{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,3]],"date-time":"2026-07-03T17:22:38Z","timestamp":1783099358374,"version":"3.54.6"},"reference-count":32,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2023,1,18]],"date-time":"2023-01-18T00:00:00Z","timestamp":1674000000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The Internet of Medical Things (IoMT) is used in the medical ecosystem through medical IoT sensors, such as blood glucose, heart rate, temperature, and pulse sensors. To maintain a secure sensor network and a stable IoMT environment, it is important to protect the medical IoT sensors themselves and the patient medical data they collect from various security threats. Medical IoT sensors attached to the patient\u2019s body must be protected from security threats, such as being controlled by unauthorized persons or transmitting erroneous medical data. In IoMT authentication, it is necessary to be sensitive to the following attack techniques. (1) The offline password guessing attack easily predicts a healthcare administrator\u2019s password offline and allows for easy access to the healthcare worker\u2019s account. (2) Privileged-insider attacks executed through impersonation are an easy way for an attacker to gain access to a healthcare administrator\u2019s environment. Recently, previous research proposed a lightweight and anonymity preserving user authentication scheme for IoT-based healthcare. However, this scheme was vulnerable to offline password guessing, impersonation, and privileged insider attacks. These attacks expose not only the patients\u2019 medical data such as blood pressure, pulse, and body temperature but also the patients\u2019 registration number, phone number, and guardian. To overcome these weaknesses, in the present study we propose an improved lightweight user authentication scheme for the Internet of Medical Things (IoMT). In our scheme, the hash function and XOR operation are used for operation in low-spec healthcare IoT sensor. The automatic cryptographic protocol tool ProVerif confirmed the security of the proposed scheme. Finally, we show that the proposed scheme is more secure than other protocols and that it has 266.48% better performance than schemes that have been previously described in other studies.<\/jats:p>","DOI":"10.3390\/s23031122","type":"journal-article","created":{"date-parts":[[2023,1,19]],"date-time":"2023-01-19T01:33:51Z","timestamp":1674092031000},"page":"1122","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":51,"title":["An Improved Lightweight User Authentication Scheme for the Internet of Medical Things"],"prefix":"10.3390","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2403-3862","authenticated-orcid":false,"given":"Keunok","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8124-3853","authenticated-orcid":false,"given":"Jihyeon","family":"Ryu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Youngsook","family":"Lee","sequence":"additional","affiliation":[{"name":"Department of IT Software Security, Howon University, 64 Impi-myeon, Howondae 3-gil, Gunsan-si 54058, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dongho","family":"Won","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2023,1,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Jha, N.K. (2017, January 10\u201312). Internet-of-Medical-Things. Proceedings of the Great Lakes Symposium on VLSI (GLSVLSI), Banff, AB, Canada.","DOI":"10.1145\/3060403.3066861"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Hatzivasilis, G., Soultatos, O., Ioannidis, S., Verikoukis, C., Demetriou, G., and Tsatsoulis, C. (2019, January 29\u201331). Review of security and privacy for the Internet of Medical Things (IoMT). Proceedings of the 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), Santorini Island, Greece.","DOI":"10.1109\/DCOSS.2019.00091"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Dilibal, C., Davis, B.L., and Chakraborty, C. (2021, January 11\u201313). Generative design methodology for internet of medical things (IoMT)-based wearable biomedical devices. Proceedings of the 2021 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), Ankara, Turkey.","DOI":"10.1109\/HORA52670.2021.9461370"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"102886","DOI":"10.1016\/j.jnca.2020.102886","article-title":"IoMT amid COVID-19 pandemic: Application, architecture, technology, and security","volume":"174","author":"Aman","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"8457116","DOI":"10.1155\/2022\/8457116","article-title":"Healthcare Data Security Using IoT Sensors Based on Random Hashing Mechanism","volume":"2022","author":"Khadidos","year":"2022","journal-title":"J. Sens."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"2649","DOI":"10.1109\/JIOT.2021.3080461","article-title":"Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare","volume":"9","author":"Masud","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1145\/358790.358797","article-title":"Password authentication with insecure communication","volume":"24","author":"Lamport","year":"1981","journal-title":"Commun. ACM"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"727","DOI":"10.1016\/j.jcss.2005.10.001","article-title":"A password authentication scheme over insecure networks","volume":"72","author":"Liao","year":"2006","journal-title":"J. Comput. Syst. Sci."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1529","DOI":"10.1007\/s10916-010-9614-9","article-title":"A secure authentication scheme for telecare medicine information systems","volume":"36","author":"Wu","year":"2012","journal-title":"J. Med. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1989","DOI":"10.1007\/s10916-011-9658-5","article-title":"A more secure authentication scheme for telecare medicine information systems","volume":"36","author":"Debiao","year":"2012","journal-title":"J. Med. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"3597","DOI":"10.1007\/s10916-012-9835-1","article-title":"An improved authentication scheme for telecare medicine information systems","volume":"36","author":"Wei","year":"2012","journal-title":"J. Med. Syst."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s12083-016-0485-9","article-title":"An improved and provably secure three-factor user authentication scheme for wireless sensor networks","volume":"11","author":"Wu","year":"2018","journal-title":"Peer-Peer Netw. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ryu, J., Lee, H., Kim, H., and Won, D. (2018). Secure and efficient three-factor protocol for wireless sensor networks. Sensors, 18.","DOI":"10.3390\/s18124481"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"167683","DOI":"10.1109\/ACCESS.2019.2953532","article-title":"An enhanced three-factor authentication scheme with dynamic verification for medical multimedia information systems","volume":"7","author":"Mao","year":"2019","journal-title":"IEEE Access"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1109\/JSYST.2019.2899580","article-title":"A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems","volume":"14","author":"Li","year":"2019","journal-title":"IEEE Syst. J."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"10706","DOI":"10.1109\/JIOT.2021.3050555","article-title":"Lightweight fuzzy extractor based on LPN for device and biometric authentication in IoT","volume":"8","author":"Ebrahimi","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Satamraju, K.P., and Malarkodi, B. (2020, January 14\u201316). A PUF-based mutual authentication protocol for internet of things. Proceedings of the 2020 5th International Conference on Computing, Communication and Security (ICCCS), Patna, India.","DOI":"10.1109\/ICCCS49678.2020.9276868"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"9987","DOI":"10.1109\/JIOT.2021.3121350","article-title":"Fuzzy Elliptic Curve Cryptography for Authentication in Internet of Things","volume":"9","author":"Abdaoui","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Dodis, Y., Reyzin, L., and Smith, A. (2004, January 2\u20136). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland.","DOI":"10.1007\/978-3-540-24676-3_31"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"26907","DOI":"10.1109\/ACCESS.2022.3157871","article-title":"SMASG: Secure Mobile Authentication Scheme for Global Mobility Network","volume":"10","author":"Ryu","year":"2022","journal-title":"IEEE Access"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Kang, D., Lee, H., Lee, Y., and Won, D. (2021). Lightweight user authentication scheme for roaming service in GLOMONET with privacy preserving. PLoS ONE, 16.","DOI":"10.1371\/journal.pone.0247441"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Ryu, J., Kang, D., Lee, H., Kim, H., and Won, D. (2020). A secure and lightweight three-factor-based authentication scheme for smart healthcare systems. Sensors, 20.","DOI":"10.3390\/s20247136"},{"key":"ref_23","unstructured":"Blanchet, B., Smyth, B., Cheval, V., and Sylvestre, M. (2021, November 30). ProVerif 2.04: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial. Available online: https:\/\/proverif.inria.fr\/manual.pdf."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Kang, D., Jung, J., Lee, D., Kim, H., and Won, D. (2017). Security analysis and enhanced user authentication in proxy mobile IPv6 networks. PLoS ONE, 12.","DOI":"10.1371\/journal.pone.0181031"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"2884","DOI":"10.1109\/JIOT.2017.2714179","article-title":"Chaotic map\u2013based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things","volume":"5","author":"Roy","year":"2017","journal-title":"IEEE Internet Things J."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Lee, H., Lee, D., Moon, J., Jung, J., Kang, D., Kim, H., and Won, D. (2018). An improved anonymous authentication scheme for roaming in ubiquitous networks. PLoS ONE, 13.","DOI":"10.1371\/journal.pone.0193366"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Jung, J., Kim, J., Choi, Y., and Won, D. (2016). An anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in wireless sensor networks. Sensors, 16.","DOI":"10.3390\/s16081299"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10916-014-0179-x","article-title":"Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care","volume":"39","author":"Xu","year":"2015","journal-title":"J. Med. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1007\/s12083-014-0324-9","article-title":"A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks","volume":"9","author":"Das","year":"2016","journal-title":"Peer-Peer Netw. Appl."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1002\/dac.5028","article-title":"An efficient three-factor user authentication scheme for industrial wireless sensor network with fog computing","volume":"35","author":"Sahoo","year":"2022","journal-title":"Int. J. Commun. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s42979-022-01300-z","article-title":"Authentication Schemes for Healthcare Applications Using Wireless Medical Sensor Networks: A Survey","volume":"3","author":"Bahache","year":"2022","journal-title":"SN Comput. Sci."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"6197","DOI":"10.1109\/JSYST.2022.3152561","article-title":"A Lightweight and Secure Three-Factor Authentication Protocol With Adaptive Privacy-Preserving Property for Wireless Sensor Networks","volume":"16","author":"Li","year":"2022","journal-title":"IEEE Syst. J."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/3\/1122\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:09:23Z","timestamp":1760119763000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/3\/1122"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,18]]},"references-count":32,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2023,2]]}},"alternative-id":["s23031122"],"URL":"https:\/\/doi.org\/10.3390\/s23031122","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,18]]}}}