An Authentic-Based Privacy Preservation Protocol for Smart e-Healthcare Systems in IoT

Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient’s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols.


I. INTRODUCTION
Internet of Things (IoT) composes of various physical sensors or devices/virtual objects that are interconnected to share information over the public networks.The physical objects or devices can be a sensor, smart device, camera, drone or vehicle, and the virtual objects can be a book, electronic ticket or wallet.In IoT, the connective things or objects should be The associate editor coordinating the review of this manuscript and approving it for publication was Xiaochun Cheng.made to be smart to-do an ingenious decision without human interference [1].As a result, the IoT objective is to integrate a computer-based physical system to improve the accuracy of social-environmental systems.Gartner Inc. [2] predicts that there will be around 8.4 billion IoT devices to connect across the world.IoT devices can generally be a semi-structured or unstructured in nature [3], which may be an essential property of 5V big-data namely volume, velocity, variety, veracity and value.The generated data volume is stored in the cloud, i.e. an on-demand and effective storage medium [4].In today's world, technological development adopts the quality IoT features to attain a high degree of production and complete the task via fewer attempts.And thus, our world is converging more towards the IIoT.IoT convergence can be applied to various industries, namely transportation, energy/utilities, logistics, manufacturing, mining, metals, oil, gas, and aviation [5].
In accordance with market analysis and academic experts, it can be defined as the next innovation wave to optimize the environmental resources.In the use of a sensor or virtual objects, IIoT advances intelligent decision-making and data analytics to transform the industrial assets.Therefore, the industries connect the intelligent device or machine to predict that the IoT markets will extend to $123.89 billion by 2021 [6].Lately, Advancement of wireless communication technologies has deeply been functioning for the evolution of various sensors-based application systems such as environmental test, automobile industries, electronic health care, military, Internet of connected vehicles [7], drone deployment, etc. [8].
An electronic healthcare system has a wireless medical sensor network, which has lightweight resources with limited memory, bandwidth, and processing power [9].The medical sensors such as ECG, blood pressure, pulse oximeter, temperature, etc. are generally deployed in a patient's body to form a heterogeneous wireless body area network.They sense and collect the physiological information about patients to transmit over a wireless communication channel which is usually provided to medical professional smart devices, i.e. iPhone, Laptop, PDA, implantable medical-devices, etc. [9], [10].Therefore, it is claimed that the medical professional may read or consider the assessment for a broader examination as and when it is demanded to process.
A typical system model of IoM for hospital environment is shown in Fig. 1 as demonstrated in [11] to analyze the security and performance issues.This system includes patient, medical professional / practitioner, medical sensors, system database, gateway and server that are used to offer incredible application benefits namely large-scale medical monitoring, causality emergency medical tracking and responses.Since data transmission is insecure over public networks, the protection of the medical sensor is so significant to prevent data tampering.In healthcare application system, the security and privacy of patient's data are one of the biggest concern to adopt wireless communication technologies, namely wireless gateway access, mobile computing device and medical sensor [12].Medical sensor nodes are deployed in the Patient's body to read the physiological information.A medical professional/expert can access the sensing data through the authenticated access of a wireless gateway.Upon mutual authentication, the communication entities such as medical sensor and experts share a secret session key to establish secure communication.As a result, it is addressing the issue of user authentication problem that becomes a significant research area in the field of wireless sensor networks (WSNs) [11]- [14].Table 1 define the important abbreviations used in this paper.

A. MOTIVATIONS
An extensive effort has been committed to the development of secure user authentication schemes; however, there is no significant outcome to achieve better security and privacy.
As referred to [15], some security goals are afar to attain by the use of existing cryptosystems.It is evident that an improved or extended version of the authentication scheme is recommended to improve the security efficiencies of any application systems.In literature, very few papers have considered the systematic design and evaluation for security and performance analysis.On the other hand, most of the authentication schemes have found to be unsuitable for the achievement of security goals and its significant features.As a result, there is no distinctive quality of authentication scheme to provide a secure and efficient user authentication scheme.
Several improved versions of authentication schemes have been introduced for various application systems, however, most of the schemes have found to be unsuitable to claim the security goals.The crucial points lie in how to accomplish the goals such as providing two-factor security even if the smartcard is lost or tampered and securing password update.Huang et al. [14] have addressed more challenging issues.Lately, Madhusudhan and Mittal [15] have found a problem of intractability for the design techniques of twofactor cryptosystems.In the literature, two-factor user authentication guarantees that the user can choose his/her password invariably to draw password space P S uniformly.Since this assumption is unrealistic, it may cause an effect of misconception.As an instance, the above assumption claims that the smartcard parameters have been extracted by an adversary A dv .
A probability of A dv success is precisely set as (1 P S ) in an attempt of one online-guessing attack.When a secure user authentication protocol is applied, a two-factor strategy P S ensures that an active online-guessing is the best way to diffuse various attack vectors such as replay, parallel-session, offline password-guessing, etc.Specifically, A dv the optimal benefit is meant to infiltrate the threat attacking on P S , which is not larger than Q Send = P S + , where Q Send denotes the number of online impersonation attacks attempted by A dv and denotes a negligible-value.On the other hand, user-chosen passwords are frequently far and wide from uniform distributed.In order to provide a defensive mechanism, the proposed SAB-UAS scheme introduces a fuzzy verifier, which can timely infer user's smartcard depravity.As a result, it can prevent an online-guessing attack to provide seemliness intractability addressed in [17].

B. MAJOR CONTRIBUTIONS
In this work, a substantial thought is made to investigate the underlying adversarial model that tries to eliminate the deficiencies such as redundancies, insufficiencies, ambiguities, etc. using the evaluation criteria set.As for systematic methodology, a broad set of 12 independent criteria is characterized to analyze the practical capabilities of adversary model.Though it is completely not available to examine, it is expected to provide a solid analysis of requirement definition.Thus, this paper presents a secure-anonymous biometric-based user authentication scheme (SAB-UAS) not only to perform smart revocation/reissue, but also to achieve better security efficiencies using a formal security model.In SAB-UAS, a long-standing usability-security conflict is provided to address the traditional optimal-bound security Q Send = P S + .The major contributions are summarized as follows: 1. Initially, a systematic framework consisting of practical adversarial models and selection criteria is suggested to evaluate secure-anonymous biometric-based user authentication scheme.2. Secondly, a defensive strategy of the fuzzy verifier is introduced to provide timely access, which is helpful to detect smartcard deprivation in order to prevent potential attacks and seemliness intractability.3. Thirdly, the proposed SAB-UAS scheme proves that it can satisfy the selection criterion to show the strength of security efficiencies.4. Lastly, the formal and the informal security analysis demonstrate that the proposed scheme can achieve better security and performance efficiencies to prove its significance for smart healthcare systems in comparison with other existing schemes [61]-[63].

C. PAPER ORGANIZATION
This paper organizes the sections as follows: Section II briefly explains the authentication schemes related to IoT and IIoT environment.Section III discusses the elliptic-curve cryptosystems, fuzzy extractor, threat assumption, and security properties to signify the use of proposed SAB-UAS scheme.
Section IV presents a secure-anonymous biometric-based user authentication scheme (SAB-UAS) using a smartcard for smart electronic healthcare application systems.Section V demonstrates a formal proof using the random-oracle model, informal and performance analysis to prove the security efficiency of proposed SAB-UAS scheme.Section VI demonstrates the practical scenario of proposed SAB-UAS with other authentication protocols using NS3 simulation.Section VII concludes this research work.

II. RELATED WORKS
For data confidentiality and secure communication, various authentication schemes [11]- [14] have been introduced.However, a security issue in relation to password-based authentication is preserving a password table to verify whether the user is legitimate or not.Moreover, it requires an additional memory space to store the password database.
For the easiness of storage overhead, several researchers have suggested an alternative solution of fingerprint or iris.
As uniqueness, it is providing a storage benefit to operate a smartcard calculation at more than one security level.Watro [17] et al. introduced a secure authentication protocol based on RSA and DH for WSNs.Wong et al. [18] presented a hash-based dynamic authentication scheme to resist various potential attacks, namely man-in-the-middle, replay, forgery, and key impersonation.However, Das [19] demonstrated that their schemes are susceptible to the privileged-insider attack and in addition, they proposed an improved version to achieve better security efficiencies.Yoon and Kim [20] proposed a biometric-based user authentication scheme to prevent security vulnerabilities such as poor repairability, denial of service (DoS) and sensor impersonation attack.Choi et al. [21] shown that Yoon and Kim failed to provide the security issues, namely user verification problem, user anonymity, biometric recognition, session key exposure, DoS attack, key revocation, and perfect forward secrecy.For the betterment of security efficiencies, they have extended biometric-based user authentication scheme and also found that their schemes are more secure than the other authentication and key agreement schemes.Unfortunately, Park et al. [22] shown that Choi et al. scheme is still insecure to key impersonation attack.Since WSNs are dealing with various environmental systems, any adversaries can physically infer or capture the sensor information from the sensor memory.
Using extract information of capture sensor node, an adversary may try to damage the entire medical sensor networks.As a consequence, it is measured as potential vulnerabilities for WSNs and Medical Sensor Networks as well.At first, Lamport [23] introduced the password-based authentication protocol.In the past, several authentication protocols have been proposed [24]- [39].Chang and Le [24] applied elliptic-curve cryptosystem to design a lightweight authentication protocol.They developed an ECC-based authentication to achieve the property of forward secrecy.Yeh et al. [25] constructed a two-factor authentication scheme based ECC for WSNs.However, their scheme could not achieve the primary goal of security requirement i.e. proper mutual authentication.Additionally, Shi and Gong [26] found that the Yeh et al scheme is not secure.Later, Choi et al. [27] demonstrated that Shi et al. scheme is susceptible to secure key sharing, stolen smartcard, and sensor-energy exhaustion attack.The attack known as the sensory -energy plays a crucial role to apply energy consumption issue to limit the lifetime of a sensor node.To address the issue of sensor-energy exhaustion, Choi et al. enhanced the Shi et al. scheme.However, their scheme could not preserve user anonymity and untraceability of communication entities.Choi et al. [27] presented an RFID-based authentication protocol for IoT.Their protocol supports an explicit mutual authentication to protect the privacy of real-time entities, i.e. reader, tag and database server.In addition, Li et al. [28] extended their authentication protocol to overcome the security drawbacks of previous mechanism, i.e.IoT based medical-care.This improved version provides better client anonymity to prevent replay and data disclosure attack.Later, Li et al. [30] developed a three-party user authentication protocol, which applies the Chebyshev and Chaotic-Map to prove the property of client anonymity.Hameed et al. [31] presented a security protocol based on integrity mechanism to handle the data integrity in IoT-based WSNs through the knowledge of gateway access i.e. base station.Al-Turjman et al. [32] constructed a cloudintegrated architecture to support mobile-edge, IoT and cloud computing services such as scalability, reliability and feature adaptability.
Al-Turjman et al. [34] designed seamless key agreement framework in IoT based cloud-centric network.Deebak et al. [35] presented a hash-based RFID authentication for context-aware IoT.Furthermore, Roy et al. [37] developed an ECC-based authentication protocol for IIoT environment, which applies the biometric-key features to authenticate the service access.Challa et al. [1] presented an ECC-based user authentication mechanism for future IoT applications.However, their scheme consumes more computation and communication overhead in comparison with non-ECC based authentication mechanism.Wazid et al. [36] developed a secure lightweight authentication for IoT networks.Their scheme uses biometric, smart card and password as a three-factor to comply with key agreement properties.Later, Roy et al. [37] proposed a new user authentication protocol for crowdsourcing IoT.Their scheme claims the user anonymity in the use of biometric -templates.Wazid et al. [38] built a new authentication mechanism for medical counterfeit systems that uses this scheme to verify the authenticity of pharmaceutical i.e. dosage forms.Al-Turjman and Alturjman [39] proposed a seamless mutual authentication protocol for IIoT to claim the feature of context-sensitive awareness.From the literature, the security features and its related drawbacks were studied well.Accordingly, a secure-anonymous biometric-based user authentication scheme (SAB-UAS) is presented to suit the IIoT environment.Table 2 summarizes the technique used, drawback, formal analysis and simulation used of existing authentication schemes.

III. SECURITY MODEL & ASSUMPTIONS
This section discusses the elliptic-curve cryptosystem, fuzzy extractors, threat assumption, and security properties.

A. ELLIPTIC-CURVE CRYPTOSYSTEM
At first, Koblitz [40] and Miller [41] have proposed this cryptosystem.It is widely used in several user authentication schemes [4]- [12] to provide better security efficiency.An elliptic-curve E C is represented over a field K = 2 or 3 of the characteristics to set the solution (x, y) ∈ K 2 to the solved equation as follows: where 4a 3 + 27b 2 = 0 Assume that the elliptic-curve cryptosystem is based on G F (q) that can translate the systems using elliptic-curve group EC g .It is defined over G F (q) to consider k times of P additional points i.e. for the scalar point multiplications KP = (P + P + . . .+ P, K times).For given E C , two points such as P, Q ∈ E C are defined over G F (q) that is used to find an integer value x such that Q = x.P, if any value of x exists.Importantly, this strategy is proven to be intractable than discrete logarithm.The definitions of E C can be referred in [14].The most significant computational problems based on E C are given in below: Definition 2: In the elliptic-curve Diffie-Hellman (ECDH) problem, three given elements (P, aP, bP) for any a, b ∈ [1, N − 1] are used to find the computation of abP, which is extremely hard for the elliptic group G P .
Definition 3: In the elliptic-curve factorization (ECF) problem, two given elements P, Q ∈ G P , where Q = sP + tP and are used to find the computation of sP and tP that is impossible to calculate in practice.
Definition 5: In a weak Diffie-Hellman (WDH) problem, three given elements (P, Q, kP) are used to compute kQ, Q ∈ G P for any k ∈ [1, N − 1] that is practically hard to determine.
Definition 6: In a collision-free hash (CFH) problem, a given hash-value H (.) is very hard to invert when there is computationally infeasible to determine the input x such that H (a) = h.
A collision resistant hashing i.e. strong collision-free H is one, which is computationally infeasible to determine any two message transmission a and b such that H (a) = H (b).

B. FUZZY EXTRACTOR
This subsection discusses the fundamental concepts of a biometric-based fuzzy extractor, which translates the biometric data into random values.As referred to [42], two formal procedure such as {G EN , R EP } are considered for the fuzzy extractor.The procedural mechanism of {G EN , R EP } is demonstrated as follows: IO is closely associated with B IO G EN is a probabilistic function, which has a biometric input-output B IO to extract the string R ∈ {0, 1} l and its auxiliary string P ∈ {0, 1} * .R EP is a deterministic reproduction, which is used to recover string R from auxiliary string P i.e. any vector B * IO closed to B IO .The details of fuzzy extraction are also referred to [43].
C. THREAT ASSUMPTION Dolev-Yao [42] and other threat models [44] is basically introduced to consider a threat of side-channel attack that constructs the threat assumptions.They are as follows: A. An adversary A dv can either be a sensor node, medical professional/expert or wireless gateway.In addition, any registered / legitimate user can also be possible to act as an adversary.B. An adversary A dv can overhear any communication over public insecure networks.Therefore, any data transmission can be leaked or captured between the communication entities such as sensor node, medical professional/expert or wireless gateway.C. Importantly, an adversary A dv may alter or delete or reroute the captured data.D. An adversary A dv may extract the information from smartcard SM c to analyze the card power storage capacity.In the conventional password authentication and key agreement (PAKA) protocol, A dv is modeled to provide complete control over the communication channel between the real-time communication entities [45].To characterize the qualities of forward-secrecy, A dv may allow corrupting validity of communication parties to infer the long-term secret key.In addition, A dv may obtain previous session keys in order to examine improper erasure.Recent analysis has proven that the extraction of security parameters could be deduced to experience power-analysis attack], software-loophole [46] and reverse engineering.The leakage of sensitive information may lead to security vulnerabilities such as offline passwordguessing [34] and impersonation attack [35].It is also evident that the stored session key in smartcard may be intercepted to experience malicious card-reader attack [14].However, the attacker can intercept the storage key via card-reader to read the user's secret information through stolen or lost smartcard.
This may enable the attackers to intercept any secure authentication scheme, though it adheres with extreme adversary principles [47].It uses robust security to protect against adversarial activities that would trivially break any types of user authentication schemes.The above treatment is as follows: 1. the malicious user may break terminal access to underway an attack of side-channel; and 2. an attacker may leak the sensitive information of legal user within a short time interval.This analysis tries to invalidate overlyconservative proposition that may simply presume a smartcard to be an external memory card using an embedded microcontroller to perform a cost-effective operation, supported by security schemes.As memory-card based authentication scheme is completely insecure over public networks, all the memory-card based authentication schemes [16] were truly insecure over un-trusted terminals.Therefore, the conditional assumption of non-tamper resistive is more secured than extreme assumption referred to [17].
In SAB-UAS scheme, the capabilities of A dv are summarized in Section II-B.The previous works provide a new insight to fairly evaluate the integrity of the proposed scheme.Wang et al. [48] introduced three types of security model such as Type-I, Type-II and Type-III.Of which Type-III is more influential to make use in practice.The brief descriptions are as follows: Type -I: A dv has a full-control of a communication channel, which is inconsistent.
Type -II: Smartcard is non-tampered resistant and user's password may be secretly listened over a communication channel using malicious card-reader by A dv .The former is more consistent than the latter assumption.
Type -III: Smartcard has no security protection i.e.A dv may distribute numerous queries to learn useful information of users using the malicious card-reader attack.
In regard to threat assumption C, it is argued that this assumption might not be of much practical importance to validate whether it is practically applicable or not to ensure its security relevance.On the other hand, the input password is verified before the execution of smartcard to learn useful information of corresponding remote-server that may lock the legal user account.If the above verification exists, then A dv can always detect a user's password using a malicious card -reader.The key conflict is that A dv of Type-III is not exclusively defined in threat assumption C and D. As referred in [48], this may minimally assume the counter protection to infer whether the lock time-period exceeds the threshold limit or not.According to the above verification, the proposed SAB-UAS model is very close to Type-III model in [49].As a result, Type-III may not provide the security features such as forward-secrecy and known-key attack.According to Yang et al. [16], the proposed SAB-UAS has explicitly considered the malicious card-reader and A dv is further specified with threat assumptions C and D.
In SAB-UAS A dv model, it is assumed to be able to offline-guessing that is enumerated of {U ID , Ad i } pair in the product of Cartesian {D ID × D AD } with polynomial time.It is enabled to deal with potential security features [34]- [37] such as resilient to offline-password guessing, undetectable online-password guessing, etc.Note that the threat assumption of B has yet been explicitly made in [34], which do not consider the security feature of user anonymity, whereas the proposed SAB-UAS model becomes stronger in practical aspect to incorporate previous and new assumption to provide a robust and secure authentication protocol.

D. SECURITY PROPERTIES
As referred in Yang et al. [16], the constructive analysis shows that the smartcard-based user authentication schemes have a common set of security properties to adopt the efficiencies of user authentication protocols.Madhusudhan and Mittal [15] demonstrated that an earlier set of security properties has ambiguities and redundancies, and thus they presented nine different sets of security goals along with ten desirable features.Since the security goals are based on the assumption of non-tamper resistance, their authentication scheme is set to be superior.However, it is still having the challenging issues to notice inherent security conflicts among set criteria.The security properties are as follows: C. defend or protect the user activities to save from intractability.C.12 Forward -Secrecy: The scheme can try to achieve the property of perfect forward secrecy.It is evidently pointing out that criterion set -C4 provides the attacking scenario where A dv has acquired the smartcard access while C5 has no gain of access to victim's smartcard.The criterion set -C4 assumes a traditional smartcard reissue to reveal user's smartcard access using the random-oracle model.The criterion set -C5 is completely based on basic attacks [15], [16] that a password related authentication scheme is well guarded on new attack vectors e.g.stolen verifier addressed in two-factor authentication systems.It is demonstrated that the criterion is set to eliminate redundancies and ambiguities of the traditional authentication system in order to facilitate concreteness based cryptanalysis.Further, the efficiency of the proposed authentication scheme may be contingent upon the implementation of real-time environmental systems.An extensive comparison proves that the proposed adversarial model is so hard and the criterion sets are more concrete and comprehensive in comparison with existing schemes.

IV. PROPOSED SAB-UAS SCHEME
This section presents a secure-anonymous biometric-based user authentication scheme (SAB-UAS) using smartcard.In SAB-UAS, three communication entities namely medical expert M E , wireless gateway access WG Ac and medical sensor MS j .WG Ac generates two master keys such as m x and m y and transmits a long-term secret key H S ID j m y to M S before the SAB-UAs scheme initiates its execution process.Then, WG Ac tries to compute m x .P, which is considered as a gateway's public key.The proposed SAB-UAS scheme is composed of three phases namely user registration, system login, authentication and revocation/reissue.The important notation of SAB-UAS is shown in Table 3.

A. USER REGISTRATION PHASE
This phase chooses a user identity U ID that imprints a biometric template BT i on U sr to perform the following execution.
Step1: M S initiates BT i to extract R i , P i from G EN (BT i ) → R i , P i and then stores the values P i in the memory storage.Upon P i storage, M S sends U ID , Ad i = H(R i ) to WG Ac over a secure communication channel.
Step2: After receiving the registration request U ID , Ad i from M S , WG Ac computes the user authentication parameters that are as follows: Step3: WG Ac stacks the user authentication parameters namely MS I , N I , VR I and H (.) into smartcard SM I .WG Ac then issues SM I to M S over a secure communication channel.
Step4: Finally, M S stores P i into smartcard.

B. SYSTEM LOGIN AND AUTHENTICATION PHASE
This phase performs a login phase for U sr ; and thus the entities such as WG Ac , U sr and MS j use a common session key to authenticate each other.The authentication step between U sr and MS j are as follows: Step1: U sr inserts his/her SM into the card-reader C R that reads the user identity U ID to imprint his/her biometric information B where TS i is the current timestamp.U sr sends the login request {AD i ,Y i , MS 1 , MS 2 , MS 3 , TS i } to WG Ac .
Step4: After receiving a login request from U sr , WG Ac tries to retrieve TS and verifies TS − TS i ≤ TS.
After the successful generation of C * I , the expression H ID * i m x m y is examined to check whether it is valid or not.Then, the generated MS * 2 is validated with MS 2 to analyze its equality measure.If the above analysis is valid, then WG Ac verifies the legitimacy of U sr .
Step5: WG Ac tries to compute the parameters such as K g , C g and W g to validate whether the communication is authenticated or not between U sr and MS j .The expressions are as follows: W g = H H SD j m y AD i C g TS g (16) where TS g is the current data timestamp.WG Ac then tries to send the user authentication message AD i , C g , TS g , W g to MS j .
Step6: After the successful authentication message from WG Ac , MS j tries to retrieve TS in order to verify whether TS − TS g ≤ TS.If the verification holds, then MS j examines the W g validation to compare with H H SD j m y AD i C g TS g to verify the legitimacy of WG Ac .Then, MS j checks whether AD i equates with AD * i or not to execute the following equation: After a successful generation of K * g and D Kg , AD i compares with AD * i to validate the user authentication message.Step7: MS j generates a random number r n that computes KS U , Z i , R M and Vf s to create a user session key US K .The computation is as follows: R M = Query Response of U sr ( 21) where TS is the current data timestamp.MS j sends the communication parameters {R M , Z i , Vf s , TS} to U sr .

VOLUME 7, 2019
Step8: After receiving the message {R M , Z i , Vf s , TS} from MS j , U sr computes US K to validate whether Vf * s equates Vf s or not.The computation is as follows: Lastly, the legitimate user U sr computes KS U and US K to establish a secure communication US K .

C. REVOCATION / REISSUE PHASE
To compensate the smart card loss or long-term key disclosure, the loss or tampered smartcard should be periodically revoked or reissued at a cyclic basis.
Step1: Assume that U sr wishes to revoke his/her SM.Step5: if the user legitimacy holds, WG Ac revokes U ID i and update the same in the revocation lookup table.Consequently, WG Ac determines new computation parameters {Vf i , N i , C I }.The expressions are as follows: Step6: WG Ac stacks H (.) and new authentic parameters .)} in the storage of smartcard SM I .Then, WG Ac newly issue SM I to U sr through a secure communication channel.
Step7: Finally, U sr stores the details of P i in to the smartcard SM.

V. FORMAL SECURITY ANALYSIS OF PROPOSED SAB-UAS
This section demonstrates a formal proof using the random-oracle model that proves the security efficiency of proposed SAB-UAS scheme.A collision-free one-way hash function is considered to specify the significance of random value r 2 and master secret session-keys m x and m y of WG Ac .Assume that a function of collision-free one-way hashing is defined as: f : {0, 1} * → {0, 1} n .It has an input binary string a ∈ {0, 1} * , which has a random binary to produce a length of H (a) ∈ {0, 1} n .It can satisfy the requirements as follows: Given that b ∈ B, but it couldn't find the computational of a ∈ A such that b = H (a) Given that a ∈ A, but it couldn't find the computational of a = a ∈ A such that H a = H (a) It is not fortunate that the computation couldn't determine about a string pair a , a ∈ A × A with a = a ∈ A such that H a = H (a).
Theorem 1: It is assumed that the collision-free one-way hash function H (.) closely represents a formal random based oracle model.The proposed SAB-UAS scheme distinctively proves that the secure session key US K protects the sensitive information including user identity U ID , random binarystring r 2 and master secret-key m x and m y of WG Ac to prevent any adversaries.
Proof: A formal random-oracle model can remove the input key m x for the given hash function b = H (a) without key failure.A dv runs the executable programs as shown in Table 4.A function Exp SAB−UAS Hash,Ad represents a proposed SAB-UAS scheme that defines a success probability.
A success probability of Exp SAB−UAS Hash,Ad is defined as Success SAB−UAS Hash,Ad = Pr Exp SAB−UAS Hash,Ad = 1 − 1 , where Pr (.) represents a probability of Exp SAB−UAS Hash,Ad .The adversarial function of this algorithm is written as Adv SAB−UAS Hash,Ad e t , Q uery , where e t is the time of execution and Q uery is the executable number of queries.Assume that A dv has the capabilities to work out the hash functioning problem provided in Definition6, where he/she can immediately try to retrieve the parameters such as user identity U ID , random binary-string r 2 and master secret-key m x and m y of WG Ac .In this case, A dv may wish to detect the complete communication between U sr and WG Ac .However, the input inversion from the given hashing is computationally not possible i.e.Adv SAB−UAS Hash,Ad (e t ) ≤ , ∀ > 0. Therefore, Adv SAB−UAS Hash,Ad e t , Q uery ≤ depends on Adv SAB−UAS Hash,Ad (e t ).As A dv has less possibility to detect the complete connection setup between U sr and WG Ac , the proposed SAB-UAS scheme distinctively proves that the secure session key US K protects the sensitive information from A dv to retrieve U ID , r 2 , m x , m y .Hence, the proposed SAB-UAS claims to achieve better security efficiencies.

A. SECURITY PROOF BASED BAN LOGIC
This subsection uses Burrows Abadi Needham (BAN) logic [50] to demonstrate that the proposed SAB-UAS scheme is completely valid and practically efficient to prevent known-key attacks in order to satisfy the security efficiency of e-healthcare systems.This model has become a well-known formal cryptographic protocol that is widely used to analyze the authentication scheme.The important notations and BAN logical postulates are described in Table 5.According to analytical BAN logical procedure, the proposed SAB-UAS scheme shall assure the below goals: Initially, the proposed SAB-UAS scheme is transformed to idealize the message transmissions that are as follows: 6. M sg 6: Usr i → WG Ac : S ID j , U ID j , X, Y, Usr i US K ↔ WG Ac US K Secondly, the following assumptions are made to initiate and analyze the proposed SAB-UAS scheme:

←→ WG Ac
Thirdly, the idealized form of the proposed SAB-UAS scheme is analyzed using BAN-logic rules and assumptions.The proofs of statements are as follows: According to M sg 1, the expression could be: According to Asgn 4 , a rule of message-meaning is applied to obtain: According to M sg 2, the expression could be: According to Asgn 6 , a rule of message-meaning is applied to obtain: According to M sg 3, the expression could be: According to Asgn 4 , a rule of message-meaning is applied to obtain: WG Ac 6 : According to Asgn 3 , a rule of message-meaning is applied to obtain: WG Ac 7 : According to WG Ac 7 , a rule of BAN-logic is applied to break the conjunction to produce: According to Asgn 7 , a rule of jurisdiction is applied to obtain: According to US K = x × Y = xy × P, the expression could be: According to M sg 4, the expression could be: According to Asgn 5 , a rule of message-meaning is applied to obtain: According to Asgn 2 , a rule of BAN-logic is applied to break the conjunction to produce: According to Asgn 8 , a rule of jurisdiction is applied to obtain: According to US K = y × X = xy × P, the expression could be: According to M sg 5, the expression could be:

←→ WG Ac Goal2
According to M sg 6, the expression could be: According to WG Ac 16 , a rule of message-meaning is applied to obtain: According to Asgn 2 , a rule of freshness concatenation is applied to obtain: According to WG Ac 23 , a rule of BAN-logic is applied to break the conjunction to produce: According to Goal1 , Goal2 , Goal3 and Goal4 , both Usr i and WG Ac is believed that the secure session key US K = xyP is mutually shared between Usr i and WG Ac to adhere to a property of known-key security.Table 3 describes the important notation of BAN logic.

B. IN-FORMAL SECURITY ANALYSIS
This subsection shows that the proposed SAB-UAS scheme has resiliencies to withstand various potential attacks to achieve better security efficiencies.

1) RESILIENT TO PRIVILEGED-INSIDER ATTACK
This attack uses WG Ac to collect the user credentials from data-center D C that tries to obtain access to the legitimate user.To resist privileged-insider attack, the credentials of the proposed SAB-UAS scheme U ID , Ad i are securely transmitted.It is masked with a one-way hash function to generate a long-term secret key H S ID j m y .Moreover, the master keys such as m x and m y use biometric template BT i on U sr to extract R i , P i from G EN (BT i ) → R i , P i that stores values of P i in storage-memory.Assume that legitimate user has lost his/her smartcard SM i and A dv tries to extract the legal information of U sr such as MS I , N I , VR I , H(.) using a power-analysis mechanism.However, A dv cannot infer or extract secret session-key to perform parallel-guessing attack as the master keys such as m x and m y are not known.Hence, the proposed SAB-UAS scheme claims the resiliency of privileged-insider attack.

2) RESILIENT TO STOLEN SMARTCARD ATTACK
Assume that smartcard SM of U sr maybe stolen or lost.A dv tries to extract U sr credential information namely MS I , N I , VR I , H(.) , where C I = H U ID m x m y ; MS I = H (C I ) ⊕ Ad i ; N I = m x ⊕ C I ⊕ m y ; VR I = H (U ID Ad i ) using a power-analysis mechanism.It is evident that U sr credential information is completely protected using master secret keys m x , m y and biometric template BT i .Since key-replication or parallel-guessing is computationally hard, key-inference or credential derivative is impracticable.Hence, the proposed SAB-UAS scheme claims the resiliency of stolen smartcard attack.

3) RESILIENT TO STOLEN-VERIFIER ATTACK
Assume that A dv tries to steal U sr credentials that temporally store information in WG Ac to perform malicious activities.However, in the proposed SAB-UAS scheme, WG Ac does not allow A dv to infer the sensitive information of U sr related to user identity U ID and biometric template BT i .Hence, the proposed SAB-UAS scheme claims the resiliency of stolen-verifier attack.

4) USER-ANONYMITY PRESERVATION
In security application systems, user-anonymity plays a vital role.Therefore, it is highly demanded to strengthen wireless communication technologies and pervasive computing.To protect user identity U ID , the proposed SAB-UAS scheme securely keeps U sr secret information, biometric template and master key m x , m y .In addition, it is evident that the transmission messages of proposed SAB-UAS scheme preserve biometric template and master key m x , m y using symmetric-key encryption.Hence, in the proposed SAB-UAS scheme, user identity U ID the derivation is computationally impracticable to achieve the property of user-anonymity preservation.

5) PASSWORD FRIENDLINESS
In proposed SAB-UAS scheme, U sr freely chooses his/her secret session-key US K to register or modify at D C .Moreover, the proposed SAB-UAS scheme supports revocation/reissue of smartcard SM through the knowledge of D C .Hence, the proposed scheme claims better user efficiency and friendliness.

6) RESILIENT TO USER-FORGERY ATTACK
Assume that A dv wishes to forge a message MS 1 to deduce the key elements such as r 2 , U ID , m x , m y .As Ad i is directly associated with master-key m x , m y , A dv cannot easily infer the collective information of message transmission MS I = H (C I )⊕Ad i .Hence, the proposed SAB-UAS scheme can be resilient to user-forgery attack.

7) RESILIENT TO SENSOR-CAPTURE ATTACK
In the proposed SAB-UAS scheme, A dv tries to seize the control of some sensor nodes MS j that establishes the communication with U sr .However, A dv cannot easily capture or forge message transmission MS 3 as it is built or constructed using N i .Moreover, MS j shares a common session-key US K with WG Ac , which is not at all related to KS U .Therefore, the proposed SAB-UAS scheme claims that A dv couldn't exploit this attack successfully.

8) RESILIENT TO GATEWAY-FORGERY ATTACK
This attack has an ability to forge message transmission MS 1 or MS 2 .In order to fabricate the message transmission MS 1 , a critical parameter known as US K is extremely subjective that tries to infer the messages namely MS 1 and MS 3 .Unfortunately, the master keys m x , m y cannot be forged simultaneously to verify the session key KS U of WG Ac .Hence, the proposed scheme is resilient to gateway-forgery attack.

9) RESILIENT TO KNOWN-KEY ATTACK
This attack realizes that the disclosure of session-key will have an effect on the security of the secret key.In the proposed SAB-UAS scheme, a secret session-key US K = H (AD i KS U TS) is derived from KS U = r 1 ×Z i , where Z i = r n ×P.This computation proves that U sr sessionkey is generated independently to claim that the revelation of US K has no authority on the exploitation of other sessions keys.Hence, the proposed scheme can be resilient to knownkey attack.

10) RESILIENT TO OFFLINE-GUESSING ATTACK
A three-factor authentication scheme ensures that even if A dv infers the information of any two-communication parties, he/she may not be able to break up the remote server systems.
In this scheme, A dv tries to gather the parameters such as biometric and password, however, he/she could not acquire a possible computation of Y i to build a legal login request message.Similarly, A dv tries to gather the parameters such as password and smartcard, nonetheless, he/she cannot either perform a proper computation of Y i nor predict the biometric information.Hence, it could not execute the offline-guessing attack.Also, A dv tries to gather the parameters such as biometric and smartcard, nonetheless, he/she may have a chance to explore an offline guessing attack by means of MS I or BT i to verify the correctness of guessing value.
Assume that A dv exploits BT i to explore the offline guessing attack and its execution steps as follows: A dv hypothecates U ID and Ad i into U * ID and Ad * i respectively.This hypothecation computes R * i = R EP B * IO i , P i ; Ad * i = H R * i ; and VR * I = H U ID Ad * i to check whether VR I ==VR * I or not.However, A dv cannot infer a proper U ID and Ad i to send a login request to WG Ac without the knowledge of P i .Thus, the proposed scheme claims that it can be resilient to offline-guessing attack.

11) PROPERTY OF MUTUAL AUTHENTICATION AND KEY AGREEMENT
In proposed SAB-UAS scheme, it is observed that U sr and WG Ac should respond to MS j .Specifically, WG Ac uses a long-term secret value S ID j to generate a correct message transmission MS I = H (C I ) ⊕ Ad i , where Ad i = H (R i ) and it is validated using U sr .In another way, U sr applies C I = H U ID m x m y and AD i = U ID ⊕ H (r 2 ) to generate a corrective response-value MS 3 that is verified using WG Ac .This verification shows that U sr and WG Ac mutually passes the authenticated message transmission to exchange the messages of MS j .Hence, the proposed scheme claims to achieve the property of mutual authentication.
With a generation of session-key, it is observed that U sr and WG Ac plays a vital role to contribute to the generation of session-key namely m x , m y .This has a logical consequence that neither any U sr can generate or control his/her session-key, nor any session-key can be adequate to produce random-key if any of the U sr be able to construct a sufficient random input-keys.Hence, the proposed scheme claims the preservation of key agreement.

12) PROPERTY OF PERFECT FORWARD SECRECY
In proposed SAB-UAS scheme, a property of perfect forward-secrecy necessitates a long-term secret information S ID j to be highly secured between U sr and WG Ac that ensures all the previous key establishments are well protected.Based on the Diffie-Hellman protocol, the proposed scheme claims to achieve better forward secrecy.With the secret-key information of U sr and WG Ac , A dv tries to recover US K = H (AD i KS U TS).However, from the specific feature of intractability based on the Diffie-Hellman problem, the proposed scheme claims that it is impracticable for A dv to compute KS U = r n ×Y * i .

C. RESOURCE EFFICIENCY ANALYSIS
This subsection estimates various resource efficiencies such as storage, computation, and communication of proposed SAB-UAS scheme.The analysis details are as follows: 1) ANALYZING STORAGE EFFICIENCY In order to analyze storage overhead, the communication messages of a user U sr and smartcard SM I are chosen.Particularly, if we apply SHA − 1, byte-length of 20 is set to the following parameters namely random number r 1 and r 2 , user identity U ID and hash-resistant function, whereas byte-length of data timestamp is 2. Therefore, the proposed SAB-UAS claims that the total storage data length can easily be calculated for C I , MS I , N I and VR I .In respect of storage, the saved messages require 80 bytes.

2) ANALYZING COMMUNICATION EFFICIENCY
In order to examine communication overhead, U sr login request message {AD i ,Y i , MS 1 , MS 2 , MS 3 , TS i } is considered, which is later submitted to WG Ac in turn to process the login.According to the above assumption of byte-length, the message length of U sr is 102 bytes.Similarly, the bytelength of WG Ac computation and U sr the response is calculated and its summation is 30 + 20 = 50 bytes during the system authentication phase.Thus, the system login and authentication phase of SAB-UAS scheme are totaled into 102 + 50 = 152 bytes.

3) ANALYZING COMPUTATION EFFICIENCY
In order to realize the complexity of computational efficiency, the frequency of hash resistant function is considered.Importantly, the computation time of the X-OR operation is practically ignored as it has less time to execute the process.As referred in [34], the environment of 2.20 GHz CPU and 2 GB RAM consumes 0.0023 ms to execute the hash resistant function on an average.Therefore, the proposed SAB-UAS scheme claims that the execution times of hash function in system login and authentication phases are 7 and 13 times respectively.The calculation shows that the computation cost of SAB-UAS is recorded into 0.0161 + 0.0299 = 0.046 ms.

D. COMPARISON OF PERFORMANCE EFFICIENCY
As from Table 6, the time cost of various authentication phases is compared in terms of T CM denotes one-way chaotic map function, T SED denotes symmetric encryption / decryption and T hash denotes one-way hashing function respectively.Importantly, T hash is examined using SHA1.A test platform used in [52] is also applied to examine the computation parameters such as T CM = 127.042µs, T SED = 21.4835µs and T hash = 21.4835µs.It is supposed that all the authentication schemes including timestamps, random-integers, a hashing function, wireless gateway access, and medical-sensor node are set the key size as 160 bits.However, the chaotic map results in the key size of 1024 bits long as it is capable to perform modular prime in order to provide more security.In [53], it is discussed that the basis of communication cost is more non-trivial.A detailed hypothesis shows that the user identities, timestamps, and random integers are assigned to be 32 bits or only 4 bytes.Generally, the storage character of user identity cannot be less than six characters.Since DES is widely known to be insecure [53], a key size 56 bits is even not considered as a secure key length.The performance analysis demonstrates that the execution times of the proposed scheme have less cost in comparison with other existing schemes [54]- [56] for the communication entities namely U sr , WG Ac and MS j .After all, the proposed SAB-UAS scheme is claimed to be robust and secure in order to realize in practice.However, Gope and Hwang [55] are completely impracticable as it is susceptible to a de-synchronization attack.In the wireless environment, even if none of the adversaries try to block the data packets, then the loss of data packet cannot be occurred between U sr , WG Ac and MS j .It is appeared to be a problem of de-synchronization.Assume that the proposed SAB-UAS scheme has last message confirmation, which is blocked or stolen due to time overdue.Then, WG Ac cannot modify or replace the parameter pair U ID , Ad i to make the data more inconsistent between U sr and WG Ac .

VI. PRACTICAL EXAMINATION USING NS3
This section demonstrates the practical implementation of proposed SAB-UAS using NS3 simulation [57] to examine the network parameters such as packet delivery ratio, endto-end communication delay S , throughput rate of data transmission bpS , and routing overhead packets .For the analysis of the above parameters, a widely accepted version known as NS-3.28 has been installed on the platform of Ubuntu-14.04LTS [6].Table 5 shows the important parameters used in NS3 simulation that assumes a network coverage area as 80 × 80 m 2 to examine the medical sensor and device controller node with a distance of 25 meters and 50 meters respectively, considered in [55].A communication standard known as IEEE-802.15.4 is used as media access control to simulate the network duration ≈1800 s i.e. 30 minutes.Because of network nature i.e.Ad hoc, optimized link state routing (OLSR) is preferred.It is used to provide dynamic discovery that invokes proactive routing to maintain the distribution table between the communication entities.Table 7 represents the important notation used in simulation.To investigate the network metrics, the sensor nodes are implanted in rectangular form.It has 20 sensors in a row, which subsequently adds more concurrent rows for every execution scenario restricting the sensor quantity to be 160 nos i.e. row size 8 .To explore a basic network scenario, three device controller, one wireless gateway and three patients with five medical sensors were considered.This is to note that the wireless gateway access WG Ac is not considered in [42] to inspect the data aggregation and reliable data transmission.The description of a network scenario is as follows: Scenario: This scenario deploys 3, 5, 9 U sr , 1 WG Ac , 3 M S and 160 MS j .For the above scenario, three data transmission messages such as MS 1 , MS 2 , TS 1 from U sr to WG Ac , MS 3 , MS 4 , TS 2 from WG Ac to M S and MS 5 , TS 3 from M S to U sr are considered with the packet size of 512 bits, 512 bits, and 192 bits to examine the network parameters.Each U sr starts randomly to exchange the message i.e. for every 4 s.Importantly, according to the adversarial module, 20 malicious nodes are randomly assigned to perform various misbehavior in packet routing include send and receive messages.

A. ANALYSIS OF PACKET DELIVERY RATIO (PDR)
It is a highly essential factor to measure the performance of routing protocol in any communication networks.In the use of packet size, availability of nodes, transmission range and coverage area, this analysis was performed.This communication metric defines the successful receiving packet delivery ratio at the sink node.From Fig. 2, it is evident that the PDR ratio of proposed SAB-UAS slightly deteriorates when the number of sensors grows larger.Specifically, from the addition of row i.e. 30 to 45, there was a slight deflection in proposed SAB-UAS and Wu et al. [56] that shows better packet delivery ratio in comparison with other authentication schemes [54], [55].Also, when the addition of rows grew consistently, the signal congestion continued to exist.As a result, the energy model defined in the wireless environment started draining more than expected, when there was a report of far distance message transmission.To improve the delivery ratio, a threshold limit can be set at the receiver side to control the energy dissipation or to abort the packet transmission when there is a far distance communication.From the examination, it is realized that there may be an increasing number of connection breakdown when the mobility varies from ∼4 ms to ∼20 ms.As a consequence, unusual packet loss and failures are resulted to degrade the quality of link connectivity.

B. ANALYSIS OF END-TO-END (ETE) DELAY
It is defined as the average time taken by the data transmission packets to reach the receiver from the source node.Thus, it can be mathematically expressed as: where N P defines the total number of data transmission packets and T rec i , T send i denotes the sending and receiving time of packet transmission with respect to the given scenario.Fig. 3 illustrates the packet end-to-end delay of proposed SAB-UAS with other existing authentication schemes.The examination results show that the proposed SAB-UAS consumes less delay in comparison with other existing schemes [54]- [56] such as 0.0278 sec, 0.0238 sec, 0.0203 sec and 0.0174 sec respectively.From the analysis, it is observed that the end-to-end delay increases when the number of communication nodes is proportionally increased.As a result, it is strongly stated that a number of transmission messages are subjected to experience more congestion as addressed in the given execution scenario.

C. ANALYSIS OF THROUGHPUT TRANSMISSION RATE TTE
The throughput rate can be defined as the number of bits transmitted per unit of execution time.The throughput rate bps of proposed SAB-UAS is illustrated in Fig. 4. It can be expressed as: where T D is the total data transmission time Secs , P kt is the data transmission packet and N R is the total number of receiving packets successfully.From Fig. 4, it is witnessed that the execution time was considered to evaluate the number of transmission packets i.e. for proposed SAB-UAS and other existing authentication protocols [54]- [56].The execution result shows that the proposed SAB-UAS achieves better throughput rate in comparison with other existing authentication protocols [54]- [56] such as 1.64 kbps, 1.602 kbps, 1.604 kbps, and 1.624 kbps respectively.It is evident that the proposed SAB-UAS has a negligible deviation at 45 to 60 and 120 to 140 because of the increasing number of sensor nodes.

D. ANALYSIS OF ROUTING OVERHEAD RTO
The routing overhead can be defined as the total number of routing packets divided by the total number of successfully delivered packets during the mobility interval ≈2 to 50 m/s.The in-depth analysis shows that the average number of routing packets is involved to deliver a data packet successfully.Moreover, this parameter is essential to find the excess bandwidth usage during routing overhead to handle network traffic.The simulation result reveals that the OLSR protocol tries to minimize the communication overhead as it maintains a proactive routing table to handle the periodic Hello transmission and Topology Control messages.From Fig. 5, it is observed that the proposed SAB-UAS achieves less routing overhead i.e. packet in comparison with other existing protocol [54]- [56] such as 11.3, 6.7, 5.9, and 4.5 routing packets.In OLSR, the packet routing is tactfully managed to enhance the network performance and bandwidth usage at the mobility speed ≈2 to 50 m/s.

VII. CONCLUSION
In this paper, a secure-anonymous biometric-based user authentication scheme (SAB-UAS) has been proposed for a smart electronic-healthcare application using IoM.The proposed SAB-UAS scheme shows the formal security model, resource and performance efficiency analysis to prove the security, storage and performance efficiencies.The former proof demonstrates that the proposed scheme can protect the sensitive information of a user from adversary to achieve the property of perfect forward secrecy.The latter analysis shows that the proposed SAB-UAS scheme can substantially reduce the storage, computation and communication cost to improve the performance efficiency of any real-time based healthcare application systems.In addition, the rigorous informal and formal security analysis using BAN logic and random-oracle model proves that the SAB-UAS scheme provides better security evidence for the protection of various potential attacks for application based on IoMs.It is also shown that the proposed scheme achieves improved resource efficiencies such as storage, computation, and communication to build smart e-healthcare systems.Importantly, the network parameters such as packet delivery ratio, end-to-end delay, and throughput rate have been evaluated using a network simulator NS3.It is shown that the proposed SAB-UAS scheme experiences more congestion when the number of message transmission increases proportionally i.e. adding 20 sensors in a row.However, the proposed SAB-UAS could achieve better packet delivery ratio, end-to-end delay, throughput rate and routing overhead for the given scenario in comparison with other authentication protocols [61]-[63] even if the message transmission grew proportionally between U sr , WG Ac and M S .

FIGURE 1 .
FIGURE 1.A system model of internet of medical things.

Asgn 8 :
WG Ac | ≡ D C ⇒ Usr i X ↔ WG Ac Asgn 9 : WG Ac | ≡ Usr i ⇒ Usr i US K ←→ WG Ac Asgn 10 : Usr i | ≡ WG Ac ⇒ Usr i US K

TABLE 2 .
Summary of technique used, drawbacks, formal analysis model and simulation used of existing authentication schemes.
If the verification is valid, then WG Ac computes C * To execute this scenario, he/she should insert their SM I to generate a new identity U * ID from the previous identity U ID to prevent the adversaries act.Then, the successful update of U * ID imprints the user biometric B * IO i on MS j .MS i to send the revocation/reissuing request message parameters U ID i , U * ID i , Ad i , Z i } via WG Ac over a secure communication channel.
i = R EP B * IO i , P i ; and Ad i = H R * i Step3: U sr computes Z i = U ID i ⊕ y ; and Z * i = U ID ⊕ H (C I ) ⊕ Ad i .The verification of Z *i with Z i is employed to prove user legitimacy.
Ac 17 : Usr i U ID j , S ID j , X, Y, Usr i WG Ac 18 : Usr i | ≡ WG Ac | ∼ U ID j ,S ID j ,X, Y, Usr i Usr i |≡WG Ac |≡ U ID j , S ID j ,X, Y,Usr i

TABLE 6 .
Performance efficiencies of existing authentication schemes.