ALMASH: an anonymity-based lightweight mutual authentication scheme for internet of healthcare things

The Internet of Things (IoT) is now integral to electronic healthcare patient monitoring based on medical sensor devices. Healthcare systems need secure message exchanges from sensors to intended receivers to maintain the confidentiality and privacy of personal medical readings. Designing and implementing an authentication strategy for healthcare servers, devices, and users is essential to address security and privacy concerns. Many authentication strategies related to the IoT domain are available but do not work based on a user's choice, where they can select devices in the environment for a specific task. The existing selective authentication scheme uses Shamir's secret-sharing scheme, considering the healthcare scenario claims they have addressed all security requirements and withstand various attacks. However, we observe that the existing scheme does not enable a mutual authentication process and lacks user and device anonymity, which are the essential requirements of an IoT-based authentication system. In addition, the scheme does not resist DoS attacks and lacks forward secrecy. We propose an anonymity-based mutual authentication scheme (ALMASH) for healthcare things using an elliptic curve and secret sharing to improve those security requirements. The proposed scheme uses lightweight cryptography primitives to alleviate the node's tiny processor burden. We prevent unauthorized access and modification of sensitive healthcare data by enhancing data security through device registration and mutual authentication. To demonstrate the effectiveness of our approach, we have compared our scheme with relevant authentication schemes. Additionally, we show formal security using the AVISPA tool, informal security analysis, and performance analysis to validate the robustness of our proposed solution.