The Medical Internet of Things (MIoT) has promoted smart healthcare through the deep integration of wearable devices, wireless communication, and cloud services. However, this framework faces security risks, as attackers may exploit public channels to impersonate legitimate devices or services and steal sensitive data. Therefore, establishing authentication between wearable devices and servers prior to data transmission is crucial. Existing schemes suffer from two critical drawbacks: vulnerability to quantum attacks and excessively high communication overhead, highlighting the need for improved solutions. The authors of this paper present a multi-factor identity authentication protocol to achieve post-quantum security and privacy protection. The scheme integrates lattice-based Kyber key encapsulation and a fuzzy commitment mechanism to secure biological templates and enable post-quantum key agreement. Additionally, hash functions and lightweight error correction codes are employed to reduce terminal communication overhead. The security of the scheme is rigorously proved in the Real-or-Random model, and the analysis confirms that the scheme satisfies common security requirements for wireless networks. The proposed scheme is also compared with existing schemes, and the results demonstrate that it achieves a balance between security and overhead.
Yan et al. (Tue,) studied this question.