<p>Secure authentication in the Internet of Medical Things (IoMT) must ensure strong security while maintaining minimal computational overhead, especially for resource-constrained medical devices. This study introduces SELAM, a lightweight multifactor authentication framework optimized for critical IoMT applications. Unlike traditional designs, SELAM selectively confines elliptic-curve cryptography (ECC) to user/device registration, while relying on lightweight primitives (XOR, hashing/HMAC, and timestamp-freshness checks) in online operation to minimize runtime cost. The scheme is validated using the CICIoMT-2024 dataset through Python-based cryptographic simulation and ns-3 network emulation. Under standardized 16-byte online field accounting, SELAM reduces payload-only online communication to 6,144 bits/device versus 7,680 bits/device for a Heavy+Verify ECC baseline; in ns-3 header-inclusive accounting, this corresponds to 39,416 versus 45,703 bits/device at <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(\:N=136\)</EquationSource> </InlineEquation>. At 1&#xa0;Mb/s, SELAM achieves 6.24 ms total per-device authentication overhead (communication + computation) compared to 31.27 ms for Heavy+Verify, while reducing online computation from 23.59 ms to 0.10 ms per device. Across cohort sizes <InlineEquation ID="IEq2"> <EquationSource Format="TEX">\(\:N=136\)</EquationSource> </InlineEquation>–<InlineEquation ID="IEq3"> <EquationSource Format="TEX">\(\:2000\)</EquationSource> </InlineEquation> over 20 seeds (mean ± 95% CI), SELAM maintains attack-regime authentication success ratio (ASR) at 0.88–0.90 (baseline: 0.90–0.92), with protocol-level FAR=0 (no accepted replay/impersonation) and benign FRR=0 observed in PhaseLogs. Security analysis using BAN logic confirms mutual authentication and key confirmation on a fresh session key in Phases 4–5, with replay/impersonation resistance under the stated Dolev–Yao adversary and standard MAC/AEAD assumptions. The results indicate that confining ECC to registration preserves strong authentication while removing public-key operations from the performance-critical online path.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SELAM: selective ECC-based lightweight authentication for the internet of medical things

  • Azlina Ahmadi Julaihi,
  • Md. Asri Ngadi,
  • Raja Zahilah,
  • Adnan Shahid Khan,
  • Irshad Ahmed Abbasi,
  • Abdulmonem Alshahrani,
  • Eatedal Alabdulkreem

摘要

Secure authentication in the Internet of Medical Things (IoMT) must ensure strong security while maintaining minimal computational overhead, especially for resource-constrained medical devices. This study introduces SELAM, a lightweight multifactor authentication framework optimized for critical IoMT applications. Unlike traditional designs, SELAM selectively confines elliptic-curve cryptography (ECC) to user/device registration, while relying on lightweight primitives (XOR, hashing/HMAC, and timestamp-freshness checks) in online operation to minimize runtime cost. The scheme is validated using the CICIoMT-2024 dataset through Python-based cryptographic simulation and ns-3 network emulation. Under standardized 16-byte online field accounting, SELAM reduces payload-only online communication to 6,144 bits/device versus 7,680 bits/device for a Heavy+Verify ECC baseline; in ns-3 header-inclusive accounting, this corresponds to 39,416 versus 45,703 bits/device at \(\:N=136\) . At 1 Mb/s, SELAM achieves 6.24 ms total per-device authentication overhead (communication + computation) compared to 31.27 ms for Heavy+Verify, while reducing online computation from 23.59 ms to 0.10 ms per device. Across cohort sizes \(\:N=136\) \(\:2000\) over 20 seeds (mean ± 95% CI), SELAM maintains attack-regime authentication success ratio (ASR) at 0.88–0.90 (baseline: 0.90–0.92), with protocol-level FAR=0 (no accepted replay/impersonation) and benign FRR=0 observed in PhaseLogs. Security analysis using BAN logic confirms mutual authentication and key confirmation on a fresh session key in Phases 4–5, with replay/impersonation resistance under the stated Dolev–Yao adversary and standard MAC/AEAD assumptions. The results indicate that confining ECC to registration preserves strong authentication while removing public-key operations from the performance-critical online path.