22ZR1300, Research on Intelligent Cyber Security and Trust Infra,
Kim Ik Kyun
Abstract
Wireless medical sensor networks (WMSNs)-based medical systems are an emerging paradigm of the Internet of Medical Things (IoMT) in which the patients and doctors can access various healthcare services via wireless communication technology without visiting the hospital in person. However, an adversary attempts a variety of security attacks because the sensitive information in various fields is exchanged via an insecure channel. Thus, robust and lightweight authentication protocols are essential for providing dependable healthcare services in WMSN-based medical systems. Recently, Wang et al. (IEEE Internet of Things Journal, doi: 10.1109/JIOT.2021.3117762) proposed blockchain and physically unclonable functions (PUFs)-based lightweight authentication protocol for WMSN. They claimed that their protocol is resistant to cyber and physical security threats and also does provide necessary security requirements. However, we prove that their protocol is vulnerable to various security attacks, such as man-in-the-middle and session key disclosure attacks and also lacks mutual authentication. As a result, we propose a robust authentication protocol for WMSN using blockchain and PUF to address the security problems raised by Wang et al.'s scheme. we assess the security of the proposed scheme by using informal and formal security analyses, such as AVISPA simulation and the ROR oracle model. Furthermore, we present the testbed experiments using Raspberry PI 4 based on MIRACL Crypto SDK. Then, we show the performance of the enhanced scheme compared with related schemes based on testbed experiments. Consequently, our scheme is better suited for practical WMSN-based medical systems because it provides greater security and efficiency than competing schemes.
KSP Keywords
BlockChain, Healthcare Services, Insecure Channel, Internet of thing(IoT), Man-in-the-middle, Oracle model, Physical security, Security and efficiency, Security attacks, Security problems, Security requirements
Copyright Policy
ETRI KSP Copyright Policy
The materials provided on this website are subject to copyrights owned by ETRI and protected by the Copyright Act. Any reproduction, modification, or distribution, in whole or in part, requires the prior explicit approval of ETRI. However, under Article 24.2 of the Copyright Act, the materials may be freely used provided the user complies with the following terms:
The materials to be used must have attached a Korea Open Government License (KOGL) Type 4 symbol, which is similar to CC-BY-NC-ND (Creative Commons Attribution Non-Commercial No Derivatives License). Users are free to use the materials only for non-commercial purposes, provided that original works are properly cited and that no alterations, modifications, or changes to such works is made. This website may contain materials for which ETRI does not hold full copyright or for which ETRI shares copyright in conjunction with other third parties. Without explicit permission, any use of such materials without KOGL indication is strictly prohibited and will constitute an infringement of the copyright of ETRI or of the relevant copyright holders.
J. Kim et. al, "Trends in Lightweight Kernel for Many core Based High-Performance Computing", Electronics and Telecommunications Trends. Vol. 32, No. 4, 2017, KOGL Type 4: Source Indication + Commercial Use Prohibition + Change Prohibition
J. Sim et.al, “the Fourth Industrial Revolution and ICT – IDX Strategy for leading the Fourth Industrial Revolution”, ETRI Insight, 2017, KOGL Type 4: Source Indication + Commercial Use Prohibition + Change Prohibition
If you have any questions or concerns about these terms of use, or if you would like to request permission to use any material on this website, please feel free to contact us
KOGL Type 4:(Source Indication + Commercial Use Prohibition+Change Prohibition)
Contact ETRI, Research Information Service Section
Privacy Policy
ETRI KSP Privacy Policy
ETRI does not collect personal information from external users who access our Knowledge Sharing Platform (KSP). Unathorized automated collection of researcher information from our platform without ETRI's consent is strictly prohibited.
[Researcher Information Disclosure] ETRI publicly shares specific researcher information related to research outcomes, including the researcher's name, department, work email, and work phone number.
※ ETRI does not share employee photographs with external users without the explicit consent of the researcher. If a researcher provides consent, their photograph may be displayed on the KSP.