Multi-factor authentication in the internet of healthcare things: An adaptive approach to improve dynamic security requirements

Author Identifier

Tance Suleski

Date of Award


Document Type

Thesis - ECU Access Only


Edith Cowan University

Degree Name

Master of Computing and Security by Research


School of Science

First Supervisor

Mohiuddin Ahmed

Second Supervisor

Wencheng Yang


Healthcare practices relying on vast amounts of digital data to be communicated, this is possible due to many interconnected devices, called the Internet of Healthcare Things (IoHT). IoHT devices such as tablets for personnel, monitors for patients or sensors that measure vital patient data are vulnerable to being compromised if weak authentication approaches are taken. Authentication has a significant role in security and computing, and many organisations and industries have begun adopting multi-factor authentication (MFA) standards within their security structures. However, most MFA solutions from a healthcare perspective are static, meaning they are often re-used and generic frameworks to accommodate their services to a vast range of industries. The healthcare industry relies heavily on these static MFA solutions leaving organisations vulnerable to having their authentication systems compromised In healthcare where there is a large reliance on IoHT devices, which can scale out of control for security systems and lead to sensitive information and data to be divulged, destroyed, or manipulated. Often industries implementing MFA practices, find it difficult for their users to adjust to their new security climate, and this leads to bad-practice and negligence, increasing the demand for intelligent authentication systems to reduce the risks that come with over-complicated security.

This research is used to propose a novel adaptive selection model, by identifying the knowledge gaps in existing MFA solutions to outline the importance for healthcare to use dynamic selection strategies. Specifically, the proposed model considers data classification of IoHT devices combined with feasibility validation of authentication factors constrained in healthcare environment for adaptive MFA applicability. This research examines the security needs of authentication systems from the standpoint of cyber-security and talking about the difficulties in the IoHT data domain by reinforcing an understanding of contextual factors. To achieve this we established the characteristics of the IoHT data architecture and classify them under a data model that can be used in IoHT paradigms. This thesis then analyses AMFA-IoHT data classification considering present issues and potential future developments with healthcare environments and use-cases to create algorithmic solutions for decision-making techniques in AMFA. Applying persistency as an adaptive metric, this research evaluates authentication factors, to justify their feasibility in healthcare practices regarding use cases in a typical healthcare environment such as working from home, remotely or in the office. The related work references “trustworthy” models, these have been identified as existing solutions in the field of adaptive MFA and have been improved by this research for healthcare. However, the current research lacks feasible solutions in the context of healthcare authentication practices and their methodologies, so they need to be tailored to IoHT configurations. Methodologies that only consist of single-factor based solutions such as password authentication, cause a wider attack-surface leaving organisations vulnerable to having weak security postures. The outcome of this research supports future research and development and create a foundation for a better understanding of adaptive selection models in healthcare contexts.



Access Note

Access to this thesis is embargoed until 22nd November 2028.

Access to this thesis is restricted. Please see the Access Note below for access details.