An enhanced and verifiable lightweight authentication protocol for securing the Internet of Medical Things (IoMT) based on CP-ABE encryption

Abstract

The integration of the Internet of Things into patient monitoring devices has garnered significant attention, especially in response to the COVID-19 pandemic’s increased focus on telecare services. However, Internet of Medical Things (IoMT) devices are constrained by computational power, memory, and bandwidth, making them vulnerable to security risks associated with data transmissions over public networks. Effective authentication is essential for safeguarding patient data and preventing unauthorized control of medical sensors. Existing IoMT authentication protocols frequently fall short, exposing critical vulnerabilities such as replay and impersonation attacks. This paper extends our prior work on the Improved Lightweight Authentication Protocol (ILAPU-Q), which is based on elliptic curves and the U-Quark hash function. We enhance the ILAPU-Q scheme and present a more secure authentication protocol for embedded medical devices. This enhancement relies on Ciphertext Policy-Attribute Based Encryption (CP-ABE), enabling data sources to protect information by cryptographically enforcing access policies. Implementing CP-ABE within the Telemedicine Information System framework eliminates the need for secure data transmission or storage at a dedicated location. Comprehensive security evaluations, conducted using AVISPA and Burrows-Abadi-Needham logic (BAN Logic), confirm the protocol’s resilience against a broad spectrum of attacks. Moreover, performance assessments reveal significant advancements in computational efficiency, communication overhead, and storage requirements. Notably, our protocol demonstrates an efficiency improvement of approximately 95–98% over other protocols. This substantial improvement in security and performance underscores the practical value and potential of our protocol in advancing IoMT security standards.