A New Biometric-Based Remote User Authentication Scheme in Hierarchical Wireless Body Area Sensor Networks
Ashok Kumar Das, Santanu Chatterjee And Jamuna Kanta Sing
User authentication is a primary concern in a resource constrained wireless sensor network (WSN) before accessing real-time data from the nodes inside WSN. In this paper, we propose a novel biometric-based user authentication scheme suitable for hierarchical wireless body area networks (WBANs). The proposed scheme makes use of biometric verification along with password verification, which enables any authorized user to access real-time data from any cluster head in the sensor network. The proposed scheme is light-weight because it only requires the efficient cryptographic hash function, and symmetric key encryption and decryption algorithms. The strengths of the proposed protocol are that it provides strong authentication as compared to traditional related password-based authentication schemes in WSNs and achieves some good properties such as it works without synchronized clock, it supports freely password change by the legitimate users at any time, and it provides low computation costs and mutual authentication. In addition, the proposed scheme provides unconditional security against node capture attack and also prevents other attacks such as denial-of-service attack, stolen-verifier attack, many logged-in users with the same loginid attack, masquerade attack, replay attack, privileged-insider attack, smart card breach attack, and man-in-the-middle attack. Through the formal security verification using AVISPA (Automated Validation of Internet Security Protocols and Applications) tool we show that our scheme is secure against passive and active attacks. Furthermore, the formal security analysis under the random oracle models proves that our scheme is provably secure against different known attacks.
Keywords: Wireless sensor networks; wireless body area networks; healthcare applications; user authentication; biometrics; passwords; hash function; security.
Full Text (IP)