The rapid assimilation of the Internet of Things (IoT), Cloud computing, and
Artificial Intelligence (AI) into healthcare has revolutionized patient monitoring and
remote medical assistance. The distinctive attributes of IoT networks (open and
heterogeneous) pose significant security concerns due to possible threats, such as manin-the-middle, replay, and denial-of-service attacks, compromising sensitive patient
information. In the proposed framework, an authentication protocol is designed that is
secure, lightweight, and efficient to establish a session key between the users and the
healthcare provider, and also ensures confidentiality and prevention of illegitimate
access to IoT sensor nodes. We prove, using the AVISPA tool, that the proposed
protocol is secure against common security attacks. They include an improved
resilience against the known attacks, computational validity to consider the execution
cost of the resource-constrained medical IoT devices, and diminished communication
overhead. Moreover, the protocol is designed to be scalable and cloud-compatible,
paving the way for secure integration with quantum-enhanced cloud AI healthcare
systems.
Keywords: Authentication protocols, Data encryption, Healthcare IoT, Lightweight cryptography, Medical data protection, Patient data security, Public key infrastructure (PKI), Secure communication, Smart devices Authentication, Two-factor authentication (2FA), User authentication, Zero trust architecture
