Skip to main content
SpringerLink
Log in

Secure privacy-enhanced fast authentication and key management for IoMT-enabled smart healthcare systems

  • Regular Paper
  • Published:
Computing Aims and scope Submit manuscript

Abstract

The smart healthcare system advancements have introduced the Internet of Things, enabling technologies to improve the quality of medical services. The main idea of these healthcare systems is to provide data security, interaction between entities, efficient data transfer, and sustainability. However, privacy concerning patient information is a fundamental problem in smart healthcare systems. Many authentications and critical management protocols exist in the literature for healthcare systems, but ensuring security still needs to be improved. Even if security is achieved, it still requires fast communication and computations. In this paper, we have introduced a new secure privacy-enhanced fast authentication key management scheme that effectively applies to lightweight resource-constrained devices in healthcare systems to overcome the issue. The proposed framework is applicable for quick authentication, efficient key management between the entities, and minimising computation and communication overheads. We verified our proposed framework with formal and informal verification using BAN logic, Scyther simulation, and the Drozer tool. The simulation and tool verification shows that the proposed system is free from well-known attacks, reducing communication and computation costs compared to the existing healthcare systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. https://labs.withsecure.com/tools/drozer.

References

  1. Amin R, Biswas G (2016) A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks 36:58–80

    Article  Google Scholar 

  2. Bojjagani S, Rao P, Vemula DR, Reddy BR, Lakshmi TJ (2022) A secure iot-based micro-payment protocol for wearable devices. Peer-to-Peer Network Appl 15:1163–1188. https://doi.org/10.1007/s12083-021-01242-y

    Article  Google Scholar 

  3. Bojjagani S, Reddy YP, Anuradha T, Rao PV, Reddy BR, Khan MK (2022) Secure authentication and key management protocol for deployment of internet of vehicles (IoV) concerning intelligent transport systems. IEEE Trans Intel Trans Syst 23(12):24698–24713. https://doi.org/10.1109/TITS.2022.3207593

    Article  Google Scholar 

  4. Bojjagani S, Sastry V (2019) A secure end-to-end proximity nfc-based mobile payment protocol. Comput Stand & Interfaces 66:103,348. https://doi.org/10.1016/j.csi.2019.04.007

    Article  Google Scholar 

  5. Bojjagani S, Seelam NR, Sharma NK, Uyyala R, Akuri SRCM, Maurya AK (2023) The use of IoT-based wearable devices to ensure secure lightweight payments in FinTech applications. J King Saud Univer Comput Info Sci 35(9):101785. https://doi.org/10.1016/j.jksuci.2023.101785

    Article  Google Scholar 

  6. Boulos MNK, Wheeler S, Tavares C, Jones R (2011) How smartphones are changing the face of mobile and participatory healthcare: an overview, with example from ecaalyx. Biomed Eng online 10(1):1–14

    Article  Google Scholar 

  7. Braghin C, Sharygina N, Barone-Adesi K (2011) A model checking-based approach for security policy verification of mobile systems. Form Asp Comput 23(5):627–648

    Article  Google Scholar 

  8. Burrows M, Abadi M (1989) A logic of authentication. In: Proc. R. Soc. Lond. A, vol. 426, pp. 233–271. The Royal Society

  9. Butpheng C, Yeh KH, Hou JL (2022) A secure iot and cloud computing-enabled e-health management system. Security and Communication Networks 2022

  10. Butt SA, Jamal T, Azad MA, Ali A, Safa NS (2022) A multivariant secure framework for smart mobile health application. Transac Emerg Telecommun Technol 33(8):e3684

    Article  Google Scholar 

  11. Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: International conference on the theory and applications of cryptographic techniques, pp. 453–474. Springer

  12. Canetti R, Krawczyk H (2002) Universally composable notions of key exchange and secure channels. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 337–351. Springer

  13. Cano MD, Cañavate-Sanchez A (2020) Preserving data privacy in the internet of medical things using dual signature ecdsa. Security and Communication Networks 2020

  14. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon EJ, Yoo KY (2017) Secure signature-based authenticated key establishment scheme for future iot applications. Ieee Access 5:3028–3043

    Article  Google Scholar 

  15. Chowdhury FS, Istiaque A, Mahmud A, Miskat M (2018) An implementation of a lightweight end-to-end secured communication system for patient monitoring system. In: 2018 Emerging Trends in Electronic Devices and Computational Techniques (EDCT), pp. 1–5. IEEE

  16. Cremers CJ (2008) The scyther tool: Verification, falsification, and analysis of security protocols: Tool paper. In: International conference on computer aided verification, pp. 414–418. Springer

  17. Cremers CJF (2006) Scyther: Semantics and verification of security protocols

  18. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Transact Inf Theory 29(2):198–208

    Article  MathSciNet  Google Scholar 

  19. Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks 36:152–176

    Article  Google Scholar 

  20. Gallagher P, Director A (1995) Secure hash standard (shs). FIPS PUB 180:183

    Google Scholar 

  21. Garg N, Obaidat MS, Wazid M, Das AK, Singh DP (2021) Spcs-ioteh: Secure privacy-preserving communication scheme for iot-enabled e-health applications. In: ICC 2021-IEEE International Conference on Communications, pp. 1–6. IEEE

  22. Habibzadeh H, Kaptan C, Soyata T, Kantarci B, Boukerche A (2019) Smart city system design: A comprehensive study of the application and data planes. ACM Comput Surv (CSUR) 52(2):1–38

    Article  Google Scholar 

  23. He D, Kumar N, Wang H, Wang L, Choo KKR, Vinel A (2016) A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans Dependable Secur Comput 15(4):633–645

    Article  Google Scholar 

  24. He D, Zeadally S, Xu B, Huang X (2015) An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans Inf Forensics Secur 10(12):2681–2691

    Article  Google Scholar 

  25. Istepanian RS, Hu S, Philip NY, Sungoor A (2011) The potential of internet of m-health things “m-iot” for non-invasive glucose level sensing. In: 2011 annual international conference of the IEEE engineering in medicine and biology society, pp. 5264–5266. IEEE

  26. Karmakar K, Saif S, Biswas S, Neogy S (2018) Wban security: study and implementation of a biological key based framework. In: 2018 Fifth International Conference on Emerging Applications of Information Technology (EAIT), pp. 1–6. IEEE

  27. Lee CC, Chen CT, Wu PH, Chen TY (2013) Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices. IET Comput & Digit Tech 7(1):48–55

    Article  Google Scholar 

  28. Li CT, Lee CC, Weng CY (2016) A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst 40(5):1–15

    Article  Google Scholar 

  29. Li CT, Wu TY, Chen CL, Lee CC, Chen CM (2017) An efficient user authentication and user anonymity scheme with provably security for iot-based medical care system. Sensors 17(7):1482

    Article  Google Scholar 

  30. Lukaj V, Martella F, Fazio M, Celesti A, Villari M (2023) Establishment of a trusted environment for iot service provisioning based on x3dh-based brokering and federated blockchain. Internet Things 21:100,686

    Article  Google Scholar 

  31. Ma Y, Ma Y, Liu Y, Cheng Q (2023) A secure and efficient certificateless authenticated key agreement protocol for smart healthcare. Comput Stand & Interfaces 86:103,735

    Article  Google Scholar 

  32. Papaioannou M, Karageorgou M, Mantas G, Sucasas V, Essop I, Rodriguez J, Lymberopoulos D (2022) A survey on security threats and countermeasures in internet of medical things (iomt). Trans Emerg Telecommun Technol 33(6):e4049

    Article  Google Scholar 

  33. Patel R, Borisaniya B, Patel A, Patel D, Rajarajan M, Zisman A (2010) Comparative analysis of formal model checking tools for security protocol verification. In: International Conference on Network Security and Applications, pp. 152–163. Springer

  34. Pimentel JCL, Monroy R (2008) Formal support to security protocol development: A survey. Comput y Sist 12(1):89–108

    Google Scholar 

  35. Rajput DS, Gour R (2016) An iot framework for healthcare monitoring systems. International Journal of Computer Science and Information Security 14(5)

  36. Ruggeri A, Galletta A, Celesti A, Fazio M, Villari M (2021) An innovative blockchain based application of the extended triple diffie-hellman protocol for iot. In: 2021 8th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 278–284. IEEE

  37. Sharma G, Kalra S (2019) A lightweight user authentication scheme for cloud-iot based healthcare services. Iran J Sci Technol, Trans Electr Eng 43(1):619–636

    Article  Google Scholar 

  38. Shashidhara R, Bojjagani S, Maurya AK, Kumari S, Xiong H (2020) A robust user authentication protocol with privacy-preserving for roaming service in mobility environments. Peer-to-Peer Networking Appl 13(6):1943–1966

    Article  Google Scholar 

  39. Shi H, Ma W, Yang M, Zhang X (2012) A case study of model checking retail banking system with spin. JCP 7(10):2503–2510

    Google Scholar 

  40. Singh BM, Natarajan J (2023) A novel secure authentication protocol for e-health records in cloud with a new key generation method and minimized key exchange. J King Saud Univ-Comput Inf Sci 35(7):101629

    Google Scholar 

  41. Sundaravadivel P, Kougianos E, Mohanty SP, Ganapathiraju MK (2017) Everything you wanted to know about smart health care: Evaluating the different technologies and components of the internet of things for better health. IEEE Consum Electron Mag 7(1):18–28

    Article  Google Scholar 

  42. Thapliyal S, Wazid M, Singh DP, Das AK, Alhomoud A, Alharbi AR, Kumar H (2022) Acm-sh: An efficient access control and key establishment mechanism for sustainable smart healthcare. Sustainability 14(8):4661

    Article  Google Scholar 

  43. Tobarra L, Cazorla D, Cuartero F, Díaz G, Cambronero E (2009) Model checking wireless sensor network security protocols: Tinysec+ leap+ tinypk. Telecommun Syst 40(3–4):91–99

    Article  Google Scholar 

  44. Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks 20:96–112

    Article  Google Scholar 

  45. Ullah I, Zeadally S, Amin NU, Khan MA, Khattak H (2021) Lightweight and provable secure cross-domain access control scheme for internet of things (iot) based wireless body area networks (wban). Microprocess Microsyst 81:103,477

    Article  Google Scholar 

  46. Ullah K, Shah MA, Zhang S (2016) Effective ways to use internet of things in the field of medical and smart health care. In: 2016 international conference on intelligent systems engineering (ICISE), pp. 372–379. IEEE

  47. Ventola CL (2014) Mobile devices and apps for health care professionals: uses and benefits. Pharm Therapeutics 39(5):356

    Google Scholar 

  48. Vincent OR, Okediran T, Abayomi-Alli A, Adeniran OJ (2020) An identity-based elliptic curve cryptography for mobile payment security. SN Comput Sci 1:1–12

    Article  Google Scholar 

  49. Wang D, He D, Wang P, Chu CH (2014) Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. IEEE Trans Dependable Secur Comput 12(4):428–442

    Article  Google Scholar 

  50. Yaacoub JPA, Noura M, Noura HN, Salman O, Yaacoub E, Couturier R, Chehab A (2020) Securing internet of medical things systems: Limitations, issues and recommendations. Future Gener Comput Syst 105:581–606

    Article  Google Scholar 

  51. Zhang L, Zhu Y, Ren W, Zhang Y, Choo KKR (2022) Privacy-preserving fast authentication and key agreement for e-health systems in iot, based on three-factor authentication. IEEE Transactions on Services Computing

  52. Zhou L, Li X, Yeh KH, Su C, Chiu W (2019) Lightweight iot-based authentication scheme in cloud computing circumstance. Future Gener Comput Syst 91:244–251

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, School of Engineering and Applied Sciences, SRM University-AP, Amaravati, Andhra Pradesh, 522240, India

    Sriramulu Bojjagani & Neeraj Kumar Sharma

  2. Department of Computer Science and Engineering, DMI College of Engineering, Chennai, Tamil Nadu, India

    Denslin Brabin & Kalai Kumar

  3. Department of Computer Science and Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Andhra Pradesh, India

    Umamaheswararao Batta

Authors
  1. Sriramulu Bojjagani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Denslin Brabin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kalai Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Neeraj Kumar Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Umamaheswararao Batta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sriramulu Bojjagani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bojjagani, S., Brabin, D., Kumar, K. et al. Secure privacy-enhanced fast authentication and key management for IoMT-enabled smart healthcare systems. Computing (2024). https://doi.org/10.1007/s00607-024-01291-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00607-024-01291-0

Keywords

Mathematics subject classification

Search

Navigation