user-friendliness, forward secrecy and
14 mutual authentication. The security of the proposed protocol is proved by most widely used random Oracle model (ROM) and found that it is safe against most well-known attacks like offline password guessing, replay, man-in-the-middle, forgery, stolen verifier and modification, Insider, and smart card loss. Although it achieves more security features than scheme presented in [42] but the computational cost is a little bit higher as compare to scheme proposed in [42]. Also the communication cost is higher compare to other related schemes presented in the proposed paper. The main characteristics of related smart card based authentication schemes discussed in this section are represented in table 2. 1. Request ( IDU , PSW U ) User 2a. (Smartcard, IDU , CID) 3. Store
Key Information System (KIC)
Smartcard, IDU , PSW U , CID
4. Enter ( IDU , PSW U )
IDU , PSW U , CID
2.b Send (IDU , CID)
7. PSWU
Login Rejected No
IDU , CID
If IDU , CID Matched
Card Machine
6 Remote Host
Login Rejected No
Yes
If Enter Password Matched
Yes Login Successful
5. Send( IDU , PWSU , CID)
Fig. 5: Smart Card based authentication In this method of authentication, a smart card is issued to a user when a user join the system for first time by third party known as key information system (KIC). The KIC is a trusted authority that issues a smart card to a user who request for it and also calculates require parameters and secrete information interrelated to the user. This KIC is not liable for user authentication but only issuing a smart card to a new user and handles password changing requests for the registered user. This smart card can be used in specific card terminals with ID and password options to complete authentication process. The smart card based authentication method can be divided into three phases. Registration Phase: In the registration phase, a user enters their request with parameters including user identity IDU and chosen password PSWU to the KIC. In reply KIC issues a smart card to the user along with ID U and CID parameters. At the same time, information like IDU and CID are also forwarded to the remote host. Both remote host and KIC store these information in their storage areas for authentication process etc. Login Phase: In this phase, a user enters their smart card into a card reader (terminal) and uses available options on screen to enter their identity and password. If the entered identity is the same to the one stored on smart card ship then the terminal forwards parameters PSWU, IDU and CID for login request to the remote host. Authentication Phase: In the authentication phase, desire parameters are validated by the remote host for permitting a user to login or not. Once these information are received by the remote host, first it validates IDU and CID against the parameters provided earlier by the KIC. If these parameters are not matched then the request for login is straightaway rejected, otherwise, in the case of both parameters matching, there is still one more check need to be performed of password matching. In the case of entering password matched with KIC stored password then remote host allows successful login, otherwise, the request for login is rejected as shown in the Fig.5.
15
Table 2 Characteristics of smart card based authentication schemes
Name of Scheme Ref [36]
Methodology
Bilinear map
based on ECC Smart card Bilinear Diffie– Hellman problem (BDHP)
Disadvantages
Usage Area
It is still suffering from A5, A10,
WHSNs
A14, A8, A21 and A13 [37]. Its computation cost is also higher [37]. Also does not provide F2, F9 and F5. It has not used any simulation tool for implementation. It requires secure channel during the registration phase. Implementation has not been done through any simulation tool.
Although proposed protocol provides mutual authentication, but unfortunately it suffers from a lot of security attacks and also computation cost is higher.
IoTBased Medical Care System
The proposed protocol is much more secure than Liu–Chung’s protocol because it eliminates various issues associated with Liu-Chung’s protocol and also it supports more features.
WMSNs
This protocol inherits all plus points of Kumar et al. protocol and tries to eliminate flaws associated with it. But unluckily, it is still suffering from many issues. Also it is using single secrete key for entire network nodes, so if one node is compromised then the security of the entire network can be compromised. It eliminates A1, A2 and A13 attacks associated with Chaudhry et al. and Islam et al. protocols. Even though, it is more secure and efficient but it has more computational cost as compare to other schemes and also it suffers from A4 attack. Proposed protocol is based on Lee et al. protocol and eliminates few drawbacks associated with it. Although it is efficient than related protocols but its communication and computational costs are highs.
Advantages
Resists against A1, A10,
A12, A20 and A13. Provides both data F7 and F8. According to [37] it also provides F1.
Ref [37]
ROM under
Ref [38]
elliptic curve Diffie–Hellman problem (ECDHP) Elliptic curve discrete logarithm problem (ECDLP) Bilinear map SC & ECC Symmetric key algorithm Smart card Hash algorithms BAN logic
Resists against A22, A5,
A10, A21, A14, A8 and A13. Supports F9, F2, F1 and F5. Computational cost is less as compare to Yeh et al. and Liu–Chung.
Provides F2 at very low
communication and computational costs. Safe against A5, A10, A23, A8, A4, A13, A1 and A2 attacks.
It has no wrong password
Ref [42]
ECC Smart card Burrows-Abadi
Ref [43]
Needham Logic (BAN-Logic) Fuzzy-verifiers technique ROM Smart card Hash-oracle IFP-Oracle SHA-1 Game theory
Provides F2, F1 and
perfect F6. Safe against A13, A4, A1, A25, A10 and A2 attacks. Efficient in term of computational cost as compare to other schemes. Provides F2, F5, F10, F11, F6 and F1. Safe against A13, A10, A2, A14, A26, A4 and A8 attacks.
detection mechanism and suffers from A11 [39]. It has designed issue in password change phase and also it suffers from A4 and A16 attacks [40]. It fails to support F2 and protect new password. It is suffering from A10, A8, A24 and A4 attacks [41]. It suffers from A4 attack [43]. Also the proposed scheme has more computational as compared to scheme proposed in [43].
Computational cost is slightly
higher than the protocol proposed in [42]. Also communication cost is higher as compare to other related schemes discussed in the proposed paper.
TMIS
TMIS
Our Remarks
3.1.3. Biometric Based Authentication Biometric based authentication system can be defined by physiological and/or behavioral characteristics of human body for their unique identification because every individual has their own unique identifiers and it is not possible for two persons to have same identifiers and people have their own unique fingerprints, voice,
16 hand geometry, earlobe geometry, DNA, retina and iris pattern, signatures and facial [44]. The general rule of biometric based authentication is to determine and compare the physiological signals at both the sender and receiver node of the network. Biometric based authentication system is no doubt more competent authentication system as compare to password and smart card based authentication system or the mixture of both. Here it is not necessary for people to remember passwords for authentication and accessing information. Also it is not a convenient method for people to remember and change passwords time to time for security reasons. This method has an advantage over traditional cryptosystems because it is more secure and also eliminates the issue of pre-distribution of secrete shared keys among entities in WBANs. S. N. Ramlil et al. [45] proposed a scheme known as a biometric-based security for data authentication in WBAN based on biometric based hybrid authentication model in order to secure data exchanging in WBAN and decrease the computational and power expenditure costs. A.K. Das et al. [46] presented a light-weight biometric based user authentication protocol for hierarchical WBANs and enables authorized users to retrieve information from any cluster head. This protocol is using biometric authentication alongside the password authentication to authenticate a user and also according to proposed work, it is more efficient because it uses symmetric key based encryption and decryption mechanism and cryptographic hash function. The proposed scheme supports good mutual authentication mechanism with low computational cost as compare to conventional password based schemes. Security of the protocol is proved under the random oracle models and it stands against well-known attacks like node capture, denial of service, many logged-in users with the same login-id, stolen-verifier, replay, masquerade, smart card breach, man-in-the-middle and privileged-insider attacks. P. Abina et al. [47] proposed biometric scheme is based on securing the ECG information in WBANs prior to communication. In this scheme, all neighbors nodes have to distribute a common key produced through ECG signals. The enhanced ECG-IJS system is introduced to arrange the key agreement for the secure data communication and authentication in WBANs. The proposed key agreement ECG-IJS scheme provides both authenticity and privacy in an energy competent way. The main contributions like ECG-IJS scheme could allocate a key in efficient way in terms of energy, a new hash function supported authentication scheme utilizing ECG signals at both sending and receiving ends and a security analysis framework of WBANs are included in this paper. R. Sudha et al. [48] introduced a novel biometric fusion based trusted anonymous protocol using iris with DNA code to create dynamic multifarious set of signatures for routing request packets authentications. Many of the existing schemes are using RSA for public key generation, however, this protocol or scheme is using Elgamal algorithm and it has a plus point that the same plaintext generates a different cipher text every time it is encrypted. The proposed biometric based protocol provides authenticity, anonymity and security. It has also more throughputs, data packet delivery ratio and reduces end to end average delay. A. Arya et al. [49] presented an advanced version of salam et al. protocol for WBANs based on biometric based mutual authentication scheme between the sink and sensor nodes in order to eliminate plain-text, insider and stolen verifiers attacks associated with previous version. In addition, it also stands against internal, fake sink/sensor and DoS attacks. The proposed protocol is using public key cryptosystem for eliminating fake sink attack which is more resources consuming and hence it is not suitable for recourse constrains sensor networks. In this new version of mutual authentication protocol, the biometric based verification could be accomplished by utilizing fingerprint based verification. The main characteristics of related biometric based authentication schemes discussed in this section are represented in table 3.
17
Enrollment Process
Authentication Process
Start : Biometric Data Acquisition
Terminate Session
Start : Biometric Data Acquisition
No
User Features Extraction
User Features Extraction If Re-enter Template Match Stored Template
Template Generation
Template Generation
Yes
Stored Template
Authentication Process Successful Stop
Fig. 6: Biometric based authentication The following are the most common methods in biometric based authentication system which can be used for user authentication [50]. Fingerprint scans method is working with digital version of human fingers images as every individual finger has their own unique vascular pattern. This system has been in working for last few decades by many government and private organizations for the reliability and unique identification of human. Voice recognition method depends on the voice print that analysis a particular word or sentence of the speaker’s mouth and throat in order to uniquely identified an individual. Facial recognition method works with face structure or numeric codes called face-prints that can recognize about eighty nodal spots on a person face for their unique identification. Retina or iris scans method for individual identification is based on the unique patterns of blood vessels in the retina or color in the iris. The complete process of biometric based authentication can be divided into two main phases known as enrollment and authentication: Enrollment Phase: During this phase, a new user is registered by extracting user biometric features from the user body and a unique biometric based template is created and stored in database. Authentication phase: In this phase, a user biometric feature is extracted from their body, a template is generated and finally the new generated template is compared with already stored templates. If the regenerated template is matched with stored ones then authentication process is successfully completed, otherwise, the request for authentication is rejected as shown in the Fig. 6. Table 3: Characteristics of biometric based authentication schemes Name of Scheme Ref [45]
Methodology
ECG Biometric
Ref [46]
Provides data F1and F7 at
feature Cryptographic hash algorithm
Symmetric key
Advantages
algorithm Cryptographic hash function
low computational complexity and high power efficiency.
Supports good F1
mechanism at low computational cost. Stands against A16, A11,
Disadvantages
No security proof and
results are available. No experiment and comparisons have been done with existing systems. Implementation has not been done through any simulation tool. It does not provide user
Usage Area WBAN
WBAN
Our Remarks It is using ECG feature that provides mutual authentication and security at very low computational complexity with high power efficiency. It is a secure light-weight remote authentication protocol because it stands against many attacks and it is using efficient
18 ROMs AVISPA tool Ref [47]
ECG MIT-BIH
Ref [48]
Ref [49]
Arrhythmia database Cryptographic algorithm SHA-1 or SHA-2 Iris feature DNA coding Symmetric and asymmetric cryptography Digital signature The Onion Routing network Routing algorithm NS2 simulator Fingerprint verification Diffie- Hellman technique Public-key cryptosystems Private (secrete) key cryptography
A15, A12, A10, A17, A18, A2 and A4 attacks.
Provides both F1 and F8 in
an energy competent way. It saves the transmission energy that increases the life time of the battery of senor nodes because it decreases the transmission overheads. Provides F1, F2 and F7. It has a plus point that the same plaintext generates a different cipher text every time it is encrypted.
Provides F1. Safe against A10, A27, A28, A12, A4 and A11.
Fake sink attack can be achieved by employing public-key cryptosystem.
anonymity.
Neighboring nodes share
single common key produced by ECG. If one of the neighbor node gets compromised then entire neighboring nodes are easily compromised. Using Elgamal algorithm for public key generation which might be expensive for sensor nodes.
Using Public key cryptosystem for fake sink elimination which is extremely expensive for resource constrains sensor nodes.
cryptography hash functions and symmetric key algorithm. WBAN
WBAN
WBAN
Although proposed protocol provides F1 and F8 efficiently but neighbors nodes are sharing a common key which might create problems. It saves the battery power of nodes by reduces transmission overhead. Proposed work provides F1, F2 and F7. It also reduces average end to end packet delivery delay ratio and provides high throughput by authorized nodes of the network. Finally, the same plaintext generates a different cipher text whenever it is encrypted which is clearly an advantage. Although proposed scheme eliminates some well-known attacks but it is not suitable for resources-constrained network because it is using public key cryptosystem for fake sink attack elimination.
3.1.4. Multi-Layer Authentication Multi-layer authentication method provides user identification by combining more than one method of authentication. This method of authentication provides more important advantages to a system that utilize them i.e. make the system more secure against various types of security attacks, but these methods are complex and can be varied from domain to domain. For example, bank ATM card can be made more secure by using mutlti-layer authentication i.e. by using password in conjunction with finger print etc for user authentication. In the case of WBAN, at the same time two or more different authentication schemes can be used for authentication purpose for example, a separate system based on key establishment approach can be used for authentication between LPU and sensor nodes and other approach using biometric types of authentication like ECC algorithm can be used for authentication between LPU and application provider (AP). Fig. 7 shows multi-layer authentication process by first entering a simple password and then biometric based authentication scheme for login request to a system. If user entered password matches already stored password then login process will continue to next phase of biometric authentication and in the case of no password matching, the login request will be simply rejected at the initial stage of authentication. Once the password based authentication stage is successful, now the biometric based authentication phase is taken place as: first user biometric feature is extracted and then a template is generated. After the generation of template, it is compared with stored templates and if it matches already stored templates then login to the system is successful; otherwise, it will reject the login request. In order to utilize the resource or system, the multi-layer authentication desires the following three diverse security system layers and layouts: Physical based Security: In this security approach, a user is validated and authenticated based on service card or other kind of physical token. Logical/Knowledge based Security: Recently, this approach is most widely used for a user validation and authentication purposes and it is based on password or PIN which is easily remembered by a user. Biometric based Security: Here a user validation and authentication is based on ECC, retina or iris scan and fingerprints etc.
19 Some of the most recent multi-layer based WBAN authentication schemes are the following. User Enter User PSW U
1
Start : Biometric Data Acquisition
User Features Extraction
8. No
3. No If User Enter Password Match Stored
3. Yes
If Re-enter Template Match Stored Template 7. Stored Template
2. Stored Password
4
Login Rejected
Login Rejected
Store PSW U Template
5 6
Template Generation
8. Yes Login Successfully
Fig. 7: Multi-layer based authentication Q. Jiang et al. [51] have closed look at a dynamic identity based three factors authentication protocol proposed by Islam et al. Although Islam et al. proposed protocol has more advantages over some existing protocols but Q. Jiang et al. argue that Islam et al. scheme is still suffering from password verification during the login issue, impersonation attack, preserve biometric template privacy and off-line password guessing issue in the case of smart card is stolen or lost. To overcome these issues, Q. Jiang et al. presented a more secure protocol known as a robust three factors authentication system using smart card, password and biometric based authentication mechanisms. This proposed protocol provides mutual authentication, user anonymity, user untracability, forward secrecy, security and biometric template privacy at low computational cost. This is also safe against various attacks like privileged-insider, stolen verifier, offline password guessing, online password guessing, replay, modification, user impersonation, server impersonation, man-in-the-middle and DoS. X. Li et al. [39] have introduced an enhanced authentication scheme to resolve the privacy and security concerns in WMSNs. The proposed scheme is based on He et al. scheme in order to eliminate different flaws associated with the He et al. scheme at the low computation and communication costs. This new protocol is based on smart card, password and biometric based authentication methods and it has enhanced the security by having proper wrong password detection method which sometimes caused unnecessary communication and computations costs in the He et al. scheme. It provides security features like mutual authentication, user anonymity, session key establishment and user-friendliness. Also resists against well known attacks such as privileged-Insider, stolen verifier, identity and password guessing, replay, stolen smart card, DoS and forgery. D. Das et al. [52] proposed In-field remote fingerprint authentication system utilizing human body communication (HBC) and on-hub analytics is based conventional password and fingerprint mechanisms in order to provide strong security of critical information exchange among different entities of WBAN and also it provides optimal solution for resource distribution at minimum energy consumption cost. The proposed authentication system is utilizing HBC for on-body communication alongside template extraction (TE) algorithm on the hub device which increases the battery life of the sensor devices. A.K. Das et al. [40] proposed a secure anonymous user authentication protocol for WMSNs is using smart card technology alongside password and biometric based user authentication mechanisms for secure authentication. This work is compared with the He et al. and Li et al. protocols for WBANs and found that this proposed protocol is more proficient in term of communication and computation costs. The proposed protocol has features such as efficient in unauthorized login detection with wrong password, mutual authentication, session key agreement, user anonymity, user and friendly password change phase. The formal and informal security analysis are proofed under BAN logic and well-known ROM and found that it is safe against privileged-insider, stolen smart card, stolen verifier, identity and password guessing, replay and forgery attacks. The proposed protocol has more total computational time as compare to other schemes discussed in the paper.
20 J. Shen et al. [53] presented a proficient multilayer authentication scheme and a secure session key creation scheme for WBAN. This authentication protocol is actually the combination of two protocols. 1: One-to-many group authentication protocol and set of keys organization algorithm are designed between LPU and sensor nodes with minimum energy consumption and computational costs. 2: A novel certificate-less authentication scheme is designed that uses ECC algorithm between LPU and AP and it provides minimal computational cost with high level of security. It provides security features like group authenticity, key secrecy, session key secrecy, Non-reputation, Key escrow resilience and forward secrecy. The main characteristics of related multilayer based authentication schemes discussed in this section are represented in table 4.
Table 4: Characteristics of multi-layer based authentication Schemes Usage
Name of Scheme Ref [[51]]
Methodology
BAN logic Combination of
Ref [39]
(Password, smart card & biometric ) Chebyshev chaotic maps Fuzzy verifier Fuzzy extractor
Hash operations Symmetric key cryptography
Advantages
Provides F1, F2, F3,
Provides F1, F2, F5,
Combination of (password, smart card & biometric ) Ref [52]
TE algorithm Data encryption algorithm
Combination of
Ref [40]
Ref [53]
(password and fingerprint biometric) AVISPA tool Dolev–Yao threat model Combination of (smart card, password & biometric) ROM Symmetric cryptography Fuzzy extractor BAN logic A group key establishment algorithm Certificateless Cryptography ECC algorithm Intractability Problems (ECDLP], Computation Diffie-Hellman Problem [CDHP] & Elliptic Curve Factorization Problem
F6, F7 and F12 at low computational cost. Safe against A4, A12, A13, A20, A10, A26, A1, A25, A2 and A11.
F7, F11 and F13. Resists against A4, A12, A5, A10, A8, A11 and A14. Low communication & computation costs. Provides F1 and strong F7. It enhances the battery life time of both hub device and sensor nodes. Resists against A4, A8, A12, A5, A10, A11 and A14. Also provides F1, F2, F5, F13 and F11.
It provides security
features like F1, F5, F6, F14, F15, F16 and F17. Low computational cost due ECC encryption technique instead of RSA etc.
Disadvantages
Security features are only
compared with Lee et al. and Islam et al. schemes. Only remedies flaw associated with Islam’s scheme.
It suffers from DoS attack
[39]. No simulation tool is used for implementation. It requires more hashing and symmetric key cryptographic operations. Implementation has not been done through any simulation tool. No comparison has been done with other schemes. Use only on-hub analytics It requires more total computational time and communication cost as compare to related Kumar et al. and He et al. schemes discussed in the proposed paper.
Using public key which is
expensive for WSNs. Computational cost is only compared with Li’s scheme. Computational cost of protocol two is only compared with Xiong’s protocol. No simulation tool is used
Area
Our Remarks
Real-life Application Environments
Proposed authentication scheme is better than other related schemes because it provides more features and resistance against many well-known attacks at very low computational cost.
WMSNs
It removes flaws associated with He et al. scheme and it is more superior in terms of security features, communication and computation costs.
WBANs
This scheme is not only providing F1 and F7 but also provides optimize solution for enhancing battery lifetime of both the hub and sensor nodes. Although it eliminates security flaws associated with He et al. and Li et al. Schemes, and offers some extra features but it needs more computational time and communication cost. Also registration center needs to be trustworthy. Proposed scheme is efficient because it is using ECC algorithm instead of expensive RSA etc. Although it has more security features but it is only compared with two other related schemes.
WMSNs
WBANs
21 [ECFP])
for implementation.
4. CLASSIFICATION OF THE AUTHENTICATION SCHEMES Authentication schemes can be broadly divided into non-biometric and biometric based authentication schemes. The following section will discuss some of the well-known sub-types of both authentication schemes types in detail as shown by Fig. 8.
4.1. Non-Biometric Based Authentication Schemes Non-Biometric key management schemes are not based on the people physiological or behavioral characteristics. These authentication schemes are based on numerical values from which different keys for encryption and decryption are calculated by using various types of algorithms or techniques. The following are some types of non-biometric based authentication schemes. 4.1.1. Asymmetric Key Based Authentication Schemes Asymmetric key based cryptography is also known as public key based cryptography was first introduced by W. Diffie and M. Hellman. This cryptography scheme is comparatively new and complex because it is using a pair of keys which comprises of public and private keys for data/information encryption and decryption between two entities involved in the communication to implement information security. The public key is available to anyone in the network and private key is kept secure from unauthorized access, only known to particular entity and generally shared through a large network or internet. In this method of cryptography, a message is encrypted with a public key and could only be decrypted with a private key. Although, it improves data security but existing asymmetric cryptography authentication schemes designed for WBANs have larger overheads as compare to symmetric key based authentication schemes and we know that WBANs/WSN are consisting of various resources constrains sensor nodes, so it is not feasible to implement these kinds of authentication schemes in WBANs/WSNs [54]. Some well-known of the asymmetric key cryptography algorithms are RSA, DSA, PKCS, Elliptic Curve techniques and EIGamal etc. N. H. Kamarudin et al. [55]proposed a secure and efficient lightweight identity based authentication scheme for mobile e-health is utilizing IBE_Trust algorithm and Pluse_Sensor mobile program which would get rid of many security attacks related to mobile e-health system. The proposed protocol for mobile e-health monitoring is utilizing public keys linked with the mobile identity and sensor device identity are authenticated through recording the identity on the ECC in order to create a cryptographic hash function during the login phase. M.H. Salama et al. [56] introduced a mutual authentication protocol for WBANs is using TTP for distribution public and private keys among sensor nodes, cellular phone and the main server. This protocol is based on the amended suggestion of Diffie-Hellman key exchange method and claimed that their proposed protocol is safe against most well-known attacks. Q. Jiang et al. [57] presented a bilinear pairing based anonymous authentication protocol for WBANs that eliminates security drawbacks associated Wang and Zhang’s scheme and survives many well-known attacks. This scheme is using both public and private keys for authentication purpose and a network manager (NM) act as TTP is responsible for generating various system parameters and secret keys for clients and APs. 4.1.2. Symmetric Key Based Authentication Schemes Symmetric cryptography is a conventional technique of encryption and it is also known secrete (private) key cryptography utilizing identical secrete key for encryption and decryption. Although this cryptography is straightforward and competent, but it is not easy for key management [15]. Symmetric key cryptography shares one common secrete key for encryption and decryption of information between two parties those want to communicate. It is lightweight, simple approach and consumes less amount of time for cryptographic process; hence it is preferable approach for maintaining WBANs/WSNs security. Caesar’s Cipher is an excellent example of symmetric encryption. Most well-known symmetric key based algorithms are DES, AES, RC4, Blowfish, QUAD and 3DES etc.
22 N. Khernane et al. [58] presented a secure, lightweight and energy efficient authentication system known as BANZKP for WBAN is using secrete key approach for maintaining both security and privacy. BANZKP verifies sensor nodes identities using symmetric key approach with minimum computational cost which is very much in the favour of limited resource constraints body sensors and also eliminates various replay attacks. It decreases the memory utilization by 56.13 % as compare to TinyZKP scheme. It is more competent in term, if execution time by 5 and 17 times and also the energy consumption is very less that is 80% and 94.11% as compare to W-ECDSA and TinyZKP respectively. C.M. Chen et al. [59] introduced an anonymous mutual authentication key agreement scheme for WBAN is utilizing secrete key among different entities for mutual authentication, data security and privacy purposes. J. Liu et al. [60] presented efficient authentication and secure key exchange protocol for WBANs using layered network model approach with two-hop star topology network. In this paper, J. Liu et al. has presented two new authentication key sharing schemes based on symmetric key based cryptography. These introduced schemes provide selective authentication among nodes in WBANs and two pairs of session keys are efficient produced at the same time and quickly in every certification process.
4.1.3. Elliptic Curve Cryptography (Signature) Based Authentication Schemes Elliptic curve cryptography (ECC) is using public key encryption method based on elliptic curve theory and this is quicker, lightweight and more proficient method for cryptographic keys generation. This cryptography method for key generation is using elliptic curve equations as an alternative to conventional methods like product of two large prime numbers etc. ECC method can be combined with other asymmetric key encryption methods. This is more suitable method for different types of resource constrains WSNs because it achieves high level or equal security with just smaller number of bits (164-bits) key instead of large number of bits (1024-bits) using by other methods. Today, ECC is most widely used method for security in mobile applications or WSNs because it consumes very little amount of computational power and battery power as compare to other key generation schemes. ECC was original introduced by a mobile electronic business (e-business) security provider known as Certicom and in recent times it was licensed by a manufacturing of integrated circuitry (IC) and network security products organization known as Hifn. RSA has introduced their possess version of ECC. Today several manufacturing companies like Pitney Bowes, TWR, Motorola, Siemens, Cylink, VeriFone and 3COM have developed their products with ECC support. S.K. Shankar et al. [61] has proposed a system for secure key sharing and securing medical data among different entities with the help of using ECC method. In addition, proposed protocol is providing mutual authentication between sink node and BS server by using hash value of sink node ID, timestamp and registered random number. C. L. Priya et al. [62] presented a scheme based on ECC algorithm for efficient and securing data communication between wearable/implanted sensor nodes and sink node in WBAN. A. Ibrahim et al. [63] introduced mutual authentication system for RFID tags based on ECC for securing data transmission among different entities involved in the communication. The proposed protocol has an advantage because it achieves or completes the mutual authentication process only in two steps and satisfies the entire crucial security requirements of the RFID-based healthcare scheme. 4.1.4. Hash-Based Message Authentication Code Schemes Hash-based Message Authentication Code (HMAC) is a tool used for generating message authentication codes. A HMAC is a particular kind of MAC that uses the conjunction of a cryptographic key and hash functions. It provides secrete or private key to both sender and receiver which is only known to the particular sender and receiver. In this method of authentication, whenever a sender wants to send data to a receiver, first it generates a unique HMAC for this particular request by hashing the sending data with the private key and finally forwards it as a part of a request. Cryptographic hash functions like SHA-3 or SHA256 might be used for calculating HMAC. The MAC algorithm result is generally denoted by HMAC-X where X denotes the hash function that has been used such as HMAC-SHA3 or HAMC-SHA256. The HMAC strength depends on the factors like strength of hash function, quality of the key and size of the hash output. MAC can be used for both data integrity and message authentication.
23 X. Li et al. [64] introduced an enhanced version of 1-round authentication scheme for WBANs with user anonymity that remove flaws associated with previous version is using the MAC during authentication phase in order to validate server by a user. J. Shen et al. [53] proposed a lightweight multi-layer authentication system for WBANs is using MAC during authentication and group key agreement for providing the mutual authentication between PDA and sensor nodes. S. N. Ramli et al. [45] presented biometric based security for data authentication in WBAN is utilizing MAC at the data authentication model. Here MAC is calculated from the input biometric feature and hash which is created on the original message. After that the message would be forwarded to the destination and once that message is received by the receiver, it starts signal matching statistically. If it is matched then the authentication is successful, otherwise, message is discarded.
4.1.5. Anonymous Based Authentication Schemes Anonymous based authentication methods allow users to get access to the restricted resources without knowing the real identity of users. F. Wu et al. [65] proposed an improved and anonymous 2-factor authentication scheme for e-health not only provides resistance against off-line guessing, user impersonation and sensor nodes capture attacks but also at the same time provides user authentication with user anonymity feature and it is not possible for an attacker to track the user location. T. Li et al. [66] presented efficient anonymous authenticated key agreement protocol for WBANs is using cryptographic algorithm in order to encrypt user secrete information in order to accomplish user anonymity and it is guaranteed that a user privacy information are not leaked whenever a user is requiring medical treatment. D. He et al. [67] proposed anonymous based authentication protocol for WBANs to overcome flaws associated with existing anonymous authentication scheme proposed by Liu et al. The proposed scheme provides client anonymity by denying AP and network manager to get the real identity of client during the communication or from the captured message.
4.2. Biometric Based Authentication Schemes
Biometric types of authentication schemes are using physiological and/or behavioral features of the individual body in order to uniquely identify a person because every person has unique identifiers and there is no chance that two or more person have same type of identifiers like have same fingerprints, voice, hand geometry, earlobe geometry and DNA etc. Biometric characteristics could be separated into physiological class consisting of structure of the body parts such as hand geometry and fingerprints etc. and other class is behavioral consisting of personal behaviors such as voice and writing etc. [68] . This method of authentication is easy to implement and more secure because here it is not important to remember password or other authentication credentials for authentication. The following section describes most well-known authentication methods used in WBANs.
4.2.1. Iris Scan Based Authentication Schemes Iris is a thin rounded structure which takes place between the cornea and lens of the eye and it is responsible for controlling the amount of light reaching the retina. The eyes color is described via the iris. Iris scan based authentication method utilizes mathematical and statistical based algorithms allow identification on iris images of one or both eyes of an individual. It is important to note that every individuals or even identical twins do not have unique iris images. In this type of authentication, all iris templates are enrolled and stored in databases. For authentication purpose, the new extracted iris generated template is compared with stored databases templates in order to authenticate a person. Today this method of authentication is used in many countries of the world for many purposes for example; it is used by many immigrations or border-crossing agencies for individual’s authentication. Iris based authentication method is more accurate, stable, highly secure and trustworthy method because it is less prone to various attacks as compare to other biometric based methods like finger print. It is notable that right and left eye of an individual has different iris pattern combination [69]. R. Sudha et al. [48] proposed enhanced bio-trusted anonymous authentication routing method of WBAN and the purpose of the proposed work to protect unlinkabilitly and unidentifiably factors because these two factors have importance in WBAN. The proposed authentication routing method provides resistance against
24 many security attacks by using iris fused with DNA coding to produce a complex set of signatures for route packets authentication. K. Seetharaman et al. [70] presented a competent authentication watermarking system to preserve the ownership of digital images is utilizing biometric Watermarking method. A new lossless iris code hiding approach for digital images is utilizing integer wavelet transform (IWT) and threshold embedded approaches. The original images could be easily backed up with no loss, if the watermarked images have not been properly or lossy processed and the visual superiority of the watermarked-images and the authorization precision even after attacks are the greatest amongst the many available lossless data hiding approaches. Finally, according to K. Seetharaman et al., proposed iris code based reversible watermarking is an efficient and valuable approach to verify images. P.T. Selvi et al. [71] proposed authentication scheme using iris and palmprint features of a boy in order to make this scheme safe against dictionary attacks. In the proposed multimodal biometric scheme texture properties are pulled out from the iris and palm images are stored in the main server database in the form of encrypted binary templates in order to eliminate the dictionary attacks. The image processing methods are utilized to pull out biometric information from the iris and palmprint. During the login phase the mutual authentication between user and the server is done. At the same time, a symmetric key is produced on each side of the communication which can be utilized for security purposes between parties involved in the communication process. Finally, the proposed scheme may be used in existing biometric or password based authentication schemes without involving extra computation.
4.2.2. HRV Based Authentication Schemes Every person has unique HRV characteristic and means that it can be utilized for secure communication between two parties. In HRV, heartbeats are measured at time interval and suppose if a person has 60 beats per minute then it does not mean one beat per second. Actually, there is different time variation is involved between the two heartbeats rate intervals for example the first heartbeat interval is 0.85 second and the next interval may take 1.35 seconds for heartbeat interval. This difference between two or more heartbeats intervals makes it suitable choice for HRV based authentication in WBANs. The HRV measurement offers a nonpersistent measurement of the automatic nervous system (ANS) action that composed of two fundamental parts: first one is known as the sympathetic and other is parasympathetic. Sympathetic activities may be caused of increasing heart rate while parasympathetic activities may decrease heart rate. These alterations in the sympathetic and parasympathetic control of heartbeats rate would outcome in measuring HRV changes [72]. Although different methods such as BP, ECG, pulse wave signals derived from PPG and ballistocardiograms may be used to distinguish beats but the most superior is ECG because it offers an apparent waveform that makes it simpler to keep out heartbeats not originating in the sinoatrial node. S. Pirbhulal et al. [73] proposed a new biometric based algorithm for WBANs using HRV in key generation phase for making system secure and the proposed algorithm is compared with three other well known authentication methods use in WBAN are Rivest Shamir Adleman (RSA), Physiological Signal based Key Agreement (PSKA) and Data Encryption Standard (DES). Result shows that the proposed algorithm is more competent in terms of power utilization, transmission time utilization and average remaining energy. Previous protocols have similar objectives to H2H but they are facing a lot of serious issues which make them weak for deployment. To overcome some of the serious limitations associated with previous H2H protocols, M. Rostami et al. [74] introduced lightweight heart-to-heart (H2H) authentication system for implanted medical sensors is utilizing heartbeats (ECG) data for key generation, key agreement and authentication is well suited for authentication to cardiac IMDs. The proposed protocol takes out time-varying arbitrariness from ECG signals and utilizes this arbitrariness to resist against many security attacks. This H2H authentication protocol is lightweight because it only needs a low-exponent RSA encryption and only few AES invocations and hash calculations by IMD. K. Cho et al. [75] presented a lightweight key establishment protocol known as “Efficient Secret Key Delivery Using Heartbeats” is utilizing inter-pulse interval (IPI) of PPG physiological signals with the intention of eliminating demerits of the fuzzy vault protocol. The proposed protocol establishes a secret key using IPIs and it is shared between sender and receiver nodes. The proposed protocol is consisting of many phases: i. witness generation ii. ECC encoding and decoding iii. Key generation iv. Key transmission v. Key derivation vi. Key verification and vii. Key confirmation. The main advantage of the proposed protocol is reducing the key generation time by decreasing the length of witness and at the same time, it is preserving the benefits of the
25 IPI based key establishment protocols. The proposed protocol supports basic prerequisite of the security of the medical services like treatment, diagnosis and prevention etc. Although some existing key establishment schemes are facing problems like high communication and computational costs for maintaining the network security but the proposed protocol is efficient as compare to previous protocols because it needs comparatively less time while maintaining good level of security.
4.2.3. Fingerprints Based Authentication Schemes The concept of fingerprints authentication is using from many years and it was utilized in 19th century for the identification of expected criminals by the criminologists. However, the computerized fingerprint scanning technology and its authorization was primarily emerged in the 1970s. Before fingerprint scanning authentication method, simple authentication methods such as token and password authentication methods were used and still in use in some areas, but they are extremely susceptible to lost or stolen attacks. Password based authentications are also not preferable by many organizations for their security system due to weak or easily compromised passwords and even strong passwords could not force resistance to hacker attacks. The maintaining cost of token and password based authentication methods are high and incompetent. Also it is time consuming for IT support team to reset forgotten or lost passwords and decrease employee productivity. Although biometric based authentication schemes are more secure and reliable as compare to simple password and token based authentication schemes but still they are not entirely safe and have some privacy issues [76]. Fingerprint scanning method is functioning with human finger images or vascular patterns templates store in digital form and this is competent method as compare to password based authentication method because it is not important for individuals to remember the password because every individual finger has their own unique vascular pattern. The unique vascular pattern of the individual finger make fingerprints based authentication schemes more accurate and highly reliable. This method has been in working for last few decades by many government and private organizations for their security management. It can be used by government sector for border control, voter registration, national ID and e-password etc. and can be used by organization for their workforce management such as time and attendance, payroll management and human resources management. It can also be used by bank industry for customer identification, non-account holder identification and employee identification. Verification and identification are the two methods used to determine the individual identification by utilizing biometric technology. Verification authenticates that an individual is reliable who claims for the resources and execute one-to-one comparison of an individual fingerprint generated sample template against stored templates. However, the identification method execute one-to-many comparison at a time in order to authenticate the individual identity and the identification process is carried out by comparing an individual generated sample template against then entire stored templates in a file. N. Zhao et al. [77] proposed a novel biometric behavior authentication system is worked at the physical layer based on the users fingerprint using dissemination characteristics of wireless channel to provide highly level security by forcing resisting against various types of well-known security attacks. The proposed authentication algorithm is evaluated through experiments and proved that it is not only increasing availability and reliability but at the same time, it is much more suitable for limited resources constraint WBANs. A. Arya et al. [49] introduced an improved remote user verification scheme for WBANs in which they have used asymmetric key concept using Diffie-Hellman technique for security and declared that their proposed system is safe against reply, plain text, internal, stolen verifier, fake sensor, fake sink and DoS attacks. In this scheme, public and private keys are distributed by a trust third party (TTP) to cellular phone or sink device and sensor nodes. These keys are regenerated and redistributed periodically and would be done in a secure manner. Addition to asymmetric cryptography, fingerprint based biometric authentication is also included in the proposed scheme for retrieving information from mobile phone devices and this way it makes the mobile phone devices more secure against stolen verifier and internal attacks. X. Li et al. [78] presented a robust biometric based on 3-factors authentication protocol for mobile network in smart city can be also utilized for e-health applications. Apart from bilinear pairing and ECC, the proposed authentication protocol is also utilizing fingerprint based identification for global mobile network in smart city with the goal to achieve high level security. During the mobile user (MU) registration phase of the protocol, a fingerprint is scanned and registered at a mobile device. Now during the authentication phase of the protocol, imprint the fingerprint for making entry to the mobile device and calculating different parameters for authentication purpose.
26 4.2.4. ECG Based Authentication Scheme ECG based authentication schemes utilize the electrical activity and muscular functions of a heart to make authentication of users and it is one of the best option for WBANs authentication schemes. It is one of the easiest way of collecting electrical activity and muscular functions of a heart. ECG measures the rate and regularity of heartbeat. At the same time, it also offers indirect proof of blood circulation in the heart muscle. The ECG based signals can be collected through attachment of electrodes to the body and these electrodes observed electric impulse generated by heart. ECG signals are mostly represented in the form ECG wave. An unsecure ECG signals based authentication schemes without anonymous property can be vulnerable to man-in-the-middle attack [79]. ECG-based authentication is most helpful in the case of patient in serious condition such as in heart attack case and it will be not possible for patient to supply authentication necessary credentials based on biometrics. Unlike traditional authentication approaches such as fingerprints, passwords, face and smart card etc. ECG signals can’t be copied, captured and allows nonstop identification. E. K. Zaghouani et al. [18] proposed ECG based authentication scheme for e-healthcare system, it authenticates patient while protecting the privacy of the sending ECG signals. The proposed authentication scheme permits authentication node and the target application to make a secure authentication even though the authentication process is completed by using an untrusted channel. Finally, this scheme is using linear prediction code (LPC) to hide the important ECG data and this scheme emerges as a substitute to the fuzzy vault method. S. Zebboudj et al. [80] presented competent and secure ECG based authentication system for e-healthcare system based on new biometric feature extraction mechanism which accomplishes higher proficiency of authentication amongst the sensor nodes. This scheme permits every pair of sensor nodes in the identical medical body area sensor networks (MBASNs) to share one secrete key that has been shared securely between them. In this proposed work, Elliptic-Curve Diffie-Hellman (ECDH) key agreement protocol is used to produce a common secrete key which not only guarantees encryption but at the same time, it also ensures the biometric based authentication of the sensor devices in the network. According to Sofia Zebboudj et al., the proposed authentication scheme feature extraction technique accomplishes superior performances as compare to the improved fast Fourier transform (FFT) technique because it reduces false acceptance rate (FAR), false recognition rate (FRR) and the period of time of the ECG signal. Y. Chen et al. [81] introduced finger ECG-based authentication scheme for healthcare using two-phases authentication utilizing artificial neural network (NN) models that balance the inaccurate performance of rejection and acceptance. In the first phase, a “General” NN model is created based on the data from the cohort and utilized it for first round screening and in the second phase, personal NN models are created from each particular user data as fine-grained recognition. The proposed algorithm allows very quick authentication by utilizing just 3 beats within 3 seconds. The proposed authentication algorithm is tested in a laboratory experiment with 50 subjects and result in average FRR and FAR under 10%. This performance will be more superior for less than 30 groups of cohort and result in average FRR and FAR below 5%. This algorithm is checked on the entire data set and various sizes of subsets containing 5, 10, 20, 30 and 40. From the results it is cleared that the introduced algorithm is trustworthy and very much realistic for user authentication and have average FRR and FAR under 10% for the entire data set. 4.2.5. PPG Based Authentication Scheme PPG can be also used as authentication method instead of ECG in WBANs and PPG is quite uncomplicated non-persistent and inexpensive optical process use in authentication schemes. It could be also utilized to discover blood level varies on the micro vascular cot of individual tissue [82]. PPG signals are collected via attaching sensors to ear or finger and light is used to illuminate the body and observed blood flow in the user body. PPG signals are produced because of unintentional body processes and that is why it is impossible to be copied. The PPG signals might be utilized in healthcare system for a lot of reasons because they offers many benefits such as it may be utilized to measure blood pressure and oxygen etc. as compare to other type of biometric systems and due to these benefits, it is preferable approach for authentication schemes use in WBANs. Recently, V. R. Reddy et al. [83] proposed enhanced biometric security system via two-level authentication based on PPG signals and PPG signals are collected via face and finger of the subject of cross-relationship. Finger print and face detection is carried out at first level, however, the security of both of them could be easily violated by using 3D printed finger tips or using face masking through surgery or through 3D printed face masks wearing. For these reasons, a second level security is required and therefore, proposed authentication scheme has utilized PPG signals to improve security.
27 T. Choudhary et al. [20] introduced authentication scheme for WBANs and mobile health applications is based on noise-robust PPG based biometric utilizing pulsatile waveform relationship. The introduced authentication scheme has four different phases and it is tested and validated utilizing PPG signal got from twenty-four real and six pretender subjects. The performance assessment outcomes illustrate that the proposed authentication scheme utilizing NCC metric get a FRR of 0.32 and FAR of 0.32 for the threshold of 0.997 and it means that the proposed authentication scheme is far better because it has lower computational cost as compare to other PPG based authentication schemes. N. Karimian et al. [84] proposed non-fiducial PPG based authentication for healthcare system and the proposed work looks over non-fiducail characteristic extraction for PPG based authentication scheme for the first. In the proposed scheme, two steps feature selection procedure has been used which could result in a degree of freedom to eliminate the interrelated feature that may reduce authentication performance. In the first step, Kolmogorov-Smirnov (KS-test) is used to eliminate interrelated features because a feature will be judged superior if it is well interrelated to a class without any connection to other features and in the second step, Kemal PCA (KPCA) is a nonlinear method utilized for dimensionality decline and the authentication precision get better when dimensionality declines. Finally, supervised and unsupervised machine learning methods are used for authentication performance evolution. The performance outcome shows that 99.84% precision with EER of 1.31% could be attained based on non-fiducial extraction. Authentication Schemes Biometric Based
Non-Biometric Based Asymmetric Key
[55]
[56]
Symmetric Key
[58]
[57]
ECC
[61]
[62]
[59]
[60]
Hash Based MAC
[63]
[64]
[53]
[45]
Iris Scan
[48]
[70]
HRV
[77]
[49]
[66]
[67]
[74]
[75]
ECG
Fingerprints
[18]
[78]
Anonymous
[65]
[73]
[71]
[80]
[81]
PPG
[83]
[20]
[84]
Fig. 8: Various authentication schemes
5. AUTHENTICATION BASED ON ADVANCED METHODOLOGIES Authentication is the very basic requirement for achieving integrity and security of a network. Although there are many methodologies are used in WBANs but in this section of the paper, we are only discussing advanced authentication methodologies like machine learning and game theory based authentication.
5.1. Machine Learning Based Authentication Schemes The majority of existing conventional authentication protocols are working on non-machine learning based authentication, so it is impossible for them to resist against ever-changing attacks. This issue demands an adaptive validation/authentication and risk aware solutions. This demand causes the creation of an autonomously authentication protocols those able to change and modify it automatically. Recently, various types of technologies and authentication methods are used in WBANs. The involving of the broadcast nature of traffic in wireless network and at the same time, it must also think about the resource constrained devices those have to perform heavy authentication jobs are the most important issues for WBANs. To overcome the abovementioned issues, a lot of researches have been done over the last many years on WBANs authentication solutions in order to find the efficient solution. Out of these solutions; one is a machine learning based authentication. Machine learning based authentication schemes are those where some sort of
28 artificial intelligence (AI) is involved that gives the ability to the system to learn and improve automatically from experience without requiring any explicitly programming. Machine learning based authentication is mainly focus on the development of authentication schemes that could retrieve information and utilize it for automatic learning. The majority of machine learning applications for maintaining security are utilizing the method of anomaly detection, which is utilized to identify incidents those don’t equal to an anticipated pattern. Anomaly detection is a valuable procedure in many situations but most of the time developers misapply it. The most useful machine learning methods/algorithms use in the wireless networks are Artificial Neural Network, Support Vector Machines, Naïve Bayes, KNN, Decision Tree, K-Mean, Deep Learning and Random Forest [85]. Some of the well known machines learning based authentication schemes for WBANs are the following: M. T. Gebrie et al. [86] proposed risk based adaptive authentication scheme for IoT in smart home based ehealth system based on machine learning technique and it is used to recognize the behaviors of a user and authenticate the legitimacy of the sensor devices. This solution verified the legitimacy of a device and user. The proposed design utilizes a Naïve Bayes machine learning algorithm to constantly observe the channel features deviation, examines a possible threat and carry out adaptation of the authentication solution. Based on the channel features deviation observation, it evaluates the threat in order to find out the likelihood of a device in query being compromised and based on the threat score get from the assessment, the model choose the authentication judgment appropriate for the specific threat score. Moreover, requires elected authentication decision resource is evaluated against the existing resource of the authenticator device and in the case of insufficiency; the validation procedure is offloaded to a device that has sufficient resource ability. O. Salem et al. [87] presented anomaly detection framework for medical WSNs is utilizing support vector machine (SVM) and linear regression models for patient and healthcare monitoring. The proposed framework combines both machine learning and data mining algorithms with recent sensor fusion methods and proposed framework can be utilized for differentiate between uneven deviation in the examined patient physiological parameters and defective sensor data to guarantee consistent operations and real-time large-scale monitoring from smart devices. According to the proposed anomaly detection framework, anomalous measurement information can be resulted from spoiled sensor devices or it can be caused by some external malicious activities which could lead to wrong diagnosis or even in patients’ death. Therefore, for eliminating these kinds of issues, SVM has been proposed in order to categorize abnormal behaviors in the receiving sensor data. If any abnormal behavior is found, the responsibility of linear regressive model is to find out if the patient is entering a serious condition or if a sensor device is reporting wrong measurement. The experimental analysis of the proposed framework shows that it has the ability to quickly recognize sensor device anomalies and also it provides higher true positive and lower false negative rates as compare to many other algorithms. According to S.A. Haque et al. [88], sliding window has not been utilized for training data which can decrease the complexity. However, this can have an effect on the strength of the system due to inadequacy in the data update process. Also according to S.A. Haque et al. [88], the linear regression is not a competent prediction tool for WBAN applications where physiological parameters can change rapidly. T. Ali et al. [89] proposed dynamic remote verification via efficient behavior capturing for health applications by implementing a lightweight Linux Kernel security module in IoT devices. The proposed module of attestation is capable of measuring and reporting several applications static and dynamic behavior at the same time to the challenger for recognizing the behavior purpose. For this reason, a technique is developed which is responsible of storing corporation’s personal applications in a single platform configuration registers (PCR) and stored measurement log (SML) which eventually eliminate the privacy concerns associated with behavior log. In the proposed technique, the behaviors of applications are verified through machine learning methods and the result demonstrates that differing behavior could be discovered effectively by the verifier. The main characteristics of related machine learning based authentication schemes discussed in this section are represented in table 5.
29
Table 5: Characteristics of machine learning based authentication Schemes Usage
Name of Scheme Ref [86]
Methodology
Naive Bayes machine
Advantages
Validates both the
learning algorithm Naive Bayesian network
Ref [87]
Support vector machine Data mining Linear regressive
algorithms
Decision tree Physiological
parameters
Ref [89]
Lightweight Linux
kernel security module Machine learning techniques SHA-1 and SHA-256 Bayes class algorithms WEKA tool
authenticity of a user and a device. Provides an offloading functionality. Quickly able to recognize abnormality and compare with other algorithms. Maintains a higher positive and lower false negative rates. Sliding window has not been utilized for training data which can decrease the complexity [88]. It can report and measure several applications dynamic and static activities at the same time.
Disadvantages
No simulation tool is used
for Implementation. No mathematical proof and comparison is available with other schemes. It can affect the strength of the system due to deficiency in the data update process because it does not utilized sliding window for data training. [88]. The linear regression is not a competent prediction tool for WBAN applications where physiological parameters can change rapidly [88]. Comparison is not available with other authentication schemes.
Area
Our Remarks
E-Health
Although it provides authenticity of both a user and a device but it has not used any simulation tool for implementation. The proposed anomaly detection method is quick to recognize abnormality and also it has higher positive and lower false negative rates. Even though it has few benefits but it is still suffering from few issues.
MWSNs
IoT
It supports both static and dynamic activities. The outcome comparisons are calculated through measurement and reporting log comparisons with window-based approach.
5.2. Game Theory Based Authentication Schemes A game theory is a part of mathematics that deals with different strategies looking for competitive situation where the result of one player choice of action is based on the action selection of another player. Or Game theory is a mathematical model which allows users to analyze situation where people or competitors in the same area take decisions that would affect each other interests or outcomes. In the early twenty century, mathematicians introduced different simple games, afterward they introduced more complicated games and this way finally the importance of game theory begins. A game is consisting of players and their strategies. Generally, a game consists of at least 2-players and a player to make successful strategies options depends upon the strategies options of another players. Every player wants to adopt a strategy that maximizes their benefits and it means a strategy adopted by one player can influence the result of other player strategies. There are many types of games; one of them is a game perfect information in which a player always aware the strategy adopted by another player and on the other hand, the game in which a player does not have knowledge of other player strategy is known as imperfect a game of imperfect information because either these strategies are made at the same time or hidden. Various kinds of games in game theory are helpful in order to analysis various kinds of problems. The various kinds of games can be formed on the basis of players participates in the game, collaboration among the players and symmetry of the game [90]. Cooperative and Non-Cooperative Games: In cooperative games, players are agreed to take on a specific commitment via negotiations and contracts among players. One example of cooperative game is the garments organizations; assume they want to minimize their advertisement expenditures and they negotiate the situation and try to agree on same conditions. However, the organizations are not certain whether all organizations will follow these conditions or not. This situation creates a problem among garments organizations. On the other hand, the government limits the advertisements of garment organizations on TV or through other media of communication. Thus it would help in minimizing the advertisements expenditure of garment organizations.
30
On the other side, non-cooperative games are referred to games where each player uses their own approach/strategy in order to capitalize on their revenue [91]. Best example of non-cooperative game is prisoner’s dilemma, where each prisoner wants to maximize their profit by trying to reduce their penalty. Generally, non-cooperative games give perfect result as compare to cooperative game because noncooperative games are based on extremely deep analysis of a problem. Non-cooperative game theory looks at how negotiation dealings would influence the division of payoffs inside each alliance, whereas cooperative game theory gives advance approach because it explains the structure, policies and payoffs of alliance. Symmetric and Asymmetric Games: In symmetric based games, policies/strategies accepted by every player are identical. Symmetric games only could exist in temporary/short-term games because the number of choices/options with a player gets higher in long-term games. The decision to be made in this type of game does not depend on the players of the game but it relies on the strategies utilized. The decision will stay the same even in the case of substitution players in the symmetric games and one example of this type of game is prisoner’s dilemma. However, asymmetric games use different strategies for different player and in asymmetric games, it is not necessary that one strategy that is useful for one player might be useful for other player. On the other hand, decision relies on various strategies adopted by players and decision of the players. One example of the asymmetric game is the entrance of novel business in a marketplace since various businesses take on various strategies to make entry into the same marketplace. Constant Sum, Zero Sum and Non-Zero Sum Games: In the constant sum games, sum of the results remains constant or same even though if the results of individual’s players are dissimilar. Zero sum game is the one in which sum of results of all players remains zero. It means that various strategies of various players can’t have an effect on the available resources. Furthermore, the profit of a player is all the time remains equal to the loss of another player in the zero sum game. Best examples of this kind of the game theory are gambling and chess where the gain of one player is equal to the loss of another player. In non-zero sum games, the sum of the results of entire players will be not equal to zero. To covert the nonzero sum to zero sum game can be done by adding up one dummy player in the game. The losses of the dummy player can be superseding by other player’s net earnings. Examples of the non-zero games are the cooperative games. Normal Form and Extensive Form Games: Normal form games represent the strategies and payoff in the form of a matrix or in a tabular form. The matrix represents the strategies take up by various players and their plausible result. These kinds of games are helping in identifying the dominated strategy and Nash equilibrium. However, extensive form games represent different strategies adopted by various players and their possible outcomes in the form of the decision tree. In the tree structure, different nodes represent different names of the players participate in the game. Simultaneous Move Games and Sequential Move Games: The simultaneous games are the one in which a strategy adopted by two or more players is simultaneous. In these types of games, players have no knowledge about the strategy of other players. However, sequential games are opposite to the simultaneous in that strategies adopted by the players are known other players. In the sequential games, strategies adopted by different players are partially known to other player. It means that a player does not have sufficient knowledge about the strategy of other player because a single player may not be using a single strategy and other player is not sure that how many strategies are followed by the competitive player. Sequential move games are denoted in the extensive form while simultaneous are denoted in the normal form.
Game theory cannot be only applicable to economics, political science, law, biology, sociology and philosophy fields but it is equally applicable to computer science field. In the computer science field, it cannot be only applied to distributed computers, algorithms and formational theory etc. but equally important in the area of networking as well. In the networking area, it can be applied to both wired connected and wireless networks. Security, authentication and privacy are the most key challenges in the WBANs. Biomedical data of patients collected by WBANs are very crucial and sensitive; therefore, its proper security management is significant, otherwise, collected biomedical data might be mixed with each other and this mixing of data or corrupted data through various security attacks can be extremely dangerous especially in the case of diseases diagnosis. The mixing of data could be result in wrong prescription suggestion to a wrong patient which may
31 caused serious issues to the patient and sometime cause in his/her death. Different fields have different security requirement and challenges for example; a patient monitoring system may require more security than smart parking solution. Authentication is also a key challenge in WBAN and patients data originality and integrity are important for their treatment. Finally, the privacy of the patients or users is important aspect as well in WBANs because patients or users do not want their personal data to be misused and WBANs would provide the privacy of the wireless communication channels to prevent eavesdropping. To design a lightweight secure authentication protocol for WBAN is a tough challenge due to limited resources availability. Game theory can be used in WBANs as one the most popular tool for security management. In the field of WBAN security, game theory can be utilized to capture the nature of different network security attacks. A security strategy model is created in order to maximum the security performance and tries to eliminate different security issues as much as possible. Today, many methods are used in game theory to carry out strategic analysis of the choices of WBAN attacks formed either by an organized group or a single attacker. Game theory is a key concept used in various fields to observe large number of possible attacks scenarios in WBANs. A number of methods and suggestions of numerous possible actions are also provided by game theory alongside the possible outcomes to control happening of security attacks in future. This way, researchers could evaluate all possible combinations of security attacks in WBANs and fix general rules for them. Some of the most recent well-know game theory based authentications schemes in WBANs are the following: F. Wei et al. [1] proposed secure password based anonymous authentication protocol for WBANs and verifies their security through ROM. This protocol is more suitable for WBANs because it is based on simple human rememberable password. In this paper, AKE security game and anonymity attack game are used to improve the security of the protocol. S. Chatterjee et al. [31] introduced an efficient user access control protocol for WBANs is secure against many passive and active attacks and it is using AVISPA tool for simulation. This protocol is also using game theory for enhancing security performances. A. K. Das et al. [32] proposed secure key agreement authentication protocol for health monitoring and it is utilizing the most commonly accepted BAN logic and ROM for formal security analysis. The proposed protocol is using AVISPA simulation tool for formal security confirmation and shows that the proposed protocol is secure against passive and active attacks. Furthermore, game theory is used to enhance the security performance of the proposed protocol. G.Gao et al. [34] presented a chaotic maps-based authentication system for WBANs and BAN logic is used for the formal security analysis and also using software implementation technique of Chebyshev polynomial. In the proposed protocol, the technique of provable security is used for resistance against well-known attacks. The verification of security is under ROM based on the Abdalla and Pointcheval model. Game theory is again used in the proposed protocol for improving security performances as well as for security proof. A. K. Das et al. [40] proposed user anonymous authentication scheme for healthcare system has reviewed Li et al. protocol and developed an advance version of Li et al. protocol that eliminates the flaws associated with previous version. The formal security verification is done by using AVISPA simulation tool and it is concluded that it is safe against many active and passive attacks. Furthermore, it uses game theory for formal security analysis. T. Maitra et al. [41] introduced an efficient and secure communication protocol for patient monitoring (SecPMS) for healthcare system is using ROM for SecPMS security analysis and it confirms that proposed proctol is much more secure against well-known attacks. Also in this paper, game theory is used to enhance the security performance of the proposed protocol. N. Radhakrishnan et al. [43] proposed remote user mutual authentication scheme is utilizing smart cart for TIMS is providing the formal security analysis through some well known models like real-or-random (ROR) and proves the security of the proposed scheme by ROM and AVISPA tools. Furthermore, game theory is used for improving security performances as well as for security proof. D. He et al. [67] presented anonymous authentication scheme for WBANs has overviewed most recent anonymous authentication scheme proposed by Liu et al. and mentioned that their scheme is not secure for WBANs. The proposed scheme is more secure as it eliminates the security flaws associated with Liu et al. proposed scheme at the similar computation costs at the client side. The proposed scheme is based on most recognized security model proposed by M. Bellare et al. for key exchange schemes and the security of the proposed scheme is based on a game between a simulator S and challenger A.
32 X. Li et al. [78] proposed a biometric based three-factor authentication protocol for smart city has reviewed Gope and Hwang proposed authentication scheme for global mobility networks and it has identified weakness associated with their scheme. The proposed fingerprint based three-factor authentication protocol can be also used for e-health. This protocol is using six consecutive games (G0, G1,… G5) to improve the security and the comparison results demonstrate that the proposed scheme is more secure as compared with other related schemes. A. Arfaoui et al. [92] proposed a stochastic game for adaptive security in WBANs to stable the tradeoff between security level and network performance while considering dynamics circumstance. In the proposed work, a smart object takes a judgment to authenticate receiving packets or not after surroundings scrutiny. The proposed game theoretic system is more competent in terms of security, throughput and network energy consumption than benchmark algorithm. Also the proposed system is more efficient than Node Capture Game (NCG) security game and MμTesla authentication scheme in terms of throughput and energy consumption. M. Wazid et al. [93] introduced key management authentication scheme for cloud based BASN and the informal security and formal security of the proposed scheme have been thoroughly analyzed under the wellknown Real-or-Random (RoR) model. In this proposed work, a series of four games has been also used to improve the security level of the proposed authentication scheme and NS2 simulator is used for measuring the network performances. M. Hamdi et al. [94] presented a Markov game theoretic model for adaptive security in the IoT for e-health is focusing on authentication to assess the network performances. The proposed model is utilizing the authentication method known as multilevel μ-TESLA discussed in D. Liu et al. [95]. This work signified the tradeoff between enhancing the security abilities of the BAN and energy efficiency of smart devices and from the simulation results, it is deduce that the battery lifetime of the smart devices increased by 47% as compare to existing models. J. Liu et al. [96] proposed competent and lightweight certificateless remote anonymous authentication schemes for WBANs are using game theory for enhancing the security. The proposed authentication schemes are rooted with a new certificateless signature (CLS) protocol which is competent in computational cost and secure against forgery attack in the random oracle model. Also, it provides anonymity of the users by preventing disclosing of the actual identities and even the network manager is not permitted to impersonate legal users. L. Wu et al. [97] introduced efficient and anonymous authentication protocol for WBANs and claimed that their protocol is more secure under a ROM than Wang et al. anonymous authentication protocol. In this proposed paper, first Libing Wu et al. have identified the weakness associated with Wang et al. protocol then they proposed solutions for eliminating weakness. In order to improve the security parameters, the work proposed by Libing Wu et al. has designed the security model by playing game between certificate authority (CA) and a challenger C and other game is used between C and AP. The proposed work claimed their authentication protocol is more suitable for WBANs applications than Wang et al. protocol because it is more secure and also the computation cost is decreasing approximately by 31.58%. A. A. Omala et al. [98] presented a secure heterogeneous access control protocol for WBAN. First, heterogeneous signcryption system is proposed which uses two different types of environments, where the user (sender) is in a certificateless cryptographic (CLC) environment forwards a query message to the receiver is in identity based cryptography (IBC) environment. Here signcryption presents both privacy and legitimacy in just one logical machine step. In the second step, heterogeneous access control protocol is designed by using heterogeneous signcryption scheme. In the proposed scheme, a series of games are played between an adversary and challenger in order to improve and prove the security of the scheme against adaptive chosen cipher text attack. The proposed scheme is using Gap Diffie-Hellman (GDH) assumption for privacy purpose and discrete logarithm assumption for legitimacy purpose in the random oracle model. Finally, the proposed work is compared with previous available access control protocols and it is concluded that the proposed protocol has low communication and computation costs. J. Liu et al. [99] proposed an efficient and secure 1-round anonymous authentication protocol (1-RAAP) for WBANs is based on game theory, where different games are used to enhance the protocol security. The proposed 1-RAAP provides user anonymity, non-reputation, session key establishment and mutual authentication which permit users to securely retrieve all of the important services whenever they want. To evaluate the performance, proposed protocol is compared with some other available authentication protocols and it is concluded that the proposed authentication protocol is secure with just few inexpensive computational operations.
33 F. Li et al. [100] introduced cost effective and anonymous access control for WBANs is using different games for improving the security features of the proposed protocol. First, they proposed a new certificateless signcryption protocol and in the next step they designed a cost effective and anonymous access control protocol for WBANs utilizing the new signcryption. The proposed protocol has been compared with existed three access control protocols and it is found that the proposed protocol is not only accomplishes all wellknown security requirements but also its energy consumption and computation costs on the controller are comparatively low. M. Mana et al. [101] proposed biometric based scheme in order to preserve the location privacy service in WBANs and also provides authentication service between a node and BS. The proposed energy efficient scheme is using two attack games; the first attack game is used to differentiate between a node and BS of the WBANs and second attack game is used to identify which node or BS belongs to a particular WBAN. M. Mittal et al. [102] presented mobility maintenance in WBAN protocol for increasing power life-time of network devices and provides better security alongside authentication. The proposed system has used two different algorithms for achieving their aims, the first algorithm is cooperative based power control game algorithm is utilized to solve the power control issues in order to improve the efficiency of transmission power and increase the battery /power life time of the network devices and the second algorithm is ECC algorithm which provides security of transmitting information of patient and authentication of communication entities ahead of transmission. B. Indrani et al. [103] introduced two-factor mutual authentication protocol for healthcare utilizing ECC for session key production with smart card and password offers high level security with lowest computational cost as compare to related smart card based authentication protocols. The introduced protocol is verified under ROM for security evidence and also it is using four different types of games (G1, G2, G3 and G4) for enhancing the security of the protocol. The main characteristics of related game theory based authentication schemes discussed in this section are represented in table 7. Table 6: Characteristic of games theory based authentication schemes Name of Scheme Ref[1]
Methodology
ROM Game theory Simple Password Cryptographic hash functions
Advantages
It is competent in term of
Ref [31]
ECC-based public
Ref [32]
key cryptosystem AVISPA tool Dolev–Yao threat model Game theory SHA-2 User access privilege mask (APM) Symmetric key algorithm BAN logic Game theory AVISPA tool Dolev-Yao threat model Smart card
computation cost. It is more secure than other related schemes discussed in the paper. Requires less storage cost. Provides strong client anonymity feature during authentication phase. It is secure against many well-known passive and active attacks. Provides good security as compare to other related access control schemes. User password can be changed locally. Proposed scheme is competent in terms of computation and energy consumption costs. Provides more security and other features. Computational and communication costs are less as compare to other schemes discussed in the
Disadvantages
Communication cost is
higher as compared to related schemes discussed in the paper. It is using humanrememberable password that can be easily guessed. No simulation tool is used for Implementation. Communication cost is higher of the proposed scheme as compare to related schemes discussed in the paper.
Computational and communications costs are higher as compare to few schemes discussed in the paper.
Usage Area WBANs
WBANs
TMIS
Our Remarks It is secure and has less computation cost. Despite of having some security features, it has higher communication cost and also authentication of an entity is depending on human rememberable password that makes this scheme vulnerable to password guessing attacks. The presented authentication scheme is secure and also competent in terms of energy consumption and computational costs as compare to other related schemes discussed in the paper. Despite of these benefits, it is still suffering from communication cost which is a little bit higher as compare to Mahmud et al. scheme discussed in the paper. The proposed scheme is based on Amin-Biswas’s scheme, it is more security features as compare to other and AminBiswas’s schemes. At the same time, it has higher computational
34 Biometric Fuzzy extractor Ref[34]
Ref [40]
Ref [41]
Ref [43]
Ref [67]
algorithms Chaotic Maps Game theory BAN logic Smart card Chebyshev polynomial
Biometric Based Smart card AVISPA tool Dolev–Yao threat model Symmetric key algorithms One-way cryptographic hash function Fuzzy extractor algorithms BAN logic Game theory Dolev-Yao threat model Hash function Game theory MIRACL C/C++ Library Private key cryptography SHA-1 ROM Hash function Smart card Game theory Integer factorization problem (IFP) Discrete logarithm & Diffie-Hellman problems. Bilinear pairings Asymmetric key algorithm Symmetric key algorithm Hash function Computational Diffie–Hellman (CDH) problem
paper.
It has more security
features and also has less computational cost than other related schemes discussed in the paper. It doesn’t require public key encryption setting in advance between two parties in communication. Proposed scheme is secure against many wellknown security attacks. It is efficient than He et al. scheme, Li et al. scheme and other related schemes in terms of security, communication and computation costs. Do not use public key algorithms.
Using public-key
Some sensitive information
Provides user anonymity
and good facility with respect to continuously monitoring patient. It has efficient password update phase. Also it has less computation complexity than related schemes. It is secure against many well-known attacks. It has less computational and communication costs as compare to other related schemes.
well-known attacks and satisfies all well-known security requirements. Provides user anonymity. Storage overhead, communication and computational costs are low than related schemes.
need to be pre-loaded into sensor nodes memories prior to deployment and should be executed offline. Though computation and communication costs are less but still its computation and communication costs are high as compare to few schemes. Well-known DoS security and password change phase attacks are not analyzed. Some of the well-known attacks such as forgery, replay and stolen etc are not satisfied by the proposed system.
Computational cost is a little
It is secure against few
WBANs
cryptosystems
bit higher than Qiu et al. authentication scheme discussed in the paper. Communication cost is also a little bit higher than Lee et al. scheme. Implementation has not been done through any simulation tool. Proposed work has not mentioned some other wellknown security attacks such as DoS etc. Different features of the scheme are only compared with just two Liu et al. proposed schemes.
WMSN
EHealth
TMIS
WBANs
and communication costs as compare to few schemes discussed in the paper. Although it is more secure at low computational cost as compare to other related schemes and also doesn’t need to establish public key encryption organization in advance between two parties but still it is using public key cryptosystems at later stages which can cause overheads. The proposed scheme shows significant improvement by preserving the good points of both He et al. and Li et al. schemes. Although it is secure and has less computational and communication costs as compare to some related schemes but still the computational and communication costs are high than few schemes discussed in the paper. Also, the well-known DoS and password change phase attacks are not considered. Even though proposed scheme is better in term of computation cost as compare to other related schemes discussed in the paper but it does not provide good security because it is not safe against few well-known attacks.
It is secure against well-known attacks and also it has less computational and communication costs as compare to few related schemes discussed in the paper. At the same time, it has a little extra computational cost as compare to Qiu et al. scheme and communication cost as compare to Lee et al. scheme. Proposed work provides user anonymity, security, low computational and communication costs as compare to other related schemes. Some attacks like DoS etc. are not discussed and also the scheme performances are only compared with two other schemes.
35 Ref[78]
ECC & Biometric Fuzzy extractor technique
Secure against many well
Game theory Bilinear pairing Hash operations Asymmetric
known attacks. It is more efficient in term of security because it has more security features as compare to other related schemes.
Using asymmetric
cryptographic operations. It has more computational cost than other related schemes.
Smart City
Although proposed scheme is more secure against many attacks but it is using asymmetric cryptography operations which make the computational cost higher.
cryptography Ref [92]
Epidemiological
Ref [93]
Ref[94]
Ref[96]
Ref [97]
Ref [98]
model Game theory Matlab Analytical models (transition probabilities model) RoR model NS2 Key management technique Game theory Decentralized architecture. Dolev-Yao (DY) threat model Mathematical model Markov gametheoretic model Matlab Implemented in ASSET testbed ROM CLS Consists of Setup, Set-PartialPrivate-Key, SetPartial-PublicKey, PartialPrivate-KeyExtract, CL-Sign and CL-Verify algorithms Game theory ROM Game theory Symmetric and asymmetric cryptography Ate pairing CLC IBC ROM Game theory
Balanced network
performance among various parameters. Capable of preserving energy proficiency as much as possible. Offers satisfactory level security. It permits mutual authentication between user and personal server. Offers some extra features and improves security at low computation cost. Computation cost is low as compare to other existing related schemes. Increases security level. Increases energy efficiency.
Security and privacy threats
Total communication cost is
Maintains remote user’s anonymity. Safe against forgery on an adaptive elected message attack in ROM. Outclass some existing protocols in terms of security and overhead or computational cost. Security proofs are only available of few wellknown attacks. More secure than Wang et al. scheme. Provides user anonymity.
Provides authentication, anonymity, integrity confidentiality and nonrepudiation.
The proposed paper is focusing on increasing the battery life time, throughput and security level. However, they have not considered security and privacy threats.
BASNs
Although the proposed protocol is much more secure as compare to other related protocols discussed in the paper but the communication cost is still higher.
EHealth
The proposed protocol is based on smart devices could be in the secure mode (passive mode) assumption This protocol is more focusing on energy consumption than maintaining the network security and also the security comparison has not been done. Although proposed work offers some good features like user anonymity, security and superior computational cost as compare to some existing schemes but still it does not has clear proof of improve performance and in the case of second group, it requires more storage space and also has weaker anonymity property.
higher as compare to Gao et al. scheme.
WBANs
are not considered.
Security comparison is not available with other related schemes. More focusing on energy consumption than maintaining the network security.
According to the proposed paper, it does not evidently show improve performance. Consume more computational resources as compare to some other related protocols. In second group, it consumes more storage space and user anonymity property is not stronger.
WBANs
Computation and communication costs are higher than Wang et al. scheme. Features are only compared with Wang et al. scheme. Using public key. Using public key generator algorithm. Only covers few security
WBANs
WBANs
The proposed protocol provides user anonymity is based on Wang et al. scheme. Although computation and communication costs are higher but it is more secure than Wang et al. The proposed scheme is utilizing several algorithms for several reasons e.g. public key generator algorithm is used for generating
36
Ref [99]
Ref[100]
Ref[101]
Ref[102]
Ref[103]
Symmetric and asymmetric keys generating algorithm, Key extraction, Unsigncryption & Probabilistic algorithms ROM Bilinear pairings map SHA-1 Game theory Public key & Private key generator algorithms
Gives better computation and communication costs.
Certificateless cryptography ROM Game theory MICA2 tool Private and public key generator algorithms
Biometric Adversarial model Game theory Cryptographic hash function SHA-1 algorithm Power control game algorithm ECC algorithm ECG signals Social Interference Network algorithm Game theory ECC Smart card Symmetric cryptography ROM Game theory ECDLP
Computational cost is low It achieves better efficiency. Provides user anonymity, mutual authentication, non-repudiation, session key establishment, immunity of key escrow, forward security and unforgeability. It has the minimum total computational time and energy consumption cost. It achieves confidentiality, anonymity, integrity, nonrepudiation and authenticity. It does not use key escrow problem and public key certification. Protects location privacy. Efficient and energy saving.
Increases the life-time of WBAN communication. ECC algorithm is used to carry out authentication, encryption and decryption which produce better security of user information. It offers high security with less computational cost as compare to other related schemes. Also it has minimum communication cost than other related schemes.
requirements.
public keys which can be expensive for sensor networks due to their limited resources. Also this scheme is only covering few basic security requirements.
Using public key. The message size greater as compare some related authentication schemes discussed in the paper. Energy consumption is higher as compare to some related schemes. Analysis of DoS, replay etc. attacks are missing. Communication cost of the controller is higher than other related schemes. Computational energy cost on the controller is higher. Security resistance against different attacks have not been discussed or analyzed.
WBANs
Comparison has not done
WBANs
with other related authentication schemes. Implementation has not been done through any simulation tool. Using public key. Comparison has not done with other authentication scheme. Implementation has not been done through any simulation tool.
Implementation has not
been done through any simulation tool. Only small number of attacks has been analyzed for security reasons.
WBANs
WBANs
EHealth
Although this scheme has low computational cost, better efficiency due to simplified operations and secure against few well-known attacks but still its energy consumption is higher, few security attacks are not considered and also the message size is greater which may slow down the authentication process. It has low total computational and energy consumption costs. Also It doesn’t utilized escrow problem and public key certificate which makes it more efficient. However, the communication and computational costs are higher on the controller and also it does not mentioned different attacks. Although the proposed scheme is lightweight, protect location privacy and energy efficient but it is not compared with other related schemes and also no simulation tool is used. The proposed scheme improves the power which can increase the life-time of WBAN communication and also provides better security due to the utilization of ECC algorithm. Its features are not compared with other related schemes The proposed scheme is more focusing on computational and communication costs rather than security attacks. Only very few security attacks resistance have been discussed or mentioned through various games.
6.. CONCLUSION AND FUTURE RESEARCH DIRECTIONS Authentication is a key aspect of the secure communication, it is the first step towards secure communication which helps networks to reduce unwanted users and stop from deceptions efficiently because the authentication process identifies the user identity that he or she claims to be. This survey almost took one year to complete and the survey has been revised about 40 times in order to add some useful information. Until
37 today, no survey paper has covered secure authentication in WBAN topic in complete detail, the proposed survey is the only survey that covers this topic in much more detail and it might be helpful for reader and new researcher in this specialized filed. We have represented useful information or characteristics of different authentication schemes in the tables forms. Apart from the tables, we have also drawn several diagrams for representing the working mechanism of various authentication protocols discussed in the paper. The survey begins with some useful basic information related to WBAN such as WBAN dissimilarities as compare to WSN, characteristics of WBANs, challenges, WBAN applications, security requirements and security concerns. These information are important for new reader to build up their skills about WBAN architecture and at the same time, it also helps different designers in the process of designing various schemes or protocols. Our survey classifies WBAN authentication schemes into IDS, key management, digital signature, digital certificate and reputation-based schemes. IDS is further sub-divided into three types and similarly key management schemes are also sub-divided into biometric and non-biometric based schemes those help individuals to understand various authentication scheme procedures and their characteristics. This survey also explain the importance of secure authentication in WBANs, different ways of authentication and divided authentication into password based authentication, smartcard based authentication, biometric based authentication and mutlti-layer authentication types. Each and every authentication type is described in full detail by explaining every single step of authentication type involved in the authentication process with the help of diagram and also some exiting related authentication schemes are discussed with each type of authentication. Furthermore, the survey divides authentication schemes into certificate based authentication schemes (Kerberos, SSL and EAP) and password based authentication schemes (PAP, SPAP, CHAP, MS-CHAP and Microsoft NTLM). Here each authentication protocol type is discussed in detail alongside their comprehensive diagram that helps readers to quickly understand the working mechanism of each protocol. At the end of the section, a comprehensive table is drawn that shows various characteristics of each types of authentication protocol. The very next section of the survey classifies authentication schemes into biometric and non-biometric based authentication types and these types are further sub-divided into different sub-types. Here again each sub-type of authentication scheme is explained in detail alongside some existing related work. The section before this section divides authentication based on advanced methodologies such as machine learning and game theory based authentication schemes. This section does not only explain game theory concept but also explain different type of games involved in the game theory. Furthermore, some existing related work is added to each advanced authentication methodology type alongside a table that shows different characteristics of each single related authentication scheme. Finally, the survey is concluded with conclusion and future research directions section and in this section not only few conclusions are drawn but also identify some valuable research areas those need to be explored in near future. WBAN is one of the emerging and promising technologies use in the field of E-health and in near future it will completely transform people healthcare system by offering them a lot of services and make people free from visit to traditional hospitals. Apart from the key role in the field of E-health, WBAN is exposed to many security threats due to the wireless communication. In connection to the secure communication in WBANs, authentication is an increasingly significant concern, so therefore, it is important to have secure authentication methods; those help network to reduce unwanted users and prevent it from malicious activities. In this survey paper, we have discussed the current development of WBAN and targeted in authentication issues faced by this network. During this survey paper, we presented various existing authentication methods and schemes used in WBANs. However, there is no authentication method and scheme which can offer complete secure authentication. Designing a secure authentication scheme for WBAN needs suitable mapping of authentication methods or schemes with diverse authentication parameters. In this survey paper, we studied various authentication schemes, divided them based on authentication types and highlight their pros, cons, limitations and their robustness against different security attacks; those might be helpful for improving the authentication process in WBANs. Also, we have classified authentication schemes based on machine learning and game theory based. We presented a comprehensive overview of existing authentication methods and schemes used for WBANs. However, extra endeavors are required to design and implement novel authentication level that would convince the severe secure communication and authentication requirements of WBANs applications. WBANs have many issues because they are still in its initial stage of development. So, it is important to introduce efficient solutions to overcome these issues. Recently, secure authentication is one of the big challenges in this field and in future, more efforts are required to overcome this issue. More and more efforts are required to design simple and lightweight secure authentication schemes for resources constrained devices.
38 Future research requires to enhance the biometric feature extraction techniques and also in future, it is required to introduce WBANs schemes based-on to maintain a tradeoff among efficiency, usability, flexibility and security. When secure authentication schemes are designed for WBA, they may need to provide flexibility and higher compatibility among different vendor’s sensor devices. In the future work, lightweight secure schemes are required for smart city especially in the area of WBANs for managing security and quick response to users. Biometric system merging with password of users for enhancing the security level is important as well. It is also required to design authentication schemes with better trade-off between energy and computational costs and it is possible through decreasing the complexity of the authentication schemes. Finally, there are still a lot of issues remaining on the way to accomplish unobtrusive, user-friendly and secure WBANs system and alongside these issues, many other research directions are still open in WBANs those require to be explored in near future.
Conflict of interest: We (all the authors) declare that there is no conflict of interest
REFERENCES [1]
Fushan Wei, P. Vijayakumar , Jian Shen , Ruijie Zhang and Li Li, "A provably secure password-based anonymous authentication scheme for wireless body area networks," International Journal of Computers and Electrical Engineering, vol. 65, pp. 322-331, April 2017.
[2]
Maryam el Azhari, Ahmed Toumanari, Rachid Latif and Nadya el Moussaid, "Relay Based Thermal Aware and Mobility Support Routing Protocol for Wireless Body Sensor Networks," International Journal of Communication Networks and Information Security (IJCNIS), vol. 8, no. 2, pp. 64-73, August 2016.
[3]
Maged Hamada Ibrahim, Saru Kumari, Ashok Kumar Das, Mohammad Wazid and Vanga Odelu, "Secure anonymous mutual authentication forstar two-tier wireless body area networks," International Jornal of computer methods and programs in bio medicine, vol. 135, pp. 37-50, July 2016.
[4]
Shikha Pathania and Naveen Bilandi, "Security Issues In Wireless Body Area Network," International Journal of Computer Science and Mobile Computing, vol. 3, no. 4, pp. 1171-1178, April 2014.
[5]
Sourav Sinha, Neeraj Kumar Goyal, Rajib Mall,, "Early prediction of reliability and availability of combined hardware-software systems based on functional failures,," Journal of Systems Architecture, vol. 92, pp. 23-38, 2019.
[6]
Shihong Zou, Yanhong Xu, Honggang Wang, Zhouzhou Li, Shanzhi Chen and Bo Hu, "A Survey on Secure Wireless Body Area Networks," International Journal of Security and Communication Networks, vol. 2017, p. 9, March 2017.
[7]
Marisol García-Valls, Abhishek Dubey, Vicent Botti,, "Introducing the new paradigm of Social Dispersed Computing: Applications, Technologies and Challenges," Journal of Systems Architecture, vol. 91, pp. 83-102, 2018.
[8]
Gautam M. Borkar and Anjali R. Mahajan, "Security Aware Dual Authentication based Routing Scheme using Fuzzy Logic with Secure data Dissemination for Mobile Ad-hoc Networks," International Journal of Applied Security Research, vol. 13, no. 2, pp. 223-249, March 2018.
[9]
Prosanta Gope and Tzonelih Hwang, "BSN-Care: A Secure IoT-based Modern Healthcare System Using Body Sensor Network," IEEE Sensors Journal , vol. 16, no. 5, pp. 1368-1376, March 2016.
[10]
Kunal M pattani and Palak J Chauhan, "Spin Protocol For Wireless Sensor Network," International Journal of Advance Research in Engineering, Science & Technology(IJAREST), vol. 2, no. 5, pp. 1-3, May 2015.
[11]
Geethapriya Thamilarasu, "iDetect: an intelligent intrusion detection system for wireless body area networks," International Journal of Security and Networks , vol. 11, no. 1-2, pp. 82-93, March 2016.
[12]
Megha Gupta, "Hybrid Intrusion Detection System: Technology and Development ," International Journal of Computer Applications, vol. 115, no. 9, pp. 5-8, April 2015.
[13]
Kajal Rai and M. Shyamala Devi, "Intrusion Detection Systems: A Review," Journal of Network and Information Security, vol. 1, no. 2, December 2013.
[14]
Ibrahim Ghafir, Martin Husak and Vaclav Prenosil, "A Survey on Intrusion Detection and Prevention Systems," International Conference on Student Conference Zvůle 2014, IEEE/UREL, August, 2014.
[15]
Mohammad Masdari , Safiyyeh Ahmadzadeh and Moazam Bidaki, "Key Management in Wireless Body Area Network:Challenges and Issues," Journal of Network and Computer Applications, vol. 91, no. 1, pp. 36-51, August 2017.
[16]
Tan Jin and Wang Yijing, "The Research of Secure Transport Protocol Based on Node’s Clock Characteristics for Body Area Networks," International Journal of Security and Its Aplications , vol. 8, no. 5, pp. 457-470, 2014.
39
[17]
Qiuyan lin, Woongryul leon, Changwhan Lee, Youngchul Choi and Dongho Woni, "Fingerprint-based user authentication scheme for," in Fifth International Conference on Ubiquitous and Future Networks (ICUFN), Da Nang, Vietnam, July, 2013, pp. 178-183.
[18]
Emna Kalai Zaghouani, Adel Benzina and Rabah Attia, "ECG based authentication for e-healthcare systems: Towards a secured ECG features transmission," in 13th International Wireless Communications and Mobile Computing Conference (IWCMC), Valencia, Spain, June, 2017.
[19]
Rollin McCraty and Fred Shaffer, "Heart Rate Variability: New Perspectives on Physiological Mechanisms, Assessment of Selfregulatory Capacity, and Health Risk," Global Advances In Health And Medicine, vol. 4, no. 1, pp. 46-61, January 2015.
[20]
Tilendra Choudhary and M. Sabarimalai Manikandan, "Robust Photoplethysmographic (PPG) Based Biometric Authentication for Wireless Body Area Networks and m-Health Applications," in Twenty Second National Conference on Communication (NCC), Guwahati, India, March, 2016.
[21]
M. Anwar , A. H. Abdullah, R. A. Butt, M. W. Ashraf, K. N. Qureshi and F. Ullah, "Securing Data Communication in Wireless Body Area Networks Using Digital Signatures," Technical Journal, vol. 23, no. 2, pp. 50-55, August 2018.
[22]
Zakia El uahhab and Hanan El bakkali, "Calculating and Evaluating Trustworthiness of," International Journal of Communication Networks and Information Security (IJCNIS), vol. 8, no. 3, pp. 136-146, December 2016.
[23]
Mohsen Toorani, "Cryptanalysis of Two PAKE Protocols for Body Area Networks and Smart Environments ," International Journal of Network Security, vol. 17, no. 5, pp. 629-636, September 2015.
[24]
Ms. I.Shanmugapriya and Dr. K.Karthikeyan, "Reputation based Incentive Scheme for Secured Data Privacy in Wireless Body Area Network Communication," International Journal of Advances in Computational Sciences and Technology, vol. 10, no. 7, pp. 2095-2117, 2017.
[25]
Pradeep Kumar and Anand Sharma, "Survey on Authentication Process in Body Area Network," International Journal of Electronics Engineering Research, vol. 9, no. 6, pp. 913-921, 2017.
[26]
Jie Zhang, Xin Huang, Paul Craig, Alan Marshall and Dawei Liu, "An Improved Protocol for the Password Authenticated Association of IEEE 802.15.6 Standard that Alleviates Computational Burden on the Node," Symmetry, vol. 8, no. 11, November 2016.
[27]
Muhammad Khurram Khan and Saru Kumari, "An Improved User Authentication Protocol for Healthcare Services via Wireless Medical Sensor Networks," International Journal of Distributed Sensor Networks, vol. 10, no. 4, pp. 1-10, April 2014.
[28]
Junghyun Nam, Kim-Kwang Raymond Choo, Sangchul Han, Moonseong Kim,Juryon Paik and Dongho Won, "Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation," Plos One, vol. 10, no. 4, pp. 1-21, April 2015.
[29]
Seulgi Shin, Sung Woon Lee and Hyunsung Kim, "Authentication Protocol for Healthcare Services over Wireless Body Area Networks," International Journal of Computer and Communication Engineering, vol. 5, no. 1, pp. 50-61, January 2016.
[30]
Sang Guun Yoo, "Cryptanalysis of Several Authentication Schemes forHealthcare Applications Using Wireless Medical Sensor Networks," in ICNCC '16 Proceedings of the Fifth International Conference on Network, Communication and Computing, Kyoto, Japan, Decemebr, 2016, pp. 282-286.
[31]
Santanu Chatterjee, Ashok Kumar Das and Jamuna Kanta Sing, "A novel and efficient user access control scheme for wireless body area sensor networks," Journal of King Saud University – Computer and Information Sciences, vol. 26, no. 2, pp. 181-201, October 2013.
[32]
Ashok Kumar Das, Vanga Odelu and Adrijit Goswami, "A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS," Journal of Medical Systems, vol. 39, no. 9, pp. 1-24, July 2015.
[33]
Chun-Ta Li, Cheng-Chi Lee and Chi-Yao Weng, "A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems," Journal of Medical Systems, vol. 39, no. 9, pp. 111, Septmeber 2014.
[34]
Gaimei Gao, Xinguang Peng, Ye Tian and Zefeng Qin, "A Chaotic Maps-Based Authentication Scheme for Wireless Body Area Networks," International Journal of Distributed Sensor Networks, vol. 12, no. 7, pp. 1-12, April 2016.
[35]
Saru Kumari, Mridul K. Gupta, Muhammad Khurram Khan and Xiong Li, "An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement," Journal of Security and Communication Networks , vol. 7, no. 11, pp. 1921-1932, November 2014.
[36]
Chia-Hui Liu and Yu-Fang Chung, "Secure user authentication scheme for wireless healthcare sensor networks," Journal of Computers and Electrical Engineering, vol. 59, pp. 250-261, February 2016.
[37]
Chun-Ta Li, Tsu-Yang Wu, Chin-Ling Chen , Cheng-Chi Lee and Chien-Ming Chen, "An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System," Sensors, vol. 17, no. 7, pp. 1-18, June 2017.
[38]
Debiao He, Neeraj Kumar, Jianhua Chen, Cheng-Chi Lee, Naveen Chilamkurti and Seng-Soo Yeo, "Robust anonymous authentication
40
protocol for health-care applications using wireless medical sensor networks," Journal of Multimedia Systems, vol. 21, no. 1, pp. 49-60, December 2013. [39]
Xiong Li, Jianwei Niu, Saru Kumari, Junguo Liao, Wei Liang and Muhammad Khurram Khan, "A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity," International Journal of Security and Communication Networks, vol. 9, no. 15, pp. 2643-2655, February 2015.
[40]
Ashok Kumar Das, Anil Kumar Sutrala, Vanga Odelu and Adrijit Goswami, "A Secure Smartcard-Based Anonymous User Authentication Scheme for Healthcare Applications Using Wireless Medical Sensor Networks," Wireless Personal Communications, vol. 94, no. 3, pp. 1899-1933, June 2017.
[41]
Tanmoy Maitra and Sarbani Roy, "SecPMS: An Efficient and Secure Communication Protocol for Continuous Patient Monitoring System Using Body Sensors," 9th International Conference on Communication Systems and Networks (COMSNETS), Bangalore, India, 2017, pp. 322-329.
[42]
Shuming Qiu , Guoai Xu, Haseen Ahmad and Licheng Wang, "A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems," IEEE Access, vol. 6, pp. 7452-7463, December 2017.
[43]
Niranchana Radhakrishnan and Marimuthu Karuppiah, "An efficient and secure remote user mutual authentication scheme using smart cards for Telecare medical information systems,"Informatics in Medicine Unlocked, pp. 1-11, February 2018.
[44]
Shreyas S. Tote, Sameer M. Khupse and Kunal S. Bhutwani, "Data Authentication in Wireless Body Area Network (WBAN) Using A Biometric-Based Security," International Journal of Research In Emerging Science and Technology, vol. 2, no. 1, pp. 136-142, March 2015.
[45]
Sofia Najwa Ramli, Rabiah Ahmad, Mohd Faizal Abdollah and Eryk Dutkiewicz, "A Biometric-based Security for Data Authentication in Wireless Body Area Networl< (WBAN)," 15th International Conference on Advanced Communications Technology (ICACT), PyeongChang, South Korea, January 2013, pp. 998-1001.
[46]
Ashok Kumar Das, Santanu Chatterjee and Jamuna Kanta Sing, "A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks," Ad Hoc & Sensor Wireless Networks, vol. 28, no. 3, pp. 221-256, September 2015.
[47]
P.Abina, K.Dhivyakala, L.Suganya and S.Mary Praveena, "Biometric Authentication System for Body Area Network," Journal of Advanced Research in Electrical, Electronics and Instrumentation Engineering, vol. 3, no. 3, pp. 7954-7964, March 2014.
[48]
R. Sudha and M. Devapriya, "Enhanced bio-trusted anonymous authentication routing technique of wireless body area network," Journal of Biomedical Research, vol. 2016, no. 2, pp. 276-282, September 2016.
[49]
Aakriti Arya, Chaitanya Reddy and Trupil Limbasiya, "An Improved Remote User Verification Scheme in Wireless Body Area Networks," 8th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN 2017), 2017, pp. 113-120.
[50]
Weizhi Meng, Duncan S. Wong, Steven Furnell, and Jianying Zhou, "Surveying the Development of Biometric User Authentication on Mobile Phones," IEEE Communications Surveys & Tutorials, vol. 17, no. 3, pp. 1268-1293, 2015.
[51]
Qi Jiang, Fushan Wei, Shuai Fu, Jianfeng Ma, Guangsong Li and Abdulhameed Alelaiwi, "Robust extended chaotic maps-based threefactor authentication scheme preserving biometric template privacy," Journal of Nonlinear Dynamics, vol. 83, no. 4, pp. 2085-2101, October 2015.
[52]
Debayan Das, Shovan Maity, Baibhab Chatterjee and Shreyas Sen, "In-field Remote Fingerprint Authentication using Human Body Communication and On-Hub Analytics," Signal Processing, Cryptography and Security, IEEE Engineering in Medicine and Biology Society, arXiv:1804.10278, pp. 1-4, April 2018.
[53]
Jian Shen, Shaohu Chang, Jun Shen, Qi Liu and Xingming Sun, "A Lightweight Multi-layer Authentication Protocol for Wireless Body Area Networks,"Future Generation Computer Systems, vol. 78, no. 3, pp. 956-963, Novemebr 2016.
[54]
Mike Yuliana, Wirawan and Suwadi, "Performance Improvement of Secret Key Generation Scheme in Wireless Indoor Environment," International Journal of Communication Networks and Information Security (IJCNIS), vol. 9, no. 3, pp. 474-483, December 2017.
[55]
Nazhatul Hafizah Kamarudin and Yusnani Mohd Yussoff, "Authentication scheme interface for mobile e-health monitoring using unique and lightweight identity-based authentication," International Conference on Advanced Science, Engineering and Technology (ICASET) , Penang, Malaysia, December, 2015.
[56]
Marwa H. Salama, Sanaa Taha and Hesham N. Elmahdy, "PMAS: A Proposed Mutual Authentication Scheme for Wireless Body Area Networks," International Conference on Information and Communication Technology Convergence (ICTC), Jeju, South Korea, October, 2015, pp. 636-641.
[57]
Qi Jiang, Xinxin Lian, Chao Yang, Jianfeng Ma, Youliang Tian and Yuanyuan Yang, "A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth," Journal of Medical Systems, vol. 40, no. 231, pp. 1-10, November 2016.
[58]
Nesrine Khernane, Maria Potop-Butucaru and Claude Chaudet, "BANZKP: a Secure Authentication Scheme Using Zero Knowledge
41 Proof for WBANs," 13th IEEE International Conference on Mobile Ad Hoc and Sensor Systems (MASS), Brasilia, Brazil, October, 2016, pp. 1-9. [59]
Chien-Ming Chen, Bing Xiang, Tsu-Yang Wu and King-Hang Wang, "An Anonymous Mutual Authenticated Key Agreement Scheme for Wearable Sensors inWireless Body Area Networks," Journal of Applied Science , vol. 8, no. 7, pp. 1-15, June 2018.
[60]
Jingwei Liu, Qian Li, Rui Yan and Rong Sun, "Efficient authenticated key exchange protocols for wireless body area networks," EURASIP Journal of Wireless Communications and Networking, Vol. 2015:188, pp. 1-11, December 2015.
[61]
Shashi Kant Shankar, Anurag Singh Tomar and Gaurav Kumar Tak, "Secure Medical Data Transmission by using ECC with Mutual Authentication in WSNs," 4thInternational Conference on Eco-friendly Computing and Communication Systems, Volume 70, India, 2015, pp. 455-461.
[62]
C.L.Priya and U.Shantha Visalakshi, "Secure and Efficient Communication Using ECC Algorithm in Wireless Body Area Network," International Journal of Engineering Science and Computing, vol. 7, no. 4, pp. 10073-10080, April 2017.
[63]
Alaauldin Ibrahim and Gokhan Dalkilic, "An Advanced Encryption Standard Powered Mutual Authentication Protocol Based on Elliptic Curve Cryptography for RFID, Proven on WISP," Journal of Sensors, vol. 2017, pp. 1-11, July 2017.
[64]
Xiong Li, Jieyao Peng , Saru Kumari , Fan Wu , Marimuthu Karuppiah and Kim-Kwang Raymond Choo, "An enhanced 1-round authentication protocol for wireless body area networks with user anonymity," Journal of Computers and Electrical Engineering, vol. 61, no. C, pp. 238-249, February 2017.
[65]
Fan Wu, Lili Xu, Saru Kumari and Xiong Li, "An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks," Journal of Multimedia Systems, vol. 23, no. 2, pp. 195-205, July 2015.
[66]
Tong Li, Yuhui Zheng and Ti Zhou, "Efficient Anonymous Authenticated Key Agreement Scheme for Wireless Body Area Networks," Journal of Security and Communication Networks, vol. 2017, no. 1, pp. 1-8, October 2017.
[67]
Debiao He, Sherali Zeadally, Neeraj Kumar and Jong-Hyouk Lee, "Anonymous Authentication for Wireless Body Area Networks With Provable Security," IEEE Systems Journal, vol. 11, no. 4, pp. 2590-2601, December 2017.
[68]
Qeethara Al-Shayea and Muzhir Al-Ani, "Biometric Face Recognition Based on Enhanced Histogram Approach," International Journal of Communication Networks and Information Security (IJCNIS), vol. 10, no. 1, pp. 48-54, April 2018.
[69]
Abhilash Kumar Sharma, Ashish Raghuwanshi and Vijay Kumar Sharma, "Biometric System- A Review," International Journal of Computer Science and Information Technologies (IJCSIT), vol. 6, no. 5, pp. 4616-4619, September 2015.
[70]
K. Seetharaman and R. Ragupathy, "Iris Recognition based Image Authentication," International Journal of Computer Applications, vol. 44, no. 7, pp. 1-8, April 2012.
[71]
P.Tamil Selvi and N.Radha, "Palmprint and Iris based Authentication and Secure Key Exchange against Dictionary Attacks," International Journal of Computer Applications (0975 – 8887), vol. 11, no. 11, pp. 7-12, Decemeber 2010.
[72]
Japinder Pal Singh and Naveen Bilandi, "Analysis of Biometric-based Security in Wireless Body Area Network (WBAN)," in Proceedings of International Conference on Information Technology and Computer Science, July, 2015, pp. 50-56.
[73]
Sandeep Pirbhulal, Heye Zhang, Subhas Chandra Mukhopadhyay, Chunyue Li, Yumei Wang, Guanglin Li, Wanqing Wu and Yuan-Ting Zhang, "An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks," Sensors , vol. 15, no. 7, pp. 15067-15089, June 2015.
[74]
Masoud Rostami, Ari Juels and Farinaz Koushanfar, "Heart-to-Heart (H2H): Authentication for Implanted Medical Devices," in Proceeding CCS '13 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, Berlin, Germany , November 2013, pp. 1099-1112.
[75]
Kwantae Cho and Byungho Chung, "Efficient Secret Key Delivery Using Heartbeats," in 21st International Conference on Circuits, Systems, Communications and Computers (CSCC 2017), 2017, pp. 1-6.
[76]
Mahesh Joshi, Bodhisatwa Mazumdar and Somnath Dey, "Security Vulnerabilities Against Fingerprint Biometric System," in Security Vulnerabilities Against Biometric System arXiv, May, 2018, pp. 1-27.
[77]
Nan Zhao, Aifeng Ren, Masood Ur Rehman, Zhiya Zhang, Xiaodong Yang and Fangming hu, "Biometric Behavior Authentication Exploiting Propagation Characteristics of Wireless Channel," IEEE Access, vol. 4, pp. 4789-4796, July 2016.
[78]
Xiong Li, Jianwei Niu, Saru Kumari, Fan Wu and Kim-Kwang Raymond Choo, "A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city,"Future Generation Computer Systems, vol. 83, no. C, pp. 607-618, April 2017.
[79]
Jusak Jusak and Seedahmed S. Mahmoud, "A Novel and Low Processing Time ECG Security," International Journal of Communication Networks and Information Security (IJCNIS), vol. 10, no. 1, pp. 213-222, April 2018.
[80]
Sofia Zebboudj, Feriel Cherifi, Mohamed Mohammedi and Mawloud Omar, "Secure and efficient ECG-based authentication scheme for medical body area sensor networks," Journal of Smart Health, vol. 3, no. 4, pp. 75-84, July 2017.
42
[81]
Ying Chen and Wenxi Chen, "Finger ECG-based Authentication for Healthcare Data Security Using Artificial Neural Network," in IEEE 19th International Conference on e-Health Networking, Applications and Services (Healthcom), Dalian, China, October, 2017, pp. 1-6.
[82]
Francesco Rundo, Sabrina Conoci, Alessandro Ortis and Sebastiano Battiato, "An Advanced Bio-Inspired PhotoPlethysmoGraphy (PPG) and ECG Pattern Recognition System for Medical Assessment," Journal of Sensors, vol. 18, no. 2, pp. 1-22, February 2018.
[83]
V Ramu Reddy, Parijat Deshpande and Arpan Pal, "Simultaneous Measurement and Correlation of PPG Signals Taken from Two Different Body Parts for Enhanced Biometric Security via Two-level Authentication," in Proceedings of the 1st ACM Workshop on the Internet of Safe Things , Delft, Netherlands, November November, 2017, pp. 32-37.
[84]
Nima Karimian, Mark Tehranipoor and Domenic Forte, "Non-Fiducial PPG-based Authentication for Healthcare Application," in IEEE EMBS International Conference on Biomedical & Health Informatics (BHI), Orlando, FL, USA, February, 2017, pp. 429-432.
[85]
Darko Androcec and Neven Vrcek, "Machine Learning for the Internet of Things Security: A Systematic Review," in 13th International Conference on Software Technologies, Porto, Portugal, 2018, pp. 563-570.
[86]
Mattias T. Gebrie and Habtamu Abie, "Risk-Based Adaptive Authentication for Internet of Things in Smart Home eHealth," in Proceedings of the 11th European Conference on Software Architecture: Companion Proceedings, Canterbury, United Kingdom, September, 2017, pp. 102-108.
[87]
Osman Salem, Alexey Guerassimov, Ahmed Mehaoua, Anthony Marcus and Borko Furht, "Anomaly Detection in Medical Wireless Sensor Networks using SVM and Linear Regression Models," International Journal of E-Health and Medical Communications, vol. 5, no. 1, pp. 20-45, January 2014.
[88]
Shah Ahsanul Haque, Mustafizur Rahman and Syed Mahfuzul Aziz, "Sensor Anomaly Detection in Wireless Sensor Networks," Sensors , vol. 15, no. 4, pp. 8764-8786, April 2015.
[89]
Toqeer Ali, Muhammad Nauman and Salman Jan, "Trust in IoT: dynamic remote attestation through efficient behavior capture," Cluster Computing, vol. 21, no. 2, pp. 1-13, April 2017.
[90]
Mohamed S. Abdalzaher, Karim Seddik, Maha Elsabrouty, Osamu Muta, Hiroshi Furukawa and Adel Abdel-Rahman, "Game Theory Meets Wireless Sensor Networks Security Requirements and Threats Mitigation: A Survey," Sensors, vol. 16, no. 7, pp. 1-27, June 2016.
[91]
Sanaa Oulaourf, Abdelfatteh Haidine, Abdelhak Aqqal and Hassan Ouahmane, "Review on Radio Resource Allocation Optimization in LTE/LTE-Advanced using Game Theory," International Journal of Communication Networks and Information Security (IJCNIS), vol. 9, no. 1, pp. 117-156, April 2017.
[92]
Amel Arfaoui, Asma ben Letaifa, Ali Kribeche, Sidi Mohammed Senouci and Mohamed Hamdi, "A Stochastic Game for Adaptive Security in Constrained Wireless Body Area Networks," in 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 2018, pp. 1-7.
[93]
Mohammad Wazid, Ashok Kumar Das and Athanasios V. Vasilakos, "Authenticated key management protocol for cloud-assisted body area sensor networks," Journal of Network and Computer Applications, vol. 123, pp. 112-126, September 2018.
[94]
AshkanYousefpoura, Caleb Fung, Tam Nguyen, Krishna Kadiyala, Fatemeh Jalalid, Amirreza Niakanlahiji, Jian Kong, Jason P.Jue, All one needs to know about fog computing and related edge computing paradigms: A complete survey, Journal of Systems Architecture, vol. 98, pp. 289–330, 2019.
[95]
Donggang Liu and Peng Ning, "Multi-Level μTESLA: Broadcast Authentication for Distributed Sensor Networks," ACM Transactions on Embedded Computing Systems (TECS), vol. 3, no. 4, pp. 800-836, Novemeber 2004.
[96]
Jingwei Liu, Zonghua Zhang, Xiaofeng Chen and Kyung Sup Kwak, "Certificateless Remote Anonymous Authentication Schemes for Wireless Body Area Networks," IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 2, pp. 332-342, February 2014.
[97]
Libing Wu, Yubo Zhan, Li Li and Jian Shen, "Efficient and Anonymous Authentication Scheme for Wireless Body Area Networks," Journal of Medical Systems, vol. 40, no. 6, pp. 1-12, June 2016.
[98]
Anyembe Andrew Omala, Angolo Shem Mbandu, Kamenyi Domenic Mutiria, Chunhua Jin and Fagen Li, "Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network," Journal of Medical Systems, vol. 42, no. 6, pp. 1-14, April 2018.
[99]
Jingwei Liu, Lihuan Zhang and Rong Sun, "1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks," Journal of Sensors, vol. 16, no. 5, pp. 1-16, May 2016.
[100] Fagen Li, Yanan Han, and Chunhua Jin, "Cost-Effective and Anonymous Access Control for Wireless Body Area Networks," IEEE Systems Journal, vol. 12, no. 1, pp. 747-758, March 2018. [101] Mohammed Mana, Mohamed Feham and Boucif Amar Bensaber, "A New Scheme Based Biometric to Protect Location Privacy in Wireless Body Area Networks," International Journal of Computer Science Issues (IJCSI), vol. 10, no. 2, pp. 331-337, March 2013.
43
[102] A Moravejosharieh, J Lloret, A survey of IEEE 802.15. 4 effective system parameters for wireless body sensor networks, Communication Systems, 29 (7), 1269-1292. 2016. [103] B. Indrani, M. Karthigai Veni and M. Amutha Prabakar, "Provably Secure Two-Factor Authentication Scheme for E-Health using Smart Card," IACR Cryptology ePrint Archive, Vol. 2017, pp. 512-590, 2017.
44
Authors Biographies
Munir Hussain is currently pursuing his PhD research at Institute of Computing, Kohat University of Science and Technology (KUST), Pakistan. His research is mainly focused on wireless networks and wireless networks security issues.
Dr. Amjad Mehmood is serving as Assistant Professor in Institute of Computing, Kohat University of Science and Technology (KUST), Pakistan. He has served as a Post-doc researcher in University of Aeronautical, USA and Guangdong Provincial Key Laboratory on Petrochemical Equipment Fault Diagnosis, Guangdong Petrochemical University Technology, Maoming, China. His research interests include Cyber Physical Systems, IoT, connected vehicles, wireless, optical communications and networking, smart grid communications and networking, Network management issues and security issues, big data, cloud computing, and fault diagnosis in industrial infrastructure.
Dr. Shafiullah Khan is currently serving as an Associate Professor in Institute of Computing (IoC), Kohat University of Science and Technology (KUST), Pakistan. His research mainly focuses on wireless broadband network architecture, security, privacy, threats and mitigating techniques.
Dr. Muhammad Altaf Khan is currently serving as an Assistant Professor at Institute of Computing, Kohat University of Science and Technology (KUST), Pakistan. Moreover, he is also performing duties as Graduate-Programs-Coordinator at Institute of Computing, KUST. His main area of research is security in wireless networks.
Dr. Zeeshan Iqbal is currently serving as an Assistant Professor at Institute of Computing, Kohat University of Science and Technology (KUST) Pakistan. His research areas include wireless networks, networks security, internet of things and wireless sensor networks.