On the designing a secure biometric-based remote patient authentication scheme for mobile healthcare environments

Internet of medical things (IoMT) is bringing many opportunities for healthcare and our personal lives. For example, using this technology a healthcare provider can remotely monitor, collect and analyze data of patients using smart sensors that are connected to them. With this trend on the rise, data protection and information security in healthcare environments are now major concerns. Authentication before starting the data transmission is a common approach to provide data security. Recently, Mohammedi et al. have proposed a lightweight biometric-based authentication scheme for mobile healthcare environments and have claimed that their scheme is secure against known attacks in the context of RFID authentication protocols. However, in this paper, we provide a more detailed analysis of the this scheme and show that their protocol is vulnerable to a man-in-the-middle attack. Furthermore, we demonstrate that their protocol does not provide other security requirements such as forward secrecy, anonymity, and untraceability. To remedy these weaknesses, we propose an improved scheme and demonstrate that the proposed scheme can withstand common attacks while it requires approximately 23% less computation time and 50% less communication overhead than the Mohammedi et al. scheme. We also formally evaluate the security of the proposed protocol by Scyther tool, which is a widely accepted automated tool for this purpose.