Analysis and Improvement on A Lightweight Two-factor Authentication Scheme for Wireless Body Area Networks in Health-care IoT

Recently, medical and healthcare associations have gradually begun to use the Internet of Things and wireless sensor networks to monitor, collect data, and use wireless body area networks (WBANs) to communicate with patients. However, due to the characteristics of wireless networks that can freely access data on public channels, WBANs face some problems in the security and privacy protection. At the same time, some authentication schemes for wireless body area networks have also been proposed. In this paper, we carefully analyze Fotouhi et al.’s authentication scheme for wireless body area networks in health-care IoT and find that Fotouhi et al.’s scheme is vulnerable to several weaknesses. The main shortcoming of Fotouhi et al.’s scheme is that it takes up too much storage space of each entity during the registration and authentication phase. To overcome the shortcomings of Fotouhi et al.’s scheme, we propose an improved scheme. In our improved scheme, each entity will store less data than Fotouhi et al.’s scheme in the registration phase. Furthermore, we make the gateway node store as little data as possible by adding some key information to the transmitted messages in the authentication phase of the improved scheme. These measures can greatly save a lot of storage space and improve efficiency. We also investigate the security of the improved scheme in informal analysis and formal analysis.