A Secure, Lightweight, and Anonymous Authentication Scheme for Healthcare IoT

Authors

  • Jaydeep Gheewala, Pariza Kamboj

Keywords:

Healthcare Internet of Things; Lightweight authentication; Mutual authentication; Key agreement; Patient anonymity; Physical Unclonable Function (PUF); Body sensor networks; Formal security verification; BAN logic; AVISPA

Abstract

Continuously monitoring patients and offering remote healthcare services can be supported by the H-IoT, which comprises body sensor networks (BSNs), wearable devices, gateways, and healthcare servers. While H-IoT significantly improves the efficiency and availability of health services, it also brings critical security and privacy problems such as transmitting sensitive medical information through public networks and resource-constrained devices the deployment environment of medical sensors which can be physically compromised [10], [13], [17]. In particular, a difficult issue of research is the design techniques that can construct authentication and key agreement mechanisms, which at the same time need to be lightweight, keep patient anonymity information and withstand physical capture attacks.

Lightweight authentication schemes of the existing literature using symmetric key cryptography and hash functionin'gs yield low computational complexity but, in general do not ensure strong anonymity and protection against physical attacks [2],[6], [14]. On the other hand, PUFbased solutions enhance hardware-level security but are often restricted by additional communication overhead or donot have a complete formal security proof [3]–[5], [21], [22]. Furthermore, a number of recent works demonstrate that many healthcare-based authentication protocols are based on informal security arguments and do not inspire confidence that they are secure against a computationally-strong adversary [17], [25].

In order to meet these challenges, this paper presents a lightweight, secure and privacy-preserving authentication and key agreement scheme designed for Healthcare IoT settings. The introduced scheme combines the light-weight cryptographic primitives with hardware-backed secret identity for achieving mutual authentication, patient privacy as well as resistance against replay, impersonation, man-in-the-middle and lost token attacks. The security of the scheme is formally verified by BAN logic [15] and AVISPA tool [16], demonstrating the correctness of authentication and security of session keys. Furthermore, performance comparison indicates that the proposed protocol is more computationally and communication efficient than existing healthcare IoT authentication designs [1], [5], [19] and can be deployed on the resource-constrained medical equipment.

 

Downloads

Download data is not yet available.

References

J. Zhao, S. Zeng, P. Luo, B. Zhao, and Z. Wang, “A lightweight multi-sensor concurrent identity authentication protocol for smart grids,” Measurement: Sensors, vol. 33, Jun. 2024, Art. no. 101131,

doi: 10.1016/j.measen.2024.101131.

A. Mahesh Reddy and M. Kameswara Rao, “A lightweight symmetric cryptography-based user authentication protocol for IoT-based applications,” Scalable Computing: Practice and Experience, vol. 25, no. 3, pp. 1647–1657, Apr. 2024, doi: 10.12694/scpe.v25i3.2692.

Y. Zhuang and G. Li, “A lightweight PUF-based authentication protocol,” arXiv:2405.13146, May 2024.

C. Gupta and G. Varshney, “A lightweight and secure PUF-based authentication and key-exchange protocol for IoT devices,” arXiv:2311.04078, Nov. 2023.

J. Cui, J. Wang, H. Meng, J. Du, X. Cao, T. Xie, and Y. Yong, “Lightweight and anonymous mutual authentication protocol for edge IoT nodes with physical unclonable function,” Security and Communication Networks, vol. 2022, Art. no. 1203691, 2022, doi: 10.1155/2022/1203691.

J. Oh, S. Yu, J. Lee, S. Son, M. Kim, and Y. Park, “A secure and lightweight authentication protocol for IoT-based smart homes,” Sensors, vol. 21, no. 4, Art. no. 1488, 2021,

doi: 10.3390/s21041488.

P. Gope, A. K. Das, N. Kumar, and Y. Cheng, “Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks,” IEEE Trans. Ind. Informatics, vol. 15, no. 9, pp. 4957–4968, Sep. 2019, doi: 10.1109/TII.2019.2895030.

E. Lara, L. Aguilar, M. A. Sanchez, and J. A. García, “Lightweight authentication protocol for M2M communications of resource-constrained devices in industrial Internet of Things,” Sensors, vol. 20, no. 2, Art. no. 501, 2020, doi: 10.3390/s20020501.

H. S. Trivedi and S. J. Patel, “Design of secure authentication protocol for dynamic user addition in distributed Internet-of-Things,” Computer Networks, vol. 178, Art. no. 107335, 2020, doi: 10.1016/j.comnet.2020.107335.

K.-H. Yeh, “A secure IoT-based healthcare system with body sensor networks,” IEEE Access, vol. 4, pp. 10288–10299, 2016, doi: 10.1109/ACCESS.2016.2638038.

S. Garg, K. Kaur, G. Kaddoum, J. J. P. C. Rodrigues, and M. Guizani, “Secure and lightweight authentication scheme for smart metering infrastructure in smart grid,” IEEE Trans. Ind. Informatics, vol. 16, no. 5, pp. 3548–3557, May 2020, doi: 10.1109/TII.2019.2944880.

P. Kumar, A. Gurtov, M. Sain, A. Martin, and P. H. Ha, “Lightweight authentication and key agreement for smart metering in smart energy networks,” IEEE Trans. Smart Grid, vol. 10, no. 4, pp. 4349–4359, Jul. 2019, doi: 10.1109/TSG.2018.2857558.

S. R. Moosavi, T. N. Gia, A.-M. Rahmani, E. Nigussie, S. Virtanen, J. Isoaho, and H. Tenhunen, “SEA: A secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways,” Procedia Computer Science, vol. 52, pp. 452–459, 2015, doi: 10.1016/j.procs.2015.05.013.

S. Gaba, G. Kumar, H. Monga, T.-H. Kim, and P. Kumar, “Robust and lightweight mutual authentication scheme in distributed smart environments,” IEEE Access, vol. 8, pp. 69722–69733, 2020, doi: 10.1109/ACCESS.2020.2986480.

M. Burrows, M. Abadi, and R. Needham, “A logic of authentication,” ACM Trans. Comput. Syst., vol. 8, no. 1, pp. 18–36, Feb. 1990, doi: 10.1145/77648.77649.

L. Viganò, “Automated security protocol analysis with the AVISPA tool,” Electron. Notes Theor. Comput. Sci., vol. 155, pp. 61–86, 2006, doi: 10.1016/j.entcs.2005.11.052.

M. A. Khan, I. U. Din, T. Majali, and B.-S. Kim, “A survey of authentication in Internet of Things-enabled healthcare systems,” Sensors, vol. 22, no. 23, Art. no. 9089, 2022.

Q. Xie, Z. Ding, and Q. Xie, “A lightweight and privacy-preserving authentication protocol for healthcare in an IoT environment,” Mathematics, vol. 11, no. 18, Art. no. 3857, 2023. doi: 10.3390/math11183857.

K. Kim, J. Ryu, Y. Lee, and D. Won, “An improved lightweight user authentication scheme for the Internet of Medical Things,” Sensors, vol. 23, no. 3, Art. no. 1122, 2023.

doi: 10.3390/s23031122.

M. A. Jan, F. Khan, S. Mastorakis, and J. Li, “LightIoT: Lightweight and secure communication for energy-efficient IoT in health informatics,” arXiv preprint, arXiv:2104.14906, 2021.

M. A. Jan, F. Khan, S. Mastorakis, and J. Li, “PUFTAP-IoT: PUF-based three-factor authentication protocol in IoT environment,” Sensors, vol. 22, no. 18, Art. no. 7075, 2022.

doi: 10.3390/s22187075.

A. Braeken, P. Porambage, M. Stojmenovic, and A. Braeken, “PUF-based authentication protocol for IoT,” Symmetry, vol. 10, no. 8, Art. no. 352, 2018. doi: 10.3390/sym10080352.

J. Zhang, Y. Zhang, and W. Chen, “Secure PUF-based authentication systems: A survey,” Sensors, vol. 24, no. 16, Art. no. 5295, 2024. doi: 10.3390/s24165295.

S. R. Moosavi, T. N. Gia, A.-M. Rahmani, E. Nigussie, and H. Tenhunen, “Authentication and authorization for IoT-based e-healthcare systems: A survey,” IEEE Commun. Surveys Tuts., vol. 22, no. 2, pp. 1248–1289, 2020.

doi: 10.1109/COMST.2019.2963177.

A. P. Fotouhi, M. Bayat, A. K. Das, and K. K. R. Choo, “Authentication schemes in IoT-based healthcare systems: A survey,” IEEE Internet Things J., vol. 8, no. 6, pp. 4184–4212, Mar. 2021. doi: 10.1109/JIOT.2020.3035418.

Downloads

Published

09.07.2024

How to Cite

Jaydeep Gheewala. (2024). A Secure, Lightweight, and Anonymous Authentication Scheme for Healthcare IoT. International Journal of Intelligent Systems and Applications in Engineering, 12(22s), 2335 –. Retrieved from https://www.ijisae.org/index.php/IJISAE/article/view/7987

Issue

Vol. 12 No. 22s (2024)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.