Authentication Protocol for Real-Time Wearable Medical Sensor Networks Using Biometrics and Continuous Monitoring

The open nature of wireless medical sensor networks in a public untrusted environment makes them vulnerable to various security threats and puts the security and privacy of patient information at risk. This paper introduces a new ECC based lightweight mutual authentication and key agreement protocol to be used in real-time wireless medical sensor networks between doctors/nurses, trusted servers, sensors and patients. Unlike existing schemes, our scheme uses biometrics on both doctor/nurse and patient sides. It allows the doctor/nurse to login to the system using his/her fingerprint and verifies patient identity by means of continuous monitoring of physiological data (e.g., ECG signals) in which verification of the patient identity is carried out automatically and at set intervals to detect physical theft of the sensor which may be hooked on to a different patient. Our scheme also uses dynamic identity to provide user anonymity and mitigate against user traceability. Security analysis shows that our protocol is resistant to the user, sensor and patient impersonation attacks, physical sensor theft, and so on. Performance analysis proved our scheme to be competitive in comparison to existing schemes relative to the added security benefits it provides.