L2AI: lightweight three-factor authentication and authorization in an IoMT blockchain-based environment with unsecure channel communication

L2AI: lightweight three-factor authentication and authorization in an IoMT blockchain-based environment with unsecure channel communication

연구 분야: Infrastructure

학회: Cluster Computing

The medical Internet of Things (IoT) constitutes a significant advancement in modern healthcare, facilitating the remote management of critical activities. Despite its potential, the medical IoT faces notable challenges, including limited network resources, the establishment of secure communication channels, and the transmission of sensitive data over inherently insecure networks—factors that collectively impede its security and widespread adoption. To address these concerns, we propose L2AI, an anonymous user authentication and lightweight multi-factor authorization scheme designed for real-time data access within a blockchain-based environment operating over insecure channels. L2AI ensures both robust security and operational efficiency by employing pseudo-identities and dynamic indexing mechanisms to enhance user anonymity. The scheme is highly scalable, featuring an efficient registration process that enables authenticated users to access both current and future system entities without requiring additional registration steps. Specifically designed for resource-constrained devices, L2AI relies predominantly on one-way cryptographic hash functions and bitwise XOR operations, supplemented by a user-side Biohash for biometric verification. Its security guarantees are rigorously validated through the Real-Or-Random (ROR) model, formal verification using ProVerif, and comprehensive informal analysis, all of which demonstrate strong performance characteristics. Furthermore, Python-based simulations confirm the scheme’s practical viability. L2AI achieves mutual authentication with minimal computational and communication overhead, while providing enhanced security features compared to existing schemes, making it particularly well-suited for deployment in large-scale systems such as healthcare infrastructures.