Skip to main content
SpringerLink
Log in

A lightweight authentication and authorization method in IoT-based medical care

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

The Internet of Things has opened up new opportunities in healthcare systems. Wireless sensor nodes are used to collect and exchange health-related data in the Internet of Things. In this integration, data is transmitted to medical professionals through unsecured channels to enable them to monitor patients’ conditions in real-time. However, due to the high sensitivity of e-health records, there are key challenges such as security considerations, privacy, and authentication in data transmission in heterogeneous Internet of Things networks. This article examines the solution proposed by Masud and colleagues and points out the existing threats and vulnerabilities, such as node clone/replication attacks. To overcome these drawbacks, we propose an improved lightweight authentication protocol for a smart healthcare system. In the proposed protocol, the mutual authentication process consists of two steps. The doctor sends their information for authentication and the desired sensor node ID to the gateway for communication. After successful confirmation of authentication, the gateway node, in turn, sends a message to the sensor node to complete the authentication process. After confirming the authentication process, the node sends a message to the gateway to complete the authentication process and key agreement. Once the authentication process of the sensor node is confirmed, the gateway sends a message to the medical user based on their authentication along with the session key. The security of the proposed protocol is demonstrated through automatic validation of protocols using tools like ProVerif and internet security programs. Additionally, security features and performance analysis are compared to other schemes. The results show that the improved proposed protocol provides a higher level of security while ensuring computational and communication efficiency. It is also resistant to attacks such as mutual authentication, identity anonymity and untraceability, ensures data privacy, and provides perfect forward secrecy, among others.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data Availability

The data of this paper is the result of simulation and all the data are presented in the form of graphs inside the paper. There is no private data in this article.

References

  1. Puri V, Kataria A, Sharma V (2021) Artificial intelligence-powered decentralized framework for internet of things in healthcare 4.0. Transactions on Emerging Telecommunications Technologies, pp 42–45

  2. Ataei Nezhad M, Barati H, Barati A (2022) An authentication-based secure data aggregation method in internet of things. J Grid Comput 20(3):29

    Article  Google Scholar 

  3. Ahmadi Z, Haghi Kashani M, Nikravan M, Mahdipour E (2021) Fog-based healthcare systems: A systematic review. Multimed Tools Appl 80:36361–36400

    Article  Google Scholar 

  4. Ali G, Dastgir A, Iqbal MW, Anwar M, Faheem M (2023) A hybrid convolutional neural network model for automatic diabetic retinopathy classification from fundus images. IEEE Journal of Translational Engineering in Health and Medicine

  5. Abbas A, Alroobaea R, Krichen M, Rubaiee S, Vimal S, Almansour FM (2021) Blockchain-assisted secured data management framework for health information analysis based on internet of medical things. Personal and Ubiquitous Computing, pp 1–14

  6. Yaghoubi M, Ahmed KH, Miao Y (2022) Wireless body area network (WBAN): a survey on architecture, technologies, energy consumption, and security challenges. Journal of Sensor and Actuator Networks. https://doi.org/10.3390/jsan11040067

  7. Faheem M, Butt RA, Raza B, Alquhayz H, Abbas MZ, Ngadi MA, Gungor VC (2019) A multiobjective, lion mating optimization inspired routing protocol for wireless body area sensor network based healthcare applications. Sensors 19(23):5072

    Article  Google Scholar 

  8. Narwal B, Mohapatra AK (2021) A survey on security and authentication in wireless body area networks. J Syst Archit 113:101883

    Article  Google Scholar 

  9. Deebak BD, Al-Turjman F (2021) Secure-user sign-in authentication for IoT-based eHealth systems. Complex & Intelligent Systems, pp 1–21

  10. Huang J, Wu X, Huang W, Wu X (2021) Design of a data management system for medical internet of things based on mobile platform. Journal of Ambient Intelligence and Humanized Computing, pp 1–13

  11. Dubovitskaya A, Baig F, Xu Z, Shukla R, Zambani PS, Swaminathan A, Wang F (2020) ACTION-EHR: patient-centric blockchain-based electronic health record data management for cancer care. J Med Internet Res 22(8):e13598

    Article  Google Scholar 

  12. Alarood AA, Faheem M, Al-Khasawneh MA, Alzahrani AI, Alshdadi AA (2023) Secure medical image transmission using deep neural network in e-health applications. Healthc Technol Lett 10(4):87–98

    Article  Google Scholar 

  13. Soni M, Singh DK (2022) LAKA: lightweight authentication and key agreement protocol for internet of things based wireless body area network. Wireless Personal Communications. https://doi.org/10.1007/s11277-021-08565-2

  14. Fotouhi M, Bayat M, Das AK, Far HAN, Pournaghi SM, Doostari MA (2020) A lightweight and secure two-factor authentication scheme for wireless body area networks in health-care IoT. Comput Netw 177:107333

    Article  Google Scholar 

  15. Abdi Nasib Far H, Bayat M, Kumar Das A, Fotouhi M, Pournaghi SM, Doostari MA (2021) LAPTAS: lightweight anonymous privacy-preserving three-factor authentication scheme for WSN-based IIoT. Wireless Netw 27(2):1389–1412

    Article  Google Scholar 

  16. Caruccio L, Desiato D, Polese G, Tortora G, Zannone N (2022) A decision-support framework for data anonymization with application to machine learning processes. Inf Sci 613:1–32

    Article  Google Scholar 

  17. Masud M, Gaba GS, Choudhary K, Hossain MS, Alhamid MF, Muhammad G (2021) Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare. IEEE Internet of Things Journal

  18. Yuanbing W, Wanrong L, Bin L (2021) An improved authentication protocol for smart healthcare system using wireless medical sensor network. IEEE Access

  19. Masud M, Gaba GS, Choudhary K, Alroobaea R, Hossain MS (2021) A robust and lightweight secure access scheme for cloud based E-healthcare services. Peer Peer Netw Appl 14(5):3043–3057

    Article  Google Scholar 

  20. Kamil IA, Ogundoyin SO (2021) A lightweight mutual authentication and key agreement protocol for remote surgery application in tactile internet environment. Comput Commun 170:1–18

    Article  Google Scholar 

  21. Lee TF, Chen WY (2021) Lightweight fog computing-based authentication protocols using physically unclonable functions for internet of medical things. J Inf Secur Appl 59:102817

    Google Scholar 

  22. Ghafouri-Mirsaraei AH, Barati A, Barati H (2022) Asecure three-factor authentication scheme for IoT environments. J Parallel and Distr Comput 169:87–105

    Article  Google Scholar 

  23. Ray PP, Chowhan B, Kumar N, Almogren A (2021) Biothr: electronic health record servicing scheme in IoT-blockchain ecosystem. IEEE Internet Things J 8(13):10857–10872

    Article  Google Scholar 

  24. Zaabar B, Cheikhrouhou O, Jamil F, Ammi M, Abid M (2021) HealthBlock: A secure blockchain-based healthcare data management system. Comput Netw 200:108500

    Article  Google Scholar 

  25. Kumar R, Tripathi R (2021) Towards design and implementation of security and privacy framework for internet of medical things (iomt) by leveraging blockchain and ipfs technology. J Supercomput 77(8):7916–7955

    Article  Google Scholar 

  26. Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient design of a novel ECC-based public key scheme for medical data protection by utilization of NanoPi fire. IEEE Trans Reliab 67(3):1328–1339

    Article  Google Scholar 

  27. Khashan OA, Khafajah NM (2023) Efficient hybrid centralized and blockchain-based authentication architecture for heterogeneous IoT systems. J King Saud Univ- Comput Inf Sci 35(2):726–739

    Google Scholar 

  28. Deebak BD, Al-Turjman F (2023) Secure-user sign-in authentication for IoT-based eHealth systems. Complex & Intell Syst 9(3):2629–2649

    Article  Google Scholar 

  29. Khalid B, Qureshi KN, Ghafoor KZ, Jeon G (2023) An improved biometric based user authentication and key agreement scheme for intelligent sensor based wireless communication. Microprocess. Microsyst 96:104722

    Article  Google Scholar 

  30. Lee J, Yu S, Kim M, Park Y, Das AK (2020) On the design of secure and efficient three-factor authentication protocol using honey list for wireless sensor networks. IEEE Access 8:107046–107062

    Article  Google Scholar 

  31. Challa S, Wazid M, Das AK, Kumar N, Reddy AG, Yoon E-J, Yoo K-Y (2017) Secure signature-based authenticated key establishment scheme for future iot applications. IEEE Access 5:3028–3043

    Article  Google Scholar 

  32. Zhou L, Li X, Yeh K-H, Su C, Chiu W (2019) Lightweight iotbased authentication scheme in cloud computing circumstance. Futur Gener Comput Syst 91:244–251

    Article  Google Scholar 

  33. Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad-Hoc Netw 36:152–176

    Article  Google Scholar 

  34. Sharma G, Kalra S (2019) A lightweight user authentication scheme for cloud-iot based healthcare services. Iran J Sci Technol, Trans Electr Eng 43(1):619–636

    Article  Google Scholar 

  35. Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous Ad-Hoc wireless sensornetworks, based on the internet of things notion. Ad Hoc Netw 20:96–112

    Article  Google Scholar 

  36. Wazid M, Das AK, Shetty S, Rodrigues JPC, Park Y (2019) Ldakmeiot: Lightweight device authentication and key management mechanism for edge-based iot deployment. Sensors 19(24):5539

    Article  Google Scholar 

Download references

Acknowledgements

None

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Dezful Branch, Islamic Azad University, Dezful, Iran

    Laleh Khajehzadeh, Hamid Barati & Ali Barati

Authors
  1. Laleh Khajehzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hamid Barati
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Barati
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Laleh Khajezadeh: Conception and design of study/review/case series, Acquisition of data, laboratory search, Drafting of article. Hamid Barati: Conception and design of study/review/case series, Analysis and interpretation of data collected, Final approval and guarantor of manuscript. Ali Barati: Acquisition of data, laboratory or clinical/literature search, Analysis and interpretation of data collected, Final approval.

Corresponding author

Correspondence to Hamid Barati.

Ethics declarations

Competing interests

The authors declare that they have no conflict of interest.

Ethics approval

This article does not contain any studies with human participants.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Khajehzadeh, L., Barati, H. & Barati, A. A lightweight authentication and authorization method in IoT-based medical care. Multimed Tools Appl (2024). https://doi.org/10.1007/s11042-024-19379-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11042-024-19379-2

Keywords

Search

Navigation