An Enhanced Multi-Factor Device Authentication Protocol in IoLT Healthcare Environment

Mobile sequencing enables a rapid process of determining the order of nucleotides in deoxyribonucleic acid (DNA). The process is carried out by portable sequencers, which are the main element in the internet of living things (IoLT). This approach assists in obtaining rapid biological insights at the source regardless of the patient's geographical location, for efficient care therapies as well as scientific discovery. Sequencing data and/or related analytical results produced in various formats will be sent from the sequencer to medical experts or healthcare professionals for performing the services. Communication in such IoLT environments encounters certain security concerns regarding information confidentiality and data integrity. Recently, Ren et al. proposed an anonymous user authentication scheme securing IoT communications, which is applicable to the IoLT. However, we found their work has some serious security issues, e.g., it is vulnerable to man-in-the-middle attacks, stolen-device attacks, etc. This paper proposes an enhanced multi-factor device authentication (MFDA) protocol to address all weaknesses of Ren et al.’ s work. In addition to the inherent device-to-cloud communication function, some other novel properties are supported in the MFDA, including group-oriented device-to-device communication, password and biometrics alteration, device revocation, and regrouping function. Security and performance evaluation shows that our protocol is robust against various attacks with a rational implementation cost. The proposed work paves a new way for future research ideas that further discover IoLT applications in the healthcare sector.