{"id":38233,"date":"2025-07-04T14:08:12","date_gmt":"2025-07-04T14:08:12","guid":{"rendered":"https:\/\/www.europesays.com\/us\/38233\/"},"modified":"2025-07-04T14:08:12","modified_gmt":"2025-07-04T14:08:12","slug":"a-lightweight-and-secure-authentication-and-privacy-protection-scheme-for-internet-of-medical-things","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/us\/38233\/","title":{"rendered":"A lightweight and secure authentication and privacy protection scheme for internet of medical things"},"content":{"rendered":"

In this section, we examined the working methods, applications, and research limits of current schemes. As a result of the advent of the digital age, numerous industries have been presented with an abundance of opportunities and innovations, which have been characterized by an ever-increasing dependence on technology. However, these improvements also carry with them several challenges, particularly in the realm of cybersecurity9<\/a>. Insider threats, also known as damaging activities that originate from within an organization, have emerged as a significant worry in recent years, despite the fact that outside threats have traditionally been the primary focus of security measures10<\/a>.<\/p>\n

The use of a trustworthy server that saves the data is a common feature of the methods now in use. Access control relies on software checks to ensure that a person can access a piece of data only if authorized. From a security perspective, this arrangement is not very desirable. We then encrypt the data using the public key of the intended set and classify it according to the hierarchy. There are some drawbacks to these techniques. If a user of a set needs to provide access to a third party to access data for that set, the user must either provide the third party with their private decryption key so that it may access all entries or act as an intermediary and decode all relevant entries11<\/a>.<\/p>\n

In contrast to conventional PKI, identity-based public key cryptography (ID-PKC) addresses the issue of key authenticity through various procedures. An entity\u2019s public key in ID-PKC is directly obtained from distinct characteristics of its identity, such as an IP address that belongs to a network host or an email address that is connected to a user. The public key generator (PKG) constructs private keys for entities. Before launching an attack, the adversary in a typical PKI must issue a new certificate and persuade entities to accept the new public keys. These factors suggest that applications with low-security requirements or small, closed groups could be the only ones permitted the user ID-PKC12<\/a>.<\/p>\n

The authors present a brand-new public key cryptography paradigm, referring to it as certificateless public key cryptography (CL-PKC)13<\/a>. The search for public key schemes without requirements for certificates and without ID-PKC\u2019s built-in key escrow capability provided developers with the idea of CL-PKC. One of the most important issues with public key infrastructures (PKIs) has always been the efficient revocation of public key certificates. In RSA-type cryptosystems, Boneh presented a technique for getting instantaneous revocation of a user\u2019s public key privileges14<\/a>.<\/p>\n

According to the description, the system known as mediated RSA (mRSA) uses threshold RSA, in which both parties share the private key. The encryption and verification processes in the SEM architecture are identical to those in traditional RSA, making it transparent to both the sender and the verifier of a signature. Additionally, adopting SEM design eliminates the requirement to check a public key\u2019s status before using it. Users don\u2019t need to worry about any certificate\u2019s validity before using another user\u2019s key to encrypt a message.<\/p>\n

Identity-based cryptosystems are another way to streamline key management. This idea was first presented by Shamir in 1984, with the goal of removing as many public key certificates as feasible by enabling a public key to be uniquely generated from the user\u2019s identifying data like email address, phone number, and social security number15<\/a>.<\/p>\n

Additionally, it makes key management simpler because there\u2019s no need to maintain a huge database with a list of public keys and their owners. COVID-19 had a significant impact on the healthcare industry, which was the global pandemic problem. The COVID-19 outbreak resulted in an exponential increase in demand for IoMT devices, which then impacted the global market. The IoMT dramatically reduces patient costs, easing the financial strain on individuals and governments. According to a report published by Fortune Business Insights on August 26, 2024, the IoMT market was estimated to be worth USD 47.32 billion in 2023. During the projection period, the market is expected to increase from USD 60.03 billion in 2024 to USD 814.28 billion in 2032, with a CAGR of 38.5 %16<\/a>.<\/p>\n

The authors present a sensor cloud architecture that uses virtualized physical sensors and dynamic sensor placement based on patient movement and health to continuously monitor high-risk patients17<\/a>. The research uses a threat model to address wearable payment security. For near-field communication pairs of devices, ECC encrypts messages, and biometrics authenticates safe payments18<\/a>.<\/p>\n

The authors present an identity-based signature system without key escrow that issues private keys without a secure connection. It employs binding\u2013blinding to avoid key escrow and eliminate the need for a secure connection during private issuance19<\/a>. To ensure the confidentiality of patient information while it is shared and integrated across healthcare providers, they offer a system based on knowledge graphs20<\/a>. Fog computing with private blockchain offers a trustworthy method of storing and transferring patient data while simultaneously improving the identification of security risks and bolstering the privacy and security of medical data21<\/a>.<\/p>\n

The MD5 hash technique securely stores user passwords for use in authentication procedures. Integrating an MD5 checksum into the original patient record file presents an additional barrier to security and verification22<\/a>. To create a cryptographic method that satisfies the essential requirements of contemporary smart healthcare cyber-physical systems, the research uses ECC, hash functions, and digital signatures23<\/a>.<\/p>\n

An authentication strategy for IoMT devices is proposed to enhance the security and performance of existing authentication schemes. Through the development of an offline authentication model that directly checks identities, the suggested authentication system successfully authenticates users and IoMT devices within the local area network24<\/a>. A scalable and adaptable distributed group key agreement protocol is used to reduce CPU overhead by running elliptic curve Diffie-Hellman using multiplications instead of exponential calculations to secure data transmissions in WSN25<\/a>.<\/p>\n

The prospect of IoMT-related attacks poses the most severe threat to the security and privacy of patient medical records. The suggested approach protects the secrecy of IoMT devices linked to the patient\u2019s body while communicating. The XOR operator, hash function, and concatenation were used to save processing power26<\/a>. An authenticated key agreement protocol for the IoMT using elliptic curve encryption and zero-knowledge proof methods is used to preserve the privacy of patient\u2019s critical information27<\/a>.<\/p>\n

In order to secure the transfer of medical records, a research uses signcryption with an identity-based authentication system based on elliptic curve cryptography. Based on bilinear pairing, the suggested protocol covers a number of security characteristics, such as data confidentiality and authentication with efficient key management28<\/a>.<\/p>\n

iSecureHealth, a lightweight and reliable key exchange mechanism, addresses security, authentication, and privacy issues. To secure communication between IoMT sensors and the gateway node, it adds a security control node. The system uses ECDH for key exchange and HMAC-SHA256-based JSON Web Token for session key creation29<\/a>.<\/p>\n

Our goal in writing this paper is to add to the increasing quantity of information on insider threat detection by providing theoretical understanding and useful solutions to one of the most important cybersecurity problems of our day. The relation between various existing security models, threat models, and their limitations is discussed in Table 1<\/a>.<\/p>\n

Table 1 Relation between various related security schemes and its limitations.<\/b>Health monitoring with body sensors<\/p>\n

Wireless Sensor Networks are also utilized for in-home patient monitoring. A system for distributed telemonitoring was proposed. It employs the Services Layers over the Physical Devices paradigm. The architecture model is service-oriented. The distribution of resources among several WSNs is the primary goal. This concept can also link several networks with different wireless technologies. The device was placed within the patient\u2019s home and gathered motion data and several feature values, such as activity, mobility, and non-response levels. To distinguish between normal and pathological behaviors, the Support Vector Data Description method was applied. An algorithm for categorizing behavior patterns was employed to group the patterns in this instance. There is no evidence to support the expectation that these methods will work in a home setting30<\/a>,31<\/a>.<\/p>\n

A Body Sensor Network with several body sensors is developed for the best possible resource allocation. This solution effectively addressed the two main issues facing health monitoring systems: a sustainable power source and quality of service. A survey was conducted on wearable sensor-based health monitoring systems. Evaluation aspects led to the evaluation of several systems32<\/a>,33<\/a>.<\/p>\n

The Wireless Patient Portable Unit, which is likewise affixed to the patient\u2019s body, received data relating to cardiac monitoring that was continuously recorded in the home module. The Wireless Access Point Unit was then used to transfer it via the Internet to the hospital. If the doctor notices any irregularities in the signals the patient got while in the hospital, they can get in touch with them, offer some guidance, or, in an emergency, send an ambulance to the patient\u2019s home. This technology does not provide security or surveillance of the outer environment.<\/p>\n

Health monitoring using smart phones<\/p>\n

Wearable sensors served as the foundation for the sensor network. The sensors obtained the patient\u2019s vital signs, which were then sent to the patient\u2019s mobile phone. The data is safely received, stored, and sent to reliable medical specialists by the mobile device. Only the data\u2019s accessibility to outside parties is under the patient\u2019s control. No PC was utilized in this process; instead, all tasks were completed via mobile device. The handheld gadget transfers only the relevant data after data mining techniques were applied to filter out extraneous data sequences. The expert\u2019s equipment and the patient\u2019s mobile phone communicated over Bluetooth or WLAN 802.11. When an emergency occurs, the patient\u2019s device generates an emergency call, which is then routed to the caregiver\u2019s device.<\/p>\n

A brand-new Wearable Mobility Monitoring System was unveiled. It recognized a state change and utilized a smartphone to take pictures. A solution for on-demand tracking and placement was suggested. It was designed for vast spaces and was based on devices with Global Positioning enabled. The first communication between the two terminals was done via a smartphone.<\/p>\n

First communication takes place during the synchronization phase. In this case, the requested terminal T1 sends the desired terminal T2 a synchronization Short Message Service (SMS). T2 completes the operation if it rejects the message. If not, the terminal\u2019s position is sent in one of the following formats: multimedia (MMS) or text (SMS). The graphic that shows the position map of the terminal was present in the multimedia format, but the text format just contained the coordinate values of the terminal. A straightforward Peer-to-peer (P2P) protocol is used to facilitate communication between two terminals.<\/p>\n

Health monitoring with security<\/p>\n

For health monitoring, various security and privacy protocols were applied34<\/a>. The patient\u2019s vital signs were transmitted, stored, and received via a smartphone. A multimedia format was provided between sensors and the central hub encryption scheme, which depicts the location map of the terminal. Peer-to-peer (P2P) protocol is a straightforward means of communication between two terminals.<\/p>\n

Cipher text Policy Attribute Based Encryption (CP-ABE) with security enhancement techniques was presented. The two main issues in CPABE were the user revocation and the key escrow problem. In CP-ABE, a set of user attributes is applied to KGC\u2019s master secret keys, allowing KGC to produce the users\u2019 private keys. Because KGC may decrypt user ciphertext to obtain the original data, it was not considered trustworthy. It is called the \u201ckey escrow problem.\u201d Users may periodically alter their properties or certain secret keys may be hacked. Regular updates are required for every characteristic to keep the system secure. We refer to this as user revocation. Both of these issues were resolved35<\/a>.<\/p>\n

Threat model<\/p>\n

This subsection covered privacy and security breaches involving patient data. The threat model primarily targets the cybersecurity domains of application-level security, communication-level security, and device-level security. We will discuss the following points related to threat model:<\/p>\n