A Lightweight Mutual Authentication and Key Agreement Scheme for Medical Internet of Things

Wireless body area networks play an indispensable role in the medical Internet of Things. It is a network of several wearables or implantable devices that use wireless technologies to communicate. These devices usually collect the wearer's physiological data and send it to the server. Some health care providers can access the server over the network and provide medical care to the wearer. Due to the openness and mobility of the wireless network, the adversary can easily steal and forge information, which exchanged in the communication channel that leaks wearer's privacy. Therefore, a secure and reliable authentication scheme is essential. Most of the existing authentication schemes are based on asymmetric encryption. However, since the sensor devices in wireless body area networks are typically resource-constrained devices, their computing resources cannot afford to use asymmetric encryption. In addition, most of the existing lightweight authentication schemes have various security vulnerabilities, especially the lack of forwarding secrecy. Therefore, we propose a secure lightweight authentication scheme for the wireless body area networks. With this scheme, forward secrecy can be guaranteed without using asymmetric encryption. We use the automatic security verification tool ProVerif to verify the security of our scheme and analyze informal security. The experimental results and the theoretical analysis indicate that our scheme significantly reduces the computational cost compared with the schemes using asymmetric encryption and that it has a lower security risk compared with the lightweight schemes.