Crowdsensing systems use a group of people to collect and share sensor data for various tasks. One example is the crowdsensing-based healthcare system, which provides smart services to patients and elderly people using wearable sensors. However, such a system faces a significant security challenge: how to authenticate the sensor device (patient) and exchange medical data securely over a public channel. Although considerable research has been directed towards authentication protocols for healthcare systems, state-of-the-art approaches are vulnerable to a series of attacks, including impersonation and stolen verifier attacks, and do not ensure perfect forward secrecy. In this paper, first, we elaborate two of such approaches. Then, we propose a Robust and Efficient Authentication scheme for Crowdsensing-based Healthcare systems, called REACH. We prove that REACH supports perfect forward secrecy and anonymity and resists well-known attacks. We perform various formal and informal security analyses using the Real-OR-Random (ROR) Model, BAN logic, and the well-known Scyther tool. We also show that REACH outperforms the related methods in incurring the minimum computational overhead and comparable communication overhead.

Keywords