A secure authentication protocol for remote patient monitoring in an internet‐of‐medical‐things environment

Internet of Medical Things (IoMT) enable users to avail healthcare services remotely. In IoMT, sensor nodes (SNs), like blood pressure sensors and temperature sensors, collect health data from patients and communicate it to Health Workers (HWs) such as doctors, nurses, and so on. The HWs cater to the patients remotely, known as remote patient monitoring (RPM), by using data obtained from SNs. The communicated health data between SNs and HWs are sensitive in nature. Leakage and modification of such data leads to huge consequences, particularly patient death during medical emergencies. Hence, ensuring mutual authentication along with data integrity and privacy is of utmost important in the healthcare domain. In the literature, many authentication protocols are presented for healthcare applications specific to IoMT‐RPM. But, most of the existing approaches fail to provide adequate security against well‐known attacks includes impersonation and man‐in‐the‐middle attacks. In this paper, we propose a privacy preserving authentication protocol for IoMT‐RPM which is secure against various known attacks. We present a rigorous formal security analysis of our protocol under the extended Canetti‐Krawczyk (eCK) adversary model. In addition, we also perform formal verification using Tamarin Prover, a symbolic formal analysis tool. The results show that the proposed protocol is secure under eCK‐adversary model. We then present the comparative performance analysis to show the efficiency of the proposed protocol over the existing protocols. As a result, the proposed protocol provides high security without compromising the performance over the existing protocols, and therefore, our protocol is very much suitable for real‐time applications.