Intelligent two-phase dual authentication framework for Internet of Medical Things

Sci Rep. 2025 Jan 12;15(1):1760. doi: 10.1038/s41598-024-84713-5.

Abstract

The Internet of Medical Things (IoMT) has revolutionized healthcare by bringing real-time monitoring and data-driven treatments. Nevertheless, the security of communication between IoMT devices and servers remains a huge problem because of the inherent sensitivity of the health data and susceptibility to cyber threats. Current security solutions, including simple password-based authentication and standard Public Key Infrastructure (PKI) approaches, typically do not achieve an appropriate balance between security and low computational overhead, resulting in the possibility of performance bottlenecks and increased vulnerability to attacks. To overcome these limitations, we present an intelligent two-phase dual authentication framework that improves the security of sensor-to-server communication in IoMT environments. During the registration phase, our framework is based on Elliptic Curve Diffie-Hellman (ECDH) for rapid key exchange, and during real-time communication, our framework uses the Advanced Encryption Standard Galois Counter Mode (AES-GCM) to encrypt data securely. The efficiency of the proposed framework was rigorously tested through simulations that evaluated encryption-decryption time, computational cost, latency, and packet delivery ratio. The security resilience was also evaluated against man-in-the-middle, replay, and brute force attacks. The results show that encryption/decryption time is reduced by over 45%, overall computational cost by 45.38%, and latency by 28.42% over existing approaches. Furthermore, the framework achieved a high packet delivery ratio and strong defense against cyber threats for maintaining the confidentiality and integrity of the medical data across IoMT networks. However, the dual authentication approach doesn't affect the functionality of medical IoT devices while enhancing IoMT security, which makes it an ideal integration option for existing healthcare systems.

Keywords: Cryptographic robustness; Cybersecurity; Dual authentication Framework; Health Data Protection; Internet of medical things; Sensor-to-server communication.

MeSH terms

  • Algorithms
  • Computer Security*
  • Confidentiality
  • Humans
  • Internet of Things*