ISAKA: Improved Secure Authentication and Key Agreement protocol for WBAN

Internet of Things (IoT) is a revolution which has influenced the lifestyle of human. Wireless Body Area Networks (WBAN)s are IoT-based applications which have a crucial role in the current healthcare systems. A WBAN is used to collect some health-related information of patients and transport and monitor them in a healthcare system. This information is crucial in the sense of the patient's life. Then the privacy of the patient and the security of his/her information are some main challenges in the WBAN. Another challenge in the WBAN is the resources limitation of the sensor nodes. This limitation imposes that a suitable scheme for the WBAN should be a lightweight one. In order to response these challenges, several lightweight Authentication and Key Agreement (AKA) schemes have been presented for WBAN so far. However, approximately none of them could reach their security and cost goals. In 2020, Narwal and Mohapatra proposed a claimed to be secure lightweight AKA protocol for WBAN named SEEMAKA. In this paper, we show that this scheme suffers from attacks including sensor node traceability, disclosure of the secret parameters of the sensor nodes and master nodes, sensor node impersonation, extracting the session key, and Denial of Service attacks. Besides that, we focus to overcome these vulnerabilities and present an improved version of SEEMAKA named ISAKA. ISAKA improves the security level and also the efficiency level of SEEMAKA. More precisely, ISAKA is safe against mentioned attacks and it improves ROM and RAM storage requirements and also computational and communication costs. We prove the security of ISAKA using two formal methods, i.e. BAN logic method and ProVerif tool.