A Secure Biometric-Based User Authentication Scheme for Cyber-Physical Systems in Healthcare

Khushboo Jha; Aruna Jain; Sumit Srivastava

doi:10.52756/ijerr.2024.v39spl.012

Khushboo Jha Department of Computer Science and Engineering, Birla Institute of Technology, Ranchi-835215, Jharkhand, India https://orcid.org/0000-0003-1062-8128
Aruna Jain Department of Computer Science and Engineering, Birla Institute of Technology, Ranchi-835215, Jharkhand, India
Sumit Srivastava Department of Computer Science and Engineering, Birla Institute of Technology, Ranchi-835215, Jharkhand, India https://orcid.org/0009-0003-6880-2958

DOI: https://doi.org/10.52756/ijerr.2024.v39spl.012

Keywords: uthentication, AVISPA tool, BAN logic, biometric, elliptic curve cryptosystem, wireless sensor network

Abstract

The effectiveness and advantages of Cyber-Physical Systems (CPS) are significantly influenced by the interconnectivity of individual devices or nodes, such as Internet of Things (IoT) devices. The exchange of data that is pertinent to a comprehensive job or capability plays a crucial role in numerous CPS applications, including healthcare monitoring in smart cities and homes and many more. Data exploitation in remote healthcare systems may have catastrophic consequences for patients; hence, a safe cryptographic technique is necessary. To address these security difficulties, a highly effective biometric based three-factor mutual authentication along with a key agreement scheme has been put forth that leverages the lightweight Elliptic Curve Cryptosystem (ECC). This scheme has been specifically designed to cater to the unique requirements of remote healthcare systems. The approach has been validated utilizing the Burrows-Abadi-Needham (BAN) logic, which verifies the effectiveness of mutual authentication. Also, the resistance to active and passive attacks was demonstrated through the use of the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Furthermore, a preliminary security evaluation is conducted to verify the resilience of the proposed system against several cryptographic attacks. Additionally, the suggested method is evaluated against existing state-of-the-art schemes and demonstrates superior performance in various security dimensions.

References

Ahlawat, P., & Bathla, R. (2023). A multi objective optimization modeling in WSN for enhancing the attacking efficiency of node capture attack. International Journal of System Assurance Engineering and Management, 14(6), 2187–2207. https://doi.org/10.1007/s13198-023-02048-2

Alghamdi, A., Shahrani, A. M. A., AlYami, S. S., Khan, I. R., Sri, P. S. G. A., Dutta, P., Rizwan, A., & Venkatareddy, P. (2023). Security and energy efficient cyber-physical systems using predictive modeling approaches in wireless sensor network. Wireless Networks. https://doi.org/10.1007/s11276-023-03345-1

Ali, R., Pal, A. K., Kumari, S., Sangaiah, A. K., Li, X., & Wu, F. (2018). An enhanced three factor based authentication protocol using wireless medical sensor networks for healthcare monitoring. Journal of Ambient Intelligence & Humanized Computing/Journal of Ambient Intelligence and Humanized Computing, 15(1), 1165–1186. https://doi.org/10.1007/s12652-018-1015-9

Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P. H., Heám, P. C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., Von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., & Vigneron, L. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. In Lecture notes in Computer Science, pp. 281–285. https://doi.org/10.1007/11513988_27

Chetry, A., & Sharma, U. (2023). Anonymity in decentralized apps: Study of implications for cybercrime investigations. International Journal of Experimental Research and Review, 32, 195–205. https://doi.org/10.52756/ijerr.2023.v32.017

Cho, Y., Oh, J., Kwon, D., Son, S., Yu, S., Park, Y., & Park, Y. (2022). A secure Three-Factor authentication protocol for E-Governance system based on multiserver environments. IEEE Access, 10, 74351–74365. https://doi.org/10.1109/access.2022.3191419

Das, A. K., Kumari, S., Odelu, V., Li, X., Wu, F., & Huang, X. (2016). Provably secure user authentication and key agreement scheme for wireless sensor networks. Security and Communication Networks, 9(16), 3670–3687. https://doi.org/10.1002/sec.1573

Dawn, N., Ghosh, T., Ghosh, S., Saha, A., Mukherjee, P., Sarkar, S., Guha, S., & Sanyal, T. (2023). Implementation of Artificial Intelligence, Machine Learning, and Internet of Things (IoT) in revolutionizing Agriculture: A review on recent trends and challenges. Int. J. Exp. Res. Rev., 30, 190-218. https://doi.org/10.52756/ijerr.2023.v30.018

Far, H. a. N., Bayat, M., Das, A. K., Fotouhi, M., Pournaghi, S. M., & Doostari, M. A. (2021). LAPTAS: lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT. Wireless Networks, 27(2), 1389–1412. https://doi.org/10.1007/s11276-020-02523-9

Hemalatha, T., Bhuvaneswari, A., Poornima, N., Shubha, B., Santhi, K., Lawanyashri, M., & Mara, G. C. (2023). Secure and private data sharing in CPS e-health systems based on CB-SMO techniques. Measurement. Sensors, 27, 100787. https://doi.org/10.1016/j.measen.2023.100787

Huang, W. (2024). ECC-based three-factor authentication and key agreement scheme for wireless sensor networks. Scientific Reports, 14(1). https://doi.org/10.1038/s41598-024-52134-z

Jain, N., Awasthi, Y., & Jain, R. (2023). An IoT-based soil analysis system using optical sensors and multivariate regression. Int. J. Exp. Res. Rev., 31(Spl Volume), 23-32. https://doi.org/10.52756/10.52756/ijerr.2023.v31spl.003

Jha, K., Jain, A., & Srivastava, S. (2023a). An Efficient Speaker Identification Approach for Biometric Access Control System. In:2023 5th International Conference on Recent Advances in Information Technology (RAIT), IEEE, pp. 1-5. https://doi.org/10.1109/RAIT57693.2023.10127101

Jha, K., Jain, A., & Srivastava, S. (2024a). Analysis of Human Voice for Speaker Recognition: Concepts and Advancement. Journal of Electrical Systems, 20(1), 582-599. https://doi.org/10.52783/jes.806

Jha, K., Srivastava, S., & Jain, A. (2023b). Integrating Global and Local Features for Efficient Face Identification Using Deep CNN Classifier. In:2023 International Conference on Device Intelligence, Computing and Communication Technologies, (DICCT), IEEE pp. 532-536. https://doi.org/10.1109/DICCT56244.2023.10110170

Jha, K., Srivastava, S., & Jain, A. (2024b). Cryptanalysis of a Biometric based Anonymous Authentication Approach for IoT Environment. International Journal of Microsystems and IoT, 2(2), 591–597. https://doi.org/10.5281/zenodo.10804461

Jha, R., & Singh, M. K. (2024). Electric Mobility Adoption in India–Policy & Initiatives to Promote E-Mobility in Jharkhand. International Management Review, 20(1), 63-74.

Lekha, J., Sandhya, K., Archana, U., Anilkumar, C., Soman, S. J., & Satheesh, S. (2023). Secure medical sensor monitoring framework using novel optimal encryption algorithm driven by Internet of Things. Measurement. Sensors, 30, 100929. https://doi.org/10.1016/j.measen.2023.100929

Liu, W., Wang, X., Peng, W., & Xing, Q. (2019). Center-Less single Sign-On with Privacy-Preserving remote Biometric-Based ID-MAKA scheme for mobile cloud computing services. IEEE Access, 7, 137770–137783. https://doi.org/10.1109/access.2019.2942987

Mirsaraei, A. G., Barati, A., & Barati, H. (2022). A secure three-factor authentication scheme for IoT environments. Journal of Parallel and Distributed Computing, 169, 87–105. https://doi.org/10.1016/j.jpdc.2022.06.011

Mondal, S., Nag, A., Barman, A. K., & Karmakar, M. (2023). Machine Learning-based maternal health risk prediction model for IoMT framework. International Journal of Experimental Research and Review, 32, 145–159. https://doi.org/10.52756/ijerr.2023.v32.012

Nyangaresi, V. O. (2022). Lightweight anonymous authentication protocol for resource-constrained smart home devices based on elliptic curve cryptography. Journal of Systems Architecture, 133, 102763. https://doi.org/10.1016/j.sysarc.2022.102763

Pal, D., Funilkul, S., Charoenkitkarn, N., & Kanthamanon, P. (2018). Internet-of-Things and Smart Homes for Elderly Healthcare: An end user perspective. IEEE Access, 6, 10483–10496. https://doi.org/10.1109/access.2018.2808472

Rai, A., Kundu, K., Dev, R., Keshari, J., & Gupta, D. (2023). Design and development Virtual Doctor Robot for contactless monitoring of patients during COVID-19. Int. J. Exp. Res. Rev., 31(Spl Volume), 42-50. https://doi.org/10.52756/10.52756/ijerr.2023.v31spl.005

Saini, K. K., Kaur, D., Kumar, D., & Kumar, B. (2024). An efficient three-factor authentication protocol for wireless healthcare sensor networks. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-024-18114-1

Saqib, M., Jasra, B., & Moon, A. H. (2022). A lightweight three factor authentication framework for IoT based critical applications. Journal of King Saud University. Computer and Information Sciences/Maǧalaẗ Ǧamʼaẗ Al-malīk Saud: Ùlm Al-ḥasib Wa Al-maʼlumat, 34(9), 6925–6937. https://doi.org/10.1016/j.jksuci.2021.07.023

Sarkar, A., & Singh, B. (2019). A cancelable biometric based secure session key agreement protocol employing elliptic curve cryptography. International Journal of System Assurance Engineering and Management, 10(5), 1023–1042. https://doi.org/10.1007/s13198-019-00832-7

Soni, P., Pal, A. K., & Khushboo, K. (2019a). A User Convenient Secure Authentication Scheme for Accessing e-Governance Services. In: 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), IEEE, pp.1-7. https://doi.org/10.1109/ICCCNT45670.2019.8944393

Soni, P., Pal, A. K., & Islam, S. H. (2019b). An improved three-factor authentication scheme for patient monitoring using WSN in remote health-care system. Computer methods and programs in biomedicine, 182, 105054. https://doi.org/10.1016/j.cmpb.2019.105054

Soni, P., Pal, A. K., Islam, S. H., Singh, A., & Kumar, P. (2021). Provably secure and biometric-based secure access of E-Governance services using mobile devices. Journal of Information Security and Applications, 63, 103016. https://doi.org/10.1016/j.jisa.2021.103016

Vinoth, R., Deborah, L. J., Vijayakumar, P., & Kumar, N. (2021). Secure Multifactor Authenticated Key Agreement Scheme for Industrial IoT. IEEE Internet of Things Journal, 8(5), 3801–3811. https://doi.org/10.1109/jiot.2020.3024703

Wang, Z., Deng, D., Hou, S., Guo, Y., & Li, S. (2023). Design of three-factor secure and efficient authentication and key-sharing protocol for IoT devices. Computer Communications, 203, 1–14. https://doi.org/10.1016/j.comcom.2023.02.015

Wu, T., Yang, L., Lee, Z., Chen, C., Pan, J., & Islam, S. H. (2021). Improved ECC-Based Three-Factor Multiserver Authentication scheme. Security and Communication Networks, 2021, 1–14. https://doi.org/10.1155/2021/6627956