Lightweight Authentication for Remote Healthcare Systems in Cloud-IoT

The recent developments in Cloud-IoT has paved the way to the emergence of remote real-time health monitoring systems, where wearable sensors collect patient’s health data and transfer it to the cloud server. The server then provides data access for specialists and doctors for further medical treatment. Due to the high sensitivity of health-related data, establishing a secure and privacy-preserving data access and communication is a major challenge in the success of remote healthcare systems. In other words, there needs to be an efficient authentication scheme that enables authorized parties to agree on a shared key and communicate in a secure manner. Moreover, due to the limited storage and computation capacity of sensor devices, the scheme should be lightweight in terms of incurring minimum computation overhead. Lately, Alzahrani et al. proposed a remote patient monitoring authentication protocol. In this article, we demonstrate that their scheme is not robust to the stolen verifier attack and lacks the provision of perfect forward secrecy. In view of those limitations, we design a lightweight and secure authentication protocol for remote health monitoring and prove its security in resisting various security attacks and satisfying essential security requirements. We also formally prove the security of the scheme through using the Scyther tool. Moreover, we compare the performance of the proposed protocol with the related articles regarding the computation overhead, and demonstrate that the scheme obtains minimum computation complexity, making it appropriate for limited-capacity IoT devices.