A Multiserver Authentication Protocol With Integrated Monitoring for IoMT-Based Healthcare System

Internet of Medical Things-based healthcare system (IoMTHS) is a kind of industrial information system that integrates life monitoring, pathological inference and drug therapy. However, the sensitive nature and high value of its data make it a prime target for cyberattacks. Although many multiserver authentication protocols have been studied in recent years to ensure that only authorized users can access medical services, new vulnerabilities are always identified and covertly utilized by the smarter adversary due to lack of continuous monitoring and dynamic authentication, reducing the trustworthiness of IoMTHS. To address above challenges, in this article, we propose a multiserver authentication scheme with integrated monitoring (MAIM) for IoMTHS, which achieves user locked access control by strictly and continuously binding system access permissions and user behavior. MAIM consists of a three-factor-based static authentication (TFSA) and a deep learning-based continuous authentication (DLCA). TFSA utilizes double-anonymity strategy to protect users' privacy and track their malicious behaviors, and uses physical unclonable function (PUF) to protect the security of privacy information in users' devices and servers, which achieves lightweight and three-factor secrecy. The DLCA trains a deep neural network to recognize the legitimacy of users based on the user behavior transmitted by their sensing devices. TFSA is provably secure under the random oracle model, whereas DLCA exhibits high feasibility with experimental accuracy reaching 100%.