Four-factor mutual authentication scheme for health-care based on wireless body area network

Health-care is one of the major concerns for every individual; however, it is not always possible to physically visit the health-care center in emergency situations. In such situations, remote health-care monitoring is beneficial, which can be provided by remote health-care monitoring applications based on wireless body area networks (WBANs). Since the communication in WBANs is carried over a public channel, their security becomes a paramount concern. Many schemes aimed to achieve secure and efficient communication in WBANs, but their own flaws impaired them. In this paper, we cryptanalyze Fotouhi et al.’s scheme and find that it is vulnerable to various attacks, namely privileged insider attack, sensor node capture attack, denial-of-service, desynchronization attack, replay attack, and stolen-verifier attack. It also lacks confidentiality and anonymity. Hence, we propose a new four-factor mutual authentication scheme for health-care based on WBANs that overcomes these issues and has better performance as it uses lightweight cryptographic primitives. The robustness of this scheme is verified formally using the Real-Or-Random model and Burrows–Abadi–Needham logic and informally through the state-of-the-art security analysis. Additionally, we verify the system’s security using the automated validation of Internet security protocols and applications tool-based automated simulation. Finally, we provide a comparative study of security and performance to show its efficacy in real-life applications.