13.1 Introduction

A great deal of clinical data, including radiological images, physiological signals, impression reports by physicians, laboratory reports, and above all patients' identities, are spread around the local and public networks, large core memories, and the cloud. The major concerns in recording, analysis, and disseminating the patient data are quality of service (QoS), network and data security, and, most importantly, protecting patient privacy. The confidentiality, authenticity, integrity, and freshness of patient data are certainly the major body area network (BAN) requirements. The communication systems, techniques, and platforms necessitate having to establish security systems or implement one of the existing data and network security platforms.

Data confidentiality requires that the transmitted information remain strictly private and can only be accessed by authorised persons, for example the doctor who takes care of the patient. It is usually achieved by encrypting the information before sending it using a secret key. Data authenticity is needed to ensure that the information is sent by the right sender for the intended purpose to a recipient through a secure system environment. For this, often a message authentication code is calculated using a shared secret key. Data integrity makes sure that the received data have not been tampered with. However, this can be inspected by verifying the media access control (MAC) address within the computer network layer. Data freshness is required as the received data should be recent and not be a replayed old message for any reason such as disruption or impersonation. Commonly, a counter controlled technique is employed where the counter is increased every time a message is sent.

In this chapter there is no intention to go through all of the details of the various security methods and approaches. Instead, we focus on some practical applications for wireless BAN which aim at keeping patients' information safe and secure while maintaining the QoS.

There have been variety of approaches to wireless sensor network (WSN) security. Recent advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless BANs with their diverse applications to become a promising networking paradigm.

The patient's personal and clinical data collected or transmitted in BANs are very sensitive, crucially personal, and not only related to their clinical states but also to their entire personal and family status and circumstances. Generally and based on clinical ethics, biomedical data are highly confidential and should be handled, transmitted, and stored with care to prevent information misused, alteration, or leaks to unauthorised users. Therefore, authentication, data confidentiality, integrity, nonrepudiation, and privacy preservation should be guaranteed during all communications while maintaining a high QoS. The QoS requires minimum delay in transferring the patient's data to ensure that their situation will not be negatively affected because of such delays. To comply with these requirements, IEEE 802.15.6 has been proposed to provide an international standard for reliable wireless communication for wireless BANs which supports data rates ranging from 75.9 kb s⁻¹ to 15.6 Mb s⁻¹ [1]. Adopted international standards also recommend four elliptic curve-based security schemes to achieve those goals. Nevertheless, in some recent works it has been shown that these security protocols are vulnerable to some attacks [2, 3]. Therefore, in the past few years, several anonymous authentication schemes for wireless body area networks (WBANs) have been proposed to enhance the information security for protecting patients' identities and through the encryption of such sensitive information.

13.2 Threats to a BAN

As for various wired or wireless communication systems and scenarios, the local area network (LAN) including BANs are prone to attacks, eavesdroppers, impersonation, and all other popular breaches of security. For a wearable device, the received information includes private and sensitive information coming from wearable devices and sensors [4, 5]. This underscores the importance of establishing secure a mutual authentication between the mobile terminal, wearable devices, and sensors. Such a scheme allows one to establish the necessary session key for subsequent secure communications [6]. Similar to a wireless communication environment [7], a wearable communication network is suspected for several well-known attacks, such as man-in-the-middle, replay, impersonations, stolen wearable device or mobile terminal, and ephemeral secret leakage attacks [8].

Assuming that the BSNs and other LANs are prone to similar types of threats, the most common types of network and system attacks are listed below.

13.3 Data Security and Most Common Encryption Methods

The IEEE 802.15.6 security hierarchy is illustrated in Figure 13.1. There are three security levels that the BAN sensors and hubs can comply with: level 0 for unsecured communication, level 1 for authenticated but not encrypted messages, and level 2 for the authenticated and encrypted cases. In a unicast communication, a pre-shared or a new master key (MK) is activated. A pairwise temporal key (PTK) is then generated which is utilised only once per session. In a multicast communication, on the other hand, a group temporal key (GTK) is generated that is shared with the corresponding group [1].

In a data security process, to keep the identities and messages secure, the information is encrypted just before propagating it into a network and decrypted in the receiver. The encryption key is somehow known by both transmitter and receiver. There are a variety of encryption/decryption algorithms, and to better protect the message against unlocking a more sophisticated encryption algorithm has to be used.

Although encryption of the information is good enough for many BAN communication scenarios, in many other cases using both encryption and authentication together becomes necessary to validate both the user's identity as well as the data.

Data encryption standard (DES), triple DES, Rivest–Shamir–Adleman (RSA), advanced encryption standard (AES), and Twofish are probably the most popular encryption methods. It is also common for different suppliers, users, and applications to have their own (but often very close to one of these five) algorithms.

13.3.3 Rivest–Shamir–Adleman (RSA)

This is an asymmetric cryptography algorithm which works on two different keys, namely a public key and a private key. As the name describes, the public key is given to everyone and the private key is kept private. Since this is asymmetric, nobody else except the browser can decrypt the data even if a third party has the browser's public key.

The RSA user generates a public key using two large prime numbers along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, and if the public key is large enough, only someone with knowledge of the prime numbers can decode the message feasibly [16]. RSA decryption is as difficult as the factorisation problem and is an open question.

RSA is a relatively slow algorithm, and because of this it is less commonly used to directly encrypt the user's data. More often, RSA passes encrypted shared keys for symmetric key cryptography which in turn can perform bulk encryption-decryption operations at much higher speed.

The Round function is the heart of DES which can be summarised, as in Figure 13.3. The DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output. This is then extend to 48 bits using an expansion permutation box (P-box). The aim of S-boxes is to use the input as an address for a table look-up to generate the output. Finally, the round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.

13.3.4 Advanced Encryption Standard (AES)

The AES is a fast algorithm which uses three cryptographic keys to encrypt and decrypt electronic data. AES is an iterative rather than Feistel cipher (which is block-based and symmetric). It is based on ‘substitution–permutation network’. It includes a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and others shuffle bits around (permutations) [15].

AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows so they can be processed as a matrix.

Unlike DES, the number of rounds in AES is variable and depends on the key length. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key. Figure 13.4 presents a block diagram of the AES structure.

Each round comprises four subprocesses. The first-round process is depicted in Figure 13.5.

The blocks in Figure 13.5 are defined as follows:

• Byte Substitution (SubBytes): The 16 input bytes are substituted by looking up a fixed table (S-box) given in the design. The result is in a square matrix form including four rows and columns.
• Shiftrows: Each of the four rows of the matrix is shifted to the left. Any entry that ‘fall off’ is re-inserted onto the right side of the row. The shift operation is carried out as follows: first row is not shifted, second row is shifted one (byte) position to the left, third row is shifted two positions to the left, and the fourth row is shifted three positions to the left. The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.
• MixColumns: Each column of the four bytes is now transformed using a particular mathematical function. This function takes the four bytes of one column as input and produces four completely new bytes as the outputs, which replace the original column. The result is another new matrix consisting of 16 new bytes. This step is not carried out in the last round.
• Addroundkey: The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and another similar round begins.
• Decryption process: The decryption process for an AES ciphertext is similar to the encryption process in the reverse order. Each round consists of four processes conducted in the reverse order, i.e. add round key, mix columns, shift rows, and byte substitution.

Since the subprocesses in each round are in reverse order, unlike for the Feistel cipher, the encryption and decryption algorithms, although closely related, need to be separately implemented.

13.4 Quality of Service (QoS)

Monitoring BAN applications is real time and life critical and requires a strict guarantee of QoS in terms of timeliness, reliability, security, power requirement, noise, and many other issues. Recently, there have been a number of proposals describing diverse approaches or frameworks to achieve QoS in BANs (i.e. for different layers or tiers and different protocols). The QoS also reflects the ability to set different priorities to different applications, users, or data flows.

These priorities directly depend on the BAN major characteristics. These characteristics include resource-constrained (mainly related to embedded computing and sensors, dynamic traffic patterns, network dynamics, data redundancy, heterogeneous traffic, criticality, as the patient data are life-related), dynamic pathloss, and environmental and user's context (which correspond to type of measurement, location, frequency range, number of channels, error rate that can be tolerated, etc.). Owing to all these characteristics, eventually there should be a measure of quality of information as the baseline for QoS quantification bearing in mind that there is no QoS support solution that can satisfy every application's requirements.

13.5 System Security

To guarantee secure communication in wireless BANs, Poon et al. [22] used physiological values (such as electrocardiogram, iris, and fingerprint) to design an authentication scheme. By measuring and comparing these values, a means of authentication can be achieved. To improve the performance, several improved schemes [23–25] based on physiological values have been proposed. However, the physiological value-based schemes [22–25] suffer from the DoS attack because there are differences between any two measured physiological signals recorded from the same person that may not be suitable enough for practical applications.

The received signal strength (RSS) in WBANs varies according to mobility and the channel state and variation. Therefore, channel-based authentication schemes [26–28] are also considered to implement mutual authentication in WBANs. Zeng et al. [26] used temporal RSS variation lists to deal with the identity-based attack. However, their scheme focuses on identification and cannot provide anonymity. Cai et al. [27] proposed a device pairing scheme using differential RSS involving at least two receiver antennas.

Several proximity-based authentication schemes [29–31] have been proposed for BAN applications. Varshavsky et al. [29] extended the Diffie–Hellman key exchange with the verification of device colocation and proposed an authentication method for WBANs. By monitoring the radio environment and generating a signature (including its RSS), the device could detect a similarity. With pairing devices transmitting and the trusted body-worn personal devices receiving, Kalamandeen et al. [30] proposed an authentication method by monitoring the transmissions. Later, Mathur et al. [31] developed a colocation-based pairing scheme by exploiting environmental signals. The main weakness of proximity-based authentication methods is that the devices have to be within half of the wavelength distance from each other, which can be restrictive for medical sensors deployed in a BAN. Shi et al. [32, 33] established that an off-body attacker has distinct RSS variation behaviour with an on-body sensor. Hence, they proposed a channel-based and a proximity-based authentication scheme for WBANs.

Unlike the physiological value-based schemes [22–25], the channel-based schemes [26–28], and the proximity-based schemes [29–31], the cryptography-based schemes require fewer restrictions (such as channel, distance, and location) from the applications' environments. Consequently, cryptography-based authentication schemes, as discussed in Section 13.3, have attracted increasing attention recently. These approaches may be implemented using the traditional public key cryptography (TPKC) [16, 34]. For example, Li et al. [35, 36] proposed a key management method and used the TPKC to implement mutual authentication. In the TPKC, the complex modular exponentiation operation is needed. However, the client device in WBANs has very limited computing capability and battery capacity. Therefore, the authentication schemes based on the TPKC are not suitable for WBAN applications. To avoid the modular exponentiation operation, several authentication schemes [37–39] based on the elliptic curve cryptography (ECC) have been proposed.

The concept of ECC was first introduced by Miller [40] and Koblitz [41] separately. Compared to TPKC, ECC is able to provide the same security with a much smaller key size [42]. Therefore, ECC is more suitable for environments with limited computing capabilities and battery capacity. However, a public key infrastructure is needed for the practical implementation of the ECC. With public key cryptography (PKC), every user has a certificate, generated by the certificate authority, to bind their identity and public key. The management of certificates becomes more tedious as the number of users grows. Therefore, the authentication schemes [37–39] based on ECC are not suitable for WBANs.

The idea of identity-based public key cryptography (ID-based PKC) was proposed by Shamir [43]. In the ID-based PKC, the key generation centre (KGC) uses its secret key to calculate the user's secret key according to their identity, and this identity plays the role of public key. Therefore, the ID-based PKC could address the problem of certificates management in the TCP. Yang and Chang [44] proposed an effective authentication scheme based on the ID-PKC. However, Yoon and Yoo [45] demonstrated that the scheme had serious security vulnerability by proposing an impersonation attack. Based on the ID-PKC, He et al. [46] used ECC to design a new provably secure authentication scheme. Unfortunately, Wang and Ma [47] found that the scheme [46] could not resist the reflection attack. They also pointed out that He et al.'s proposed method could not provide mutual authentication. Later, Islam and Biswas [48] used ECC to construct another authentication to solve security vulnerability in Yoon and Yoo's scheme. Unfortunately, Truong et al. [49] pointed out that this scheme could not resist the DoS attack. Although the above ID-based authentication schemes [44–49] perform better than previous schemes, they are not suitable for WBAN applications because they are designed for the client–server environment. To ensure secure communication in WBANs, Liu et al. [50] used the bilinear pairing defined on the elliptic curve to design a new certificateless signature scheme. Then, they presented a preliminary version authentication scheme for WBANs using their signature scheme. However, the scheme provides nontraceability because the user's identity is a constant value and the adversary could trace the client by observing the constant value. To enhance security, they also presented a security enhanced authentication method using their signature scheme and demonstrated that it could withstand various attacks.

However, in most of the practical applications, there is a privileged insider of the system, who is responsible for ensuring the device's normal functions. This insider can access the database of the system and modify the entries if necessary. Besides, a powerful adversary can actually penetrate into the system and modify the database. In other words, it is realistic and reasonable to assume that there is such an adversary who has the ability to modify the database of the system.

In the WBAN environment, the client and the application provider communicate wirelessly. Therefore, the authentication scheme for WBANs is susceptible to many attacks. To guarantee secure communication in WBANs, the authentication scheme should be able to withstand various attacks. In [51] a new anonymous authentication scheme for WBANs with provable security is proposed. The authors showed that the IEEE 802.15.6 is not secure against impersonation attacks. Then, they demonstrated that their own scheme not only overcomes the weakness in previous schemes but also reduces the computation burden for the clients. Finally, they argued that their system is secure and can meet the security requirements of BANs particularly for clinical applications.

13.6 Privacy

It is believed that, by establishing a secure system, network security as well as patient privacy are preserved. Although most of the techniques in security (such as network security and encryption) focus on data transmission, recently much attention has been paid towards data mining and archiving. Most importantly, cloud computing has become central to e-health. This requires an extra measure in securing patient privacy. The use of the cloud is becoming even more important nowadays due to the possibility of running very computationally costly algorithms, such as deep neural networks, over the cloud.

Vora et al. [52] have reviewed the privacy methods and looked at the privacy issues over the cloud as a low-cost data archiving and retrieval resource for e-health. To ensure that when two parties communicate a patient's data the traceability and identification of patients are achieved and the patients get access using anonymous credentials without revealing their identity or authentication credentials, an authentication scheme for e-health users using anonymous, adaptive authentication services has been proposed [52]. A level of confidentiality of the data has been achieved by adding a layer of anonymity. This layer follows the simple principle that the presence of a health record implies the retrieval of healthcare services for a particular condition, which violates patient privacy instead of maintaining patient confidentiality. Anonymous tickets work as the additional scheme of anonymity by offering consumption of the services, which allows the system not to depend on ‘trust’. The ‘trust’ concept demands a baseline of confidence for assuring the user's anonymity. The access control layer blocks any unauthorised access to patient data while complying with the tasks of providing the necessary measures to ensure security and privacy of patient data.

13.7 Conclusions

Extra measures need to be undertaken for patient data as well as other human-body-related information. In addition, to enable efficient healthcare and timely medication, the QoS for BANs has to be high enough to secure, preserve, and speed up the flow of information whenever and wherever necessary. This becomes even more critical where more patients are connected to the WSN through their wearable networks. Therefore, the design of new protocols and conventions may become necessary after the expansion of personalised medicine.

References

1. 1 IEEE Std 802.15.6-2012 (2012). IEEE standard for local and metropolitan area networks – Part 15.6: Wireless body area networks. New York: IEEE.
2. 2 Toorani, M. (2015) On vulnerabilities of the security association in the IEEE 802.15. 6 Standard. arXiv preprint arXiv:1501.02601.
3. 3 Toorani, M. (2015). Cryptanalysis of two PAKE protocols for body area networks and smart environments. International Journal of Network Security 17 (5): 629–636.
4. 4 He, D., Kumar, N., Wang, H. et al. (2018). A provably-secure cross-domain handshake scheme with symptoms matching for mobile healthcare social network. IEEE Transactions on Dependable and Secure Computing 15 (4): 633–645.
5. 5 Meng, W., Li, W., Xiang, Y., and Choo, K.-K.R. (2017). A Bayesian inference-based detection mechanism to defend medical smartphone networks against insider attacks. Journal of Network and Computer Applications 78: 162–169.
6. 6 Choo, K.-K.R. (2009). Secure Key Establishment (Advances in Information Security 41). New York: Springer.
7. 7 Fang, H., Xu, L., Li, J., and Choo, K.-K.R. (2017). An adaptive trust-Stackelberg game model for security and energy efficiency in dynamic cognitive radio networks. Computer Communications 105: 124–132.
8. 8 Lindstrom, J. (2007). Security challenges for wearable computing – a case study. In: Proceedings of 4th International Forum on Applied Wearable Computing, 1–8. IEEE.
9. 9 Das, A.K., Wazid, M., Kumar, N. et al. (2018). Design of secure and lightweight authentication protocol for wearable devices environment. IEEE Journal of Biomedical and Health Informatics 22 (4): 1310–1322.
10. 10 Dolev, D. and Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory 29 (2): 198–208.
11. 11 Wazid, M., Das, A.K., Kumar, N. et al. (2018). A novel authentication and key agreement scheme for implantable medical devices deployment. IEEE Journal of Biomedical and Health Informatics 22 (4): 1299–1309.
12. 12 Liu, C.H. and Chung, Y.F. (2017). Secure user authentication scheme for wireless healthcare sensor networks. Computers & Electronic Engineering 59: 250–261.
13. 13 Challa, S., Das, A.K., Odelu, V. et al. (2018). An efficient EEC based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computers & Electronic Engineering 69: 534–554.
14. 14 Federal Information Processing Standards Publication, FIPS Pub 46-3, reaffirmed 25 October 1992. US Department of Commerce, National Institute of Standards and Technology.
15. 15 Daemen, J. and Rijmen, V. (2002). The Design of Rijndael: AES – The Advanced Encryption Standard. Springer.
16. 16 Rivest, R., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21 (2): 120–126.
17. 17 Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., and Ferguson, N. (1998) Twofish: A 128-Bit Block Cipher. in First Advanced Encryption Standard (AES) Conference. National Institute of Standards and Technology, 104.
18. 18 Razzaque, M.A., Hira, M.T., and Dira, M. (2017). QoS in body area networks: a survey. ACM Transactions on Sensor Networks 13 (3) https://doi.org/10.1145/3085580.
19. 19 Bangash, J.I., Khan, A.W., and Abdullah, A.H. (2015). Data-centric routing for intra wireless body sensor networks. Journal of Medical Systems 39 (9): 1–13.
20. 20 Ababneh, N., Timmons, N., and Morrison, J. (2015). A cross-layer QoS-aware optimization protocol for guaranteed data streaming over wireless body area networks. Telecommunication Systems 58 (2): 179–191.
21. 21 Yessad, N., Omar, M., Tari, A., and Bouabdallah, A. (2018). QoS-based routing in wireless body area networks: a survey and taxonomy. Computing 100 (3): 245–275.
22. 22 Poon, C., Zhang, Y., and Bao, S. (2006). A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health. IEEE Communications Magazine 44 (4): 73–81.
23. 23 Singh, K. and Muthukkumarasamy, V. (2007). Authenticated key establishment protocols for a home health care system. In: Proceedings of 3rd International Conference on Intelligent Sensor, Sensor Network and Information (ISSNIP'07), 353–358. ACM.
24. 24 Venkatasubramanian, K. and Gupta, S. (2010). Physiological value-based efficient usable security solutions for body sensor networks. ACM Transactions on Sensor Networks 6 (4): 1–36.
25. 25 Venkatasubramanian, K., Banerjee, A., and Gupta, S. (2010). PSKA: usable and secure key agreement scheme for body area networks. IEEE Transactions on Information Technology in Biomedicine 14 (1): 60–68.
26. 26 Zeng, K., Govindan, K., and Mohapatra, P. (2010). Non-cryptographic authentication and identification in wireless networks [Security and Privacy in Emerging Wireless Networks]. IEEE Wireless Communications 17 (5): 56–62.
27. 27 Cai, L., Zeng, K., Chen, H., and Mohapatra, P. (2011). Good neighbor: ad hoc pairing of nearby wireless devices by multiple antennas. In: Proceedings of the Network and Distributed System Security Symposium. San Diego, California (6–9 February 2011), 1–15. The Internet Society.
28. 28 Shi, L., Yuan, J., Yu, S., and Li, M. (2013). ASK-BAN: authenticated secret key extraction utilizing channel characteristics for body area networks. In: Proceedings of the 6th ACM Conference on Security Privacy Wireless Mobile Networks, 155–166. ACM.
29. 29 Varshavsky, A., Scannell, A., LaMarca, A., and De Lara, E. (2007). Amigo: proximity-based authentication of mobile devices. In: Proceedings of 9th International Conference on Ubiquitous Computating, 253–270. Berlin: Springer-Verlag.
30. 30 Kalamandeen, A., Scannell, A., De Lara, E. et al. (2010). Ensemble: cooperative proximity-based authentication. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, Services, 331–344. New York: ACM.
31. 31 Mathur, S., Miller, R., Varshavsky, A. et al. (2011). Proximate: proximity-based secure pairing using ambient wireless signals. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, 211–224. ACM.
32. 32 Shi, L., Li, M., Yu, S., and Yuan, J. (2012). BANA: body area network authentication exploiting channel characteristics. In: Proceedings of the 5th ACM Conference Security and Privacy in Wireless Mobile Networks, 1–12. Tucson, AZ: ACM.
33. 33 Shi, L., Li, M., Yu, S., and Yuan, J. (2013). BANA: body area network authentication exploiting channel characteristics. IEEE Journal on Selected Areas in Communications 31 (9): 1803–1816.
34. 34 Elgamal, T. (1985). A public key cryptosystem and a signature protocol based on discrete logarithms. IEEE Transactions on Information Theory 31 (4): 469–472.
35. 35 Li, M., Yu, S., Lou, W., and Ren, K. (2010). Group device pairing based secure sensor association and key management for body area networks. In: Proceedings IEEE INFOCOM, 1–9.
36. 36 Li, M., Yu, S., Guttman, J. et al. (2013). Secure ad hoc trust initialization and key management in wireless body area networks. ACM Transactions on Sensor Networks 9 (2): 1–35.
37. 37 Jiang, C., Li, B., and Xu, H. (2007). An efficient scheme for user authentication in wireless sensor networks. In: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops, 438–442. IEEE.
38. 38 Guo, P., Wang, J., Li, B., and Lee, S. (2014). A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology 15 (6): 929–936.
39. 39 Shen, J., Tan, H., Wang, J. et al. (2015). A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology 16 (1): 171–178.
40. 40 Miller, V. (1985). Use of elliptic curves in cryptography. In: Proceedings of Advance in Cryptology (CRYPTO'85), 417–426. Springer.
41. 41 Koblitz, N. (1987). Elliptic curve cryptosystem. Mathematics of Computation 48: 203–209.
42. 42 Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Berlin: Springer-Verlag.
43. 43 Shamir, A. (1984). Identity based cryptosystems and signature schemes. In: Proceedings of Advance in Cryptology (CRYPTO'84), 47–53. Berlin: Springer-Verlag.
44. 44 Yang, J. and Chang, C. (2009). An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve crypto system. Computers & Security 28 (3–4): 138–143.
45. 45 Yoon, E. and Yoo, K. (2009). Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC. In: Proceedings of the International Conference on Computational Science and Engineering, 633–640. Vancouver, Canada: IEEE.
46. 46 He, D., Chen, J., and Hu, J. (2012). An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion 13 (3): 223–230.
47. 47 Wang, D. and Ma, C. (2013). Cryptanalysis of a remote user authentication scheme for mobile client-server environment with provable security based on ECC. Information Fusion 41 (4): 498–503.
48. 48 Islam, S. and Biswas, G. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software 84 (11): 1892–1898.
49. 49 Truong, T., Tran, M., and Duong, A. (2012). Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. In: Proceedings of 26th International Conference on Advanced Information Networking and Applications Workshops. Fukuoka, Japan (26–29 March 2012), 698–703. IEEE.
50. 50 Liu, J., Zhang, Z., Chen, X., and Kwak, K. (2014). Certificateless remote anonymous authentication schemes for wireless body area networks. IEEE Transactions on Parallel and Distributed Systems 25 (2): 332–342.
51. 51 He, D., Zeadally, S., Kumar, N., and Lee, J.-H. (2017). Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal 11 (4): 2590–2601.
52. 52 Vora, J., DevMurari, P., Tanwar, S. et al. (2018). Blind signatures based secured E-healthcare system. In: International Conference on Computer, Information and Telecommunication Systems (CITS). Colmar, France (11–13 July 2018), 1–5. IEEE.