Securing Access to Internet of Medical Things Using a Graphical-Password-Based User Authentication Scheme

Abstract

Digital healthcare services have seen significant growth in this decade and many new technologies have been thoroughly examined to provide efficient services through secure infrastructures. The Internet of Medical Things (IoMT) revitalizes a healthcare infrastructure by creating an interconnected, intelligent, accessible, and efficient network. While there have been many studies on possible device authentication techniques for the IoMT, there is still much work to be done in user authentication to provide sustainable IoT solutions. Graphical passwords, which use visual content such as images instead of traditional text-based passwords, can help users authenticate themselves. However, current schemes have limitations. Therefore, this paper proposes a novel graphical authentication scheme that uses multiple factors to register and authenticate users using simple arithmetic operations, machine learning for hand gesture recognition, and medical images for recall purposes. The proposed method is designed to keep the authentication process simple, memorable, and robust. To evaluate the proposed scheme, we use the Post-Study System Usability Questionnaire (PSSUQ) to compare it with PIN-based and pattern-based authentication techniques. While comparing treatment and comparison groups, system quality showed a 16.7% better score, information quality a 25% increase, interface quality a 40% increase, and overall quality showed a 25% increase. The proposed method successfully revitalizes the use of graphical passwords, specifically in the field of IoMT, by developing a user-friendly, satisfying, and robust authentication scheme.

1. Introduction

In recent years, the Internet of Things (IoT) has become a subject of great interest in the healthcare industry. It is also known as the Internet of Medical Things (IoMT), and its aim is to facilitate communication between digitally equipped medical devices and healthcare systems, allowing them to provide quality services. The World Health Organization (WHO) notes that, due to increased life expectancy, a larger number of people are living to be over 60 years old [1,2,3]. Recent surveys such as [4,5,6,7] have systematically summarized the efforts made in the IoMT and shared valuable insights on various trends, strengths, and weaknesses of approaches. The US Census Bureau estimates [8] that the elderly population will reach approximately 1.3 billion by 2040. The recent COVID-19 pandemic has highlighted the fact that we are not fully equipped to handle health challenges, motivating many research projects and studies to fulfill changing requirements and achieve associated healthcare goals. The IoMT has proven to be a viable solution and a trend that has revitalized the role of ICT in healthcare [9].

The IoT [10] is a network of devices, sensors, and systems that work together to achieve collective goals. A “thing” in this context is any device with sufficient computational power and communicative ability to play its role in the IoT [11]. IoT-Analytics reports [12] that there will be approximately 12.2 billion active IoT connections by 2021, which is forecasted to increase 25% each year. According to the International Data Corporation (IDC) USA [13], approximately USD 1.3 trillion is expected to be spent globally on the IoT, with an estimated profit of USD 594 billion for the current year. Many sectors have already undergone IoT reforms, including smart homes [14,15,16], smart cities [17,18,19], agriculture and green IoT [20,21,22], industrial IoT [23,24], smart transportation [25,26,27], healthcare [28,29], and others [30,31,32,33].

The IoMT primarily helps manage health during prevention, diagnosis, or treatment using medical devices, sensors, and other systems. Leveraging the strengths of the IoT, it reduces human error and makes diagnosis more accessible and accurate. With the growth of the IoT, its use in the medical field has received significant attention [5,29]. Many research studies have been conducted on various layers of the IoT framework, such as [34,35,36,37,38] on the perception layer, [39,40,41,42] on the network layer, [43,44,45] as middleware, and [46,47,48] on the application layer.

Security, privacy, and dependability are vital for ensuring risk management of a digital system under development [49]. The security of such a system can further be sub-categorized into confidentiality, integrity, and availability (CIA). These three principles encompass many standards, which are improved over time to counter threats. Authentication and resilience are the two main components within confidentiality [49]. Authentication refers to proving an entity’s identity (user or system) through private credentials. Through an extensive survey, we discovered that lightweight strategies are necessary for a resource-constrained environment, such as IoT, that has limited storage, communication, and processing power [50,51]. Moreover, dataset creation in healthcare should focus on the generation of usable datasets for accurate simulation and approximation due to sensitive and immense repercussions [52,53]. To prevent the development of unnecessary security frameworks and ensure consistency across security models, standardization is necessary. Both formal and informal security analysis practices should be used to evaluate the security models consistently. This is recommended by experts in the field of security, including Koutras et al. [54] and Khan et al. [55]. The feature of providing usability with security and privacy is rarely found, and efforts should be made to bring in user-friendly technologies, such as mixed reality, sensors, and other satisfying strategies to enhance the user experience [56,57,58].

This study investigates existing authentication schemes that have been proposed for the IoMT. The contribution of the study is that we propose a novel graphical authentication scheme specifically for the IoMT architecture, which is intended to increase security and yet give users a satisfying experience. The proposed scheme is developed through an Android-based application which is later examined for system quality, information quality, and interface quality using the PSSUQ tool [59].

The rest of the article is organized as follows: Section 2 discusses the existing literature, followed by the motivation in Section 3 that led to the proposed solutions. Section 4 elaborates on the proposed architecture, algorithms used, and details regarding the development of the system. Section 5 elaborates on the methods utilized to perform the experiment, and Section 6 states the facts and findings of the experiment. Section 7 elaborates on the results with discussions and the limitations encountered while paving a path toward future directions. Finally, the article is concluded in Section 8.

2. Literature Review

The IoT in healthcare or the IoMT has significantly contributed to upgrading healthcare systems. It provides many benefits to all stakeholders in medical facilities. However, the ubiquitous devices and methodologies used to access and process information in the IoMT also have potential safety risks. Over time, researchers have focused on developing various general security techniques for IoMT devices at both the front and back ends.

2.1. Graphical Authentication Schemes

Authentication, in general, has evolved drastically with the advent of new technologies and hardware. This section highlights some of the prominent graphical authentication approaches proposed over the years.

An authentication technique [60], referred to as story technique, involves the user selecting a sequence of images in the correct order from a portfolio. The user can create a story based on the chosen image to remember the password. For authentication, the user must re-select the portfolio images in the same order they were selected during registration.

Deja Vu is a popular authentication approach that is based on the story technique, as proposed in [61]. This approach involves three key steps to authenticate a user. In the first step, portfolio creation, the user is required to create a collection of images provided by the system. The second step, training, involves a short training period during which the user memorizes the password. In the final step, authentication, the user is presented with a set of pictures and must identify the images as part of the authentication process. The story technique, on which this approach is based, is discussed in [60].

In [62], the “use your illusion” (UYI) technique was introduced, which is based on the human ability to recognize images. This technique consists of three phases: portfolio creation, practice, and authentication. During the authentication phase, a different version of images (filtered, altered, or degraded) is used, unlike the profile creation phase. In the portfolio creation phase, computer users can select images from a local drive, while mobile users can choose from a gallery or capture a new image. After the image selection process, the authentication device distorts most image details by applying a "lossy" filter. The training phase involves presenting users with a substantial collection of degraded images to practice their image portfolio. If a user selects the wrong password during this phase, the system provides feedback. Additionally, users can view their original portfolio images at any time during the practice phase. In the authentication phase, users must select the correct password from the image portfolio to be authenticated using this technique.

As described in [63], another user-friendly authentication technique suitable for small mobile devices involves two steps. In the first step, the registration phase, the user selects a username and a textual password. The user then chooses several objects from a set to act as the graphical password. To complete the registration process, the user has to hand-draw these objects using a stylus on a touch-sensitive screen. During the second step, the authentication phase, the user must provide the username and textual password and draw the graphical password in the same way as during the registration phase. The usability of this approach makes it ideal for small mobile devices.

The draw-a-secret (DAS) authentication technique is a method where a user creates a password on a 2D grid with single or multiple strokes, as described in [64]. To authenticate, the user must redraw the same password. Pass-doodles [65] is a variant of DAS that allows users to create any password but without a grid on the screen. Another variation of DAS is pass-shapes [66], which transforms passwords into alphanumeric characters. During the login phase, the user must draw shapes of different sizes and locations on the screen. Qualitative draw-a-secret (QDAS) [67] is a more secure version of DAS where each stroke on the grid is encoded as a password. This grid transformation hides the password creation process and makes it more secure than other DAS variants.

A combination of the DAS and story techniques was proposed in [68]. This approach uses a set of images with various categories, such as places, objects, and people, to create the password. During authentication, the user must select the images from the grid as their password in the same order.

The two-step authentication technique [69] adds an extra layer of security by combining text passwords with graphical passwords. In the first step, text passwords are used, whereas graphical passwords are used to register and authenticate a user in the second step.

The Rays technique [70] also combines textual and graphical passwords. In the first step, the user must write his or her username and textual password. In the next step, the user must select a minimum of four objects from the objects displayed on the screen to complete the password creation process.

The CAPTCHA authentication technique [71] is a hybrid of CAPTCHA technology and graphical passwords. During registration, the user must select an image as the password. Later, during the authentication phase, the user must type the text below the password image, otherwise referred to as CAPTCHA.

Another graphical authentication technique [72] allows the user to select an image from a $3\times 3$ matrix. This technique shuffles the images to avoid attacks such as eavesdropping and shoulder surfing.

The PassBYOP technique [73] is a novel authentication method for public terminals that uses personalized physical tokens (in this case, digital images displayed on a mobile device owned by the user) as a dynamic password creation technique. Instead of using static images as graphical passwords, this technique allows the user to present digital pictures to the mobile camera and select a sequence of images on a live video of the token as their password.

Another study [74] proposes a new user authentication method, GRA-PIN, that combines the benefits of graphical and pin-based techniques. The research compared GRA-PIN to existing authentication methods and found it to be more user-friendly and secure, with a 94% usability score. The proposed method was also tested against shoulder surfing, guessing, and camera attack attempts, and was found to be secure.

In [75], the authors present a passnumbers graphical authentication scheme that consists of two stages: using coordinates of a graphical grid with numbered cells for entering the password and encrypting the password based on image pixels. The evaluation performed by the authors showed that the proposed scheme, passnumbers, had high security and usability scores. Passnumber provided high resistance against various graphical password attacks, including shoulder surfing and eavesdropping. The user interaction is easy and simple, making the approach effective, and it can be applied in various fields and systems.

2.2. Authentication in IoMT

When restricting the scope of authentication by focusing specifically on the IoMT, we note that the authentication is performed at various levels, such as device authentication, network authentication, and user authentication [76]. This section will explore user authentication techniques utilized in IoMT. Table 1 presents an overview of several studies on user authentication in IoMT.

In [77], an ECG authentication technique is proposed to extract Legendre polynomials and a multilayer perception neural network. It counters eavesdropping attacks, replay attacks, and man-in-the-middle attacks. However, the possible inaccuracies that may occur during the acquisition of ECG signals need to be properly handled. Similarly, [78] presents an advanced three-factor authentication system developed specifically for remote patient monitoring using wireless sensor networks (WSNs). The security of the system is formally evaluated using the AVISPA tool. Reply attacks, DOS attacks, smart card loss attacks, and password guessing attacks are countered using the proposed technique.

As proposed in [79], a layered framework, “spark”, is designed to enhance data transfer efficiency and improve overall throughput. The proposed framework securely transmits sensitive information and prevents unauthorized access to private data. However, the security and privacy analysis performed on the system are not discussed. In [80], the authors present a service-oriented structure that allows for dynamic elements of security to be implemented. This approach adapts to the specific medical services being provided at remote locations and continuously adjusts the level of protection based on the service being performed.

As discussed in [81], an authentication system is proposed that uses a combination of cryptographic mechanisms, such as symmetric encryption, bitwise exclusive-OR operator, and one-way hash function, to deliver the features of authentication and authorization. The authors claim that by using these cryptographic mechanisms, the system provides a secure method for identity authentication and authorization, making it a reliable and trustable solution.

A new two-factor authentication protocol for IoT in healthcare in post-quantum computing environments is proposed in a recent publication [82]. The protocol uses the post-quantum fuzzy commitment (PQFC) scheme for biometric protection, which is confirmed to be secure through a random oracle model. The protocol provides effortless authentication, user anonymity, mutual authentication, and protection against tampering, theft, and interior attacks. Compared to some previous methods, the protocol is more efficient, but it incurs some additional computational costs that are claimed to provide added security and functionality.

Despite the availability of a variety of security approaches, including those designed specifically for IoT/IoMT, our survey of the literature has highlighted the following persisting issues:

• Firstly, there is limited work on creating, managing, and moving cryptographic keys in resource-constrained environments, which has remained a challenge in security architectures.
• Secondly, the IoT needs to improve its usability and user interface to make security solutions more efficient. Neglecting end users in the creation of security solutions has resulted in a gap in usability and utility in security standards.
• Thirdly, there is still a need for exploration of end-to-end user authentication in the context of IoT infrastructures and limited resource availability. Current security standards and authentication techniques have been limited to certain security threats, ignoring other potential attacks such as cloning, node compromise, desynchronization, and masquerading.
• Finally, revamping authentication techniques for different types of IoT users can improve the overall security and privacy of the platform, maintaining users’ interest in keeping themselves secure. Updating security standards, specifically authentication techniques, is crucial for enhancing the overall security of the IoT platform.

Table 1. Authentication systems in IoMT.

Study	Main Contributions	Attacks Countered	Limitations
[77]	An ECG authentication technique is proposed using the method of extracting Legendre polynomials. Additionally, a multilayer perception neural network is employed for training, recognition, and authentication, which utilizes ECG signals.	Eavesdropping, replay, and man-in-the-middle attacks	The system does not consider the possible inaccuracies that may occur during the acquisition of ECG signals. Additionally, security evaluations that go beyond the scope of machine learning should be carried out.
[78]	An advanced three-factor authentication system is designed particularly for remote patient monitoring using wireless sensor networks (WSNs). The proposed approach aims to provide enhanced security to protect sensitive patient information during remote monitoring. To ensure the security of the proposed approach, an AVIS PA tool is used for formal security analysis. Overall, this approach is claimed to ensure the confidentiality, integrity, and availability of the patient’s data.	DOS, Reply, password guessing, smart card loss attacks, etc.	The cost of communication may be relatively high, but it has been thoroughly evaluated.
[79]	In order to enhance the efficiency of data transfer and improve overall throughput, a layered framework is proposed. This framework, spark, not only optimizes data transfer but also adds a layer of security and authentication, ensuring the safety and integrity of the transferred data. The proposed framework architecture is designed to transmit sensitive information securely. The added layers prevent unauthorized access to private data, thus making the data transfer more reliable, secure, and efficient.	Insider attack	Network simulations are employed to analyze the data transmission such as ECG. However, there is no information on the security and privacy analysis being performed.
[80]	A service-oriented structure is proposed, allowing for dynamic security elements to be implemented. This approach adapts to the specific medical services being provided at remote locations and continuously adjusts the level of security based on the service being performed. The dynamic approach ensures that the level of security is always appropriate for any specific medical service. Additionally, this approach improves scalability and flexibility by supporting various medical services and providing appropriate security measures.	Spoofing, device masquerade, eavesdropping, and DoS attacks	Only a simple assessment and security analysis without disclosure of its details have been conducted. Both formal and informal security evaluations were supposed to be carried out.
[81]	An authentication system is designed that works with the combination of cryptographic mechanisms, such as symmetric encryption, bitwise exclusive-OR operator, and one-way hash function, to deliver authentication and authorization features. Using these cryptographic mechanisms ensures the protection of sensitive information and addresses issues of authentication, integrity, privacy, and nonrepudiation. The authors claim that by using these cryptographic mechanisms, the system can provide a secure method for identity authentication and authorization, making it a reliable and trustable solution for access control in the cloud. This approach provides a secure, reliable, and efficient way for the user to access the service, data, and system through the cloud.	Offline password guessing, replay, impersonation, man-in-the-middle, andinsider attacks	In an emergency, it can be challenging to access information that has been overly secured. Moreover, if an attacker manages to obtain a patient’s mobile device or spoofs the IMEI on their cell phone, they may enter the system without authorization.
[83]	A system is proposed to increase the efficiency and security of data storage and transmission. It utilizes a scalable and efficient authentication technique involving an agent dedicated to encryption. However, this approach has some limitations, such as increased computational and communication costs due to multiple servers, which can lead to a less efficient system. Additionally, the lack of data headers for transmission may cause additional overhead costs, which can impact the system’s overall performance.	Brute force, man-in-the-middle, and dimming	The overall computational and communication expense of the system may be high due to the use of multiple servers in the proposed architecture. The data headers for transmission were not found to be labeled, which can later result in extra computational overhead.

Table 1. Authentication systems in IoMT.

Study	Main Contributions	Attacks Countered	Limitations
[77]	An ECG authentication technique is proposed using the method of extracting Legendre polynomials. Additionally, a multilayer perception neural network is employed for training, recognition, and authentication, which utilizes ECG signals.	Eavesdropping, replay, and man-in-the-middle attacks	The system does not consider the possible inaccuracies that may occur during the acquisition of ECG signals. Additionally, security evaluations that go beyond the scope of machine learning should be carried out.
[78]	An advanced three-factor authentication system is designed particularly for remote patient monitoring using wireless sensor networks (WSNs). The proposed approach aims to provide enhanced security to protect sensitive patient information during remote monitoring. To ensure the security of the proposed approach, an AVIS PA tool is used for formal security analysis. Overall, this approach is claimed to ensure the confidentiality, integrity, and availability of the patient’s data.	DOS, Reply, password guessing, smart card loss attacks, etc.	The cost of communication may be relatively high, but it has been thoroughly evaluated.
[79]	In order to enhance the efficiency of data transfer and improve overall throughput, a layered framework is proposed. This framework, spark, not only optimizes data transfer but also adds a layer of security and authentication, ensuring the safety and integrity of the transferred data. The proposed framework architecture is designed to transmit sensitive information securely. The added layers prevent unauthorized access to private data, thus making the data transfer more reliable, secure, and efficient.	Insider attack	Network simulations are employed to analyze the data transmission such as ECG. However, there is no information on the security and privacy analysis being performed.
[80]	A service-oriented structure is proposed, allowing for dynamic security elements to be implemented. This approach adapts to the specific medical services being provided at remote locations and continuously adjusts the level of security based on the service being performed. The dynamic approach ensures that the level of security is always appropriate for any specific medical service. Additionally, this approach improves scalability and flexibility by supporting various medical services and providing appropriate security measures.	Spoofing, device masquerade, eavesdropping, and DoS attacks	Only a simple assessment and security analysis without disclosure of its details have been conducted. Both formal and informal security evaluations were supposed to be carried out.
[81]	An authentication system is designed that works with the combination of cryptographic mechanisms, such as symmetric encryption, bitwise exclusive-OR operator, and one-way hash function, to deliver authentication and authorization features. Using these cryptographic mechanisms ensures the protection of sensitive information and addresses issues of authentication, integrity, privacy, and nonrepudiation. The authors claim that by using these cryptographic mechanisms, the system can provide a secure method for identity authentication and authorization, making it a reliable and trustable solution for access control in the cloud. This approach provides a secure, reliable, and efficient way for the user to access the service, data, and system through the cloud.	Offline password guessing, replay, impersonation, man-in-the-middle, andinsider attacks	In an emergency, it can be challenging to access information that has been overly secured. Moreover, if an attacker manages to obtain a patient’s mobile device or spoofs the IMEI on their cell phone, they may enter the system without authorization.
[83]	A system is proposed to increase the efficiency and security of data storage and transmission. It utilizes a scalable and efficient authentication technique involving an agent dedicated to encryption. However, this approach has some limitations, such as increased computational and communication costs due to multiple servers, which can lead to a less efficient system. Additionally, the lack of data headers for transmission may cause additional overhead costs, which can impact the system’s overall performance.	Brute force, man-in-the-middle, and dimming	The overall computational and communication expense of the system may be high due to the use of multiple servers in the proposed architecture. The data headers for transmission were not found to be labeled, which can later result in extra computational overhead.

3. Motivation

The growth in digital healthcare services is increasing the need to provide efficient and secure services. With the increase in the use of IoT-enabled healthcare systems, a considerable amount of attention is being focused on securing such systems, as discussed in Section 2.2. Many device authentication techniques for the IoMT are proposed; still, there is a need to offer reliable methods for user authentication techniques in IoMT, specifically while considering modern technologies.

Graphical passwords, which use visual content instead of traditional text-based passwords, can improve user authentication. Still, current schemes have limitations, such as low memorability and susceptibility to shoulder-surfing attacks, as discussed in Section 2.1. To address these limitations, this study proposes a novel graphical authentication scheme that uses multiple factors for user registration and authentication to create a simple, memorable, and robust authentication process for users of IoMT.

4. Proposed Solution

The proposed system would have two significant sub-tasks, i.e., registration of a new user and authentication of an already registered user. The working of the proposed approach is described in this section, which includes the details of the architecture and the algorithms utilized during different phases.

4.1. Architecture

As illustrated in Figure 1, whenever the proposed system is initiated, it will check whether a user record exists. If the record does not exist, which means the user has not yet registered, then the registration phase will be initiated with sub-phases. The first sub-phase includes selecting secret information such as secret number, secret color, and secret tap-mode (single or double), as shown in Figure 2. The tap-modes would represent addition or subtraction operations, later utilized in the log-in phase. Once the user has successfully configured these settings, the second sub-phase will be started, including handwriting tasks on the device’s touch screen using hand gestures. The user will be asked to draw different numbers repetitively, and each gesture affiliated with a specific number will be gathered and stored in the system.

Once a sufficient number of handwriting tasks are performed, the user will be provided with a grid of images (5 × 4) as represented in Figure 3. A randomly generated grid comprising images related to the medical field, such as X-rays, CT scans, MRIs, etc., will be displayed in the interface. As the possible users of such a system are supposed to be medical staff, doctors, and nurses, these images will not only be relevant but also trigger some relationship to their personal experiences. Once the user has selected three secret images, all the user’s secret information is then encrypted and stored in the firebase database. This multi-factor authentication process ensures a robust security mechanism while providing convenience to the user. Moreover, the use of medical-related images in the authentication process also makes it more likely that the users will remember the secret images, improving the memorability of the authentication process.

Once the user has completed the registration process, he or she can proceed to the authentication phase. During this phase, the system will prompt the user to scan a QR code to initiate the process and ensure the user’s physical presence at a specific proximity of IoT systems. Then, an interface of random numbers will be displayed as shown in Figure 4. These numbers will have random colors assigned to them, which can be viewed by clicking on the checkbox. Only one number having the secret color will be present on the screen. The user will recall the secret color and remember the given number. To decrease over-the-shoulder attacks, they will initially be shown in only black. By opting for either a single-tap or double-tap option, the user will be moved to the next phase, where he or she will draw the answer. Depending on the single-tap or double-tap, an addition or subtraction operation will be performed over the new number with the secret number. For example, the user had a secret number three in their memory. The number displayed on the screen in the secret color appeared to be five. By performing an addition operation, the result is supposed to be eight. Then, the user will perform a handwriting task on the touch screen and write the answer eight as shown in Figure 5. The system will then compare the user’s input to the correct answer and, if the information matches, the user will proceed to the next phase of authentication. A grid of randomly placed images (5 × 4) similar to the registration phase will be displayed in Figure 3. The user will then select any row of the grid. The goal is to determine the row with the secret image. If the user selects the correct row, he or she will obtain access to the system.

Overall, the proposed system is intended to provide a secure and convenient way for users to authenticate themselves while using IoMT systems. The use of graphical and multi-factor authentication methods is anticipated to help improve the security and usability of the system, making it suitable for use in sensitive medical applications.

4.2. Development

Android Studio and its libraries, such as PyTorch, GestureDetector, Tensorflow, and other cryptographic libraries, were used to develop the proposed authentication scheme. The code of the said project is available online at https://github.com/madilator/H-Auth.git, accessed on 1 March 2023. Figure 2, Figure 3, Figure 4 and Figure 5 show screenshots of the proposed application. It is important to mention here that only those smartphones with Android OS are compatible with the proposed solution having enough computation power to support Tensorflow libraries used during both the registration and authentication phases.

4.3. Algorithms

The system uses two main algorithms for its primary activities, i.e., registration and authentication. The following subsections will briefly explain its working.

4.3.1. Registration Phase

The first step in using the system is to utilize Algorithm 1, a registration phase algorithm performed to register users in the system. The main inputs to the algorithm include a secret number (S${}_n$), a secret color (S${}_c$), a single-tap operation (ST${}_0$), a double-tap operation (DT${}_0$), and a secret image (S${}_i$).

The algorithm begins by selecting a secret number (S${}_n$) and checking to see if it is within the specified range (greater than or equal to one and less than or equal to nine). If the number is not within the range, the user is prompted to select a number within the range and the selection process is repeated. If the number is within the range, the algorithm displays a color grid and prompts the user to select a secret color (S${}_c$). The user must choose a color of the specified range (equal to one). If the user does not select an accurate color, he or she is prompted to do so, and the selection process is repeated.

Once the secret color has been selected, the algorithm prompts the user to choose a single-tap operation (ST${}_0$) and a double-tap operation (DT${}_0$) using radio button groups. The user must select one option from each group. If the user does not make a selection, the user is prompted to do so and the selection process is repeated.

After the single- and double-tap operations have been selected, the algorithm displays an image grid and prompts the user to choose a secret image (S${}_i$). The user must select an image from the specified range (less than or equal to three). If the user does not select a valid image, he or she is prompted to do so, and the selection process is repeated.

Finally, the algorithm saves the selected secret number, color, single-tap operation, double-tap operation, and image, which completes the registration process.

The system utilizes a registration phase algorithm, Algorithm 1, to registered users. The main inputs to the algorithm include a secret number (S${}_n$), a secret color (S${}_c$), a single-tap operation (ST${}_0$), a double-tap operation (DT${}_0$), and a secret image (S${}_i$). The algorithm begins by verifying the secret number, displaying a color grid, selecting a secret color, choosing single-tap and double-tap operations, displaying an image grid, and selecting a secret image. Finally, the selected inputs are saved to complete the registration process.

Algorithm 1 Registration Phase

($S_n$, $S_c$, $S{T}_0$, $D{T}_0$, $S_i$) Procedure: Registration Phase   1: Select Secret Number ($S_n$);   2: if $S_n\ge 1\Vert S_n\le 9$ then   3:     Display Color Grid; Exit(1);   4: else   5:     Print ($1\le Range\ge 9$)   6:     Repeat Select Secret Number Sequence;   7: end if   8: Display Color Grid ($S_c$);              ▹ Grid = 2 × 5   9: if $S_c\ge 1\Vert S_c\le 10$ then 10:     Single/Double Tap Operation; Exit(1); 11: else 12:     Print (Select one Secret Color); 13:     Repeat Select Secret Color Sequence; 14: end if 15: Radio Button Group 1 Operation ($S{T}_0$); 16: Select Single Tap Option ($S{T}_0\to AdditionorSubtraction$); 17: Radio Button Group 2 Operation ($D{T}_0$); 18: Select Double Tap Option ($D{T}_0\to AdditionorSubtraction$); 19: if $S{T}_0==Selected \& \& D{T}_0==Selected$ then 20:     Display Image Grid; Exit(1); 21: else 22:     Print (Select Options for Single/Double Tap Operation) 23:     Repeat Single/Double tap Operation; 24: end if 25: Display Image Grid;                 ▹$Grid=4\times 5$ 26: Select Secret Image ($S_i$);              ▹$Range\le 3$ 27: if $S_i==3$ then 28:     Exit(1); 29: else 30:     Print (Select 3 Secret Images) 31:     Repeat Display Image Grid Sequence; 32: end if 33: Save $S_n$, $S_c$, $S{T}_0$, $D{T}_0$, $S_i$ 34: End

4.3.2. Authentication Phase

The second algorithm is an authentication phase algorithm used to verify the identity of a user attempting to access a system. The output of the algorithm is either “ACCESS GRANTED” or “ACCESS DENIED”, which is communicated to the system in the shape of tokens as shown in Algorithm 2.

The algorithm begins by displaying a QR code (TK${}_1$) and prompting the user to scan the code using a camera. In order to ensure the user’s physical presence with respect to deployed IoT, the user will scan the code being displayed at a display unit. The scanned code (TK${}_2$) is then compared to the original code (TK${}_1$). If the codes do not match, the user is informed that there was an error detecting the user’s proximity to the system, and access is denied. If the codes do match, the algorithm proceeds to the next step.

Algorithm 2 Authentication Phase

(ACCESS GRANTED/ACCESS DENIED) Procedure: Authentication Phase   1: QR Code Display ($T{K}_1$);   2: Camera_Scan QR Code ($T{K}_2$);   3: if $T{K}_1==T{K}_2$ then   4:     Display Number Grid; Exit(1);   5: else   6:     Print (Error in Detecting Close Proximity);   7:     return ACCESS DENIED   8: end if   9: Display Number Grid with $Solution$          ▹$Grid=3\times 4$ 10: Detect Tap on Screen (Tap → Single Tap or Double Tap) 11: Load Handwriting Recognition Interface() 12: Scan Hand Writing($Digit$) 13: if Match($Tap$, $Digit$, $Solution$) = = TRUE then 14:     Display Image Grid; Exit(1); 15: else 16:     Print(Authentication Failed) 17:     return ACCESS DENIED 18: end if 19: Display Image Grid with $S_i$              ▹$Grid=4\times 5$ 20: Select Row of Images $Imag{e}_i$, $Imag{e}_j$, $Imag{e}_k$ 21: if Match($Imag{e}_i$, $Imag{e}_j$, $Imag{e}_k$, $S_i$) = = TRUE then 22:     return ACCESS GRANTED 23: else 24:     Print (Authentication Failed) 25:     return ACCESS DENIED 26: end if 27: End

Next, the algorithm displays a number grid with a solution and detects the user’s tap on the screen. The tap can be either a single tap or a double tap. The algorithm loads a handwriting recognition interface and scans the user’s handwriting for a digit. The user must calculate the answer by adding or subtracting the given number (in the secret color) with the secret number stored in the registration phase. If the scanned digit matches the solution, the algorithm proceeds to the next step. If they do not match, the user is informed that authentication has failed and access is denied.

Finally, the algorithm displays an image grid with the user’s secret image (S${}_i$) and prompts the user to select a row of images. If the selected row of images contains the secret image, then the user is granted access. If they do not match, the user is informed that authentication has failed and access is denied. The authentication process is then complete.

5. Methods

We evaluated our proposed framework by conducting a user-centric survey with a post-test-only research design comprising two groups, comparison and treatment groups. The evaluation was based on the standard Post-Study System Usability Questionnaire (PSSUQ) [59,84], which is a well-known user-centric evaluation standard to perceive satisfaction for a given computer system or application. It was initially designed as a part of the IBM project SUMS (System Usability MetricS); later [59] published an 18-item questionnaire that was widely used. According to [85], a 16-item version of the PSSUQ was designed with 3 prominent sub-measures, i.e., system, information, and interface quality. We use the 16-item PSSUQ evaluation tool in the proposed study to measure our system for the given sub-measures.

5.1. Sampling

A sample of 19 participants was selected based on accessibility and convenience. Participants of the study were practicing doctors from different private hospitals in Islamabad, including Quaid-e-Azam International Hospital https://www.qih.com.pk/ accessed on 1 March 2023, Shifa International Hospital https://www.shifa.com.pk/ accessed on 1 March 2023, Maroof International Hospital https://www.maroof.com.pk/ accessed on 1 March 2023, and Medicsi Hospital https://www.medicsi.com/, accessed on 1 March 2023. The study’s participants were selected based on accessibility and were separated into two groups: the treatment group and the comparison group. The treatment group comprised 9 participants, while the comparison group comprised 10 participants.

5.2. Experiments

The treatment group used our proposed authentication framework, while the comparison group used simple authentication techniques available on smartphones (such as PIN, swipe, and pattern). Both groups were tasked with registering and authenticating their passwords using the given framework/technique before completing a questionnaire. To educate the users regarding the system and tasks, a demonstration of using the system was also provided to the participants. Their responses were measured on a 7-item Likert scale, where 1 represents “strongly agree” and 7 means “strongly disagree”. While interpreting the results, we inverted the scale score for better depiction by subtracting the score by 7 and then adding 1. Hence, in the given score, 1 represents “strongly disagree”, and 7 means “strongly agree”. Based on the obtained scores, we assessed overall quality, as well as sub-measures of system quality, information quality, and interface quality.

5.3. Hypotheses

We used the independent sample t-test (

Table 2. Results for independent sample statistical t-test.

Variables	t	df	Sig. (2-Tailed)	Cohen’s d
Overall Quality	4.06	8.64	0.003	1.92
System Quality	2.54	8.97	0.03	1.2
Information Quality	3.48	8.62	0.007	1.64
Interface Quality	6.31	9.92	0	2.96

) to study the significance of the results obtained from a user-centric questionnaire survey. The t-test was chosen to make inferences about the whole population and generalize the statistics beyond the sample size. We formulated four null and four alternate hypotheses, mentioned in the following subsections.

5.3.1. Null Hypotheses

• $H_{0}1:$ Our proposed authentication technique and simple authentication techniques available on smartphones have no significant difference in overall quality.
• $H_{0}2:$ Our proposed authentication technique and simple authentication techniques available on smartphones have no significant difference in system quality.
• $H_{0}3:$ Our proposed authentication technique and simple authentication techniques available on smartphones have no significant difference in information quality.
• $H_{0}3:$ Our proposed authentication technique and simple authentication techniques available on smartphones have no significant difference in interface quality.

5.3.2. Alternate Hypotheses

• $H_{0}1:$ Our proposed authentication technique has significantly better overall quality compared to simple authentication techniques available on smartphones.
• $H_{0}2:$ Our proposed authentication technique has significantly better system quality compared to simple authentication techniques available on smartphones.
• $H_{0}3:$ Our proposed authentication technique has significantly better information quality compared to simple authentication techniques available on smartphones.
• $H_{0}3:$ Our proposed authentication technique has significantly better interface quality compared to simple authentication techniques available on smartphones.

6. Results and Analysis

We determined that the overall quality score for the treatment group is 6.4, while that of the comparison group is 4.8. The score of the system’s quality for the treatment group is 6.6, while that of the comparison group is 5.5. The information quality score determined from the responses obtained from the treatment group is 6.4, while, for the comparison group, the information quality score is 4.8. The interface quality score is 6.2 for the treatment group and 3.7 for the comparison group. A graphical illustration of these results is provided in Figure 6.

The first six questions of the PSSUQ analyzed the system quality as illustrated in Figure 7. A total of 85.71% of the participants in the comparison group (average = 6.0, median = 6.5, mode = 7.0, and std. deviation = 1.15) and 87.29% of the participants in the treatment group (average = 6.1, median = 5.0, mode = 5.0, and std. deviation = 1.36) agreed that it was easy for them to use the system overall. In the comparison group, 80% of the participants (average = 5.6, median = 5.5, mode = 5.0, and std. deviation = 0.70) and 96.86% of the participants in the treatment group (average = 6.8, median = 7.0, mode = 5.0, and std. deviation = 1.64) said that it was simple to use the system. Some 74.29% of the participants in the comparison group (average = 5.2, median = 5.0, mode = 5.0, and std. deviation = 0.79) and 98.43% of the participants in the treatment group (average = 6.9, median = 7.0, mode = 7.0, and std. deviation = 0.60) were able to complete the tasks and scenarios quickly using the system.

In the comparison group, 80% of the participants (average = 5.6, median = 5.5, mode = 5.0, and std. deviation = 1.17) and 90.43% of the participants in the treatment group (average = 6.3, median = 6.0, mode = 6.0, and std. deviation = 1.94) felt comfortable using the system. Next, 82.86% of the participants in the comparison group (average = 5.8, median = 6.0, mode = 6.0, and std. deviation = 0.92) and 93.71% of the participants in the treatment group (average = 6.6, median = 6.0, mode = 5.0, and std. deviation = 2.19) acknowledged that it was easy for them to learn to use the system. A total of 71.43% of the participants in the comparison group (average = 5.0, median = 5.0, mode = 4.0, and std. deviation = 1.05) and 100% of the participants in the treatment group (average = 7.0, median = 7.0, mode = 7.0, and std. deviation = 0.87) believed that they could become productive quickly using the system.

The following six questions evaluated the information quality, as illustrated in Figure 8. The comparison group, consisting of 57.14% of the participants (with an average of 4.0, median of 4.0, mode of 4.0, and standard deviation of 0.82), and the treatment group, made up of 88.86% of the participants (with an average of 6.2, median of 5.0, mode of 5.0, and standard deviation of 2.22), both reported that the system provided error messages that indicated how to fix any problems. In the event of making a mistake, 52.86% of the participants in the comparison group (with an average of 3.7, median of 3.5, mode of 3.0, and standard deviation of 0.82) and 93.71% of the participants in the treatment group (with an average of 6.6, median of 7.0, mode of 7.0, and standard deviation of 0.88) were able to recover easily and quickly. Additionally, 54.29% of the participants in the comparison group (with an average of 3.8, median of 4.0, mode of 4.0, and standard deviation of 0.79) and 95.29% of the participants in the treatment group (with an average of 6.7, median of 6.0, mode of 6.0, and standard deviation of 1.58) agreed that the provided information, including online help, on-screen messages, and other documentation, was clear. It was easy for 88.57% of the comparison group (with an average of 6.2, median of 6.0, mode of 6.0, and standard deviation of 0.79) and 87.29% of the participants in the treatment group (with an average of 6.1, median of 5.0, mode of 4.0, and standard deviation of 2.32) to find the necessary information. Furthermore, the information was effective in assisting with task completion and scenario performance for 81.43% of the participants in the comparison group (with an average of 5.7, median of 5.0, mode of 5.0, and standard deviation of 0.95) and 90.43% of the participants in the treatment group (with an average of 6.3, median of 7.0, mode of 7.0, and standard deviation of 0.87). Lastly, 74.29% of the participants in the comparison group (with an average of 5.2, median of 5.0, mode of 5.0, and standard deviation of 0.42) and 92.00% of the participants in the treatment group (with an average of 6.4, median of 6.0, mode of 5.0, and standard deviation of 1.42) agreed that the system’s information was organized clearly on the screen.

The following three questions evaluated the quality of the interface, the results of which are shown in Figure 9. Most participants in the comparison group (57.14%) and treatment group (88.86%) found the system’s interface pleasant. A large percentage of participants in the comparison group (52.86%) and treatment group (93.71%) enjoyed using the interface. A significant number of participants in the comparison group (40%) and treatment group (92%) felt that the system had all the necessary functions and capabilities.

Half of the participants in the comparison group (average satisfaction rating of 3.5, median of 3.5, mode of 5.0, and standard deviation of 1.58) and nearly 90% of the participants in the treatment group (average satisfaction rating of 6.2, median of 7.0, mode of 7.0, and standard deviation of 1.20) were satisfied with the system. Details regarding the results and their significance are shown in Figure 10, comprising the average, median, and mode of all the questions for both comparison and treatment groups. Results for an independent sample t-test in Table 2 show that the difference between the means of both groups does not happen by chance. We can reject the null hypothesis and consider the alternate hypotheses based on the t-test results. As shown in Table 2, the treatment group shows results significantly better for the overall quality of the treated framework than the comparison group, t(8.64) = 4.06, p = 0.0003. The treatment group’s system quality is also considered to be much better than the comparison group, t(8.97) = 2.54, p = 0.03. For information quality, the treatment group shows a significant difference from the comparison group, t(8.62) = 3.48, p = 0.007. For the last measure, interface quality, the treatment group showed significant improvement over the comparison group, t(9.92) = 6.31, p = 0.

7. Discussion

According to Figure 6 and Figure 10, the treatment group perceived the interface of the proposed scheme as more satisfactory than the comparison group, in terms of system quality, information quality, and interface quality. The treatment group obtained a higher overall quality score of 6.4, while the comparison group scored 4.8. Moreover, the treatment group scored higher in system quality (6.6 vs. 5.5 for the comparison group) and information quality (6.4 vs. 4.8 for the comparison group). The interface quality score was also higher for the treatment group (6.2 vs. 3.7 for the comparison group). The PSSUQ test demonstrated that the treatment group performed better than the comparison group in all six questions regarding system quality and information quality. These findings suggest that the treatment group had a more positive experience with the system than the comparison group.

Based on the subjective results from PSSUQ and statistical results from the t-test, we can conclude that our proposed authentication technique for IOMT interfaces outperforms other simple authentication techniques for smartphone users in terms of overall quality, system quality, and information and interface quality. However, future research should consider evaluating the given system through other tools, such as SUS, SUMS, etc. We also intend to evaluate the security strength of the proposed scheme against various attacks, such as over-the-shoulder attacks, forget-password attacks, impersonation attacks, etc.

Limitations observed for the system during discussions with participants include the use of multiple levels or multiple factors of security checks, which can be dynamically adjusted based on the user’s security needs. Future work will evaluate the scalability and performance of the proposed system under various network conditions and in real-world settings. Additionally, we will explore how the system can be integrated with existing healthcare systems and electronic medical records to improve the overall healthcare experience for patients and providers. Improving the user experience further and making the system more user-friendly could also be a worthwhile research direction. Finally, conducting a cost–benefit analysis of the proposed system could help determine its economic viability and affordability.

In conclusion, the proposed graphical password approach for user authentication in IoMT offers a more secure, simple, memorable, and robust user authentication process and overall experience compared to PIN-based and pattern-based authentication techniques. The graphical authentication approach can be used in a variety of applications, such as electronic medical records, telemedicine systems, and other IoMT-based health services. However, it is important to consider the limitations of the study, such as the small and homogenous sample size, and the need for future research to validate the results and assess the long-term effectiveness and usability of the proposed method.

8. Conclusions

This study describes a proposed user authentication method for the IoMT, which aims to ensure the security and sustainability of the IoT. The proposed method is based on graphical passwords and uses multiple factors for user registration and authentication.

The study evaluated the proposed method using the Post-Study System Usability Questionnaire (PSSUQ) and compared it to PIN-based and pattern-based authentication techniques. The study participants were practicing doctors from private hospitals in Islamabad, divided into treatment and comparison groups. Both groups were tasked with registering and authenticating their passwords before completing a questionnaire based on a 7-item Likert scale.

The study results showed that the proposed graphical authentication scheme was more effective in terms of overall quality, system quality, information quality, and interface quality. The treatment group had higher scores for all these factors compared to the comparison group. However, it is noted that further usability and security analysis may be necessary to validate these findings.

In conclusion, the proposed method seems promising in terms of improving user-friendliness and security of user authentication in IoMT, but more research is needed to fully assess its effectiveness.