To ensure the security and privacy of the patient’s health status in the wireless body area networks(WBANs), it is critical to secure the extra-body communication between the smart portable device held by the WBAN client and the application providers, such as the hospital, physician or medical staff. Based on certificateless cryptography, this paper proposes a remote authentication protocol featured with nonrepudiation, client anonymity, key escrow resistance, and revocability for extra-body communication in the WBANs.
First, we present a certificateless encryption scheme and a certificateless signature scheme with efficient revocation against short-term key exposure, which we believe are of independent interest. Then, a certificateless anonymous remote authentication with revocation is constructed by incorporating the proposed encryption scheme and signature scheme. Our revocation mechanism is highly scalable, which is especially suitable for the large-scale WBANs, in the sense that the key-update overhead on the side of trusted party increased logarithmically in the number of users. As far as we know, this is the first time considering the revocation functionality of anonymous remote authentication for the WBANs. Both theoretic analysis and experimental simulations show that the proposed authentication protocol is provably secure in the random oracle model and highly practical.