Secure and Lightweight Authentication With Key Agreement for Smart Wearable Systems

Nowadays, an increasing number of wearable devices (WDs) have been widely deployed in smart wearable systems to collect health status measures and body information of users. Due to the openness of wireless transmission and the low capabilities of WDs in terms of energy and computation, it is of a great challenge to ensure the security of the users' physiological information. In this article, we propose a secure and lightweight authentication and key agreement scheme (SLAKA) by using the fuzzy extractor, the cryptographic hash function, and the bitwise exclusive-or operation. In SLAKA, mutual authentication between a WD and the mobile terminal (MT) can be achieved, after that, a session key can be negotiated at both ends for future secure communications. Detailed security analysis shows that SLAKA has the resilience against various well-known attacks, such as replay attacks, stolen/lost MT/WD attacks, man-in-the-middle attacks, MT/WD impersonation attacks, password change attacks, anonymity and untraceability attacks, and privileged-insider attacks. Through performance comparison and extensive simulation, SLAKA is demonstrated to be more efficient than the existing schemes, while providing more extractive features and security guarantees.