Lightweight anonymous authentication and key agreement protocol resistant to desynchronization attacks
摘要
Wireless Medical Sensor Networks (WMSNs) are crucial for remote medical monitoring, yet they face significant challenges in terms of data security and privacy protection. Authentication and Key Agreement (AKA) protocols are effective technologies for safeguarding privacy; however, existing solutions often struggle to resist desynchronization attacks or sacrifice untraceability in the pursuit of anonymity. Additionally, the adoption of public-key cryptography substantially increases both computational and communication costs. To address these issues, this paper proposes a lightweight protocol based on the RD-UT List (Resistance to Desynchronization and Untraceability List) synchronization mechanism, which can resist desynchronization attacks and ensure untraceability. This mechanism functions by generating and periodically updating temporary identity credentials and hash chain values, ensuring reliable authentication and key agreement among users, servers, and sensor nodes. During data transmission, the mechanism not only achieves anonymity and untraceability but also effectively defends against desynchronization attacks. Compared with existing solutions, this protocol significantly improves both computational and communication efficiency: it reduces computational overhead by at least 65.01% and cuts communication costs by at least 22.22%. Its security has been fully validated through formal proofs and informal analysis. Furthermore, on an experimental platform simulating sensor nodes using Raspberry Pi 5, the protocol successfully achieves mutual authentication and session key agreement between users and sensors, verifying its practicality in resource-constrained WMSNs environments. In summary, this protocol provides an efficient and tailored solution for data protection in WMSNs environments.