Lightweight and Efficient Authentication and Key Distribution Scheme for Cloud-Assisted IoT for Telemedicine.

Medical Internet of Things (IoT) systems are crucial in monitoring the health status of patients. Recently, telemedicine services that manage patients remotely by receiving real-time health information from IoT devices attached to or carried by them have experienced significant growth. A primary concern in medical IoT services is ensuring the security of transmitted information and protecting patient privacy. To address these challenges, various authentication schemes have been proposed. We analyze the authentication scheme by Wang et al. and identified several limitations. Specifically, an attacker can exploit information stored in an IoT device to generate an illegitimate session key. Additionally, despite using a cloud center, the scheme lacks efficiency. To overcome these limitations, we propose an authentication and key distribution scheme that incorporates a physically unclonable function (PUF) and public-key computation. To enhance efficiency, computationally intensive public-key operations are performed exclusively in the cloud center. Furthermore, our scheme addresses privacy concerns by employing a temporary ID for IoT devices used to identify patients. We validate the security of our approach using the formal security analysis tool ProVerif.