A Security-Enhanced Ultra-Lightweight and Anonymous User Authentication Protocol for Telehealthcare Information Systems

The surge in smartphone and wearable device usage has propelled the advancement of the Internet of Things (IoT) applications. Among these, e-healthcare stands out as a fundamental service, enabling the remote access and storage of patient-related data on a centralized medical server (MS), and facilitating connections between authorized individuals such as doctors, patients, and nurses over the public Internet. However, the inherent vulnerability of the public Internet to diverse security threats underscores the critical need for a robust and secure user authentication protocol to safeguard these essential services. This research presents a novel, resource-efficient user authentication protocol specifically designed for healthcare systems. Our proposed protocol leverages the lightweight authenticated encryption with associated data (AEAD) primitive Ascon combined with hash functions and XoR, specifically tailored for encrypted communication in resource-constrained IoT devices, emphasizing resource efficiency. Additionally, the proposed protocol establishes secure session keys between users and MS, facilitating future encrypted communications and preventing unauthorized attackers from illegally obtaining users’ private data. Furthermore, comprehensive security validation, including informal security analyses, demonstrates the protocol's resilience against a spectrum of security threats. Extensive analysis reveals that our proposed protocol significantly reduces computational and communication resource requirements during the authentication phase in comparison to similar authentication protocols, underscoring its efficiency and suitability for deployment in healthcare systems.