Recently, the incorporation of state-of-the-art technology such as Electronic Healthcare Records (EHRs), networks, and cloud computing has transformed the traditional healthcare system. However, security problems have arisen as a result of the integration of technology. Secure remote user authentication is a core part of the healthcare system to validate the user's identification via an unsecure communication network. Since then, several remote user authentication schemes have been presented, each with its own set of pros and limitations. As a result, security, malicious attacks and privacy concerns are considered one of the main challenges related to the healthcare system. In this paper, we propose a safe user authentication scheme for patients in the healthcare system that overcomes these flaws and confirms the security of the proposed work using scyther, a formal security tool. In the healthcare environment, our work provides an effective means to construct an environment capable of setting, registering, storing, searching, analyzing, authentication, and verifying electronic healthcare information in order to protect the information of patients. Furthermore, our suggested scheme uses symmetric encryption based on the crypto- hash function for accessing the anomaly of the patient's identity and One-Time Password (OTP). Towards the end of the study, the performance analysis results indicate a delicate balance of security and performance that is frequently lacking in previous works.
A wireless body area network (WBAN) connects separate sensors in many places of the human body, such as clothes, under the skin. WBAN can be used in many domains such as health care, sports, and control system. In this paper, a scheme focused on managing a patient’s health care is presented based on building a WBAN that consists of three components, biometric sensors, mobile applications related to the patient, and a remote server. An excellent scheme is proposed for the patient’s device, such as a mobile phone or a smartwatch, which can classify the signal coming from a biometric sensor into two types, normal and abnormal. In an abnormal signal, the device can carry out appropriate activities for the patient without requiring a doctor as a first case. The patient does not respond to the warning message in a critical case sometimes, and the personal device sends an alert to the patient’s family, including his/her location. The proposed scheme can preserve the privacy of the sensitive data of the patient in a protected way and can support several security features such as mutual authentication, key management, anonymous password, and resistance to malicious attacks. These features have been proven depending on the Automated Validation of Internet Security Protocols and Applications. Moreover, the computation and communication costs are efficient compared with other related schemes.