This paper examines security vulnerabilities in current authentication methods for remote patient monitoring in Wireless Medical Sensor Networks (WMSNs), including offline password guessing and man-in-the-middle attacks. We propose a novel three-factor authentication protocol using fuzzy extractors and lightweight cryptography. Formal analysis via the Real-or-Random (ROR) model and Tamarin Prover confirms its robustness, perfect forward/backward secrecy, mutual authentication, anonymity, and untraceability. Performance comparisons demonstrate reduced overhead and enhanced security, offering a promising framework for IoMT development.

This research identifies security vulnerabilities in IoT-based healthcare authentication, specifically replay attacks, session key predictability, and biometric data leakage. We propose enhancements like adaptive timestamp verification and hybrid entropy sources for stronger session keys. Quantum-resistant cryptography and advanced biometric data protection are also recommended.