Multi-factor user authentication scheme for IoT-based healthcare services

被引:60
作者
Dhillon P.K. [1 ]
Kalra S. [1 ]
机构
[1] Department of Computer Science and Engineering, Guru Nanak Dev University, Regional Campus, Jalandhar, 144001, Punjab
来源
Journal of Reliable Intelligent Environments | 2018年 / 4卷 / 03期
关键词
Authentication; Big data; Biometrics; Cloud; ECC; Healthcare; IoT;
D O I
10.1007/s40860-018-0062-5
中图分类号
学科分类号
摘要
Due to the tremendous rise of the cloud computing and the Internet of Things (IoT) paradigms, the possibility of remote monitoring of the patients in real time by a remote Medical Professional (MP) has become feasible and patients can enjoy healthcare services at home. To achieve this, the patient’s medical data will need to be stored on the Cloud server. However, patient’s medical data stored on server are highly sensitive and, hence, the Cloud-IoT network becomes open to many attacks. For that reason, it must ensure that patients’ medical data do not get exposed to malicious users. This makes strong user authentication a prerequisite for the successful global deployment of centralized healthcare systems. In this paper, we present an efficient, strong authentication protocol, for the MP to access patient data for healthcare applications based on Cloud-IoT network. The proposed protocol includes: (1) three-factor MP authentication (i.e. password, biometrics and smartcard); (2) mutual authentication between MP and the cloud server; (3) establishes a secure shared session key; and (4) maintains key freshness. Furthermore, the proposed protocol uses only two message exchanges between MP and cloud server, and attains efficiency (i.e. low computation and communication costs). Through the formal analysis using AVISPA web tool, security analysis and performance analysis, we conclude that the proposed protocol is more secure against potential attacks and obtains a trade-off between security and performance cost for healthcare application using Cloud-IoT networks. © 2018, Springer International Publishing AG, part of Springer Nature.
引用
收藏
页码:141 / 160
页数:19
相关论文
共 55 条
[1]  
Abdmeziem M.R., Tandjaoui D., An end-to-end secure key management protocol for e-health applications, Comput Electr Eng, 44, pp. 184-197, (2015)
[2]  
Watro R., Kong D., Cuti S., Gardiner C., Lynn C., Kruus P., TinyPK: Securing sensor networks with public key technology, Proceedings of the 2Nd ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 59-64, (2004)
[3]  
Benenson Z., Gedicke N., Raivio O., Realizing robust user authentication in sensor networks, Real-World Wirel Sens Netw, 14, (2005)
[4]  
Wong K.H.M., Zheng Y., Cao J., Wang S., A dynamic user authentication scheme for wireless sensor networks, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’06), IEEE, 1, (2006)
[5]  
Tseng H.-R., Jan R.-H., Yang W., An improved dynamic user authentication scheme for wireless sensor networks, IEEE GLOBECOM 2007-IEEE Global Telecommunications Conference, pp. 986-990, (2007)
[6]  
Hu F., Jiang M., Wagner M., Dong D.-C., Privacy-preserving telecardiology sensor networks: toward a low-cost portable wireless hardware/software codesign, IEEE Trans Inf Technol Biomed, 11, 6, pp. 619-627, (2007)
[7]  
Das M.L., Two-factor user authentication in wireless sensor networks, IEEE Trans Wirel Commun, 8, 3, pp. 1086-1090, (2009)
[8]  
Huang Y.-M., Hsieh M.-Y., Chao H.-C., Hung S.-H., Park J.H., Pervasive, secure access to a hierarchical sensor-based healthcare monitoring architecture in wireless heterogeneous networks, IEEE J Select Areas Commun, 27, 4, pp. 400-411, (2009)
[9]  
Malasri K., Wang L., Design and implementation of a securewireless mote-based medical sensor network, Sensors, 9, 8, pp. 6273-6297, (2009)
[10]  
Sriram J.C., Shin M., Choudhury T., Kotz D., Activity-aware ECG-based patient authentication for remote health monitoring, Proceedings of the 2009 International Conference on Multimodal Interfaces, pp. 297-304, (2009)
123456