A secure three factor based authentication scheme for health care systems using IoT enabled devices

In recent years, the Internet of Things (IoT) has gained increasing popularity due to the usage of Internet-enabled devices. However, Internet-enabled devices, also known as smart devices, share the information using an insecure channel, i.e., the Internet. Hence, the security and privacy of shared information remain the biggest concern. To ensure both security and privacy, many smart card based and biometric based schemes have been proposed for different Internet-based applications. Telecare Medical Information System (TMIS) is such an application which makes medical treatment easier by interacting with the patient and doctors. However, the transmission of the patient’s private information over an insecure channel is prone to several attacks. In order to protect the medical privacy of the patient and the reliability of the system, both the patient and medical server should be mutually authenticated. In this paper, we propose a three factor-based authentication scheme for health care system using IoT enabled devices (TFASH) that are secure and more efficient than other relevant schemes. We use Elliptic Curve Cryptography (ECC) for the scheme due to its smaller key size and high level of security. The session key security and the mutual authentication of the TFASH scheme have been proved using Real-Or-Random (ROR) model and Burrows–Abadi–Needham (BAN) logic. The simulation result of the proposed scheme shows that the scheme is safe under the OFMC and CLAtSe models. Moreover, compared to the existing schemes, the TFASH scheme provides better communicational and computational cost, which makes it suitable for practical use.