Lightweight and privacy-preserving authentication scheme with the resilience of desynchronisation attacks for WBANs

With the advances in wireless communication and Internet of things, wireless body area networks (WBANs) have attracted more and more attention because of the potential in improving the quality of health care services. With the help of WBANs, the user can access the patient's life-critical data generated by miniaturised medical sensors, and remote health care monitoring services are provided. Since the open nature of wireless channel and sensitivity of transmitted information, the security and privacy of such personal data are becoming important issues that must be dealt with. In the past few years, a large number of authentication schemes had been proposed to solve these issues. However, most of the existing schemes are not secure enough. As a step toward this direction, in this study, the authors present a privacy-preserving authentication scheme with adaptive resilience of desynchronisation attacks for WBANs, in which lightweight crypto-modules are adopted to pursue the best efficiency. The proposed scheme adopts the pseudonym identity technique to provide user anonymity, and one-way hash chain technique and serial number method are employed to ensure forward secrecy and resist desynchronisation attack, respectively. Analysis and comparison results demonstrate that the proposed scheme achieves a delicate balance between security and efficiency.