Open Access

ARTICLE

LSAP-IoHT: Lightweight Secure Authentication Protocol for the Internet of Healthcare Things

Marwa Ahmim¹, Nour Ouafi¹, Insaf Ullah^2,*, Ahmed Ahmim³, Djalel Chefrour³, Reham Almukhlifi⁴

1 Networks and Systems Laboratory, Department of Computer Science, Badji Mokhtar University, Annaba, 23000, Algeria
2 Institute for Analytics and Data Science, University of Essex, Colchester, CO4 3SQ, UK
3 Department of Computer Science, University of Souk-Ahras, Souk-Ahras, 41000, Algeria
4 Cybersecurity Department, College of Computer Science and Engineering, Taibah University, Medina, 42353, Saudi Arabia

* Corresponding Author: Insaf Ullah. Email:

Computers, Materials & Continua 2025, 85(3), 5093-5116. https://doi.org/10.32604/cmc.2025.067641

Received 08 May 2025; Accepted 15 July 2025; Issue published 23 October 2025

Abstract

The Internet of Healthcare Things (IoHT) marks a significant breakthrough in modern medicine by enabling a new era of healthcare services. IoHT supports real-time, continuous, and personalized monitoring of patients’ health conditions. However, the security of sensitive data exchanged within IoHT remains a major concern, as the widespread connectivity and wireless nature of these systems expose them to various vulnerabilities. Potential threats include unauthorized access, device compromise, data breaches, and data alteration, all of which may compromise the confidentiality and integrity of patient information. In this paper, we provide an in-depth security analysis of LAP-IoHT, an authentication scheme designed to ensure secure communication in Internet of Healthcare Things environments. This analysis reveals several vulnerabilities in the LAP-IoHT protocol, namely its inability to resist various attacks, including user impersonation and privileged insider threats. To address these issues, we introduce LSAP-IoHT, a secure and lightweight authentication protocol for the Internet of Healthcare Things (IoHT). This protocol leverages Elliptic Curve Cryptography (ECC), Physical Unclonable Functions (PUFs), and Three-Factor Authentication (3FA). Its security is validated through both informal analysis and formal verification using the Scyther tool and the Real-Or-Random (ROR) model. The results demonstrate strong resistance against man-in-the-middle (MITM) attacks, replay attacks, identity spoofing, stolen smart device attacks, and insider threats, while maintaining low computational and communication costs.

---

Keywords

---