A secure user authentication scheme with biometrics for IoT medical environments

Abstract

Internet of Things (IoT) is a ubiquitous network that devices are interconnected and users can access those devices through the Internet. Recently, medical healthcare systems are combined with these IoT networks and provide efficient and effective medical services to medical staff and patients. However, the security threats are increased simultaneously as the requirements of medical services in IoT medical environments are increased. It is essential to provide security of the networks from malicious attacks. In 2018, Roy et al. proposed a remote user authentication and key agreement scheme with biometrics in IoT medical environments. Unfortunately, we analyze Roy et al.'s scheme and demonstrate that their scheme does not withstand various attacks, such as replay attacks and password guessing attacks. Then we propose a user authentication scheme to overcome these security drawbacks. The proposed scheme withstands various attacks from adversaries in IoT medical environments and provide better security functionalities of those of Roy et al. We then prove the authentication and session key of the proposed scheme using BAN logic and analyze that our proposed scheme is secure against various attacks.