Multi-factor user authentication scheme for IoT-based healthcare services

Due to the tremendous rise of the cloud computing and the Internet of Things (IoT) paradigms, the possibility of remote monitoring of the patients in real time by a remote Medical Professional (MP) has become feasible and patients can enjoy healthcare services at home. To achieve this, the patient’s medical data will need to be stored on the Cloud server. However, patient’s medical data stored on server are highly sensitive and, hence, the Cloud-IoT network becomes open to many attacks. For that reason, it must ensure that patients’ medical data do not get exposed to malicious users. This makes strong user authentication a prerequisite for the successful global deployment of centralized healthcare systems. In this paper, we present an efficient, strong authentication protocol, for the MP to access patient data for healthcare applications based on Cloud-IoT network. The proposed protocol includes: (1) three-factor MP authentication (i.e. password, biometrics and smartcard); (2) mutual authentication between MP and the cloud server; (3) establishes a secure shared session key; and (4) maintains key freshness. Furthermore, the proposed protocol uses only two message exchanges between MP and cloud server, and attains efficiency (i.e. low computation and communication costs). Through the formal analysis using AVISPA web tool, security analysis and performance analysis, we conclude that the proposed protocol is more secure against potential attacks and obtains a trade-off between security and performance cost for healthcare application using Cloud-IoT networks. © 2018, Springer International Publishing AG, part of Springer Nature.