Sage Journals: Discover world-class research

Abstract

In the Internet of Medical Things (IoMT), medical devices are connected to the Internet of Things (IoT), allowing better tailored healthcare, faster hospital treatments, more affordable medical solutions, and more patient comfort. The most serious threat to the safety and confidentiality of patient’s medical records is the possibility of attacks on the IoMT environment. In order to address these problems, researchers have proposed several approaches and methodologies. None of these protocols presents a low-computing-overhead method that combines authentication with privacy preservation. This research proposes a protocol for secure authentication of IoMT devices while protecting user privacy. The proposed approach ensures the confidentiality of the IoMT devices connected to the patient’s body while communicating. In addition, the proposed protocol is validated using the widely recognized formal validation tool Automated Validation of Internet Security Protocols and Applications (AVISPA). The suggested protocol resolves existing protocols’ vulnerabilities and is resistant to many well-known security issues. Compared with existing protocols that use public cryptosystems, such ElGamal and RSA, the suggested protocol stands out due to its smaller key size and reduced computational overhead. A comparison with the well-known protocols revealed that the combined method for “lightweight authentication and privacy preservation” is computationally 5 to 6 times more efficient. However, this research has significant real-world implications from various social, economic, and business viewpoints, both locally and globally.

Keywords

IoT healthcare lightweight security AVISPA IoMT elliptic curve cryptography

Introduction

The development of the Internet of Things (IoT) led to the creation of the IoMT, an initiative to improve healthcare quality.¹ IoMT entails gathering and transferring private medical information from patients to a central authority (CA) that stakeholders, including doctors, can access. The IoMT is made up of a variety of medical devices and applications, including wearables, sensors, remote monitoring systems, and health-tracking apps. These devices can collect a wide range of health data, including vital signs, blood glucose levels, adherence to medications, and more. This data is then transmitted to healthcare providers, who can use it to monitor patients remotely and make better decisions about their healthcare.^2–4 The IoMT could completely transform healthcare delivery by enhancing patient outcomes, decreasing costs, and increasing efficiency. With IoMT help, healthcare professionals can better manage chronic diseases and avoid hospital readmissions, allowing patients to receive proactive and individualized treatment.⁵ However, the IoMT has its shared problems. Some of these include concerns about the security and privacy of user data, the need to comply with regulations, and the necessity of systems and devices to communicate.^6,7,4,8 However, due to its potential benefits, the IoMT is a promising new frontier in healthcare research and development. A crucial part of controlling the COVID-19 epidemic has been the use of IoMT devices.⁹ In relation to COVID-19, IoMT devices have the following advantages: they are accessible from anywhere and are quick to identify, locate contacts, and analyze data. IoMT devices help control the COVID-19 pandemic by facilitating remote monitoring, early detection, contact tracking, and data analysis. However, it is essential to address privacy and data security concerns to ensure that patients can benefit from this technology safely and ethically. Using elliptic curve cryptography (ECC) and resolving security vulnerabilities, this paper introduces a lightweight privacy-preserving authentication protocol for IoMT. Rigorous security analysis and validation using AVISPA have confirmed its robustness, and comparisons have shown that it is well-suited for IoMT applications.

The remainder of the paper is structured as follows: first, review existing research related to privacy and security. Next, outline the motivation for the study and its contributions. Following that, present the foundational concepts, including the Elliptic Curve Discrete Logarithm Problem (ECDLP) and blind signatures based on ECDLP. The subsequent section details the proposed scheme, which includes the system model and describes a secure, privacy-preserving initialization phase, registration phase, and authentication protocol for IoMT devices, gateways, and the CA. Then, the paper addresses the removal of malicious IoMT devices and gateways. A security analysis is provided, including formal validation using the AVISPA tool and informal protocol validation. Finally, results and discussions are covered, and the paper concludes with a summary of key findings.

Related work

Many methods have been offered to verify the legitimacy of nodes in IoMT systems and to guarantee authentication between gateway nodes and IoT devices. Such methods use various cryptographic techniques, including lightweight cryptography, elliptic curves, and hash functions.^10,11,6 In this section, give a summary of some of these research initiatives.

In the year 2009, a two-factor authentication technique was designed for wireless sensor networks (WSN).¹² Later in 2010, He et al. found the weaknesses in Das et al.’s protocol, found some vulnerabilities such as insider and impersonation attacks, inability to change passwords, information leakage, lack of anonymity, no mutual authentication, and no session key establishment.¹³ Later, they suggested an enhanced two-factor authentication scheme to overcome these vulnerabilities. In 2011, Kumar¹⁴ identified deficiencies in the He et al.’s¹³ protocol. These deficiencies include the absence of user anonymity, mutual authentication, the establishment of session keys, and the susceptibility to information leakage attacks.¹⁴ In the same year, Kumar found that Khan’s¹⁵ scheme has some vulnerabilities, such as mutual authentication, session key establishment, and message confidentiality.

In 2010, a system developed known as GDP (Group Key Distribution System) specifically to ensure secure communication in Body Area Networks (BANs).¹⁶ The protocol’s objective is to establish a collective key that can be utilized to disseminate messages inside the network. However, the author discusses the deployment of the protocol on a sensor network platform but does not provide comprehensive evaluation data or performance analysis. After that, in 2013,¹⁷ introduced a protocol for a Certificate less Signature Scheme, and the protocol guarantees protection, confidentiality, and resilience against many threats. After that, in 2017, He et al.¹⁸ reviewed Liu’s protocol and found that it is susceptible to impersonation attacks. Later on, Anonymous authentication scheme for WBANs was proposed by.^18–20

In 2019, Zhou et al.²¹ developed an authentication technique that relies on an IoT-enabled cloud architecture, and both protocols relied on the use of logical OR operations and hash functions. Nevertheless, these protocols are vulnerable to privileged insider attacks, replay attacks, MITM attacks, and impersonation attacks. Whereas Jaiswal et al.²² proposed a edge computing based ,Srivastava and Debnath²³ propose a multivariate-based certificate less signature system to improve security in IOMT networks. In the same year, Chatterjee²⁴ suggested an authentication protocol for wireless body sensor networks that relies on the Paillier public key encryption cryptosystem. Nevertheless, the proposed system may encounter algorithmic complexity concerns, rendering it inappropriate for Body Sensor Networks (BSN). Also, Fotouhi et al.²⁵ introduced a safe authentication system that is lightweight and based on hash chains. Later Sureshkumar et al.²⁶ introduced a streamlined authentication protocol for smart healthcare systems that relies on ECC. Unfortunately, the protocol is susceptible to traceability, integrity conflict, and de-synchronization attacks, which can be easily exploited and result in substantial security problems.

In 2021, Lee and Chen²⁷ presented a secure IoT protocol for medical networks that uses Physical Unclonable Functions (PUFs) for authentication and defense against attacks such as side-channel assaults and data tampering. In the same year, Mohammed et al.²⁸ presented a bio-inspired robotics system that uses blockchain technology to enable task planning in an IoMT environment. However, these protocols are not resistant to physical tampering and have more computation than other schemes.

In 2021 Wang et al.²⁹ proposed a lightweight and reliable authentication protocol for WMSN. To overcome these problems physical layer security and over-centralized server problem in WMSN. This protocol is susceptible to different types of attacks, including man-in-the-middle attacks and session key leakage, lacks mutual authentication. Whereas in the same year, Li et al.¹⁹ introduced the PSL- MAAKA authentication protocol, which offers lightweight authentication by utilizing hash and XOR operations for authentication and key agreement.

In 2022 yu and Park³⁰ provide a more advanced authentication mechanism that utilizes Blockchain and PUFs to tackle these problems. They verify the security of their protocol by conducting both informal and formal assessments, such as the AVISPA simulation and the ROR Oracle model. However, this protocol suffers from certain safety flaws. The research conducted in 2023 Praveen and Pabitha³¹ introduces a secure and efficient user authentication method that is specifically used for IoMT applications which uses bioacoustics and a fuzzy embedder and Singh et al.³² proposed a group based protocol i.e GBEKA. These two authentication methods have more computational costs than other authentication schemes in terms of constraint devices. Later, Das and Namasudra³³ proposed a privacy- preserving mutual authentication scheme using lightweight components like XOR, concatenation, and hash functions to secure sessions between IoT devices and gateways. However, their approach is vulnerable to several attacks, including insider, impersonation, man-in-the-middle (MITM), and replay attacks, and lacks mechanisms for detecting malicious devices and Gateways.

In summary, devices with limited resources are not the focus in most of the existing works. In addition, most of the works do not consider patient data privacy since they rely on offline registration. An improved solution for IoMT environments is proposed in this work, which fills this gap by offering a lightweight authentication method that protects privacy and uses lightweight components like XOR, hash functions, and the proposed protocol to detect malicious devices and Gateways, thus providing a more robust solution for IoMT environments.

The networked medical devices and systems that makeup IoMT can enhance healthcare delivery, patient monitoring, and treatment outcomes. Nevertheless, the interconnected nature of IoMT brings about a plethora of security concerns. These include vulnerability exposure to impersonation, stolen-verifier attacks, data non-repudiation, data confidentiality breaches, anonymity compromises, known- key security risks, replay attacks, message authentication, privileged-insider threats, parallel session exploits, and man-in-the-middle attacks, etc..³⁴ The confidentiality of patient information, adherence to regulations, and the efficacy of healthcare procedures depend on the security and privacy of IoMT systems.^3,35,36

Ensuring the security and privacy of IoMT systems is essential for maintaining patient trust, regulatory compliance, and the integrity of healthcare operations. To protect healthcare data and reduce risks,it is necessary to deploy comprehensive security measures such as authentication, privacy, encryption, access control, anomaly detection, and threat intelligence. These security challenges must be resolved for the IoMT to realize its promise of transforming healthcare delivery while protecting patients’ privacy and safety.

The following are the most important takeaways from this paper:

• The healthcare system utilizes IoMT devices with limited resources. The suggested protocol has been explicitly designed to tackle the difficulties presented by this system.

• Protocol has been proposed for registering an IoMT device and the gateway with the CA.

• Lightweight components such as XOR, Hash function, and concatenation were used to minimize computational power usage.

• The methodology ensures patient privacy by employing blind signatures upon registration with the CA.

• Certain security aspects, including confidentiality, anonymity, integrity, lightweight, mutual authentication, and privacy preservation, are guaranteed by the proposed protocol. Furthermore, this protocol is resistant to a number of attacks, such as CCA, replay attacks, Man in the Middle, impersonation, and modification attacks. The suggested protocol also detects malicious IoMT devices and gateways.

• The protocol enables identifying and eliminating any malicious Gateway and IoMT devices from IoMT healthcare environments.

• The AVISPA tool is utilized to validate and verify the suggested protocol.

• Our comparison analysis highlights the superior ability of our protocol to preserve privacy compared to other protocols operating in the same situation.

Preliminaries

This section provides preliminaries for a proposed protocol for an IoMT based healthcare system network.

Elliptic curve cryptography (ECC)

ECC is a well-known public key cryptosystem¹⁰ with features of smaller key sizes compared to other cryptosystems like Integer Factorization Problem-based RSA³⁷ and DLP-based ElGamal³⁸ for achieving the same level of security. Since only exponential-time attacks are known so far, the Elliptic Curve Discrete Logarithm Problem (ECDLP) might still be intractable even if factoring and multiplicative group discrete logarithms are broken.

The comparison Table1 below shows that, according to the National Institute of Standards and Technology (NIST), ECC can achieve the same level of security as other public key cryptosystems with a smaller key size.³⁹

Table 1.

As per NIST.

ECC key size (Bits)	RSA key size (Bits)	Key size ratio
163	1024	1:6
256	3072	1:12
384	7680	1:20
512	15360	1:30

The equation of the elliptic curve over Finite Field $F_{p}$ is

E : y^{2} m o d p = (x^{3} + a x + b) m o d p

(1)

where,

(4 a^{3} + 27 b^{2}) \mod p \neq 0 .

Here, the elements of the Finite Field are integers between

0

and

p - 1 .

All the operations, such as addition, subtraction, division, and multiplication, involve integers between

0 a n d p - 1 .

The prime number

p

is chosen to make the cryptosystem secure so that there is a finitely large number of points on the elliptic curve.

The domain parameters for the Elliptic curve over $F_{p}$ are $p, a, b, G, n a n d h$ . p is the prime number defined for finite field Fp. a and b are the parameters defining the curve $y^{2} \mod p = (x^{3} + a x + b) \mod p .$ G is the generator point $(x G, y G),$ a point on the elliptic curve chosen for cryptographic operations. n is the order of the elliptic curve. The scalar for point multiplication is chosen as a number between 0 and n1. h is the cofactor where, $h = \frac{| E (F p) |}{n} .$ $| E (F p) |$ is the number of points on an elliptic curve.

Definition. Let E be an elliptic curve over a Finite Field $F_{p}$ and let $G \in E (F p)$ be a point of order n. Given $Q \in E (F p),$ the Elliptic Curve Discrete Logarithm Problem (ECDLP) is to find the integer $d \in [0; n - 1],$ such that $Q = d G .$

A blind signature issued to provide anonymity and privacy for entities. It consists of four phases, as below (Figure 1).

• Initialization Phase

• Blinding Phase

• Signing Phase

• Extraction phase

Figure 1.

Registration of gateway with CA.

Proposed scheme

In this section we describe the suggested system model and then explain the proposed protocol.

System model

The architecture of the IoMT-based healthcare system network model is shown in Figures 2 and 3. This section outlines the process of setting up the network in preparation for implementing the proposed protocol. In this model, each IoMT device has a unique identifier that is affixed to the patient’s body. Patients move from one place to another in a dynamic route (e.g.: from the Pathology department to the Cardiology department), while each Gateway is fixed at some critical locations in the proposed model. When patient comes into the coverage area of a Gateway, all the IoMT devices affixed to the patient are first authenticated after that communication starts. Patients travel from one location to another; as previously noted, they enter the coverage area of one Gateway and then later enter another again; authentication of IoMT devices is done with the Gateway in that range. We suggest implementing a CA, which will be accountable for managing the identities of all devices registered within its network.

Figure 2.

System model for the registration phase.

Figure 3.

System model for the authentication phase.

The notations utilized in this proposed article are presented in Table 2.

Table 2.

Notation used in the manuscript.

Notations	Descriptions
IoMT	Internet of Medical Things
CA	Central Authority
G	Generating point on ECC
RG _List	Registered Gateway List
SKMC	Shared secret key between IoMT device and CA
SKMG	Shared secret key between IoMT device and Gateway
Req _IoMT	Request generated by IoMT device
d _g	Private key of Gateway
Q _g	Public key of Gateway
d _c	Private key of CA
Q _C	Public key of CA
d _m	Private key of IoMT
Q _m	Public key of IoMT
IoMT _a	Anonymity Identity of IoMT device
E(Key,Message)	Symmetric key Encryption
D(Key,Message)	Symmetric key Decryption
N _m	Nonce
⊕	XOR operation
║	Concatenation operation

IoMT device: IoMT devices collect medical data using sensors, analyze it locally, and securely communicate it to CA. By being integrated with healthcare systems, they provide patients with more control and importance while also making data security a top priority, thereby guaranteeing privacy. This technology transforms healthcare by facilitating un-interrupted monitoring and tailored treatment, improving patient outcomes.

Gateway: Gateways are essential in IoMT environments since they authenticate IoMT devices in consultation with CA. These gateways function as intermediates, guaranteeing the establishment of secure communication routes. The gateways share all transferred data with the CA and, in turn, forward it to medical experts, ensuring smooth and secure data transmission while upholding privacy and confidentiality.

CA: The CA establishes and enforces regulations, standards, and guidelines to ensure compliance with healthcare regulations. It certifies IoMT devices, evaluating their functionality, safety, and adherence to regulatory requirements before granting authorization for deployment. It also authenticates the Gateway installed in the IoMT healthcare system. CA maintains registered IMT devices and Gateways. CA plays an important role in removing malicious IoMT devices and Gateways. Additionally, the CA manages digital identities and authentication mechanisms to facilitate secure communication and data encryption within the IoMT network. More-over, it aggregates anonymized data collected from IoMT devices. The CA also plays a critical role in incident response and security monitoring, detecting and responding to security breaches or unauthorized access attempts. Furthermore, it promotes interoperability and standardization, ensuring seamless integration and communication between different IoMT devices and healthcare systems. In the IoMT health-care system, the CA is essential for assuring the security, stability, and compliance of IoMT systems, promoting innovation and better healthcare results.

Protocol

In this section, we have explored online registration procedures for IoMT devices and Gateways using CAs and discussed an authentication protocol for IoMT devices with Gateways. We have suggested an authentication protocol for the IoMT devices with a CA that uses blind signatures based on ECC. This section also provides a detailed explanation of the scheme’s mathematical formulation.

In the proposed protocol, all entities involved in the IoMT Health care system agreed upon the domain parameter of ECC. Randomly select a secret key dc for the CA, $d_{g}$ for the Gateway and dm for the IoMT device. We then calculate the public key, $Q_{C A}$ , for the CA by multiplying $d_{c}$ with G. Similarly, we calculate the public key, $Q_{g}$ , for the Gateway by multiplying dg with G. The public key of the IoMT device is Qm and computed as dm* G The shared secret key between the Gateway and the CA is denoted as $S K G C = dc * dg * G$ .

The shared secret key between the IoMT devices and the Gateway is denoted as $S K M G = dm * dg * G$ ¸ Also, the shared secret key between The shared secret key between the CA and IoMT device is denoted as $S K M C = dm * dc * G$ . Algorithm for Registration of Gateway with CA: Gateway uses its MAC address as identity and converts it in to a point on ECC, i.e. GMAC Gateway encrypts GMAC using (SKGC) and sends it to CA. The message is decrypted by the CA using (SKGC), specifically by applying the decryption algorithm D(SKGC, GMAC). This process allows the CA to get the identity of the Gateway GMAC. Then, CA utilizes the ECDLP signature to generate a signature ${G M A C}_{s i g n}$ for the identification of the Gateway GMAC. The signature, ${G M A C}_{s i g n}$ , is encrypted using SKGC and sent back to the Gateway. After obtaining the signature ${G M A C}_{s i g n}$ , Gateway saves it as the verified identity for future reference algorithm 2 demonstrates the registration process of Gateway and CA.

Algorithm for registration of IoMT device with CA

The IOMT device used its MAC address for its unique identification, known as ${MAC}_{IoMT}$ . CA generates a randomvalue, denoted as $k^{'}$ , and calculates $R^{'}$ by multiplying $k^{'}$ withG, $R^{'}$ is sent to IoMT device by encrypting using SKMC An IOMT device does the blinding of ${MAC}_{IoMT}$ and same is encrypted using $SKGC$ to CA. CA does the blind signature using its private key on ${MAC}_{IoMT} .$ The blind signature ${IoMT}_{a}$ is used as anonymity identification of the IoMT device. CA stores ${IoMT}_{a}$ in the registered IoMT device list for future use. CA applies encryption to the ${IoMT}_{a}$ using the $SKMC$ and transmits it to the IoMT device. IoMT device decryptsand saves ${IoMT}_{a}$ for its use. Algorithm 3 demonstrates the process of registering an IoMT device with a CA.

Algorithm for authentication of IoMT by gateway

The protocol involves the IoMT device retrieving its anonymity Identification from its memory ${I o M T}_{a}$ and generating a nonce $(N_{m})$ it combines these values with other values mentioned in the algorithm 4 and sends them to Gateway for device authentication. After receiving a request from the IoMT device, Gateways ends it to CA to find out whether this is a registered Device. CA, after receiving the request from Gateway, searches in the registered list of devices and Gateway. If it does not find anyone or both, then mark it as a malicious entity, remove it from the network, and terminate; otherwise, send a valid message to Gateway for further processing in the authentication phase. Gateway, after receiving a validated message, does the mutual authentication using Nonce generated by the IoMT device and Gateway. The proposed algorithm also uses a Lightweight encryption algorithm and Lightweight Message Authentication Code Algorithm to protect against Chosen Cipher text attack. The authentication algorithm is explained in detail algorithm 4.

Removal of malicious IoMT device and gateway

Initially, the Gateway and IoMT device was registered with the CA in online mode. CA maintains a registered list for Gateway and IoMT devices. The authentication process starts when an IOMT device comes in the range of one of the gateways. Gateway, after receiving a request from the IoMT device, in turn, sends CA for verification of whether the said IoMTdevice is registered or not, along with its own identity. CA searches both identities in the registered list; if it does not find anyone or both, then marks it as a malicious device or gateway and removes them from the IoMT environment. This process has been explained in Algorithm 4 in step-2 to 13. After this, any impersonate attack has been done by the malicious entity in step-32. If it does not match the authentication code, the CA removes the IoMT device from the network.

Security analysis

This section introduces formal and informal analysis. The formal analysis simulates the authentication protocols with the AVISPA tool, ensuring the system meets specified security standards. Whereas informal analysis involves a theoretical consideration of security features and attacks. Here are the specifics:

Formal security verification with AVISPA tool

AVISPA is a robust tool designed for Automated Validation of Applications and Internet Security Protocols. Created in 2004 by Basin et al.⁴⁰ as a component of a European project, it functions as an automated analysis tool specifically designed to assist in the verification of security protocols. AVISPA addresses two prominent challenges: it strives to achieve operational efficiency while also ensuring accessibility to people who may not possess expertise in the field of security. This tool is adaptable and can be used for both small and medium-sized protocols, such as those present in the Clark/Jacob library, as well as larger-scale Internet security protocols. AVISPA analyses protocols that are written in the High-Level Protocol Specification Language (HLPSL). This language is formal and based on roles. It is used to specify data structures, cryptographic operations, control flow patterns, and algebraic features. Subsequently, the protocol requirements are converted into an intermediary format referred to as IF. AVISPA utilizes four distinct backend tools, each with the capability to analyze protocols encoded in the IF format. The back ends provide four different approaches to analyzing the protocol, which improves the tool’s versatility and adaptability.⁴¹ AVISPA has the capability to verify any language that can be transformed into IF, without any limitations on specific languages. In summary, AVISPA is a highly beneficial tool for automatically validating security procedures. It provides efficiency and accessibility to a diverse range of users, regardless of their level of competence in the field of security. Our analysis includes three distinct roles: “IoT Device,” “Gateway,” and “CA.” Each position has particular session and environment parameters that outline the security aims. We employed the CL-AtSe and OFMC back ends to verify the security of our system. The intruder possesses complete network authority, enabling them to intercept, analyze, or change messages using the appropriate encryption keys. Nevertheless, our simulation results validate the robustness of our method, even in scenarios where the attacker can impersonate entities and transmit messages. The results demonstrate that the system is secure, highly effective, and capable of preventing attacks such as Man-in-the-Middle (MITM), replay, and impersonation. The validation conducted by AVISPA is illustrated in Figures 4–6 displays the results of the registration and authentication protocol of the system.

Figure 4.

Registration of gateway with CA.

Figure 5.

Registration of IoMT device with CA.

Figure 6.

Authentication phase.

Informal security analysis

Theorem:1 Protocol resists impersonation attack

Proof: The proposed authentication protocol is designed to resist impersonation attacks by ensuring that critical parameters required for a successful login phase, such as the nonce $(N_{m}),$ the anonymity identity of the IoT device $({I O M T}_{a}),$ and the secret key $(x_{s k m g})$ are kept confidential and known only to legitimate parties. Even if an intruder intercepts the communicated message $< {I D}_{m}, {R e q}_{I o M T}, H M, {G M A C}_{s i g n} >,$ they cannot generate a valid message without these secrets. Consequently, without access to these crucial parameters, an intruder cannot impersonate a legitimate user, ensuring the protocols against attacks.

Theorem:2 Protocol ensures Mutual authentication

Proof: Mutual authentication in IoMT devices ensures secure and trusted communication using cryptographic techniques. In the proposed protocol, all entities use a shared secret key for communication. As the shared secret key is only available to legitimate entities, everyone is assured that communication is done with legitimate entities. The protocol also uses Nonce for Mutual authentication.

Theorem:3 Satisfy privacy preservation property

Proof: The privacy of the IoMT device is preserved through cryptographic techniques and secure identity management. During registration, the IoMT device provides an anonymous or blind identity to the CA, ensuring the real identity of the device is not disclosed. The CA signs on blind identity using its private key as if it is signing on any message. This signature is used as the Anonymity Identity $({I o M T}_{a})$ of the IoMT device. In case of a dispute, a Verification Algorithm can be used by anyone with the help of an IoMT device and CA to reveal the real identity of the IoMT device, providing accountability when necessary. These mechanisms collectively ensure the privacy of IoMT devices.

Theorem:4 Proposed protocol resist Man -in The Middle attack

Proof: The proposed scheme involves sharing secret keys among IoMT devices, Gateway, and CA during communication is $(S K M G, S K C G, S K C M) .$ The shared secret key is used for the encryption and decryption of messages, ensuring that only the intended entities (IoMT device, Gateway, and the CA) can access the messages. The intruder cannot access this shared secret key. Hence, the proposed protocol ensures MITM attack.

Theorem:5 Proposed protocol resists Replay attack

Proof: Replay attacks exploit the repetition of intercepted encrypted messages in communication systems. In the context of IoMT devices, attackers capture encrypted messages exchanged between devices, gateways, and CA, often including sensitive data or authentication tokens. By replaying these messages later, attackers can compel IoMT devices to accept them as legitimate messages. This poses significant risks in healthcare environments, where the integrity and confidentiality of medical data are critical. When an IoMT device comes within the rangeof one of the Gateways, the proposed authentication protocol is used to authenticate the IoMT device. In the said protocol, each entity uses fresh Nonces. (IoMT Device, Gateway and CA). Shared secret keys are used in all communication and are only available with intended entities (the IoMT device, Gateway, and the CA). Hence, Nonce and the shared secret key help in resisting the Replay attack.

Theorem:6 Protocol ensures Anonymity

Proof: In the registration phase, the IoMT device uses its blinded identity. CA uses a blind signature to protect the identity of IoMT devices. So, an attacker cannot obtain the actual device identity from ${I o M T}_{a}$ . Thus, identity will not be revealed. If the attacker tries to find the IoMT identity, then she/he has to know the blinded factor. As a result, the Protocol ensures Anonymity.

Theorem:7 Protocol ensures Confidentiality

Proof: In authentication protocol, we must protect in- formation from unauthorized access or disclosure. All entities use shared secret keys for any communication. As the shared secret key is only available to authorized entities, any unauthorized entity attempting to intercept or eavesdrop on the communication could not decipher the encrypted messages, thus maintaining the confidentiality of the information exchanged between the participating entities.

Theorem:8 Protocol ensures Non repudiation

Proof: The authentication protocol achieves non- repudiation through message authentication codes (MACs) and blind signatures. The Certificate Authority signs validation responses, while the Gateway signs authentication messages, providing evidence of message origin. MACs ensure message integrity, pre- venting alteration during transmission. Additionally, logging and auditing capture authentication events, offering a record for accountability. These mechanisms collectively ensure that parties cannot deny their actions or message validity, enhancing the protocol’s reliability.

Theorem:9 Proposed protocol sustain Modification attack

Proof: First, the IoMT device must register with CA to be part of the IoMT environment. The adversary cannot intercept any communication as before communication, it has to authenticate. We have already mentioned that if any malicious IoMT device or Gateway wants to be part of the IoMT device, the authentication protocol removes them from the IoMT environment. Hence, there is no question of malicious entities to modify any communication. Hence, the proposed protocol sustains the Modification attack.

Theorem:10 Proposed protocol resist Chosen Cipher text attack

Proof: In step 23 of Algorithm 4, Gateway computes $H V$ , which is the Hash value of V $(V = k P g a t e w a y) .$ $H V$ consists of encrypted key Ke and MAC key $K_{m}$ . In step- 24, Gateway compute $C_{2}$ , which an encrypted value is of $K_{e}$ and $N_{m g}$ . It also calculates the Authentication code, i.e. $A C,$ which is the message Authentication code of $C_{2}$ . Gateway encrypts ${C_{1}, C}_{2}$ and $A C$ using a shared secret key between the IOMT device and Gateway and sends it to IoMT devices. If received, $C_{1}$ does not belong to the Group it rejects. After receiving the IoMT device, calculate and compare the $A C$ with the $A C$ received. If it does not match, the process stops; otherwise, go to the next step. This process protects the CCA attack.

Result and discussion

This section describes the system configuration, evaluates the communication and computation costs associated with the log-in and authentication stages, and compares the security features and resilience to different attacks. Additionally, we will contrast our suggested protocol’s computation and communication costs with those of the current protocol.

System configuration

A well-known validation tool AVISPA was used to validate the suggested authentication protocol. Here is the system configuration:

• Operating System: SPAN-Ubuntu 10.10-light (32-bit)

• Virtualization Platform: Oracle VM Virtual Box Manager

• Host Machine: iMac

• Processor: Intel(R) Core (TM) i5 CPU, 2.3 GHz (Dual-Core)

• Memory (RAM): 8 GB

Security features and attacks

In this section, we compare the proposed protocol with other existing protocols. The proposed mechanism offers some security features, such as lightweight operation, anonymity, secrecy, integrity, and privacy preservation for IoMT devices and gateways, as shown in Table 3. Compared to other schemes, it also shows how resistant it is to different types of attacks.

Table 3.

Comparative summary: security features and attacks.

Security features	(Fatouhi et al., 2020)²⁵	(Kang et al.,2024)⁴²	(Li et al., 2021)¹⁹	(Yu and park, 2022)³⁰	Proposed scheme
Privacy preserving	Yes	No	Yes	Yes	Yes
Anonymity	No	No	Yes	No	Yes
Integrity	Yes	Yes	Yes	Yes	Yes
Confidentiality	Yes	Yes	Yes	Yes	Yes
Resource constrained	No	No	No	No	Yes
Lightweight Components	No	No	Yes	No	Yes
Malicious Gateway	No	No	No	No	Yes
Mutual authentication	Yes	Yes	Yes	Yes	Yes
Key agreement	Yes	Yes	Yes	Yes	Yes
Validation tool	Proverif	Scyther	NA	AVISPA	AVISPA
CCA	No	No	No	No	Yes
Communication cost	Low	High	Low	High	Low

Computation and communication cost

The proposed lightweight security scheme focuses on reducing both computational and communication overhead, which are critical factors in resource-constrained environments such as IoT devices and wireless sensor networks. These environments often include devices with limited processing power, memory, and energy. Our proposed scheme uses hash function, XOR and Concatenation, which are lightweight when compared with other protocols, which are shown in Table 4. Which significantly improves efficiency over other existing protocols.

Table 4.

Comparative summary: computation and communication cost.

Protocols	Total computation cost	Total communication cost (bits)
(Fatouhi et al., 2020)²⁵	10Th + 17Th + 7Th = 34Th	5440
(Kang et al., 2024)⁴²	11Th + 12Th + 9Th = 32Th	5120
(Li et al., 2021)¹⁹	10Th + 9Th + 7Th = 26Th	4160
(Yu and park 2022)³⁰	9Th + 9Th + 7Th = 25Th	4000
Proposed scheme	3Th + 2Th + 0Th = 5Th	800

Computational cost efficiency

One of the key factors in our protocol’s superior performance is its use of lightweight cryptographic components. In the proposed scheme, hash functions, XOR operations, and simple concatenation are extensively used in place of more complex and computationally heavy operations, which are commonly found in traditional security protocols. This choice makes our protocol particularly suited for devices with limited computational resources, such as the device nodes. Device nodes, which have far lower computational capacity than gateway nodes, benefit the most from this lightweight design. In real-world deployments, device nodes often handle authentication and session initiation, making computational efficiency a critical factor in protocol performance. By reducing the computational complexity, our protocol minimizes the time spent on processing, which in turn conserves energy for battery-powered IoT devices. Based on the study²⁵ we can see that a single hash function operation takes approximately $T_{h} = 0.00032 s e c o n d s$ , while symmetric key encryption/decryption takes $T_{s} = 0 . 0056 s e c o n d s$ .The communication overhead of both the concatenation operation (║) and the XOR operation (⊕) is generally considered minimal. This is because both operations involve basic bit level manipulations, which do not require the transmission of additional data beyond the existing message size. The proposed protocol primarily relies on hash operations, which are significantly faster and less resource-intensive than encryption or decryption operations. This makes our approach more suitable for devices that are sensitive to time and power consumption. This further reduces the overall computational cost, making our scheme more practical for real-time applications where devices need to authenticate quickly and efficiently.

Communication cost

Another important consideration in the design of security protocols is communication cost, which refers to the amount of data exchanged during authentication processes. High communication costs can lead to increased bandwidth usage, higher power consumption, and longer delays, all of which can degrade the performance of resource- constrained devices. The proposed scheme minimizes the communication overhead by keeping the size of exchanged messages small. The security parameters used in the protocol, such as hash values, identities, and nonce values, are carefully chosen to strike a balance between security and efficiency. For example, the hash values and identities in the proposed protocol are assumed to have a security level of 160 bits, while the nonce values have a security length of 128 bits. These sizes are adequate to provide a strong level of security while ensuring that the message sizes remain small, thus minimizing the communication cost. The proposed protocol, focusing on symmetric key operations and hash-based authentication, avoids such costly exchanges. Despite its lightweight nature, proposed protocol does not compromise on security. The use of hash functions and nonce values effectively prevents replay attacks, where an adversary reuses old authentication messages. Additionally, the security levels of 160-bit hashes and 128-bit nonce are strong enough to resist common cryptographic attacks such as brute-force or collision attacks, thereby ensuring the integrity and confidentiality of the communication. When compared to other protocols that may rely on heavier cryptographic operations, such as RSA, ECC, or even multi-round message exchanges, the proposed protocol clearly demonstrates lower computational and communication costs. For example, public key-based protocols typically require larger key sizes and involve computationally expensive operations like exponentiation, which are unsuitable for resource-constrained devices. In contrast, the proposed protocol depends on simple hash and XOR operations, making it ideal for environments where both power and processing resources are limited. Figure 7 compares the computational cost, and Table 4 illustrates the protocol is more efficient than the other existing protocols in terms of reduced computational and communications overhead when compared to other protocols, further emphasizing its practicality for real-world deployments in constrained environments.

Figure 7.

Comparison of computational cost with other existing scheme.

Conclusion

The suggested protocol meets the pressing requirement for a solution that balances security, resource efficiency, and practicality, which is particularly important in light of the growing demand for interconnected healthcare devices. The proposed light weight protocol significantly assists in integrating IoMT by enhancing patient safety and preserving sensitive medical data. The proposed protocol was specifically designed to address the challenges with in the IoMT environment. Online methods of registering an IoMT device and Gateway with the CA have been suggested. Lightweight components, such as the XOR operator, the hash function, and concatenation, were utilized to minimize computing power consumption. This approach ensures patient privacy by using blind signatures while registering with the CA. Certain security features, including anonymity, confidentiality, integrity, lightweight operation, mutual authentication, and privacy protection, are guaranteed by this protocol. In addition, this protocol is resistant to several attacks, such as CCA, replay attack, impersonation, and Man in the Middle attack. The protocol allows for the detection and removal of any malicious Gateway and IoMT devices that threaten IoMT healthcare environments. The proposed protocol is validated and verified using the AVISPA tool. According to the comparison analysis, this protocol preserves privacy better than other protocols in the same scenario. According to the comparison, it is computationally five to six times more efficient than the existing methods. From a local and global perspective, the study presented in this paper has substantial practical consequences that can be understood through social, economic, and commercial lenses. This work represents a major advancement towards secure communication in healthcare and opens up possibilities for more research and development in this important area.

Footnotes

Author contributions

Kalpana Samal Design of Authentication protocol and informal security analysis for IOMT device and written the manuscript. Shanta Kumari Sunanda Verified the security protocol by using BAN Logic. Debasish Jena has done the verification of the proposed protocol using AVIPSA and written the manuscript. Srikant Pattnaik has verified the logic for the proposed scheme.

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The authors received no financial support for the research, authorship, and/or publication of this article.

ORCID iDs

Kalpana Samal

Shanta Kumari Sunanda

Debasish Jena

Srikanta Patnaik

References

Mohanta

Jena

Satapathy

, et al. Survey on IoT security: challenges and solution using machine learning, artificial intelligence and blockchain technology. Internet of Things 2020; 11: 100227.

Lin

Cai

, et al. Secure Internet of Medical Things (IoMT) based on ECMQV-MAC authentication protocol and EKMC-SCP blockchain networking. Inf Sci 2024; 654: 119783.

Mohanta

Jena

Ramasubbareddy

, et al. Addressing security and privacy issues of IoT using blockchain technology. IEEE Internet Things J 2020; 8(2): 881–888.

Panda

Jena

Mohanta

, et al. Authentication and key management in distributed IoT using blockchain technology. IEEE Internet Things J 2021; 8(16): 12947–12954.

Mishra

Vijayakumar

Sureshkumar

, et al. Efficient authentication protocol for secure multimedia communications in IoT-enabled wireless sensor networks. Multimed Tools Appl 2018; 77: 18295–18325.

Guo

Liang

. A privacy-preserving four-factor authentication protocol for Internet of Medical Things. Computer Security 2024; 137: 103632.

Hatzivasilis

Soultatos

Ioannidis

, et al. Review of security and privacy for the internet of medical things (IoMT). In: 15th international conference on distributed computing in sensor systems (DCOSS), Santorini Island, Greece, 29–31 May 2019. IEEE, pp. 457–464.

Zhou

Tan

Iroshan

. A secure and privacy-preserving authentication scheme in IoMT. In: International symposium on security and privacy in social networks and big data. Singapore: Springer, 2022, pp. 163–174.

Alam

Kumar

. A novel authentication protocol to ensure confidentiality among the internet of medical things in COVID-19 and future pandemic scenario. Internet of Things. 2023; 22: 100797.

10.

Bos

Halderman

Heninger

, et al. Elliptic curve cryptography in practice. In: Financial cryptography and data security: 18th international conference, FC 2014. Berlin, Germany: Springer, 2014, pp. 157–175.

11.

Challa

Das

Odelu

, et al. An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Computer Electrical Eng 2018; 69: 534–554.

12.

Das

. Two-factor user authentication in wireless sensor networks. IEEE Trans Wirel Commun 2009; 8(3): 1086–1090.

13.

Gao

Chan

, et al. An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens Wireless Netw 2010; 10(4): 361–371.

14.

Kumar

Lee

. Cryptanalysis on two user authentication protocols using smart card for wireless sensor networks. In: 2011 Wireless advanced. New York: IEEE, 2011, pp. 241–245.

15.

Khan

Alghathbar

. Cryptanalysis and security improvements of ‘two-factor user authentication in wireless sensor networks’. Sensors 2010; 10(3): 2450–2459.

16.

Lou

, et al. Group device pairing-based secure sensor association and key management for body area networks. In: 2010 Proceedings IEEE INFOCOM. New York: IEEE, 2010, pp. 1–9.

17.

Liu

Zhang

Chen

, et al. Certificateless remote anonymous authentication schemes for wireless body area networks. IEEE Trans Parallel Distrib Syst 2013; 25(2): 332–342.

18.

Zeadally

Kumar

, et al. Anonymous authentication for wireless body area networks with provable security. IEEE Syst J 2016; 11(4): 2590–2601.

19.

Guo

, et al. PSL-MAAKA: provably secure and lightweight mutual authentication and key agreement protocol for fully public channels in internet of medical things. IEEE Internet Things J 2021; 8(17): 13183–13195.

20.

Ibrahim

Kumari

, et al. Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput Network 2017; 129: 429–443.

21.

Zhou

Yeh

, et al. Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Generat Comput Syst 2019; 91: 244–251.

22.

Jaiswal

Sobhanayak

Turuk

, et al. An IoT-cloud based smart healthcare monitoring system using container-based virtual environment in edge device. In: International Conference on Emerging Trends and Innovations in Engineering, Ernakulam, India, 11 November 2018, pp. 1–7.

23.

Srivastava

Debnath

. A multivariate-based provably secure certificateless signature scheme with applications to the internet of medical things. Comput J 2023; 66(10): 2499–2516.

24.

Chatterjee

. An improved authentication protocol for wireless body sensor networks applied in healthcare applications. Wireless Pers Commun 2020; 111(4): 2605–2623.

25.

Fotouhi

Bayat

Das

, et al. A lightweight and secure two-factor authentication scheme for wireless body area networks in healthcare IoT. Comput Network 2020; 177: 107333.

26.

Sureshkumar

Amin

Vijaykumar

, et al. Robust secure communication protocol for smart healthcare system with FPGA implementation. Future Generat Comput Syst 2019; 100: 938–951.

27.

Lee

Chen

. Lightweight fog computing-based authentication protocols using physically unclonable functions for internet of medical things. Journal of Inf Sec Appl 2021; 59: 102817.

28.

Mohammed

Ibrahim

Abdulkareem

. Bio-inspired robotics enabled schemes in blockchain-fog-cloud assisted IoMT environment. Journal of King Saud University-Computer and Information Sciences 2023; 35(1): 1–2.

29.

Wang

Chen

Yin

, et al. Blockchain and PUF-based lightweight authentication protocol for wireless medical sensor networks. IEEE Internet Things J 2021; 9(11): 8883–8891.

30.

Park

. A robust authentication protocol for wireless medical sensor networks using blockchain and physically unclonable functions. IEEE Internet Things J 2022; 9(20): 20214–20228.

31.

Praveen

Pabitha

. A secure lightweight fuzzy embedder-based user authentication scheme for Internet of Medical Things. J Netw Comput Appl 2023; 210: 103668.

32.

Singh

. GBEAKA: group-based efficient authentication and key agreement protocol for LPIoMT using 5G. Internet of Things 2023; 22: 100688.

33.

Das

Namasudra

. Lightweight and efficient privacy-preserving mutual authentication scheme to secure Internet of Things-based smart healthcare. Trans Emerging Tel Tech 2023; 34(11): e4716.

34.

Jahangeer

Bazai

Aslam

, et al. A review on the security of IoT networks: from network layer’s perspective. IEEE Access 2023; 11: 71073–71087.

35.

Rekha

Thirupathi

Renikunta

, et al. Study of security issues and solutions in internet of things (IoT). Mater Today Proc 2023; 80: 3554–3559.

36.

World Health Organization . Global patient safety action plan 2021-2030: towards eliminating avoidable harm in health care. Geneva: World Health Organization, 2021.

37.

Hoffstein

. Integer factorization and RSA. In: An introduction to mathematical cryptography. New York: Springer, 2008, pp. 1–75.

38.

Chandra

. Design of blind signature protocol based upon DLP. [PhD Thesis]. National Institute of Technology, Rourkela, 2013.

39.

Mahto

Yadav

. RSA and ECC: a comparative analysis. Int J Appl Eng Res 2017; 12(19): 9053–9061.

40.

Armando

Basin

Boichut

, et al. The AVISPA tool for the automated validation of internet security protocols and applications. In: Computer aided verification. Berlin, Heidelberg: Springer, 2005, pp. 281–285.

41.

Armando

Basin

Cuellar

, et al. AVISPA: automated validation of internet security protocols and applications. ERCIM News, 2006.

42.

Kang

Woo

Ryu

. Enhanced lightweight medical sensor networks authentication scheme based on blockchain. IEEE Access 2024; 12: 35612–35629.

A lightweight privacy preservation authentication protocol for IoMT using ECC based blind signature

Abstract

Keywords

Introduction

Related work

Preliminaries

Elliptic curve cryptography (ECC)

Proposed scheme

System model

Protocol

Algorithm for registration of IoMT device with CA

Algorithm for authentication of IoMT by gateway

Removal of malicious IoMT device and gateway

Security analysis

Formal security verification with AVISPA tool

Informal security analysis

Result and discussion

System configuration

Security features and attacks

Computation and communication cost

Computational cost efficiency

Communication cost

Conclusion

Footnotes

Author contributions

Declaration of conflicting interests

Funding

ORCID iDs

References