REACH: Robust Efficient Authentication for Crowdsensing-based Healthcare

Abstract Crowdsensing systems enlist a group of people to contribute to sensor-based tasks. They involve people, also known as participants, who collect sensor data based on the task requirements specified by the requester, and send it to a server using an application. The sensor data can be either related to the participant and his/her daily activity or collected from the surrounding environment. The crowdsensing-based healthcare system is a sample of a crowdsensing system that provides smart healthcare-related services to patients and elderly people. In such a system, wearable sensors collect sensor data from patients and transmit them to the medical server across a public communication channel. Doctors can then access the data and prepare medical advice, resulting in a drastic reduction in hospital costs. However, patient data generally contain sensitive information that needs to be exchanged securely. Therefore, a significant security challenge is authenticating the sensor device (patient) and generating short-term keys for communicating medical data. Recently, Dharminder et al. and Gupta et al. designed authentication protocols for healthcare systems. In our paper, we show that these schemes are prone to a series of attacks including impersonation and stolen verifier attacks, and cannot provide perfect forward secrecy. We then propose a Robust and Efficient Authentication scheme for Crowdsensing-based Healthcare systems, called REACH. We prove that REACH supports perfect forward secrecy and anonymity and resists well-known attacks. We perform various formal and informal security analyses using the Real-OR-Random (ROR) Model, BAN logic, and the well-known Scyther tool. We also show that REACH outperforms the related methods in incurring the minimum computational overhead and comparable communication overhead.