Privacy Preserving Three-factor Authentication Protocol for Secure Message Forwarding in Wireless Body Area Networks

Wireless body area networks have gained popularity due to their ability to enhance efficiency, flexibility, convenience and the quality of life. In this environment, the patient physiological data is collected by the biosensors and transmitted over public channels to remote servers. Here, the data is analyzed to facilitate decision making such as injection of some drugs into the patient's body. During the message exchange over public channels, numerous active and passive attacks can be launched. Although many protocols have been developed to address these issues, many vulnerabilities and performance constraints are inherent in these schemes. As such, the design of secure and efficient security protocols suitable for wireless body area networks is still a challenging task. In this paper, a three-factor authentication protocol is developed which encompass patient biometric data, smart card and password. Its formal analysis using both Real-Or-Random (ROR) model and Burrows-Abadi-Needham (BAN) logic shows that it is provably secure. In addition, the semantic security analysis shows that it is secure under the Dolev-Yao (DY) and Canetti- Krawczyk (CK) threat models. In terms of performance, it is demonstrated to result in a 43.98% reduction in computation overheads, 18.18% in number of supported security characteristics and a 19.05% reduction in space complexities.