This paper examines security vulnerabilities in current authentication methods for remote patient monitoring in Wireless Medical Sensor Networks (WMSNs), including offline password guessing and man-in-the-middle attacks. We propose a novel three-factor authentication protocol using fuzzy extractors and lightweight cryptography. Formal analysis via the Real-or-Random (ROR) model and Tamarin Prover confirms its robustness, perfect forward/backward secrecy, mutual authentication, anonymity, and untraceability. Performance comparisons demonstrate reduced overhead and enhanced security, offering a promising framework for IoMT development.

This study evaluates a lightweight authentication protocol for IoMT systems, revealing vulnerabilities like node cloning and insider threats. It proposes enhancements including PUFs, homomorphic encryption, and RBAC/ABAC. Optimized session management and lightweight cryptography are also suggested to improve security and resource use. Future research should explore quantum-resistant cryptography and AI-based adaptive security policies for enhanced resilience against evolving threats.