A security-enhanced ultra-lightweight and anonymous user authentication protocol for telehealthcare information systems

Authors

Dake Zeng
Akhtar Badshah
Shanshan Tu
Muhammad Waqas, Edith Cowan UniversityFollow
Zhu Han

Author Identifier

Muhammad Waqas: https://orcid.org/0000-0003-0814-7544

Document Type

Journal Article

Publication Title

IEEE Transactions on Mobile Computing

Publisher

IEEE

School

School of Engineering

RAS ID

76658

Comments

Zeng, D., Badshah, A., Tu, S., Waqas, M., & Han, Z. (2025). A security-enhanced ultra-lightweight and anonymous user authentication protocol for telehealthcare information systems. IEEE Transactions on Mobile Computing, 24(5), 4529-4542. https://doi.org/10.1109/TMC.2025.3526519

Abstract

The surge in smartphone and wearable device usage has propelled the advancement of the Internet of Things (IoT) applications. Among these, e-healthcare stands out as a fundamental service, enabling the remote access and storage of patient-related data on a centralized medical server (MS), and facilitating connections between authorized individuals such as doctors, patients, and nurses over the public Internet. However, the inherent vulnerability of the public Internet to diverse security threats underscores the critical need for a robust and secure user authentication protocol to safeguard these essential services. This research presents a novel, resource-efficient user authentication protocol specifically designed for healthcare systems. Our proposed protocol leverages the lightweight authenticated encryption with associated data (AEAD) primitive Ascon combined with hash functions and XoR, specifically tailored for encrypted communication in resource-constrained IoT devices, emphasizing resource efficiency. Additionally, the proposed protocol establishes secure session keys between users and MS, facilitating future encrypted communications and preventing unauthorized attackers from illegally obtaining users' private data. Furthermore, comprehensive security validation, including informal security analyses, demonstrates the protocol's resilience against a spectrum of security threats. Extensive analysis reveals that our proposed protocol significantly reduces computational and communication resource requirements during the authentication phase in comparison to similar authentication protocols, underscoring its efficiency and suitability for deployment in healthcare systems.

DOI

10.1109/TMC.2025.3526519

Access Rights

subscription content