Secure Multi-access in Fog-based IoMT leveraging Hybrid ZKPs and ABE

The development of technology allows health monitoring devices to integrate multiple sensors, collect various measurement signals, and increase wireless communication time to data analysis centers. Additionally, the digitization of medical records in healthcare facilities, including patient records and personal health profiles, has transitioned to digital records stored in large data centers. However, ensuring security for data sharing between layers of healthcare data management is crucial to maintain data confidentiality, integrity, and availability. In this study, we address the primary challenges in data sharing within the network connecting smart medical devices and healthcare applications, commonly referred to as the Internet of Medical Things (IoMT). The IoMT network is layered, ranging from the physical layer of data-collecting devices to storage, through the fog layer, and the storage layer on cloud servers. In the proposed work, we evaluated and analyzed authentication risks and security attacks between IoMT layers. Subsequently, we proposed secure authentication solutions utilizing Attribute-Based Encryption (ABE) and zero-knowledge proof (ZKP). ABE ensures data protection and access control; therefore, we explored advanced ABE methods, such as Ciphertext-Policy ABE (CP-ABE), to construct access policies and effectively synchronize secret session keys. Moreover, to enhance privacy and security, we have integrated non-interactive zero-knowledge proof (NIZKP) techniques, which offer anonymous authentication and secret data verification without disclosing identities. NIZKP facilitates distributed authentication, reducing reliance on trusted third parties and broadening the scope of application in authenticating distributed systems. Experimental evaluations confirm that integrating ABE with NIZK proofs creates an efficient protocol for authentication and session key exchange in the communication and data-sharing layers of the IoMT network. The results demonstrate that the proposed scheme performs favorably in terms of computational cost and communication efficiency. Moreover, the security evaluation indicates that the system effectively mitigates distributed denial-of-service (DDoS) attacks and maintains resilience against both external and internal collusion security threats.