Journal of Medical and Biological Engineering

, Volume 39, Issue 4, pp 443–455 | Cite as

An Anonymity, Availability and Security-Ensured Authentication Model of the IoT Control System for Reliable and Anonymous eHealth Services

  • Wei-Liang Tai
  • Ya-Fen ChangEmail author
  • Ya-Ling Lo
Original Article


eHealth is supported by electronic processes and communication. The Internet of Things (IoT) is utilized to realize smart healthcare, backup terminal devices are required for reliable eHealth services, and the IoT control system is essential for the security of IoT applications. In 2013, Yang et al. first added backup terminal devices, a status monitor device and an alarm module to the IoT control system and proposed an authentication mechanism for availability and security. In 2016, Chang et al. found that Yang et al.’s authentication model suffers from some drawbacks. In this paper, we adjust the operation and requirements of the IoT control system and take user anonymity into consideration to propose an authentication model for the IoT control system for reliable and anonymous eHealth services. To ensure anonymity of the user and the accessed service, the real identifiers will not be transmitted for untraceability. The proposed authentication model complies with six essential requirements. Via the proposed authentication model, the IoT control system can ensure reliable and anonymous eHealth services with anonymity, availability and security.


eHealth The Internet of Things (IoT) RFID Mutual authentication User anonymity 



This work was supported in part by Ministry of Science and Technology under the Grants MOST 105-2221E-034-014-, MOST 106-2622-H-025-001-CC3, and MOST 106-2410-H-025-006.


  1. 1.
    Yang, J. C., Pang, H., & Zhang, X. (2013). Enhanced mutual authentication model of IoT. The Journal of China Universities of Posts and Telecommunications, 20, 69–74. Scholar
  2. 2.
    Dixit, V., Verma, H. K., & Singh, A. K. (2011). Comparison of various security protocols in RFID. International Journal of Computer Applications, 24(7), 17–21. Scholar
  3. 3.
    Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, D. W. (2004). Security and privacy aspects of low-cost radio frequency identification systems. Security in Pervasive Computing. Scholar
  4. 4.
    Henrici, D., & Muller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 149–153.Google Scholar
  5. 5.
    Lee, S. M., Hwang, Y. J., Lee, D. H., & Lim, J. I. (2005). Efficient authentication for low-cost RFID systems. Computational Science and Its Applications - ICCSA, 2005(3480), 619–627. Scholar
  6. 6.
    Juels, A., & Pappu, R. (2003). Squealing Euros: privacy protection in RFID-enabled banknotes. Financial Cryptography, 2742, 103–121. Scholar
  7. 7.
    Golle, P., Jakobsson, M., Juels, A., & Syverson, P. (2004). Universal re-encryption for mixnets. Topics in Cryptology - CT-RSA, 2004(2964), 163–178. Scholar
  8. 8.
    Rhee, K., Kwak, J., Kim, S., & Won, U. (2005). Challenge-response based RFID authentication protocol for distributed database environment. Security in Pervasive Computing, 3450, 70–84. Scholar
  9. 9.
    Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost: a hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers and Mathematics with Applications, 69(1), 58–65. Scholar
  10. 10.
    Safkhani, M., Peris-Lopez, P., Hernandez-Castro, J. C., & Bagheri, N. (2014). Cryptanalysis of the Cho et al. protocol: a hash-based RFID tag mutual authentication protocol. Journal of Computational and Applied Mathematics, 256(B), 571–577. Scholar
  11. 11.
    Chang, Y. F., Lo, Y. L., & Tai, W. L. (2016). Comments on an authentication model of IoT control system. In Proceedings of the 4th Annual Conference on Engineering and Information Technology, pp.771–776.Google Scholar
  12. 12.
    Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112. Scholar
  13. 13.
    Xue, K., Ma, C., Hong, P., & Ding, R. (2013). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36(1), 316–323. Scholar
  14. 14.
    Farash, M. S., Turkanović, M., Kumari, S., & Hölbl, M. (2015). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Networks, 36(1), 152–176. Scholar
  15. 15.
    Ibrahim, M. H., Kumari, S., Das, A. K., Wazid, M., & Odelu, V. (2016). Secure anonymous mutual authentication for star two-tier wireless body area networks. Computer Methods and Programs in Biomedicine, 135, 37–50. Scholar
  16. 16.
    Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., & Kumari, S. (2016). Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Computer Method and Program in Biomedicine, 135, 167–185. Scholar
  17. 17.
    Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., & Li, X. (2015). Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. Journal of Medical Systems, 39(11), 1–21. Scholar

Copyright information

© Taiwanese Society of Biomedical Engineering 2018

Authors and Affiliations

  1. 1.Department of Information CommunicationsChinese Culture UniversityTaipeiTaiwan
  2. 2.Department of Computer Science and Information EngineeringNational Taichung University of Science and TechnologyTaichungTaiwan

Personalised recommendations