What question did this study set out to answer?

The aim is to secure resource-constrained healthcare IoT systems against classical and post-quantum cyber threats while maintaining performance.

May 30, 2026Open Access

Post-quantum cognitive zero trust architecture for healthcare IoT devices

Key Points

The aim is to secure resource-constrained healthcare IoT systems against classical and post-quantum cyber threats while maintaining performance.
Proposed Post-Quantum Cognitive Zero-Trust Architecture (PQ-CZTA) integrating NIST-standardized post-quantum cryptography.
Used three machine learning classifiers trained on six intrusion detection datasets to enhance security measures.
Dynamic trust scores drive zero-trust policy decisions to enforce security protocols.
Detection performance demonstrated F1-scores ranging from 0.972 to 1.000 across various datasets.
The post-quantum handshake showed acceptable latency of 3.1–4.4 seconds for periodic reporting.
SMOTE oversampling contributed 5–20% improvement in F1 scores on imbalanced datasets.

Abstract

Healthcare IoT systems increasingly rely on interconnected, resource-constrained devices that are vulnerable to both classical and emerging quantum-enabled cyber threats, but introduced heightened cybersecurity risks, particularly from emerging quantum computing threats that can break conventional encryption such as RSA and ECC. This study addresses the urgent need to secure resource-constrained healthcare IoT systems against both classical and post-quantum attacks while maintaining low-latency performance suitable for non-real-time clinical traffic. This study proposed the Post-Quantum Cognitive Zero-Trust Architecture (PQ-CZTA), which integrates NIST-standardized post-quantum cryptography, CRYSTALS-Kyber for key encapsulation and SPHINCS+ for stateless digital signatures, with a lightweight cognitive engine. The engine employs three machine learning classifiers (Random Forest as primary, Logistic Regression, and Multi-Layer Perceptron) trained with SMOTE oversampling and 5-fold cross-validation on six diverse intrusion detection datasets (NSL-KDD, CIC-IDS2017, MedBIoT, Edge-IIoTset, IoT-23, TONIoT). Intrusion probabilities are converted to dynamic trust scores that drive zero-trust policy decisions (ALLOW, MONITOR, DENY, QUARANTINE) in a layered architecture enforcing least privilege and hop-by-hop re-authentication. Evaluations demonstrate excellent detection performance with F1-scores ranging from 0. 972 to 1. 000 across datasets, particularly strong on modern IoT traffic. The full post-quantum handshake incurs 3. 1–4. 4 seconds latency (dominated by SPHINCS+), which remains acceptable for periodic vital-sign reporting, alerts, and firmware updates. An ablation study proves the importance of the components, with SMOTE contributing 5–20% to the F1 score on imbalanced data and cognitive ML providing the advantage of adaptive policies over static policies. PQ-CZTA provides a practical, quantum-resilient framework that enhances patient data privacy (HIPAA compliance via adaptive risk scoring), predicts attacks on limited devices, and supports resilient IoT-enabled healthcare systems against future quantum threats.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper