Group-Based Ultralightweight Authentication Protocol for Telecare Medical Information Systems

Telecare medical information systems (TMIS) integrate telecommunication and information technology with Internet of Things (IoT) devices, such as wearable sensors, to enable the remote delivery of healthcare services by seamlessly collecting and transmitting health data to the system. However, the integration of IoT in e-health raises significant security concerns, including increased accessibility of patients’ private information to adversaries, inadequate authentication mechanisms, and high server time complexity. Addressing these challenges, we propose a new group-based ultralightweight authentication protocol (GBULAP) for TMIS. The protocol introduces a novel indexing mechanism for the medical server, enabling it to directly identify the doctor’s ID and thereby reducing server time complexity. Furthermore, it ensures robust authentication among the doctor, server, and patient. We conduct a comprehensive security analysis of the proposed protocol using the real-or-random (ROR) model and BAN (Burrows-Abadi-Needham) logic. The results confirm the protocol’s resilience against common attacks targeting TMIS and IoT systems. Furthermore, formal security analysis of GBULAP, conducted using the widely adopted AVISPA (Automated Validation of Internet Security Protocols and Applications) framework, confirms the protocol’s robustness against replay and man-in-the-middle attacks. Additionally, performance analysis demonstrates that the protocol significantly reduces processing and communication costs.