Intelligent two-phase dual authentication framework for Internet of Medical Things

The Internet of Medical Things (IoMT) is deemed necessary and a bringing-on participant in the Internet of Things (IoT) ecosystem. Therefore, the healthcare technology landscape is now profoundly changed¹. Modern e-healthcare focuses on a broad spectrum of hardware and software tools, all of them utilizing state-of-the-art online networking coupled with other IT healthcare systems². The total area of focus of IoMT goes even beyond wearable biosensors to include remote patient monitoring devices and implantable applications³. Moreover, the most incredible and exciting goal that applying IoMT yields is reforming the healthcare service provision. Traditional healthcare technologies, restricted by geographical and logistical conditions, will now be liberated and orbit the body of the Internet of Things⁴. The credibility of IoMT, which consists of remote tracking technologies, would enable physicians to supervise patient health data collection beyond conventional clinical settings⁵. This transformation brings instant feedback about the patient’s health status and is also used to identify the early signs of health risks. For example, wearable devices, including smartwatches and fitness trackers, can monitor important vitals like heart rate and blood oxygen levels believed to be coronavirus complications⁶. Besides, the IoMT is like the higher intelligence capabilities of medical diagnosis. Those high-performing medical devices connected to the IoMT can send the patient’s data to medical professionals in the blink of an eye for an elaborate and faster diagnosis⁷. Diagnostics’ immediacy and high-level precision make them very important in chronic disease management, where early diagnosis and continuous monitoring would be preferable and more probable to provide a better treatment outcome. IoMT offers the opportunity to implement targeted strategies that make using data to deliver treatment possible. The huge volumes of health data generated and collected by IoMT devices can support the personalization of treatments based on the needs of each patient, improving the outcomes of medical treatments⁸. This personalization is not just limited to drugs and psychological treatments, but it is also in the recommendations about your lifestyle and prevention of diseases. Recent surveys indicate that the IoMT’s technologies are critical in real-time health monitoring and timely medical interventions⁹. The ability to consistently track and quickly respond to patient needs has made therapeutic delivery more efficient, reduced the time patients spend in the hospital and enabled a better quality of life for these patients. These technological developments in the healthcare industry positively impact patients and help improve the effectiveness and rationalization of healthcare resources, resulting in optimized healthcare delivery that is both more efficient and cost-effective. Though IoMT ensures significantly beneficial offerings in healthcare, the security and privacy of sensitive health data have become some of the biggest issues¹⁰. The shared features of IoMT networks, which send and receive constant health data over the networks, imply the strong risk of cyber threats like hacking, unauthorized access, and cyber-attacks¹¹. This vulnerability implies implementing mechanisms to protect the patient’s health information; this may also lead to potentially life-threatening situations. An extensive study of this matter emphasizes the riskiness of IoMT devices when applying different cyber-attacks. It must be remembered that there is a misalignment in security measures¹². These devices, vital to gathering and communicating security-sensitive data, such as personal health information (PHI), are particularly vulnerable to cybercriminals. The notion of critical privacy violation occurs when this upheaval information is illegally accessed, threatening the potential of bad applications^13,14. This case represents the necessity of employing new authentication procedures within the framework of IoMT. Authentication is like a first line of defense, which stops unauthorized access to medical devices and the highly confidential data with which they work. Each entity in the ecosystem, like a device, healthcare provider, or patient, can be conveniently identified with effective authentication mechanisms before allowing access to data or control functions^2,11,15. The IoMT, which involves an automated execution of actions and decision-making based on gathered data, straightforwardly explains the point for highly secure authentication. Maintaining the integrity and confidentiality of this data is the most important matter because any intrusion or tapping could lead to wrong diagnosis or inappropriate treatment decisions^16,17. Consequently, the utilization of advanced authentication protocols is critical in maintaining the integrity of the data by assuring that all the data flowing through the network is from legitimate sources and does not get compromised in the transfer process. There can be another reason that ensures the need for varied authentication in IoMT is meeting regulatory requirements and data protection laws. To ensure the privacy and security of patient health information, stringent privacy rules are enforced in the medical field. For instance, in the United States, the Health Insurance Portability and Accountability Act (HIPAA) mandates a single proven authentication mechanism as well as other secure technologies¹⁸. Failure to abide by these rules can bring lawsuits, legal consequences, and loss of customer confidence. The broad-based utilization of IoMT in the field of medicine and the significant role that data security plays in this field pose an even wider problem; in the context of the current research, the following interconnected objectives can be stated: The primary objective is to develop a dependable network system that would be compatible with IoMT, and hence, secure the transmission of data within the healthcare setting. The defense mechanism used combined elliptic curve cryptography (ECC), which makes the tasks of secure key exchange and Advanced Encryption Standard Galois Counter Mode (AES-GCM) for strong encryption. Therefore, it provides an adequate resource to accommodate IoMT devices. In addition, this study focuses on implementing the Message Queuing Telemetry Transport (MQTT) standard and precisely tests its impact on security and efficiency leaps in the context of IoMT. The study includes a detailed security analysis designed to detect and prevent any vulnerabilities, which, in turn, would protect traces of health information from falling into the hands of unauthorized individuals. The research points out in the final part that the functionality of these security measures taken upon devices also impacts their performance. This study also aims to provide both efficient security and fluid operations symmetrically. Thus, the research directs to provide a useful contribution to the IoMT’s security, which in turn allows the introduction of safe healthcare technology and makes society trustful. The key contribution of this study is as follows.

• The study presents a new framework that divides the authentication process into two separate phases: initial registration and real-time ongoing communication. The two-phase approach provides robust security from the start and throughout the device’s operations.

• The framework takes advantage of lightweight cryptographic techniques adapted for low-power devices focused on minimizing computational load and latency. It is well suited for continuous real-time monitoring without adversely impacting security or draining device resources.

• The framework is designed to cope with communication between multiple devices efficiently and scales well from small to larger IoMT networks. This scalability provides consistent performance and security as the number of connected devices increases.

• The framework uses strong encryption and key management and thus effectively countermeasures the most well-known cyber threats, such as man-in-the-middle attacks, replay attacks, and brute force attacks. This layered approach means even if one security measure fails, there are still others in play.

Through a detailed analysis of the Framework and simulations, this work demonstrates that the proposed Framework is feasible for securing IoMT communications without degrading the performance of devices.

The dual authentication Framework for IoMT security comprises two main phases: registration and real-time communication. During the registration phase, the devices are authenticated for the first time using ECDH for the private key exchange, and each device is given a unique ID and checked against the legal devices list. The real-time communication phase uses AES-GCM to encrypt the data during transmission. This is achieved by maintaining continuous authentication of the device’s unique ID and MAC address to allow the device to communicate securely within the network. This multi-layered approach greatly increases the level of data protection and the device’s resistance to unauthorized access and other threats.

The rest of the paper is organized as Sect. 2 will go through the related work. Section 3 presents a designed Framework incorporating cryptographic techniques through protocols. Algorithms and techniques will be provided in detail. Section 4 presents the Framework’s performance, and security and efficiency will be analyzed based on its comparative analysis with the existing ones. The final part of this research paper will summarize the key findings, provide optimizing tips, and include directions for future research.

Integrating IoMT into healthcare systems has greatly improved how medical services are delivered, patients are monitored, and health data is managed. Despite many benefits, the security of the transmission of health data is the most daunting challenge that IoT-driven healthcare has to tackle. In this section, experiments on currently available authentication Frameworks in IoMT are demonstrated, and the contributions and limitations of these Frameworks in cybersecurity are described. The foundational work of Amin and Biswas¹⁹ proposed a lightweight authentication protocol for IoMT-based devices, which is meant to decrease the burden on these devices, which, due to their resource-constrained nature, often suffer from limited computing and storage capabilities. Similarly, Imoize et al.²⁰ presented the idea of an ECC-based secure and power-efficient authentication Framework for wearable health data systems in which power consumption and security are two key criteria. These studies prove the necessity of a balance between security and operational performance in the process of designing security systems for IoMT. The application of Elliptic Curve Cryptography (ECC) to the IoMT has been explored extensively. It has strength in its relatively short key sizes but performs efficiently in constrained surroundings. Chatterjee et al.²¹ recently proposed an ECC-based framework for IoMT that provides secure sensor data transfer, comparing the hierarchical time-sensitive nature of ECC and other conventional-based RSA algorithms in terms of speed and security. This method has been initially observed to have an increased security level compared to a single authentication algorithm. Dual authentication Frameworks have emerged to enhance security further by requiring two forms of verification. Jiang et al.²² explored a dual-factor authentication mechanism that combines biometrics with ECC for secure patient data access. This approach adds a layer of security and introduces the challenge of seamlessly integrating biometric verification into IoMT devices.

The latest research efforts raised the bar in authorization methods and improved the security and flexibility of the IoMT networks. On the other hand, Al Omar et al.²³presented a blockchain-based authentication mechanism that uses blockchain to create a decentralized system where each node delivers services without a centralized authority. This operation ensures the system is reliable at points of failure and gives a new path for the IOMT user data checks²⁴. A quantum computer is so powerful that it can break the encryption key held by other computers. It is, therefore, important to have quantum-resistant cryptographic Frameworks in light of the IoMT, according to research by Sajimon and colleagues²⁵. PQC is a way for society to shift security algorithms and overcome the possibility of quantum computer attacks. This procedure is often referred to as futureproofing of IoMT security. The work of these researchers demonstrates the necessity of shifting to quantum-safe computational techniques as a precondition for mitigating rising and futuristic computational threats against IoMT systems. The increasing use of highly sophisticated cryptographic Frameworks by IoMT infrastructure introduces significant obstacles at various process stages. Serrano et al. in²⁶ integrate advanced authentication protocols (e.g., biometrics and blockchain) into IoMT. They discussed the difficulties of making such protocols compatible, scalable, and accepted by users. These realizations indicate that one of the most important things is to have standards and frameworks for industry that allow a binding and unified implementation of new security tools and technologies. Besides authentication, identifying irregular activity patterns in the ___domain of IoMT networks is another crucial cybersecurity task. Rbah et al.²⁷ utilized machine learning to spot deviations from regular patterns that can signal hacking events, highlighting the potential of AI complementing cryptographic methods of securing IoMT devices. Such a method highlights the highly flexible security model, where ongoing relevant monitoring and timely dynamic response are critical.

As quantum computing technology advances, traditional cryptographic methods like ECC and RSA risk becoming obsolete, necessitating the shift towards Post-Quantum Cryptography (PQC). PQC algorithms are designed to resist attacks from quantum computers, ensuring long-term security for IoMT networks. Recent research has highlighted various PQC approaches, including lightweight group authentication over lattice²⁸and efficient CL signature schemes²⁸, which offers strong security for resource-constrained devices. Other studies have proposed high-performance identity-based quantum signature protocols²⁹and blockchain-based data auditing systems that leverage PQC to secure IoMT environments against emerging quantum threats³⁰. These works underscore the need for integrating PQC into future IoMT frameworks to maintain data integrity and confidentiality.

Given the resource limitations of IoMT devices, there is a need for Lightweight Cryptography (LWC) to provide secure communication with minimal energy consumption. Recent studies have explored various LWC approaches, such as hybrid communication frameworks for the Internet of Nano-Things³¹and efficient, low-power authentication protocols for patient monitoring³². Additionally, research on quantum-safe encryption schemes³³and lattice-based signature systems³⁴ highlights LWC’s potential to enhance security while remaining energy-efficient, making it an essential focus for future IoMT implementations.

A comparative analysis was conducted to understand better the landscape of existing authentication mechanisms in IoMT systems. Table 1 summarizes various approaches’ strengths, limitations, and scalability, providing insights into the research gaps that must be addressed.

While these studies contribute significantly to IoMT security, they often focus on specific aspects of the authentication process, such as system efficiency or robustness. However, there remains a gap in addressing both components holistically and comprehensively.

This section presents the details of the proposed dual authentication Framework. Herein we explained cryptographic techniques and communication protocols used to enhance the security and efficiency of IoMT operations. A dual authentication Framework is presented to promote the security of medical things on the Internet. A fundamental component of our vision is a safe interactions design, which meets the ever-growing needs of managing patient data safety. The methodology involves deploying sophisticated cryptographic functions and state-of-the-art communication protocols to protect medical data from cyber threats. This structured method is the foundation of the objective of IoMT applications about the concordance between security and operational efficiency. Security is not the only parameter; data is transmitted seamlessly and reliably. This research methodology is based on the concepts of modern cryptography, which are important network security assets and our contribution to the safe IoMT. Figure 1 illustrates the secure communications framework that combines the latest cryptography and communication technologies at the backbone of the loMT infrastructure.

In developing the IoMT environment’s initial security protocol, the MQTT for efficient and secure communication is added in detail. Then, the process is strategically separated into two essential phases to ensure a secure and efficient operation: from the registration phase to the real-time communication phase. This independence helps the IoMT association to be an entity that can provide a secure platform for communication.

Proposed framework.

Full size image

MQTT for efficient and secure communications

MQTT protocol emerges as playing a major role. It has become important in the IoMT, where data transmission is safe, secure, and effective. It is multi-purpose in this research, though, starting from the registration of the device and continuing with the transmission of data throughout the experiment. MQTT is feature-packed, with less weighted characteristics and efficient designs to meet the needs of IoMT devices whose operating systems are not too powerful and are limited to bandwidth usage. The provided research uses MQTT as a technology component that helps transmit important medical information, such as patient vitals charts and monitoring metrics, from sensors and nodes to the central server. The topic-based message is another important feature of the protocol through which sensor nodes can encrypt and push in their medical data on specific topics. The server then subscribes to this topic for accurate data routing and reception.

Initially, MQTT is instrumental in exchanging messages crucial for device authentication, including transmitting public keys and registration requests from sensors to the server. This setup is essential for establishing a secure and trusted network of authenticated devices. Post-registration, during the real-time communication phase, MQTT comes to the forefront in managing the transmission of encrypted medical data. Its reliability and efficiency are vital in ensuring consistent delivery of sensitive data to the server. Once decrypted and processed, this data becomes integral to patient care and medical decision-making. Algorithm 1 presents the MQTT process in detail.

In MQTT, devices are categorized as publishers and subscribers.

1. 1.

   Publishers send messages about specific topics. When a device, such as a sensor, detects medical data and sends it to the server, it must publish the data on the topic.

2. 2.

   Subscribers express interest in specific topics and receive published messages. Now, the broker has received the data on the topic. It will simply route that data to the topic’s subscribers.

MQTT.

Full size image

continued.

Full size image

Registration phase

During the registration phase, the process is carried out in the following steps: Step 1: The device initiates the process by sending a registration request to the server, which includes its MAC address. Step 2: The server verifies the MAC address against the legitimate device list to ensure the device’s authenticity. Step 3: Once verified, the request is forwarded to the administrator for approval. The administrator either approves or denies the registration based on predefined criteria. Step 4: A unique ID is assigned for approved devices, and their status is updated to reflect their inclusion in the network. After those foundations are secured by exchanging the keys through ECDH, the methodology proceeds through the registration phase, as shown in Algorithm 2. This state is crucial because it only authenticates sensors that participate in the IoMT network, helping achieve better security for the whole system. The registration phase includes device registration and server-side categorization process.

The registration normally starts when the server gets \(\:Registration\_request\) on the \(\:Registration\_request\) topic from sensor nodes bearing their MAC address as a symbol of their willingness to be part of the network. If the MAC address matches any sensor_public_keys, the server can ascertain that the sensor has concluded the initial key exchange. Having the request verified, an administrator will give the final manual approval or denial by deciding if the sensor makes the cut and joins the network. The sensors that have been approved are assigned a Unique ID, and their network status gets authorized through the \(\:Registration\_response\) topic.

Simultaneously, the server is in the process of compiling the ‘Legitimate Sensor List’ and ‘Blacklist’, respectively, during the Registration Phase, which serves as the central entity making all the decisions regarding the sensor’s status on the network. Authorization sensors go to the ‘Legitimate Sensor List’ where their MAC addresses, shared secrets, and unique IDs are recorded and could be used for their identification and management during real-time communication. In contrast, the stations that did not approve the registration for safety reasons were blocked, and the network access was thus denied. However, this server-side categorization is a cornerstone for network security by simplifying sensor entry and authorization and placing it on a singular agent who identifies which sensors can access the network.

Registration Phase.

Full size image

Figure 2 illustrates the registration communication flow in an IoMT system, where a sensor sends a registration request to the server using the MQTT protocol, and upon receipt, the server processes this request, deciding whether to add the sensor to a blacklist or a legitimate device list or to prompt user intervention for registration approval.

Registration phase.

Full size image

Elliptic curve Diffie-Hellman (ECDH) key exchange

The Elliptic Curve Diffe-Hellman (ECDH) key exchange provides the basis of the proposed secure communication methodology in the IoT context. ECDH is a cryptographic technique based on elliptic curves (ECC), designed to secure key derivation between communicating nodes.

The foundation of ECDH relies on the fact that an elliptic curve is mathematically defined by the equation \(\:{y}^{2}\equiv\:\:{x}^{3}+ax+b\:\left(mod\:p\right)\) where \(\:a,\:b\), and \(\:p\) are parameters that define the specific curve. This curve provides the cryptographic framework for generating keys and performing secure operations, as shown in Fig. 3.

Elliptic curve.

Full size image

Key pair generation

In the ECDH process, each communication node, including sensors and the server, generates a public-private key pair:

• Sensor and server generate the handling keys named \(\:{p}_{s}\) and \(\:{p}_{j}\), respectively. These keys are non-cryptographic random integers from the range \(\:[1,\:n\:-\:1],\) where n is a prime number related to the elliptic curve.

• Public Key Derivation: The public keys are derived from their corresponding private keys. The sensor’s public key \(\:{Q}_{s}\) is calculated as \(\:{Q}_{s}\:={P}_{s}\:\:\times\:\:G\), and the server’s public key \(\:{Q}_{J}\) is determined as \(\:{Q}_{J}\:={P}_{j}\:\:\times\:\:G\). Here, G is the base point on the elliptic curve, a pre-defined point associated with the curve parameters.

Secure key exchange and shared key derivation

This section explains the secure exchange of public keys between the sensor and the server, employing the robustness of ECDH for establishing a shared secret key, as shown in Fig. 4. The focus here is on the cryptographic process that enables both entities to derive this shared key securely, essential for maintaining the confidentiality and integrity of the data transmitted across the IoMT network. It delineates the steps taken to ensure that even if public keys are intercepted, the non-repudiation and authenticity of the communication are not compromised, thus upholding a high-security standard within the IoMT ecosystem.

• Public Key Exchange: The sensor and the server exchange their public keys. The sensor shares its public key \(\:{Q}_{s}\), and the server shares its public key \(\:{Q}_{sj}\).

• Shared Key Derivation: Following the public key exchange, each node computes the shared secret key. The sensor node calculates the shared key \(\:K\) by combining its private key \(\:{p}_{s}\) with the server’s public key \(\:{Q}_{sj}\), resulting in \(\:K\:=\:{p}_{s}\:\times\:\:{Q}_{sj}\). In parallel, the server calculates the shared key using its private key \(\:{p}_{j}\) and the sensor’s public key \(\:{Q}_{s}\), leading to \(\:K\:=\:{p}_{j}\:\times\:\:{Q}_{s}\).

• \(\:{Server\:has\:Q}_{s}={P}_{s}\:.\:\:G\) and \(\:{Sensor\:has\:Q}_{j}={P}_{j}\:.\:\:G\), The Shared secret for the sensor and server can be expressed as:

Key Generation and Exchange Processes.

Full size image

Real-time communication phase

During the real-time communication phase, the process follows these steps: Step 1: The sensor collects medical data in real-time, such as vital signs, and encrypts it using the Advanced Encryption Standard in Galois Counter Mode (AES-GCM) to ensure data confidentiality and integrity. Step 2: The encrypted data, along with the device’s unique ID, is transmitted securely to the server using the MQTT protocol, which facilitates reliable and efficient communication. Step 3: Upon receiving the data, the server verifies the device’s legitimacy by checking its unique ID against the legitimate device list. Once authenticated, the server decrypts the data for processing and analysis. This structured approach ensures that sensitive medical data is securely transmitted and accessed only by authorized entities, maintaining the confidentiality and reliability of the IoMT network. After successfully navigating the registration phase, the methodology progresses to the real-time communication phase. This phase refers to the stage of data exchange between the authenticated and registered devices that reside in the IoMT network. The phase of real-time communication has become very important for transmitting medical data. To ensure security and efficiency, this phase is logically divided into two subphases: at the Sensor, Data Collection, and Encryption; at the Server, Data Receiving and Decryption. Each phase of the protocol involves particular tasks, and various cryptographic algorithms are used to keep the integrity and confidentiality of medical data secure, as shown in Fig. 5.

Real-Time Communication.

Full size image

Data collection and encryption at the sensor

In this sub-phase within the IoMT environment, the sensor nodes play an important role in the real-time collection of vital medical data, such as heart rate and blood pressure. This continuous surveillance will enable proper health control and timely decision-making in medical contexts. Once collected, the data is serially formatted into a digital format, usually a byte stream, preparing it for secure transmission. This is the part of encryption where the raw health metrics are transformed into a format that can be encrypted and processed further.

In IoMT structure, a set of node \(\:S=\:{S}_{1,},\:{S}_{2},\:\dots\:.{S}_{n}\}\) responsible for real-time monitoring of essential medical data \(\:{D}_{i,}\:=\:{D}_{i1,},\:{D}_{i2},\:\dots\:.{D}_{in}\}\) for each sensor \(\:{s}_{i}\)​. Thereby, metrics like oxygen saturation and blood pressure become byte-streams \(\:{B}_{1,}\)through a function \(\:\::\:{D}_{i,}\to\:{B}_{i},\:{MAC}_{i}\)​, preparing them for secure encryption and transmission.

The AES-GCM is applied to encrypt \(\:{B}_{i}\)​, resulting in \(\:{C}_{i}=AESDCM\:({B}_{i},\:S)\)​, where \(\:S\)is the shared secret established through the ECDH key exchange, \(\:S=ECDH\:\left({P}_{si},{Q}_{ji}\right)=ECDH\:({P}_{ji},\:{Q}_{si})\). This key exchange involves the private and public keys of the sensor \(\:({P}_{si},\:{Q}_{si})\). and the server (\(\:({P}_{ji},\:{Q}_{ji})\). ​), ensuring data confidentiality and integrity.

The encrypted data \(\:{C}_{i}\)​, along with the plaintext transmission of the sensor’s Unique ID \(\:{U}_{i}\)​, is transmitted to the server using the MQTT protocol, \(\:T({C}_{i},\:{U}_{i})\). This ensures the secure and efficient delivery of encrypted medical data from the sensors to the server.

Data receiving and decryption at the server

Upon receiving data \(\:({C}_{i},\:{U}_{i})\), Server \(\:j\:\)extracts \(\:{U}_{i}\) To identify the sending device. This extraction can be represented as \(\:{U}_{i}=\:{T}^{-1}\left(T\:\right(\left({C}_{i},\:{U}_{i}\right))\). where \(\:{T}^{-1}\) signifies the inverse transmission function, isolating \(\:{U}_{i}\) From the transmitted data. The server then consults a ‘Legitimate Device List’ to verify the authenticity of \(\:{U}_{i}\). This verification process is modeled as a function \(\:v:\:{U}_{i}\to\:\left\{\text{0,1}\right\},\:\)​where \(\:v\left({U}_{i}\right)=1\:if\:{U}_{i}\in\:\:L\:\)(device is legitimate), and \(\:v\left({U}_{i}\right)=1\) otherwise.

Given a legitimate device \(\:\left(v\right({U}_{i})=1)\) the server proceeds to decrypt the payload \(\:{C}_{i}\) using the shared secret \(\:S\) associated with \(\:{U}_{i}\). This decryption is defined by \(\:{B}_{i}={AES}_{GCM}^{-1}({C}_{i},\:S)\), Where \(\:{AES}_{GCM}^{-1}\) denotes the decryption process under AES-GCM with the key \(\:S\) yielding the original byte stream \(\:{B}_{i}\).

Within \(\:{B}_{i}\), the embedded sensor’s MAC address, denoted as \(\:{MAC}_{i}\) and the medical data \(\:{D}_{i}\) can be further isolated, represented as \(\:{B}_{i}=\)\(\:{MAC}_{i},\:{D}_{i}^{{\prime\:}}\), where \(\:{D}_{i}^{{\prime\:}}\)signifies the decrypted medical data and makes it ready for processing. The extraction of \(\:{MAC}_{i}\) from \(\:{B}_{i}\) can be mathematically noted as \(\:{MAC}_{i}=\:\mu\:{B}_{i}\:\:\) with \(\:\mu\:\) is the extraction function of the MAC address.

After retrieving \(\:{MAC}_{i}\), a secondary authentication checks \(\:{MAC}_{i}\)​ against the server’s records, a step we can denote as \(\:a:\:{MAC}_{i}\:\to\:\left\{\text{0,1}\right\}\) where \(\:a\left({MAC}_{i}\right)=1\) indicates a match (hence, authentic), and \(\:a\left({MAC}_{i}\right)=0\) indicates no match.

This dual authentication process, first via \(\:{U}_{i}\) and then through \(\:{MAC}_{i}\), mathematically formulated as \(\:v\left({U}_{i}\right)\:\wedge\:\:a\left({MAC}_{i}\right)\), Where \(\:\wedge\:\) denotes the logical AND, ensuring that only data from authenticated devices are processed, enhancing the security and integrity of the IoMT network.

Furthermore, each decryption event is meticulously logged, involving parameters such as decryption time \(\:\tau\:\:\)and payload size \(\:\sigma\:\), encapsulated in a log entry \(\:{L}_{e}=\{\tau\:,\:\sigma\:,\:{U}_{i},\:{MAC}_{i}\}\)_, where each component captures a crucial metric for performance monitoring and integrity assurance within the IoMT ecosystem.

Furthermore, the server holds the Data Frame with the relevant processed medical data, unique IDs, and timestamps that are periodically saved for ongoing analysis and accurate record-keeping. This is the case in healthcare services, where correct and factual information is important in decision-making to avoid mistakes.

Simulation environment

Our research validated the effectiveness of a secure communication framework tailored for the IoMT. The cornerstone of our methodology was a Python-based simulation crafted to mimic the intricacies of IoMT device-server interactions with high fidelity. This simulation environment was designed to reflect realistic operational conditions of IoMT networks, including their communication protocols and data handling practices. By simulating the IoMT ecosystem, we aimed to evaluate our framework’s capacity to bolster IoMT security against a spectrum of cyber threats, thereby ensuring the confidentiality, integrity, and availability of medical data. The simulation was set up to mimic real healthcare scenarios in that it involves continuous real-time monitoring and data exchange between wearable devices and centralized servers.

Simulation tools and libraries

The simulation model we have designed exploits sets of crucial technologies and libraries to obtain an IoMT atmosphere. The Paho MQTT Library supported device-server interactions that were more real with the MQTT protocol, known for its unique light server. Cryptography Library is a set of functions that provide confidential and effectual keys and encryption. This ensures safe communication and data privacy. The Threading Library handling of parallel processing, meaning concurrent operations of different IoMT devices, tried to emulate. The Time and Random libraries demonstrated operation delays and data scenarios resembling unpredictability. Ultimately, the JSON Library became crucial because of its serialization abilities. This means data transfer is easy, and the data is handled in a way that accurately depicts IoMT prompts. The simulation’s key components were selected to balance realistic operation and controlled testing conditions.

Definition of simulation parameters

In our study, original parameters were settled to mirror the features of real IoMT architectures. These parameters were selected to indicate the sensor network’s area coverage, node distribution, power consumption per node, and communication features of the typical sensor network. Table 2 lists the parameters and their values, reflecting typical conditions in healthcare IoMT systems, to ensure precise and relevant performance evaluation.

In this section, we analyze the performance of the proposed framework. Here, the outcomes of the simulation studies are presented, assessing the authentication protocol’s effectiveness, efficiency, and security within the IoMT context. The discussion interprets the empirical data—focusing on the computational cost, latency, packet delivery ratios, and energy consumption—to evaluate how the Framework meets the rigorous demands of real-time medical data processing and transmission. The system’s resilience against various cyber threats is also examined, showcasing the robustness of the proposed solution in protecting sensitive health information in IoMT networks.

Performance of the proposed dual authentication Framework

The proposed dual authentication Framework is assessed in terms of its efficiency and feasibility by examining its performance against several critical parameters. Such a careful examination illuminates the proposed system’s computational performance and overall flexibility against the harsh environment of the IoMT.

Computational cost

The computational cost is an indicator for the evaluation process, helping us measure the overall resources needed for encrypting, decrypting, and key exchange operations, which are all very important parts of the proposed dual endorsement protocol. This means that the average computational cost of the base on the simulation with the whole energy and time of the cryptographic processes have been applied. The average computational costs are summarized in Table 3.

The average encryption and decryption times of 0.23 ms and 0.20 ms, respectively, demonstrate processing efficiency with the advantage of being computationally burden-free for IoMT devices. Furthermore, our Framework favors the instantaneity of data processing and transmission with an average computational cost of 0.42 and a transmission delay of only 14.59 milliseconds. This ensures real-time healthcare delivery and quick response to data collected from IoMT devices.

Latency (end-to-end delay)

Latency or end-to-end delay has become the paramount factor in assessing communication protocols. This issue is especially acute in the case of IoMT solutions, where real-time data routing is crucial for health conditions. This approach gives the precise value of the time delay, an essential factor for assessing the proposed authentication mechanism’s real-time performance. Table 4 summarizes a detailed insight into the latency performance of the proposed Framework.

The simulation data proves the ability of the proposed dual authentication mechanism with a low average end-to-end latency of 14.59 ms to complete its task speedily. Such a performance is vital for IoMT systems that use real-time data flow to empower timely patient monitoring and prompt decision-making. The low variance in latency (shown by the standard deviation) once again confirms the dependability and persistence of the system when dealing with different system conditions.

Figure 6 doesn’t highlight the low latency of the proposed authentication mechanism. Still, it also shows that the performance is consistent among all simulation runs, a key factor that should be met in real time for IoMT applications. Moreover, the breakdown of delays from encryption to transmission and then to decryption provides valuable insights into the efficiency of each process within the proposed Framework. The consistently low delays across these stages indicate the optimized cryptographic operations and the effective use of the MQTT protocol for data transmission.

Latency distribution across simulations.

Full size image

Average packet delivery ratio (APDR)

APDR is considered a critical parameter in assessing the reliability of data transmission in the IoMT, considering the number of successfully delivered or dropped data packets from source to destination. Abnormally high PDR is evidence that the communication system is effective and thus allows for confirming the dominance of data integrity. The simulation results give a detailed view of the proposed dual authentication technique performance, particularly emphasizing packet delivery rate success.

Table 5 illustrates a PDR of 99.8%, which indicates the proposed dual authentication Framework’s outstanding functionality in correctly transmitting the IoMT network’s data. With an almost perfect score, the invariance in PDR highlights the Framework’s resilience, particularly in maintaining the data’s accuracy in complex operational scenarios. This level of reliability is extremely important in IoMT systems, where data transmission fidelity directly impacts patient monitoring and healthcare decision-making.

Figure 7 represents the PDR for several simulation runs exhibiting the highest performance for the proposed communication system under various network conditions. As expected, the successful and failed packet delivery data gives a clear picture of the system’s day-to-day interactions, suggesting that the cryptography and network management policies utilized in the hypothetical scenario were efficient. This applies to the secure encryption of data packets and their efficient and reliable routing to the destined goal, even in the presence of disruption on the network.

Packet Delivery Ratio Distribution.

Full size image

Communication cost

Within the context of IoMT, communication cost refers to the resources required to transfer data between IoMT devices and servers. That involves the energy consumption of sensors and servers during data encryption, transmission, decryption, and bandwidth utilization over the network. Minimizing communication cost is a primary focus as it directly impacts the battery life of medical devices and, consequently, the scalability of IoMT solutions. The simulation results provide a deep insight into the communication costs assigned to our dual-authentication method, increasing our knowledge about its operational effectiveness. The results are summarized in Table 6.

The proposed dual authentication Framework improves the suitability of communication cost optimization for IoMT systems. The average energy consumption for sensors and servers shows that the Framework could be ideal for sending signals in an environment with limited resources, where batteries are used to transport medical accessories. Furthermore, the fact that low bandwidth consumption is a characteristic of efficient data transmission is crucially necessary for lowering network congestion and allowing the implementation of larger IoMT solutions. Network security, with its corresponding bandwidth, sensor usage, and server energy consumption, is presented in Fig. 8.

Communication cost visualization.

Full size image

The proposed dual authentication Framework efficiently achieves a balance between the minimization of resource consumption and high transmission reliability.

Security analysis

In the constantly changing world of IoMT, providing security from the explosion of cyber threats has become a top priority. The IoMT security framework we propose is meant to harden the security perimeter by adding another layer of authentication, protecting patient data, and ensuring the devices are safe. The next part of the security analysis of the proposed Framework will be devoted to its protection against particularly salient cyber-attacks. The high resilience of our dual authentication method to cyber-attacks is a central part of the security analysis we are conducting. Spoofing, tampering, and denial of service are real concerns for IoMT systems, as they can lead to data leakage and unauthorized access to patients’ medical data. These attacks are discussed systematically in Table 7, where every type of attack clarifies the testing methodology, tools used, and the corresponding elements of the framework protective measures.

The next step involves the resistance assessment, where we simplified the cyber-attack scenarios for prompt l trialing by carrying out simulations on man-in-the-middle attacks, brute-force attacks, and replay attacks, summarized in Table 8. These simulations tested the effectiveness of the project in discovering, preventing, and resolving security incidents.

Finally, we evaluate the security resilience of our framework under common cyber threats through an analysis with the STRIDE and Dolev–Yao models. Through this evaluation, we can determine the mitigation levels for different threat categories and the framework’s strengths and areas for improvement. Figure 9 summarizes the mitigation levels for each threat, showing that our framework effectively mitigates spoofing, tampering, information disclosure, and other vulnerabilities.

Security resilience evaluation against STRIDE and Dolev–Yao threat models.

Full size image

Table 8; Fig. 9 confirm that our dual authentication framework has strong potential to mitigate many cyber threats to IoMT devices and their data. As can be seen in Table 6, there is 100% success in defending against Man-in-the-Middle and Replay attacks, which proves the strength of our cryptographic protocols and key exchange mechanisms. For instance, our encryption techniques have a 99% success rate against brute force attacks, reinforcing that our encryption techniques are effective but should also constantly adapt to the changing threat landscape. Figure 9 shows the high mitigation levels for most threat types, highlighting the system’s reliability as a trusted security mechanism for data integrity and confidentiality critical to patient safety. Taken together, these findings demonstrate not only that the proposed framework can effectively be used as a reliable deterrent against cyber threats, but also demonstrate that it offers a solid basis for the securement of critical health applications within the IoMT ecosystem.

Comparative analysis with existing systems

The IoMT continues to emerge fast, so the security and efficiency of communication systems have become a priority. The goal is to introduce an authentication system to keep data handling and security measures within the double sector. While the comparison with existing systems is essential to show the strong points of the proposed system, one more thing worth mentioning is that it is necessary to have a comprehensive review of these systems. Through this analysis, the proposed Framework is shown to be more individual-friendly, secure, efficient, and complying with regulations. The experiment results focus on an in-depth evaluation and comparison of the dual authentication mechanism we propose against currently available Frameworks. The defined work has produced evidence proving the reliability and efficiency of the proposed dual authentication mechanism, and it also indicates how important this Framework is to IoMT security solutions. This outcome notably emphasizes the main advantage of the new system in terms of some of the important aspects, whereas the present system is lacking. Table 9 represents the paper that compares performance metrics in a proposed dual authentication Framework with those from four referenced studies under each of the significant aspects of the efficiency and reliability of IoMT communications.

Herein, we compare the success rates and latency metrics of the proposed authentication system with those of three other systems, as shown in Fig. 10. It proves that the new algorithm has less latency and higher effectiveness, which indicates its higher performance and efficiency.

Comparative analysis with existing systems.

Full size image

The results of this research are based on the data analysis from the simulations, which show that the proposed dual authentication offers a highly secure Framework that is effective in the IoMT environment. Within this section, the attention is to the meaning and performance analysis of those parameters, including security threat factor effectiveness and the real-time system activity latency, security, and efficiency, the fundamental features of any system for medical data exchange, are the Framework’s key strengths, and they play the most crucial role in the exchange of sensitive medical information in real-time.

Interpretation of key findings

In addition, the results underlie the methodology’s capability to provide a role model for IoMT security protocol development in the future, particularly for its adoption in real healthcare settings.

• Efficiency: he proposed an encryption and decryption method, which has already incorporated the dual authentication technique, which improves the performance and reduces the time required to perform these operations by about 1–5 milliseconds. 114.59ms will be the response time, which will make the system responsive, bearing in mind that this efficiency is the power of the cognitive network. Besides, it also includes the capability of real-time processing of the data.

• Reliability: The proposed framework is a superior solution for the network operator, with a successful delivery rate of more than 99% higher than that of competitors on the mobile network. The main goal of the data transmission plan within the IoMT is accuracy. It is about sending all the information correctly and without delay.

• Compliance and Security: The proposed Framework is health regulation-inclusive, incorporating both HIPAA and GDPR. This confirms that it is formulated on a secure technical model. The data protection regulatory conformity has a prime aim: to rule out legal and ethical questions raised during IoMT application.

• Resource Consumption: The proposed Framework, which results in the lowest energy usage and bandwidth requirements, clearly indicates its practicality for the resource-compromised environment of IoMT devices.

This paper proposes a Two-Phase Dual Authentication Framework for enhancing security in IoMT networks using ECDH for key exchange and AES-GCM for encryption. We performed rigorous testing, where significant improvements were achieved over existing solutions through reduced encryption/decryption times, lower computational costs, and reduced latency, thus making the framework efficient for real-time, resource-constrained environments. However, some limitations must be worked out, including improving the energy efficiency of the devices with limited battery life and improving the scalability for bigger and more diversified networks. The implications are practical as this framework can provide stronger, layered security without sacrificing performance, which makes it a good fit for continuous health monitoring and other critical IoMT applications. It has the potential for continued enhancements, enabling widespread adoption across healthcare systems to increase data security and device efficiency. Future solutions should be directed towards the scalability of this Framework, its ability to evolve with the new types of IoMT devices, and the inclusion of state-of-the-art technologies like blockchain for the latest and decentralized security models. Further investigations are necessary into the Framework’s strategic standpoints against complex cyber threats (APTs) and absolute zero-day exploits. Besides the quantum computing challenges the Framework is dealing with, the cryptographic robustness issue takes the final place of worry. These issues must be thoroughly investigated to ensure that the evolution of computational capabilities does not jeopardize the Framework’s long life. The future success of the framework will also depend on its ability to adapt to new security standards and technologies. The system will be future-proofed with further optimization and integration of advanced features like AI-driven threat detection and blockchain-based security models to continue to beat out changing cyber threats. However, this ongoing development will guarantee the framework continues to be a strong and scalable solution for securing IoMT environments.