SHAHIN: A Secure Hash-based Authentication protocol for Heterogeneous IOMT-enabled Networks

The Internet of Medical Things (IOMT) revolutionizing healthcare by interconnecting medical devices, patients, and healthcare professionals into a comprehensive network. However, security concerns in resource-constrained IOMT devices (wearable and implantable sensors) pose significant challenges. These devices are vulnerable to common attacks like eavesdropping, replay, insider, impersonation, Man-In-The-Middle (MITM), and ephemeral secret leakage attacks. Mutual authentication and session key agreement between communicating entities offer a vital solution to counter these risks. This work addresses these vulnerabilities by proposing SHAHIN, a secure, lightweight, and hash-based authentication protocol for heterogeneous IOMT environments. SHAHIN facilitates mutual authentication between users/gateways and sensing devices with the support of remote health servers. It achieves this while adhering to stringent security and performance evaluation criteria. SHAHIN utilizes lightweight hash-based cryptographic operations to ensure efficient communication for resource-constrained devices. The proposed protocol's security is comprehensively evaluated using multiple approaches: informal analysis through expert knowledge, formal verification via the Real-Or-Random (ROR) model, and attack simulation using the AVISPA tool. The analyses demonstrate SHAHIN's robust security posture. Performance comparisons with existing schemes reveal that it achieves ۵%-۹۸% reductions in communication overhead compared to prior work.