LSAP-IoHT: Lightweight Secure Authentication Protocol for the Internet of Healthcare Things

The Internet of Healthcare Things (IoHT) marks a significant breakthrough in modern medicine by enabling a new era of healthcare services. IoHT supports real-time, continuous, and personalized monitoring of patients’ health conditions. However, the security of sensitive data exchanged within IoHT remains a major concern, as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities. Potential threats include unauthorized access, device compromise, data breaches, and data alteration, all of which may compromise the confidentiality and integrity of patient information. In this paper, we provide an in-depth security analysis of LAP-IoHT, an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments. This analysis reveals several vulnerabilities in the LAP-IoHT protocol, namely its inability to resist various attacks, including user impersonation and privileged insider threats. To address these issues, we introduce LSAP-IoHT, a secure and lightweight authentication protocol for the Internet of Healthcare Things (IoHT). This protocol leverages Elliptic Curve Cryptography (ECC), Physical Unclonable Functions (PUFs), and Three-Factor Authentication (3FA). Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random (ROR) model. The results demonstrate strong resistance against man-in-the-middle (MITM) attacks, replay attacks, identity spoofing, stolen smart device attacks, and insider threats, while maintaining low computational and communication costs.