This paper examines security vulnerabilities in current authentication methods for remote patient monitoring in Wireless Medical Sensor Networks (WMSNs), including offline password guessing and man-in-the-middle attacks. We propose a novel three-factor authentication protocol using fuzzy extractors and lightweight cryptography. Formal analysis via the Real-or-Random (ROR) model and Tamarin Prover confirms its robustness, perfect forward/backward secrecy, mutual authentication, anonymity, and untraceability. Performance comparisons demonstrate reduced overhead and enhanced security, offering a promising framework for IoMT development.

This study evaluates a lightweight authentication protocol for medical IoT systems, identifying vulnerabilities in encryption and key exchange. It proposes enhancements like ECIES and digital signatures, along with improved resource management and insider threat mitigation measures. These aim to strengthen security and protect medical data. Future research should explore quantum-resistant cryptography and AI-driven adaptive security.