A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT

The widespread use of mobile devices, sensors, and wireless sensor networks and the progressive development of the Internet of Things (IoT) has motivated medical and health-care societies to employ IoT to monitor, collect data, and communicate with patients using the wireless body area networks (WBANs). The collected data will make a lot of medical diagnosis applications of WBANs, which are obtained directly from the patients' bodies. Therefore, because of the nature of wireless networks and freely accessible data feature over the public channel, the security and privacy of WBANs is the most critical concern for those who use it for health-care purposes. Accordingly, there is a need for an authentication scheme for letting a trusted user such as doctors or clinical personnel access to the sensor's data from patients. In this paper, we propose a new lightweight hash-chain-based and forward secure authentication scheme for wireless body area networks in health-care IoT. Our scheme is secure against various known attacks obliged for WBANs. Additionally, we perform the formal security analysis using Real-or Random (ROR) model, and informal security on the proposed scheme, also, security verification of our scheme is validated by the ProVerif tool. Besides, our scheme is simulated by the OPNET network simulator and compared with several new schemes in terms of security and performance requirements. The simulation results and comparisons confirm that the proposed scheme is suitable for WBANs, and it supports more security features compared to related schemes.