Quantum Safe Multi-Factor User Authentication Protocol for Cloud-Assisted Medical IoT

The Medical Internet of Things (MIoT) plays a pivotal role in modern healthcare by integrating wireless communication and cloud computing to enhance medical practices. However, this framework presents security vulnerabilities, such as the risk of eavesdroppers exploiting public channels to intercept sensitive patient data or impersonate legitimate devices and services. Consequently, authentication between wearable devices and servers is essential before transmitting confidential information through open channels. While several authentication techniques offer protection against quantum attacks, they often incur high communication and computation costs, underscoring the need for further advancement. This paper introduces a multifactor authentication protocol designed to strengthen the integrity of cloud-assisted MIoT systems by incorporating post-quantum security. The proposed protocol utilizes a post-quantum fuzzy commitment (PQFC) scheme to enhance security and is rigorously analyzed under the random oracle model and ProVerif tool. Its functionality and security are thoroughly assessed, demonstrating adherence to key requirements such as memoryless operation, user anonymity, mutual authentication, and resistance to various threats, including biometric tampering, stolen-verifier attacks, and insider attacks. Additionally, a comprehensive comparison with existing schemes highlights a balanced trade-off between security and efficiency.