Wireless body area networks (WBANs) comprises a number of sensor nodes and the portable mobile device such as smartphone. It is used to monitor the physical condition and provide a reliable healthcare system. Utilizing the wireless communication network, sensor nodes collect the physiological data of one patient to the portable mobile device and the latter analyzes and transmits them to the application providers. Therefore, the personal data confidentiality and user privacy are cores of WBANs. Recently, Shen et al. presented a multi-layer authentication protocol for WBANs, which is lightweight and much easier to implement. However, we observe that their authentication between sensor nodes and the portable mobile device could ensure the forward security property only when the sensor nodes are changed (add or delete). When the sensor nodes are constant, the security property is not satisfied. Meanwhile, the authentication between the portable mobile device and application provider is prone to mutual impersonation attack, so the critical goal of mutual authentication can not be achieved. In this paper, an improved two-layer authentication scheme is proposed to remove the flaws. The analysis shows that our method is more secure and could withstand various attacks.
Keywords: Authentication; Certificateless method; Two-layer; Wireless body area networks.