SALS-TMIS: Secure, Anonymous, and Lightweight Privacy-Preserving Scheme for IoMT-Enabled TMIS Environments

With the Telecare Medical Information System (TMIS), patients and doctors can access various healthcare services through wireless communication technology without visiting the hospital in person. However, TMIS must have the necessary security requirements, including authentication and anonymity because information of legitimate patient is transmitted via an open channel. Therefore, secure privacy-preserving schemes are essential to ensure reliable healthcare services for legitimate patient in TMIS. Recently, the existing schemes proposed a secure healthcare authentication protocol with attack-resilience and anonymous key agreement in TMIS environments. However, we demonstrate that their scheme cannot prevent impersonation, session key disclosure, and man-in-the-middle attacks and cannot ensure secure mutual authentication. To improve the security flaws of the existing schemes, we design a secure, anonymous, and lightweight privacy-preserving scheme in internet of medical things (IoMT)-enabled TMIS environments, called SALS-TMIS. Our scheme withstands potential security threats and ensures the essential security functionalities. We evaluate the security of the SALS-TMIS using informal and formal security analyses, including ROR oracle model and AVISPA implementation. We then compare the computation and communication costs of SALS-TMIS with existing schemes. SALS-TMIS provides superior security and efficiency than related schemes for IoMT-enabled TMIS.