A provably secure and efficient anonymous mutual authentication and key agreement protocol for wearable devices in WBAN

Wireless body area networks (WBAN) is a novel paradigm that is gaining popularity in a scenario of current wireless communication systems. It plays an essential role in healthcare applications like remote monitoring of health data. For instance, the crucial and confidential data about the condition of the patient's physical health can be gathered and transferred through WBAN. Therefore, authentication and session key-agreements are integral security concerns for wearable sensors in WBAN. Moreover, as the wearable devices are resource-constraints, there is a need to develop a lightweight protocol to ensure authenticity, confidentiality, and integrity of the information. Li et al. presented an anonymous mutual authentication protocol to establish a session-key among wearable sensor nodes and the local hub node. However, after an in-depth analysis, we found that their scheme is susceptible to an intermediate node capture attack, and sensor node/hub node impersonation with intermediate node capture attacks. The scheme also does not provide anonymity with unlinkable sessions. This paper proposes a new anonymous mutual authentication and key agreement protocol in WBAN to overcome the security weaknesses in Li et al.'s protocol. The proposed protocol uses only basic symmetric cryptosystems like simple XOR and cryptographic hash functions; hence, it is efficient and lightweight. The validly and the correctness of the proposed protocol are evaluated using BAN-Logic, Real-Or-Random (ROR) model, and the broadly accepted AVISPA tool. The performance comparison of the proposed protocol with the existing related protocols shows the efficiency regarding communication and computational complexities. Hence, it is suitable to be used in real-life applications.