Abstract
The smart healthcare system advancements have introduced the Internet of Things, enabling technologies to improve the quality of medical services. The main idea of these healthcare systems is to provide data security, interaction between entities, efficient data transfer, and sustainability. However, privacy concerning patient information is a fundamental problem in smart healthcare systems. Many authentications and critical management protocols exist in the literature for healthcare systems, but ensuring security still needs to be improved. Even if security is achieved, it still requires fast communication and computations. In this paper, we have introduced a new secure privacy-enhanced fast authentication key management scheme that effectively applies to lightweight resource-constrained devices in healthcare systems to overcome the issue. The proposed framework is applicable for quick authentication, efficient key management between the entities, and minimising computation and communication overheads. We verified our proposed framework with formal and informal verification using BAN logic, Scyther simulation, and the Drozer tool. The simulation and tool verification shows that the proposed system is free from well-known attacks, reducing communication and computation costs compared to the existing healthcare systems.
Similar content being viewed by others
References
Amin R, Biswas G (2016) A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks 36:58–80
Bojjagani S, Rao P, Vemula DR, Reddy BR, Lakshmi TJ (2022) A secure iot-based micro-payment protocol for wearable devices. Peer-to-Peer Network Appl 15:1163–1188. https://doi.org/10.1007/s12083-021-01242-y
Bojjagani S, Reddy YP, Anuradha T, Rao PV, Reddy BR, Khan MK (2022) Secure authentication and key management protocol for deployment of internet of vehicles (IoV) concerning intelligent transport systems. IEEE Trans Intel Trans Syst 23(12):24698–24713. https://doi.org/10.1109/TITS.2022.3207593
Bojjagani S, Sastry V (2019) A secure end-to-end proximity nfc-based mobile payment protocol. Comput Stand & Interfaces 66:103,348. https://doi.org/10.1016/j.csi.2019.04.007
Bojjagani S, Seelam NR, Sharma NK, Uyyala R, Akuri SRCM, Maurya AK (2023) The use of IoT-based wearable devices to ensure secure lightweight payments in FinTech applications. J King Saud Univer Comput Info Sci 35(9):101785. https://doi.org/10.1016/j.jksuci.2023.101785
Boulos MNK, Wheeler S, Tavares C, Jones R (2011) How smartphones are changing the face of mobile and participatory healthcare: an overview, with example from ecaalyx. Biomed Eng online 10(1):1–14
Braghin C, Sharygina N, Barone-Adesi K (2011) A model checking-based approach for security policy verification of mobile systems. Form Asp Comput 23(5):627–648
Burrows M, Abadi M (1989) A logic of authentication. In: Proc. R. Soc. Lond. A, vol. 426, pp. 233–271. The Royal Society
Butpheng C, Yeh KH, Hou JL (2022) A secure iot and cloud computing-enabled e-health management system. Security and Communication Networks 2022
Butt SA, Jamal T, Azad MA, Ali A, Safa NS (2022) A multivariant secure framework for smart mobile health application. Transac Emerg Telecommun Technol 33(8):e3684
Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: International conference on the theory and applications of cryptographic techniques, pp. 453–474. Springer
Canetti R, Krawczyk H (2002) Universally composable notions of key exchange and secure channels. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 337–351. Springer
Cano MD, Cañavate-Sanchez A (2020) Preserving data privacy in the internet of medical things using dual signature ecdsa. Security and Communication Networks 2020
Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY (2017) Secure signature-based authenticated key establishment scheme for future iot applications. Ieee Access 5:3028–3043
Chowdhury FS, Istiaque A, Mahmud A, Miskat M (2018) An implementation of a lightweight end-to-end secured communication system for patient monitoring system. In: 2018 Emerging Trends in Electronic Devices and Computational Techniques (EDCT), pp. 1–5. IEEE
Cremers CJ (2008) The scyther tool: Verification, falsification, and analysis of security protocols: Tool paper. In: International conference on computer aided verification, pp. 414–418. Springer
Cremers CJF (2006) Scyther: Semantics and verification of security protocols
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Transact Inf Theory 29(2):198–208
Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks 36:152–176
Gallagher P, Director A (1995) Secure hash standard (shs). FIPS PUB 180:183
Garg N, Obaidat MS, Wazid M, Das AK, Singh DP (2021) Spcs-ioteh: Secure privacy-preserving communication scheme for iot-enabled e-health applications. In: ICC 2021-IEEE International Conference on Communications, pp. 1–6. IEEE
Habibzadeh H, Kaptan C, Soyata T, Kantarci B, Boukerche A (2019) Smart city system design: A comprehensive study of the application and data planes. ACM Comput Surv (CSUR) 52(2):1–38
He D, Kumar N, Wang H, Wang L, Choo KKR, Vinel A (2016) A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans Dependable Secur Comput 15(4):633–645
He D, Zeadally S, Xu B, Huang X (2015) An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans Inf Forensics Secur 10(12):2681–2691
Istepanian RS, Hu S, Philip NY, Sungoor A (2011) The potential of internet of m-health things “m-iot” for non-invasive glucose level sensing. In: 2011 annual international conference of the IEEE engineering in medicine and biology society, pp. 5264–5266. IEEE
Karmakar K, Saif S, Biswas S, Neogy S (2018) Wban security: study and implementation of a biological key based framework. In: 2018 Fifth International Conference on Emerging Applications of Information Technology (EAIT), pp. 1–6. IEEE
Lee CC, Chen CT, Wu PH, Chen TY (2013) Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices. IET Comput & Digit Tech 7(1):48–55
Li CT, Lee CC, Weng CY (2016) A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst 40(5):1–15
Li CT, Wu TY, Chen CL, Lee CC, Chen CM (2017) An efficient user authentication and user anonymity scheme with provably security for iot-based medical care system. Sensors 17(7):1482
Lukaj V, Martella F, Fazio M, Celesti A, Villari M (2023) Establishment of a trusted environment for iot service provisioning based on x3dh-based brokering and federated blockchain. Internet Things 21:100,686
Ma Y, Ma Y, Liu Y, Cheng Q (2023) A secure and efficient certificateless authenticated key agreement protocol for smart healthcare. Comput Stand & Interfaces 86:103,735
Papaioannou M, Karageorgou M, Mantas G, Sucasas V, Essop I, Rodriguez J, Lymberopoulos D (2022) A survey on security threats and countermeasures in internet of medical things (iomt). Trans Emerg Telecommun Technol 33(6):e4049
Patel R, Borisaniya B, Patel A, Patel D, Rajarajan M, Zisman A (2010) Comparative analysis of formal model checking tools for security protocol verification. In: International Conference on Network Security and Applications, pp. 152–163. Springer
Pimentel JCL, Monroy R (2008) Formal support to security protocol development: A survey. Comput y Sist 12(1):89–108
Rajput DS, Gour R (2016) An iot framework for healthcare monitoring systems. International Journal of Computer Science and Information Security 14(5)
Ruggeri A, Galletta A, Celesti A, Fazio M, Villari M (2021) An innovative blockchain based application of the extended triple diffie-hellman protocol for iot. In: 2021 8th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 278–284. IEEE
Sharma G, Kalra S (2019) A lightweight user authentication scheme for cloud-iot based healthcare services. Iran J Sci Technol, Trans Electr Eng 43(1):619–636
Shashidhara R, Bojjagani S, Maurya AK, Kumari S, Xiong H (2020) A robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer-to-Peer Networking Appl 13(6):1943–1966
Shi H, Ma W, Yang M, Zhang X (2012) A case study of model checking retail banking system with spin. JCP 7(10):2503–2510
Singh BM, Natarajan J (2023) A novel secure authentication protocol for e-health records in cloud with a new key generation method and minimized key exchange. J King Saud Univ-Comput Inf Sci 35(7):101629
Sundaravadivel P, Kougianos E, Mohanty SP, Ganapathiraju MK (2017) Everything you wanted to know about smart health care: Evaluating the different technologies and components of the internet of things for better health. IEEE Consum Electron Mag 7(1):18–28
Thapliyal S, Wazid M, Singh DP, Das AK, Alhomoud A, Alharbi AR, Kumar H (2022) Acm-sh: An efficient access control and key establishment mechanism for sustainable smart healthcare. Sustainability 14(8):4661
Tobarra L, Cazorla D, Cuartero F, Díaz G, Cambronero E (2009) Model checking wireless sensor network security protocols: Tinysec+ leap+ tinypk. Telecommun Syst 40(3–4):91–99
Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks 20:96–112
Ullah I, Zeadally S, Amin NU, Khan MA, Khattak H (2021) Lightweight and provable secure cross-domain access control scheme for internet of things (iot) based wireless body area networks (wban). Microprocess Microsyst 81:103,477
Ullah K, Shah MA, Zhang S (2016) Effective ways to use internet of things in the field of medical and smart health care. In: 2016 international conference on intelligent systems engineering (ICISE), pp. 372–379. IEEE
Ventola CL (2014) Mobile devices and apps for health care professionals: uses and benefits. Pharm Therapeutics 39(5):356
Vincent OR, Okediran T, Abayomi-Alli A, Adeniran OJ (2020) An identity-based elliptic curve cryptography for mobile payment security. SN Comput Sci 1:1–12
Wang D, He D, Wang P, Chu CH (2014) Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans Dependable Secur Comput 12(4):428–442
Yaacoub JPA, Noura M, Noura HN, Salman O, Yaacoub E, Couturier R, Chehab A (2020) Securing internet of medical things systems: Limitations, issues and recommendations. Future Gener Comput Syst 105:581–606
Zhang L, Zhu Y, Ren W, Zhang Y, Choo KKR (2022) Privacy-preserving fast authentication and key agreement for e-health systems in iot, based on three-factor authentication. IEEE Transactions on Services Computing
Zhou L, Li X, Yeh KH, Su C, Chiu W (2019) Lightweight iot-based authentication scheme in cloud computing circumstance. Future Gener Comput Syst 91:244–251
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Bojjagani, S., Brabin, D., Kumar, K. et al. Secure privacy-enhanced fast authentication and key management for IoMT-enabled smart healthcare systems. Computing (2024). https://doi.org/10.1007/s00607-024-01291-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00607-024-01291-0