Fine-Auth: A Fine-Grained User Authentication and Key Agreement Protocol Based on Physical Unclonable Functions for Wireless Body Area Networks

Wireless body area networks (WBANs) can be used to realize the real-time monitoring and transmission of health data concerning the human body based on wireless communication technology. With the transmission of these sensitive health data, security and privacy protection issues have become increasingly prominent. Fine-grained authentication allows physicians to run authentication checks of another specific entity according to their identifying attributes. Hence, it plays a key role in preserving the security and privacy of WBANs. In recent years, substantial research has been carried out on fine-grained authentication. However, these studies have put considerable effort into WBAN performances, resulting in weakened security. This paper proposes a fine-grained user authentication and key agreement protocol based on physical unclonable functions (PUFs) while maintaining robust security and performance. This will allow physicians to perform mutual authentication and obtain key agreements with authorized body area sensor nodes according to their identity parameters, such as occupation type and title. We then provide comprehensive security and heuristic analyses to demonstrate the security of the proposed protocol. Finally, the performance comparison shows that the proposed protocol is more robust in security, cost-effective communication, and computational overheads compared to three leading alternatives.