. 2025 Feb 22;15(1):6461.

doi: 10.1038/s41598-025-90219-5.

Provably secure and lightweight blockchain based cross hospital authentication scheme for IoMT-based healthcare

Qi Xie¹, Zixuan Ding²

Affiliations

¹ Key Laboratory of Cryptography of Zhejiang Province, Hangzhou Normal University, Hangzhou, 311121, China. qixie68@126.com.
² College of Cryptology and Cyber Science, Nankai University, Tianjin, 300350, China.

PMID: 39987251
PMCID: PMC11846994
DOI: 10.1038/s41598-025-90219-5

Provably secure and lightweight blockchain based cross hospital authentication scheme for IoMT-based healthcare

Qi Xie et al. Sci Rep. 2025.

. 2025 Feb 22;15(1):6461.

doi: 10.1038/s41598-025-90219-5.

Authors

Qi Xie¹, Zixuan Ding²

Affiliations

¹ Key Laboratory of Cryptography of Zhejiang Province, Hangzhou Normal University, Hangzhou, 311121, China. qixie68@126.com.
² College of Cryptology and Cyber Science, Nankai University, Tianjin, 300350, China.

PMID: 39987251
PMCID: PMC11846994
DOI: 10.1038/s41598-025-90219-5

Abstract

Portable devices and sensors-based Internet of Medical Things (IoMT) healthcare can remotely detect patients' physiological data and provide first-class healthcare services. However, the high privacy and sensitivity of medical data make IoMT healthcare systems vulnerable to various attacks. While numerous authentication protocols have been introduced in recent years to guarantee authorized access, these schemes continue to face challenges such as privacy disclosure, untraceability of malicious behavior, insufficient cross-hospital access, and concerns related to single points of failure and trust. To address these issues, we propose a Double Anonymity Strategy to hide identities between doctors and the patients while allowing the authorized party to track their malicious behavior, enhance users' privacy and track malicious users. Our approach leverages the advantages of blockchain, such as decentralization, and replaces trusted third parties with smart contracts for efficient and automatic identity authentication. Additionally, we introduce a cross-hospital authentication scheme that incorporates three-factor secrecy, ensuring that even if any two of the three factors (device, biometric information and password) are compromised, the security of the proposed scheme will not be affected. The security of our scheme is formally proven under the random oracle model, which formally measures that the probability of an adversary breaking the scheme is negligible. We also provide informal security analysis showing that our scheme prevents privacy breaches, achieves decentralization, and addresses existing various attacks. Furthermore, through simulation of the proposed scheme and comparison with related works, we demonstrate that our scheme achieves 23% to 87% reduction in computational cost while maintaining higher security properties.

Keywords: Authentication protocol; Blockchain; Cross-hospital; Decentralization; Healthcare; Internet of Medical Things.

PubMed Disclaimer

Conflict of interest statement

Declarations. Competing interests: The authors declare no competing interests.

Figures

**Fig. 3**
The registration phase of doctor (device).

**Fig. 4**
The registration phase of patient (device).

**Fig. 5**
Mutual authentication and key agreement phase.

**Fig. 6**
(a) The authentication time of one node. (b) CPU invocation time of each node. (c) The transaction per second (TPS) of blockchain.

**Fig. 7**
Comprehensive performance comparison.

See this image and copyright information in PMC

Cited by

Machine Learning-Powered Smart Healthcare Systems in the Era of Big Data: Applications, Diagnostic Insights, Challenges, and Ethical Implications.
Rani S, Kumar R, Panda BS, Kumar R, Muften NF, Abass MA, Lozanović J. Rani S, et al. Diagnostics (Basel). 2025 Jul 30;15(15):1914. doi: 10.3390/diagnostics15151914. Diagnostics (Basel). 2025. PMID: 40804880 Free PMC article. Review.

References

1. Xie, Q. et al. Improvement of a uniqueness-and-anonymity-preserving user authentication scheme for connected Health Care. J. Med. Syst.10.1007/s10916-014-0091-4 (2014). - PubMed
1. Xie, Q., Hu, B. & Wu, T. Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card. Nonlinear Dyn.79, 2345–2358 (2014).
1. Mettler, M. Blockchain technology in Healthcare: The revolution starts here. In 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)10.1109/healthcom.2016.7749510 (2016).
1. Sullivan, C. & Burger, E. E-residency and blockchain. Comput. Law Security Rev.33, 470–481 (2017).
1. Srivastava, G., Parizi, R. M., Dehghantanha, A. & Choo, K.-K. R. Data sharing and privacy for patient IoT devices using blockchain. In International Conference on Smart City and Informatization. 334–348 (2019).

MeSH terms

Actions
Actions
Actions
Actions
Actions
Actions
Actions
Actions

Grants and funding

LinkOut - more resources

Full Text Sources
- Nature Publishing Group
- PubMed Central

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Provably secure and lightweight blockchain based cross hospital authentication scheme for IoMT-based healthcare

Affiliations

Provably secure and lightweight blockchain based cross hospital authentication scheme for IoMT-based healthcare

Authors

Affiliations

Abstract

Conflict of interest statement

Figures

Similar articles

Cited by

References

MeSH terms

Grants and funding

LinkOut - more resources

Full Text Sources

Abstract

Conflict of interest statement

Figures

Similar articles

Cited by

References

MeSH terms

Related information

Grants and funding

LinkOut - more resources

Full Text Sources