Dynamically scalable privacy-preserving authentication protocol for distributed IoT based healthcare service providers

Internet-of-Things (IoT) in digital healthcare service providers forms large-scale distributed networks where entities at the edge enable dynamic communication and collaboration. Rapid rise in connected devices generates a high volume of real-time data susceptible to various security and privacy attacks. Distributed IoT has escalated the requirement of dynamic scalability in smart healthcare service providers. Secure authentication for accessing healthcare data in distributed IoT becomes essential to prevent impersonation and confirm ethical medical information exchange. Several authors have proposed privacy-preserving authentication protocols over unsecured public networks. However, their protocols lack dynamic scalability concerning collective security and privacy requirements. We propose a privacy-preserving scalable authentication protocol solution jointly fulfilling robust security and achieving content and contextual privacy. We introduce a partially trusted third party (TTP) responsible only for dynamically performing new user authentication without restarting existing communication channels. The proposed protocol incorporates dynamic tokens and secret shared key updation to enable robust security while achieving dynamic scalability. Anonymity and untraceability are attained using selective encryption over partial personally identifiable information. This also achieves automatic fake identity rejection, protecting legitimate credentials on-the-fly and at the TTP storage. We illustrate formal security analysis using Real-or-Random oracle model and formal validation using a scyther security verification tool. Theoretical analysis demonstrates that our protocol is resilient against known security and privacy attacks. Finally, a performance evaluation with relatively similar modeled schemes is elucidated to validate the utility of our solution.