Abstract
Wireless body area network (WBAN) provides a medium through which physiological information could be harvested and transmitted to application provider (AP) in real time. Integrating WBAN in a heterogeneous Internet of Things (IoT) ecosystem would enable an AP to monitor patients from anywhere and at anytime. However, the IoT roadmap of interconnected ‘Things’ is still faced with many challenges. One of the challenges in healthcare is security and privacy of streamed medical data from heterogeneously networked devices. In this paper, we first propose a heterogeneous signcryption scheme where a sender is in a certificateless cryptographic (CLC) environment while a receiver is in identity-based cryptographic (IBC) environment. We then use this scheme to design a heterogeneous access control protocol. Formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model is presented. In comparison with some of the existing access control schemes, our scheme has lower computation and communication cost.
Similar content being viewed by others
References
Gope, P., and Hwang, T., An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. J. Netw. Comput. Appl. 62:1–8, 2016.
Li, F., Zhang, H., and Takagi, T., Efficient signcryption for heterogeneous systems. IEEE Syst. J. 7(3): 420–429, 2013.
Jiang, Q., Ma, J., Yang, C., Ma, X., Shen, J., and Chaudhry, S. A., Efficient end-to-end authentication protocol for wearable health monitoring systems. Comput Electr. Eng. 63:182–195, 2017.
Jiang, Q., Zeadally, S., Ma, J., and He, D., Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392, 2017.
Li, X., Niu, J., Bhuiyan, M. Z. A., Wu, F., Karuppiah, M., and Kumari, S.: A robust ECC based provable secure authentication protocol with privacy protection for industrial internet of things. IEEE Transactions on Industrial Informatics. https://doi.org/10.1109/TII.2017.2773666, 2017
Li, X., Niu, J., Kumari, S., Wu, F., and Choo, K. K. R., A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Futur. Gener. Comput. Syst. 83:607–618, 2018.
Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A. K., and Choo, K. K. R., A three-factor anonymous authentication scheme for wireless sensor networks in internet of things environments. J. Netw. Comput. Appl. 103: 194–204, 2018.
Li, X., Niu, J., Liao, J., and Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.
Al-Riyami, S. S., and Paterson, K. G., Certificateless public key cryptography. Adv. Cryptol.-ASIACRYPT 2003:452–473, 2003.
Amin, R., Islam, S. H., Biswas, G., Khan, M. K., and Kumar, N., A robust and anonymous patient monitoring system using wireless medical sensor networks. Futur. Gener. Comput. Syst. 80:483–495, 2018.
Barbosa, M., and Farshim, P.: Certificateless signcryption. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS ’08), pp. 369–372, 2008.
Barreto, P. S. L. M., Libert, B., McCullagh, N., and Quisquater, J. J., Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. Adv. Cryptol.-ASIACRYPT 2005:515–532, 2005.
Cagalaban, G., and Kim, S.: Towards a secure patient information access control in ubiquitous healthcare systems using identity-based signcryption. In: 13Th international conference on advanced communication technology (ICACT2011), pp. 863–867, 2011.
Cramer, R., and Shoup, V., A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in Cryptology-CRYPTO ’98 LNCS 1462:13–25, 1998.
Daemen, J., and Rijmen, V., The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer Science & Business Media, 2013.
He, D., Zeadally, S., Kumar, N., and Lee, J. H., Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11(4):2590–2601, 2017.
Hu, C., Li, H., Huo, Y., Xiang, T., and Liao, X., Secure and efficient data communication protocol for wireless body area networks. IEEE Trans. Multi-Scale Comput. Syst. 2(2):94–107, 2016.
Hu, C., Zhang, N., Li, H., Cheng, X., and Liao, X., Body area network security: a fuzzy attribute-based signcryption scheme. IEEE J. Sel. Areas Commun. 31(9):37–46, 2013.
Huang, Q., Wong, D. S., and Yang, G., Heterogeneous signcryption with key privacy. Comput. J. 54(4): 525, 2011.
Li, F., Han, Y., and Jin, C., Practical access control for sensor networks in the context of the internet of things. Comput. Commun. 89-90:154–164, 2016.
Li, F., Han, Y., and Jin, C., Cost-effective and anonymous access control for wireless body area networks. IEEE Syst. J. 12(1):747–758, 2018.
Li, F., and Hong, J., Efficient certificateless access control for wireless body area networks. IEEE Sensors J. 16(13):5389–5396, 2016.
Liu, J., Zhang, Z., Chen, X., and Kwak, K. S., Certificateless remote anonymous authentication schemes for wireless body area networks. IEEE Trans. Parallel Distrib. Syst. 25(2):332–342, 2014.
Li, X., Ibrahim, M. H., Kumari, S., Sangaiah, A. K., Gupta, V., and Choo, K. K. R., Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput. Netw. 129:429–443, 2017.
Liu, Y., Zhang, Y., Ling, J., and Liu, Z., Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Futur. Gener. Comput. Syst. 78:1020–1026, 2018.
Milenković, A., Otto, C., and Jovanov, E., Wireless sensor networks for personal health monitoring: Issues and an implementation. Comput. Commun. 29(13-14):2521–2533, 2006.
Omala, A. A., Kibiwott, K. P., and Li, F., An efficient remote authentication scheme for wireless body area network. J. Med. Syst. 41(2):25, 2016.
Omala, A. A., Robert, N., and Li, F., A provably-secure transmission scheme for wireless body area networks. J. Med. Syst. 40(11):247, 2016.
Pointcheval, D., and Stern, J., Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3):361–396, 2000.
Shamir, A., Identity-based cryptosystems and signature schemes. Adv. Cryptol.-CRYPTO 84:47–53, 1985.
Shen, J., Chang, S., Shen, J., Liu, Q., and Sun, X., A lightweight multi-layer authentication protocol for wireless body area networks. Futur. Gener. Comput. Syst. 78:956–963, 2018.
Sun, Y., and Li, H., Efficient signcryption between tpkc and idpkc and its multi-receiver construction. Sci. China Inf. Sci. 53(3):557–566, 2010.
Zheng, Y., Digital signcryption or how to achieve cost(signature &encryption) << cost(signature) + cost(encryption). Advances in Cryptology-CRYPTO ’97 LNCS 1294:165–179, 1997.
Eom, J., Lee, D. H., and Lee, K., Patient-controlled attribute-based encryption for secure electronic health records system. J. Med. Syst. 40(12):253, 2016.
Xiong, H., Cost-effective scalable and anonymous certificateless remote authentication protocol. IEEE Trans. Inf. Forensic. Secur. 9(12):2327–2339, 2014.
Lu, Y., Xu, G., Li, L., and Yang, Y.: Anonymous three-factor authenticated key agreement for wireless sensor networks. Wireless Networks. https://doi.org/10.1007/s11276-017-1604-0, 2017
Saeed, M. E. S., Liu, Q., Tian, G., Gao, B., and Li, F.: Hoosc: heterogeneous online/offline signcryption for the internet of things. Wireless Networks. https://doi.org/10.1007/s11276-017-1524-z, 2017
Ting, P. Y., Tsai, J. L., and Wu, T. S.: Signcryption method suitable for low-power iot devices in a wireless sensor network. IEEE Systems Journal. https://doi.org/10.1109/JSYST.2017.2730580, 2017
Li, F., Shirase, M., and Takagi, T., Certificateless hybrid signcryption. Math. Comput. Modell. 57(3-4): 324–343, 2013.
Boyen, X., Multipurpose identity-based signcryption: a swiss army knife for identity-based cryptography. Adv. Cryptol.-CRYPTO 2003:383–399, 2003.
Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V., Wiesmaier, A., and Kikiras, P.: On the security and privacy of internet of things architectures and systems. In: 2015 International workshop on secure internet of things (SIot 2015), pp. 49–57, 2015.
Wu, F., Li, X., Sangaiah, A. K., Xu, L., Kumari, S., Wu, L., and Shen, J., A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Futur. Gener. Comput. Syst. 82:727–737, 2018.
Acknowledgements
This work is supported by the National Natural Science Foundation of China (Grant No 612725 25), the Fundamental Research Funds for the Central Universities (Grant No. ZYGX2016J081) and the Laboratory for Internet of Things and Mobile Internet Technology of Jiangsu Province (Grant No. JSWLW-2017-006).
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Omala, A.A., Mbandu, A.S., Mutiria, K.D. et al. Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network. J Med Syst 42, 108 (2018). https://doi.org/10.1007/s10916-018-0964-z
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-018-0964-z