Abstract
eHealth is supported by electronic processes and communication. The Internet of Things (IoT) is utilized to realize smart healthcare, backup terminal devices are required for reliable eHealth services, and the IoT control system is essential for the security of IoT applications. In 2013, Yang et al. first added backup terminal devices, a status monitor device and an alarm module to the IoT control system and proposed an authentication mechanism for availability and security. In 2016, Chang et al. found that Yang et al.’s authentication model suffers from some drawbacks. In this paper, we adjust the operation and requirements of the IoT control system and take user anonymity into consideration to propose an authentication model for the IoT control system for reliable and anonymous eHealth services. To ensure anonymity of the user and the accessed service, the real identifiers will not be transmitted for untraceability. The proposed authentication model complies with six essential requirements. Via the proposed authentication model, the IoT control system can ensure reliable and anonymous eHealth services with anonymity, availability and security.
Similar content being viewed by others
References
Yang, J. C., Pang, H., & Zhang, X. (2013). Enhanced mutual authentication model of IoT. The Journal of China Universities of Posts and Telecommunications, 20, 69–74. https://doi.org/10.1016/S1005-8885(13)60218-6.
Dixit, V., Verma, H. K., & Singh, A. K. (2011). Comparison of various security protocols in RFID. International Journal of Computer Applications, 24(7), 17–21. https://doi.org/10.5120/2951-3965.
Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, D. W. (2004). Security and privacy aspects of low-cost radio frequency identification systems. Security in Pervasive Computing. https://doi.org/10.1007/978-3-540-39881-3_18.
Henrici, D., & Muller, P. (2004). Hash-based enhancement of location privacy for radio-frequency identification devices using varying identifiers. In Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 149–153.
Lee, S. M., Hwang, Y. J., Lee, D. H., & Lim, J. I. (2005). Efficient authentication for low-cost RFID systems. Computational Science and Its Applications - ICCSA, 2005(3480), 619–627. https://doi.org/10.1007/11424758_65.
Juels, A., & Pappu, R. (2003). Squealing Euros: privacy protection in RFID-enabled banknotes. Financial Cryptography, 2742, 103–121. https://doi.org/10.1007/978-3-540-45126-6_8.
Golle, P., Jakobsson, M., Juels, A., & Syverson, P. (2004). Universal re-encryption for mixnets. Topics in Cryptology - CT-RSA, 2004(2964), 163–178. https://doi.org/10.1007/978-3-540-24660-2_14.
Rhee, K., Kwak, J., Kim, S., & Won, U. (2005). Challenge-response based RFID authentication protocol for distributed database environment. Security in Pervasive Computing, 3450, 70–84. https://doi.org/10.1007/978-3-540-32004-3_9.
Cho, J. S., Jeong, Y. S., & Park, S. O. (2015). Consideration on the brute-force attack cost and retrieval cost: a hash-based radio-frequency identification (RFID) tag mutual authentication protocol. Computers and Mathematics with Applications, 69(1), 58–65. https://doi.org/10.1016/j.camwa.2012.02.025.
Safkhani, M., Peris-Lopez, P., Hernandez-Castro, J. C., & Bagheri, N. (2014). Cryptanalysis of the Cho et al. protocol: a hash-based RFID tag mutual authentication protocol. Journal of Computational and Applied Mathematics, 256(B), 571–577. https://doi.org/10.1016/j.cam.2013.09.073.
Chang, Y. F., Lo, Y. L., & Tai, W. L. (2016). Comments on an authentication model of IoT control system. In Proceedings of the 4th Annual Conference on Engineering and Information Technology, pp.771–776.
Turkanović, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112. https://doi.org/10.1016/j.adhoc.2014.03.009.
Xue, K., Ma, C., Hong, P., & Ding, R. (2013). A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. Journal of Network and Computer Applications, 36(1), 316–323. https://doi.org/10.1016/j.jnca.2012.05.010.
Farash, M. S., Turkanović, M., Kumari, S., & Hölbl, M. (2015). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Networks, 36(1), 152–176. https://doi.org/10.1016/j.adhoc.2015.05.014.
Ibrahim, M. H., Kumari, S., Das, A. K., Wazid, M., & Odelu, V. (2016). Secure anonymous mutual authentication for star two-tier wireless body area networks. Computer Methods and Programs in Biomedicine, 135, 37–50. https://doi.org/10.1016/j.cmpb.2016.07.022.
Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., & Kumari, S. (2016). Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems. Computer Method and Program in Biomedicine, 135, 167–185. https://doi.org/10.1016/j.cmpb.2016.07.028.
Amin, R., Islam, S. H., Biswas, G. P., Khan, M. K., & Li, X. (2015). Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. Journal of Medical Systems, 39(11), 1–21. https://doi.org/10.1007/s10916-015-0318-z.
Acknowledgements
This work was supported in part by Ministry of Science and Technology under the Grants MOST 105-2221E-034-014-, MOST 106-2622-H-025-001-CC3, and MOST 106-2410-H-025-006.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tai, WL., Chang, YF. & Lo, YL. An Anonymity, Availability and Security-Ensured Authentication Model of the IoT Control System for Reliable and Anonymous eHealth Services. J. Med. Biol. Eng. 39, 443–455 (2019). https://doi.org/10.1007/s40846-017-0351-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40846-017-0351-0