Lightweight Authentication Framework for IoT-Centric Smart Healthcare Systems

The integration of the Internet of Things (IoT) in healthcare has transformed patient monitoring and medical device connectivity under Industry 5.0. While these advancements improve care quality, they also heighten cybersecurity risks to sensitive patient information, necessitating protection against unauthorized access to data traversing public networks. To achieve secure communication in IoT environments, various authentication protocols have been proposed. However, traditional one-to-one authentication methods, which allow access to only one device at a time, are inadequate for situations requiring simultaneous data access from multiple devices linked to a patient. This underscores the urgent need for one-to-many authentication mechanisms that enable healthcare professionals to efficiently access all patient-related devices, facilitating effective monitoring and timely interventions. To overcome these challenges, this paper introduces an authentication framework (AF) for IoT-enabled smart healthcare systems, utilizing authenticated encryption primitives and hash functions. The proposed AF enables medical professionals to safely retrieve real-time data from IoT-enabled medical devices deployed on a patient's body after performing mutual authentication. It supports session key establishment with multiple devices simultaneously, ensuring secure access to data from multiple IoT devices. The security of the session key establishment is verified using the ROR model, and its resistance to various attacks is demonstrated via informal security analysis. Additionally, we employed Scyther to further ensure the resilience of the proposed framework. Moreover, we evaluated the efficiency of the framework, which demonstrated lower communication and computational overhead while providing enhanced security features.