IEEE Access, vol.10, pp.23008-23021, 2022 (SCI-Expanded)
© 2013 IEEE.The phenomenal growth of smartphones and wearable devices has begun crowd-sourcing applications for the Internet of Things (IoT). E-healthcare is considered the essential service for crowd-sourcing IoT applications that help remote access or storage medical server (MS) data to the authorized doctors, patients, nurses, etc., via the public Internet. As the public Internet is exposed to various security attacks, remote user authenticated key exchange (AKE) has become a pressing need for the secure and reliable use of these services. This paper proposes a new resource-efficient AKE scheme for telecare medical information systems, called REAS-TMIS. It uses authenticated encryption with associative data (AEAD) and a hash function. AEAD schemes are devised specifically for encrypted communication among resource-constricted IoT devices. These features of AEAD make REAS-TMIS resource-efficient. Moreover, REAS-TMIS dispenses with the elliptic curve point multiplication and chaotic map that are computationally expensive operations. In addition, REAS-TMIS renders the functionality of session key (SK) establishment for future encrypted communication between MS and users after validating the authenticity of the user. The security of SK is corroborated employing the well establish random oracle model. Moreover, Scyther-based security corroboration is implemented to show that REAS-TMIS is secure, and informal security analysis is executed to show the resiliency of REAS-TMIS against various security attacks. Besides, a thorough analysis shows that REAS-TMIS, while accomplishing the authentication phase, requires less computational, communication, and storage resources than the related authentication protocol.