Privacy Preserving Authentication of IoMT in Cloud Computing


  • Garima Misra
  • B. Hazela
  • B.K. Chaurasia



FIDO2 (Fast IDentity Online), WebAuthn (Web Authentication), IoMT (Internet of Medical Things), ECDAA (ECC based DAA algorithm)


INTRODUCTION: The Internet of Medical Things (IoMT) blends the healthcare industry with the IoT ecosystem and enables the creation, collection, transmission, and analysis of medical data through IoT networking. IoT networks consist of various healthcare IT systems, healthcare sensors, and healthcare management software.
OBJECTIVES: The IoMT breathes new life into the healthcare system by building a network that is intelligent, accessible, integrated, and effective. Privacy-preserving authentication in IoMT is difficult due to the distributed communication environment of heterogeneous IoMT devices. Although there has been numerous research on potential IoMT device authentication methods, there is still more to be done in terms of user authentication to deliver long-term IoMT solutions. However, password handling is one of the big challenges of IoMT.
METHODS: In this paper, we present an IoMT-related online password-less authentication technique that is quick, effective, and safe. In order to offer cross-platform functionality, the article includes a simulation of FIDO2/WebAuthn, one of the most recent standards for a password-less authentication mechanism.
RESULTS: This makes it easier to secure user credentials and improve them while preserving anonymity. The IoMT device authentication process and registration process delays are also assessed.
CONCLUSION: Results and simulations show that the efficacy of the proposed mechanism with quick authentication on cloud servers may be accomplished with the fewest registration and authentication procedures, regardless of device setup.


Download data is not yet available.
<br data-mce-bogus="1"> <br data-mce-bogus="1">


J. Bonneau, C. Herley, P. C. Van Oorschot, and F. Stajano.: The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In IEEE Symposium on Security and Privacy, May 2012 DOI:

F. M. Farke, L. Lorenz, T. Schnitzler, P. Markert, and M. D¨urmuth.: You still use the password after all–Exploring FIDO2 Security Keys in a Small Company. In Symposium on Usable Privacy and Security, August 2020.

K. S. Killourhy, and R. A. Maxion.: Comparing anomaly-detection algorithms for keystroke dynamics. In IEEE/IFIP International Conference on Dependable Systems and Networks, June 2009. DOI:

W. Oogami, H. Gomi, S. Yamaguchi, S. Yamanaka, and T. Higurashi.: Observation study on usability challenges for fingerprint authentication using WebAuthn-enabled android smartphones. In Symposium on Usable Privacy and Security, August 2020.

Yadav, V. K., Yadav, R. K., Chaurasia, B. K., Verma, S., Venkatesan, S.: MITM Attack on Modification of Diffie-Hellman Key Exchange Algorithm. In 2nd International Conference on Communication, Networks & Computing (CNC-2019), 144-155 (2022). DOI:

H. A. Al Hamid, S. M. M. Rahman, M. S. Hossain, A. Almogren, and A. Alamri.: A security model for preserving the privacy of medical big data in a healthcare cloud using a fog computing facility with pairing-based cryptography. In IEEE Access, vol. 5, pp. 22313–22328, 2017. DOI:

J.-J. Yang, J.-Q. Li, and Y. Niu.: A hybrid solution for privacy preserving medical data sharing in the cloud environment. In Future Gener. Comput. Syst., vols. 43–44, pp. 74–86, Feb. 2015. DOI:

G. Ho, D. Leung, P. Mishra, A. Hosseini, D. Song, and D. Wagner.: Smart locks: Lessons for securing commodity internet of things devices. In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 461–472, Xi'an, China, June 2016. DOI:

V. P. Yanambaka, S. P. Mohanty, E. Kougianos and D. Puthal.: PMsec: Physical Unclonable Function-Based Robust and Lightweight Authentication in the Internet of Medical Things. In IEEE Transactions on Consumer Electronics, vol. 65, no. 3, pp. 388-397, Aug 2019. DOI:

L. Rachakonda, P. Sundaravadivel, S. P. Mohanty, E. Kougianos and M. Ganapathiraju.: A Smart Sensor for Stress Level Detection in IoMT. In Proceedings of the 4th IEEE International Symposium on Smart Electronic Systems (iSES), pp. 141-145, December 2018. DOI:

S. Amendola, R. Lodato, S. Manzari, C. Occhiuzzi and G. Marrocco.: RFID Technology for IoT-Based Personal Healthcare in Smart Spaces. In IEEE Internet of Things Journal, vol. 1, no. 2, pp. 144-152, April 2014. DOI:

Hossain, S., Goh, A., Sin, C. H., Win, L. K.: Generation of one-time keys for single line authentication. In14th Annual Conference on Privacy, Security and Trust (PST), 1-4 (2016)

Chaurasia, B. K., Shahi, A., Verma, S.: Authentication in Cloud Computing Environment using Two Factor Authentication. In 3rd International conference on soft computing for problem solving (SocProS2013), 2, 779-786, (2014) 1768-8_67 DOI:

Said, W., Mostafa, E., Hassan, M. M., 1 Mostafa, and A. M.: A Multi-Factor Authentication- Based Framework for Identity Management in Cloud Applications. In Computers, Materials & Continua Tech Science Press, 71 (2), 3193- 3209, (2022)

Yubico, Online available at: password-and-authentication-security-behaviors. Accessed 19 May 2023.

Top two hundred most common password, Online available at: common-passwords-list/Fasdf. Accessed 29 March 2023.

Murmu, S., Kasyap, H. & Tripathy, S. PassMon.: A Technique for Password Generation and Strength Estimation. J Netw Syst Manage 30, 13, (2022) 09620-w DOI:

Tripathi, S., Singh, V. K., Chaurasia, B. K.: An energy-efficient heterogeneous data gathering for sensor-based internet of things. In Multimedia Tools and Applications , 1-24, (2023) DOI:

Hossain, S., Goh, A., Sin, C. H., & Win, L. K.: Generation of one-time keys for single line authentication. In 2016 14th Annual Conference on Privacy, Security and Trust (PST) IEEE, 686-689 (2016) DOI:

Said, W., Mostafa, E., Hassan, M. M., & Mostafa, A. M.: A multi-factor authentication-based framework for identity management in cloud applications. CMC-Computers Materials & Continua, 71(2), 3193-3209, (2022) DOI:

Musumeci, F., Fidanci, A. C., Paolucci, F., Cugini, F., & Tornatore, M.: Machine-learning- enabled DDoS attacks detection in P4 programmable networks. Journal of Network and Systems Management, 30, 1-27, (2022) DOI:

Shahidinejad, A., Ghobaei-Arani, M., Souri, A. Shojafar, M., Kumari, S.: Light-Edge: A Lightweight Authentication Protocol for IoT Devices in an Edge-Cloud Environment. In Ali IEEE Consumer Electronics Magazine, 1-6 (2021) DOI:

FIDO Alliance. Online available at: https: // Accessed 11 April 2023.

W3C, Online available at : Accessed 21 April 2023

FIDO Alliance. Online available at: 20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.pdf. Accessed 11 April 2023

Bachl, M. (2016). The end of the password era: towards password-less authentication based on enhanced FIDO (Doctoral dissertation, Wien).

FIDO Alliance. Online available at: ecdaa-algorithm-v2.0-id-20180227.html

FIDO Alliance. Online available at:

Togan, M., Chifor, B. C., Florea, I., Gugulea, G.: A smart-phone based privacy-preserving security framework for IoT devices. In 9th IEEE International conference on electronics, computers and artificial intelligence (ECAI), 1-7 (2017). DOI:

FIDO Alliance. Online available at: https: // Accessed 03 April 2023

FIDO Alliance. Online available at: Accessed 03 April 2023

FIDO Alliance. Online available at: Accessed 17 April 2023

W3. Online available at: Accessed 07 April 2023.

FIDO Alliance. Online available at: https: // Accessed 11 April 2023.

FIDO Alliance. Online available at: 20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html. Accessed 20 April 2023

Misra, G., Hazela, B., & Chaurasia, B.K.:Zero Knowledge based Authentication for Internet of Medical Things. In 14th International Conference on Computing, Communication And Networking Technologies (ICCCNT), IIT - Delhi, Delhi India, 1-6 (2023). DOI: 10.1109/ICCCNT56998.2023.10307359 DOI:

Chaurasia, B.K. & Verma, S.: Infrastructure based Authentication in VANETs. In International Journal of Multimedia and Ubiquitous Engineering, 6(2), 41-54, 2011.




How to Cite

G. Misra, B. Hazela, and B. Chaurasia, “Privacy Preserving Authentication of IoMT in Cloud Computing”, EAI Endorsed Trans IoT, vol. 10, Jun. 2024.