A Lightweight and Anonymous Authentication and Key Agreement Protocol for Wireless Body Area Networks

As a major building block of Healthcare 4.0, wireless body area networks (WBANs) play an important role in collecting patient's real-time physical phenomena through small wearable or implantable intelligent medical devices and communicating with remote medical experts using short-range wireless communication techniques. However, the challenges of securing information access are partly evidenced by the difficulty in designing secure and efficient security protocols. For example, existing authentication and key agreement schemes have either potential security vulnerabilities or high communication and computation overhead. In this article, we propose a lightweight and anonymous authentication and key agreement protocol, also called liteAuth, for WBANs. In our approach, mutual authentication and session key agreement are achieved using the Tinkerbell map-based random shuffling, physical unclonable function, one-way hash function, and bitwise exclusive OR operation. The security of liteAuth is first verified using the AVISPA tool, and then its cyber resilience is analyzed. In addition, we develop a real-world testbed, implement liteAuth and two existing schemes (i.e., PSLAP and HARCI), and conduct experiments for performance evaluation and analysis. Experimental results indicate that liteAuth can improve the performance of communication overhead and computation time as well as reduce energy consumption, while meeting all security requirements.