Leakage-Resilient and Lightweight Authenticated Key Exchange for E-Health

E-Health applications generally involve human users’ privacy information such as identity and medical data. To protect these data, authenticated key exchange (AKE) protocols are provided as an underlying security mechanism in many communication techniques for E-Health application. For example, the international communication standard for wireless body area network (WBAN), i.e. IEEE S02.15.6, provides a number of AKE protocols for different E-Health scenarios; the Bluetooth specification 5.0 also defines four AKE protocols applicable in different applications of E-Health. However, all of these AKE protocols in use cannot resist to the emerging side-channel attacks (also known as leakage attacks). This paper thereby aims to enhance security and privacy in E-Health by designing an AKE protocol which can resist side-channel attacks. In particular, a leakage-resilient AKE protocol is proposed by combining the blinding technique with the Elliptic Curve Diffie-Hellman key exchange protocol (ECDH). In addition, to make the protocol friendlier to capability-limited nodes such as medical devices which are widely used in E-Health applications, we transfer some time-consuming computations from a limited node to its communicating partner which is generally more powerful. We also realize a prototype and carry out a series of experiments to study its performance. The proposed AKE protocol has stronger security and higher efficiency than similar protocols in IEEE 802.15.6 and Bluetooth 5.0.