A secure lightweight mutual authentication and key agreement protocol for healthcare systems

Abstract The current era of technology is flooded with hundreds of Internet of Things (IoT) applications with billions of IoT objects. One of the primary applications is healthcare systems, where body area network (BAN)-sensing healthcare devices (such as leg movement sensor, heart-rate sensing, etc.) collect the user's real-time data (such as heart rate, step counts, and many more). These real-time users’ data are vulnerable to various attacks related to authentication. It may also create scope for further attacks exploiting authentication. Therefore it requires a proper authentication mechanism and should be transmitted securely without compromising the privacy of the user's healthcare information. Moreover, these devices are very much computationally resource constrained. This chapter emphasizes the afore-mentioned threats and constraints, and proposes a secure, lightweight authentication protocol between a healthcare wearable device and its user. The scheme uses a cryptographic hash function and X-OR functionalities only. It is tested by a well-known formal security verification tool, AVISPA, to show its robustness against various attacks related to authentications. The secure establishment of a shared secret key is also shown by the well-known BAN authentication logic. Furthermore, the computational cost of the scheme is also computed and compared with other work to prove its efficiency.