Passwordless authentication protocol for mobile e-health network architecture using unique identity based technique / Nazhatul Hafizah Kamarudin

Mobile e-health provides potential benefits to the health technology system by encouraging a secure growth to the implementation of the Internet of Things. This research also supports the use of Internet of Things and healthcare tools to improve the medical performance system and to facilitate their secure access. Since authentication is a door to every network security, it is very important to enhance the authentication scheme and develop a security protocol during the authentication phase. Traditional health system is heavily dominated by large medical centers where security and privacy in e-health system can be seriously threatened by security attacks. It is noted that the use of username and password as an authentication scheme in mobile e-health has been exposed to various security attacks such as replay attack and sensor node cloning attack where the adversary can listen to e-health network traffic to get the personal information and also the unauthorized access to the e-health data file. Thus, a secure and strong non-regenerated unique identity-based authentication protocol is designed for a wireless embedded e-health sensor node and mobile e-health in order to propose a secure and seamless authentication. The implementation of the mobile e-health application as well as the mobile e-health test bed is also extensively explored in this research. Passwordless authentication can achieve practical and efficient communication and suggests a great assistance in patient-doctor seamless interaction. Since most of the mobile e-health systems are using the third-party service provider server in their network architecture, a framework of a two-tier mobile e-health system is presented in this research to eliminate the involvement of a third party server. It is highly important to protect the confidentiality of the network since mobile e-health transmits highly sensitive and private data. A non-regenerated unique identity of the e-health sensor node is generated as well as the mobile e-health authentication protocol is developed to improve the security of the mobile e-health network architecture. The newly proposed lightweight authentication protocol has successfully reduced the memory utilization up to 65 percent reduction thus making it practicable to be implemented in the mobile e-health system. A thorough security analysis is also conducted through formal analysis method AVISPA to analyze the security of the designed mobile e-health protocol and finally the designed authentication protocol has been proved to be secured from replay attack and sensor node cloning attack.