A scalable and lightweight group authentication framework for Internet of Medical Things using integrated blockchain and fog computing

The Internet of Medical Things (IoMT) is the network of medical devices, software applications, and healthcare information systems used for remote monitoring and delivery of healthcare services. Despite the several advantages of IoMT for today smart healthcare, security issues are growing due to the inadequate computation, limited storage and insufficient self-protection capabilities of IoMT devices. Authentication of IoMT devices is the main requirement to secure IoMT systems. Although, the recent authentication schemes based on tamper-proof decentralized architecture of blockchain technology are robust and enjoy a high level of security, yet they require high computation, more storage, and long authentication time. These issues lead to reduced scalability and time efficiency, which are necessary for large-scale, time-sensitive IoMT systems. To this end, this paper proposes a novel group authentication framework for IoMT Systems. The group authentication scheme is implemented through a four-phase process, including setup, registration, secret construction, and authentication. To enhance both efficiency and scalability, the proposed group authentication framework employs a combination of elliptic curve cryptography (ECC), Shamir's secret sharing (SSS) algorithm, and blockchain-based fog computing technologies. We simulated the proposed framework through the Ethereum platform and Solidity language and its performance is evaluated using the Hyperledger Caliper tool. The simulation experiments of the proposed framework showed that the average latency of authenticating IoMT devices was 0.5 second and the throughput was 400 transactions per second. Our analysis of the proposed framework's performance against other cutting-edge blockchain-based authentication techniques showed that it outperformed them in terms of latency and throughput. A security analysis of the proposed framework was conducted using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The formal and informal security analysis demonstrated that the proposed framework is secure and resistant to potential authentication-related attacks. We also noted that the average latency of the proposed framework maintains a fairly narrow range when the number of submitted transactions rises, indicating that it supports the scalability of the IoMT system.