A Post-Quantum Compliant Authentication Scheme for IoT Healthcare Systems
Morteza Adeli, Nasour Bagheri, Hamid Reza Maimani, Saru Kumari, Joel J. P. C. Rodrigues
Abstract
In an Internet of Things (IoT)-based healthcare system, medical IoT devices gather and transmit critical patient data. Ensuring the security and privacy of medical data is paramount. One of the most critical challenges in this regard is the authentication of participating entities. The literature proposes specific authentication approaches for healthcare systems based on integer factorization and discrete logarithm problems. However, the advent of quantum computers would fundamentally break all of these protocols. In this study, we conducted an analysis of a recently proposed authentication and access control scheme for e-health systems, which is based on lattice-based cryptography and was developed by Gupta et al. Our analysis revealed that the scheme is vulnerable to several types of attacks, including impersonation, de-synchronization, and smart card stolen attacks, which could compromise the confidentiality and integrity of sensitive medical data. To address these security challenges, we propose an alternative authentication and access control scheme that uses Saber, a finalist lattice-based key encapsulation algorithm from round three of the NIST post-quantum cryptography standardization. One of the biggest advantages of Saber is its simplicity and efficiency. Our proposed scheme is designed specifically for e-health systems and provides robust protection against the vulnerabilities identified in Gupta et al.’s scheme. We believe that our proposed scheme represents a significant improvement over existing approaches and could help to enhance the security and privacy of e-health systems. Upon completion of our improved protocol, we proceeded to implement it within the Vivado 2018.3 environment for Zynq UltraScale FPGAs. To gather insight into its performance, we conducted a performance comparison study with various related protocols.