Privacy conserving authenticated key settlement approach for remote users in IoT based Telecare Medicine information system

Abstract

The Fourth Healthcare Industrial Revolution is transforming the traditional healthcare service to Internet of Things (IoT) based smart healthcare system. Telecare medicine information system (TMIS) is one of them which demands 100% electronic transaction. In this situation, User authentication, fortifies the legitimate patients, doctors, medical helper staffs, etc. Not only that, but it also allows them to access the remote medical servers to serve medical services. Robust and Efficient user authentication plays a vital role here. Many researchers proposed different techniques, but all of them have different limitations like computational expenses, huge memory usage, excessive communication overhead, etc. In this article, a very lightweight authentication approach of remote user is demonstrated in IoT based smart healthcare environment. This approach optimizes the use of one-way hash function, exclusive-or operation and extended One-Time-Password which make the authentication approach lighter and effective. The security strength of the recommended protocol is elaborated with the help of informal and formal security analysis. Well known BAN logic and Real-Or-Random (ROR) model are used in to check the correctness of the protocol and ensure the security of the established session key. In addition to that, AVISPA (automated validation of Internet security protocols and applications) and ProVerif software simulation tools are utilized which parade, the proposed protocol is safe and secure against many attacks like Man-In-The-Middle attack and Replay attack, Ephemeral secret leakage attack, Known-session-specific-temporary-information attack, Impersonation attack, etc. and maintain the secrecy of the session key. Furthermore, the recommended protocol is compared with the existing/recently published protocols to exhibit better performance.