Study On Authentication Protocol For Wireless Body Area Networks

With the development of wireless sensor technology, people pay more and more attention to the people-centered WBAN. WBAN is a kind of short-range wireless network and it consists of all types of sensor nodes or portable mobile devices which are placed in different parts of human body. The sensor nodes or portable mobile devices are responsible for monitoring the physiological information of human body and providing various wireless applications. However, due to the open wireless environment and the lack of appropriate physical protection, WBAN inevitably has some security flaws and suffers from a lot of attacks. At present, the problem in the WBAN’s application is to design a security authentication protocol to realize the mutual authentication between the participants, and prevent user’s personal information from being leaked.This thesis introduces an existing anonymous authentication protocol for WBAN. After analyzing it, we find that this protocol does not provide complete anonymity and can’t resist the public key replacement attack, what is more, the session key is unsafe. Aiming at solving these existing security problems and enhancing protocol’s security, we firstly propose a new and secure certificateless signature algorithm. In this proposed signature algorithm, the user’s private key is generated by both the trusted third party and the user, the user don’t trust the third party completely and believe it could perform unauthorized behaviors to damage the user’s right. Then we design an authentication protocol for Wireless Body Area Networks based on the proposed signature algorithm. The authentication protocol owns the following advantages:(1) with the user’s identity and its public key, the protocol generates a system account for the user. However the system account is not the real identity of the user but it is associated with the user’s identity, so that the private information of the user is protected. At the same time, the trusted or untrusted third party can’t do unauthorized behaviors to infect the user’s right without the user’s private key.(2) the protocol provides complete anonymity between the participants, at the same time the secure session key is established which is based on the random number chosen by two participants.(3) by using the proposed signature algorithm, the security of the proposed protocol is further improved.At last, we do a performance simulation of the proposed remote anonymous authentication protocol, test and analyze the message size, computational complexity and energy consumption of the proposed protocol. By comparing the performance between our protocol and some existing protocols, it shows that our protocol offers a better tradeoff between the efficiency and the security features.