Certificateless Authenticated Key Agreement for Decentralized WBANs

Security and privacy of sensitive data are crucial nowadays. Internet of things (IoTs) is emerging and has brought critical security issues. Wireless body networks (WBANs) as one branch of IoTs are vulnerable systems today because they carry sensitive information from implanted and wearable sensors. Authentication and key agreement for WBAN are important to protect its security and privacy. Several authentication and key agreement protocols have been proposed for WBANs. However, many of them are administered by a single server. Addition to that, a malicious key generation center can become a threat to other entities in WBANs, i.e impersonate the user by causing a key escrow problem. In this paper, we propose a certificateless authenticated key agreement (CLAKA) for a decentralized/blockchain WBAN in the first phase. CLAKA has advantage to be designed in a decentralized architecture that is suitable for low computation devices. A security mediated signature (SMC) for blockchain authentication is described in the second phase of our protocol. SMC has advantage in solving public key revocation while maintaining the characteristics of certificateless public key cryptography i.e. solving the key escrow problem. Our protocol can compute a session key between WBAN controller and blockchain node and verify the eligibility of node to collect WBAN data.