LAAC: Lightweight Lattice-Based Authentication and Access Control Protocol for E-Health Systems in IoT Environments

Over the past few years, the Internet of Things (IoT) has played a crucial role in designing e-health systems. An IoT-enabled e-health system allows different entities to examine a patient's health condition anywhere and anytime. However, the deployment of e-health systems in an IoT environment faces various security and privacy challenges. The authentication of participating entities, the confidentiality of information transferred through an insecure channel, and access control are essential issues to be resolved. To settle these challenges, we found many authentication protocols for e-health systems based on the discrete logarithm and integer factorization problems. However, quantum attacks expose all these protocols. In this article, we propose a lattice-based authentication and access control (LAAC) protocol for IoT-enabled e-health systems to mitigate the quantum attacks. We prove that LAAC is robust with the hardness assumption of the inhomogeneous small integer solution problem. Moreover, we provide provable security analysis of LAAC. Besides, performance evaluation shows it is reasonable to execute LAAC in an IoT device.

Automated summary

The Internet of Things has been crucial in the design of e-health systems, allowing for remote examination of a patient's health condition. However, security and privacy challenges in IoT-enabled e-health systems need to be addressed, particularly in terms of authentication, data confidentiality, and access control. A lattice-based authentication and access control (LAAC) protocol has been proposed to mitigate quantum attacks, with proven robustness based on the inhomogeneous small integer solution problem. Performance evaluation shows the feasibility of implementing LAAC in IoT devices.