A Lightweight Mutual Authentication and Key Agreement Scheme for Healthcare Applications with Robustness to Desynchronization Attacks




Shihab, Shamim Akhtar

Journal Title

Journal ISSN

Volume Title



Remote healthcare monitoring system is currently gaining a lot of interest due to their potential to save lives by providing patients with continuous monitoring and quick responses when they are in critical medical condition. With the development of the Internet of Things and wireless body area networks, medical personnel can now use the public channel to get real-time data from the sensors implanted in the patient’s body. However, protecting patient confidentiality and privacy of shared data from various threats is a significant challenge due to the openness of wireless communication. This necessitates the implementation of a robust authentication scheme to ensure secure communication between trusted healthcare providers and sensors. To counter these issues, in 2021, Mehedi et al. presented a lightweight anonymous user authentication scheme for securely obtaining patient’s real- time data. Their protocol is considered practical for deployment on sensor nodes as it only utilizes hash functions and does not require any public key cryptography. In this paper, we demonstrate how their protocol loses synchronization when a message is blocked/jammed and how in some scenarios, the protocol is exposed to the risk of session key disclosure. To overcome these threats, we propose a lightweight mutual authentication scheme to provide data security and privacy in healthcare. The proposed system uses a one-way hash chain technique to ensure forward secrecy and a flag parameter mechanism to make it resistant to desynchronization attacks while achieving user and sensor node anonymity. With the demonstration of both formal and informal analysis, the proposed protocol is ensured to withstand the identified attacks in Mehedi et al.’s scheme. The comparative analysis in terms of security and performance with relevant protocols indicates that the proposed protocol ensures higher security with considerably lower computation and communication overheads, making it suitable for practical implementation in a lightweight healthcare environment.



healthcare, lightweight authentication, desynchronization attack, key agreement, forward secrecy, anonymity