PUF enabled and dynamic anonymous certificateless batch-verifiable signcryption for IoMT

The convergence of the Internet of Things (IoT) and e-Healthcare has given rise to the Internet of Medical Things (IoMT). In IoMT environments, sensor nodes deployed on a patient’s body collect vital health statistics (e.g., pulse rate, blood sugar level, etc.) and transmit them to a medical server (MS), which subsequently shares the data with medical professionals for diagnosis and treatment. However, the wireless communication channels used in such systems are inherently vulnerable to various security threats. To address this, recently, Singh et al. proposed a certificateless aggregate signcryption (CLASC) scheme to protect sensitive patient physiological data. However, the present study reveals a critical vulnerability in their design—specifically, a compromised MS can successfully forge signatures on behalf of sensor nodes without possessing their secret keys. To address this flaw, we propose a security-enhanced Dynamic Anonymous Aggregate Signcryption (DAASC) scheme. The design employs Physically Unclonable Functions (PUFs) to protect the key generation center’s master secret key from physical capture attacks, while a fuzzy extractor ensures dynamic anonymity. The proposed scheme is rigorously analyzed through both formal and informal security analysis to demonstrate resilience against various practical attacks. Furthermore, a comprehensive performance evaluation confirms that the devised DAASC scheme is efficient in terms of computational overhead and bandwidth utilization, making it well-suited for secure and lightweight deployment in IoMT environments.