A Lightweight Three-Party Mutual Authentication Protocol for Internet of Health Things Systems

Abstract

In Internet of Health Things (IoHT) systems, there is a two-hop network structure between the authentication server TA, Internet of Things Connector (IotC), and wearable sensor (WS). Attackers can use the sensor layer network (the first hop) between the IotC and WS to steal patient's health-related information and undermine the security of the system and the privacy of sensitive information. To address this threat, this study proposes a lightweight identity authentication and key agreement protocol for third-party authentication servers TA, IotC, and WS. The results of the formal security proof, BAN logic analysis, and AVISPA tool simulation show that the scheme proposed in this study has an ideal security performance and can meet the security requirements of IoHT. In terms of performance, the proposed scheme could dynamically construct a sensor layer network (the first hop) and offline networking according to the diagnostic needs of doctors. Compared with other related protocols, the proposed scheme can significantly reduce the computing resource requirements of IotC and server TA and the resource requirements of database I/O operation of server TA in the application scenario of concurrent access of multiple WS nodes.