Revisit of password-authenticated key exchange protocol for healthcare support wireless communication

Abstract

Wireless communication is essential for the infrastructure of a healthcare system. This bidirectional communication is used for data collection and to control message delivery. Wireless communication is applied in industries as well as in our daily lives, e.g., smart cities; however, highly reliable communication may be more difficult in environments with low power consumption, many interferences, or IoT wireless network issues due to resource limitations. In order to solve these problems, we investigated the existing three-party password-authenticated key exchange (3PAKE) and developed an enhanced protocol. Currently, Lu et al presented a 3PAKE protocol to improve the security flaws found in Farash and Attari's protocol. This work revisits the protocol proposed by Lu et al. and demonstrates that, in addition to other security weaknesses, the protocol does not provide user anonymity which is an important issue for healthcare environment, and is not secure against insider attacks that may cause impersonation attacks. We propose a secure biometric-based efficient password-authenticated key exchange (SBAKE) protocol in order to remove the incidences of these threats, and present an analysis regarding the security and efficiency of the SBAKE protocol for practical deployment.