Next Article in Journal
Progressive Optimization of Target Distribution and Effective Refinement of Hard Samples for Source-Free Domain Adaptation
Previous Article in Journal
Speech-to-Sign Gesture Translation for Kazakh: Dataset and Sign Gesture Translation System
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Computers
Volume 15
Issue 3
10.3390/computers15030189
computers-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Post-Quantum Authentication in the Internet of Medical Things: A System-Level Review and Future Directions

by
Fatima G. Abdullah
* and
Tayseer S. Atia
Department of Computer Engineering, College of Engineering, Al-Iraqia University, Baghdad 10047, Iraq
*
Author to whom correspondence should be addressed.
Computers 2026, 15(3), 189; https://doi.org/10.3390/computers15030189
Submission received: 4 February 2026 / Revised: 5 March 2026 / Accepted: 13 March 2026 / Published: 15 March 2026
(This article belongs to the Section ICT Infrastructures for Cybersecurity)
Browse Figures
Versions Notes

Abstract

The Internet of Medical Things (IoMT) has become a core component of modern healthcare infrastructures, enabling continuous patient monitoring, remote diagnostics, and data-driven clinical decision-making. Despite these advances, authentication in IoMT environments remains a critical security challenge, intensified by strict resource constraints of medical devices and the emerging threat posed by quantum computing to classical cryptographic techniques. This systematic review investigates authentication mechanisms in IoMT from both post-quantum and system-level perspectives. A structured literature review was conducted using a PRISMA-informed methodology across major scientific databases, including IEEE Xplore, ACM Digital Library, SpringerLink, ScienceDirect, and MDPI. From an initial set of 95 records, 63 studies were selected for qualitative synthesis following screening and eligibility assessment. To organise existing research, this study introduces a multi-dimensional classification framework that categorises authentication solutions according to cryptographic paradigm (classical, hybrid, and post-quantum), deployment architecture, system objectives, and clinical operational constraints. The comparative synthesis demonstrates important trade-offs between security strength, latency, computational overhead, and energy consumption that are frequently underexplored in the existing literature. Furthermore, the analysis identifies key research gaps related to scalability in heterogeneous medical environments, trust establishment across administrative and clinical domains, usability under strict timing constraints, and resilience against quantum-capable adversaries. Based on these findings, future research directions are outlined toward adaptive, lightweight, and context-aware post-quantum authentication frameworks designed for real-world IoMT deployments. Limitations of this review include restriction to English-language publications and selected databases. This study received no external funding, and the review protocol was not formally registered.

1. Introduction

The Internet of Medical Things (IoMT) extends Internet of Things technologies into healthcare by interconnecting wearable sensors, implantable devices, medical imaging systems, and telemedicine platforms to support continuous clinical data collection, transmission, and analysis for diagnosis, monitoring, and decision support. Unlike conventional IoT systems, IoMT functions as a tightly integrated cyber–physical infrastructure embedded within clinical workflows, where security failures may directly affect patient safety and quality of care rather than merely causing economic or service-level disruptions [1]. Consequently, securing IoMT systems represents a higher-stakes challenge than protecting general-purpose IoT environments [2].
The data processed within IoMT ecosystems belongs to the most sensitive categories of personal information, including protected health information (PHI), physiological signals, laboratory results, medical images, and longitudinal patient records. Breaches of confidentiality may expose patients to discrimination, financial exploitation, or social harm; violations of data integrity may lead to misdiagnosis or unsafe clinical decisions; and disruptions to availability can interrupt essential healthcare services. Maintaining confidentiality, integrity, and availability (CIA) is therefore not only a regulatory requirement but also a fundamental clinical responsibility in modern healthcare systems [3,4].
Despite these stringent requirements, many IoMT devices operate under severe constraints in computational capability, memory, and energy supply, and are deployed across heterogeneous environments such as hospitals, home-care settings, and mobile healthcare networks. These limitations restrict the feasibility of computationally intensive cryptographic mechanisms and increase the system attack surface [1,5]. Most existing IoMT authentication solutions rely on classical public-key cryptography, including RSA, elliptic-curve cryptography (ECC), and Diffie–Hellman, to support identity verification, secure channel establishment, and digital signatures. However, the emergence of quantum computing fundamentally challenges the security assumptions underlying these schemes. Shor’s algorithm shows that sufficiently powerful quantum computers can efficiently break RSA and ECC, rendering classical authentication mechanisms insecure. In addition, adversaries may already be collecting encrypted medical communications for future decryption once quantum capabilities mature—a strategy commonly referred to as the harvest now–decrypt later threat model [6,7,8].
Post-quantum cryptography (PQC) has been proposed to mitigate these risks by providing security against both classical and quantum-capable adversaries. In this context, the U.S. National Institute of Standards and Technology (NIST) has selected CRYSTALS-Kyber for key establishment and CRYSTALS-Dilithium for digital signatures as the first standardized PQC algorithms. Nevertheless, directly replacing classical cryptographic primitives with PQC algorithms is not sufficient for IoMT systems. PQC schemes typically involve larger key sizes, increased communication overhead, and higher computational costs, while IoMT deployments remain highly resource-constrained, dynamic, and safety-critical. This mismatch highlights the need for authentication mechanisms that align cryptographic strength with device capabilities, operational risk, and clinical performance requirements [1,8,9].
Although research on IoMT security and post-quantum cryptography continues to grow, a critical gap remains. Many existing IoMT authentication frameworks still assume classical threat models and static security configurations, offering limited consideration of quantum-capable adversaries or adaptive security management. Conversely, a large portion of PQC-focused studies target computationally powerful platforms or generic IoT scenarios, providing limited insight into the constraints and operational realities of medical devices. As a result, comprehensive analyses that systematically examine quantum-resilient authentication mechanisms within clinically constrained IoMT environments are still lacking [1,8].

Scope and Contribution

Unlike prior surveys [10,11,12,13] that focus on classical IoMT authentication mechanisms or evaluate post-quantum cryptography in generic IoT settings [14,15,16], this review provides an integrated, quantum-aware, and clinically grounded analysis of authentication in IoMT systems. The paper introduces a multi-dimensional classification framework that jointly considers cryptographic paradigms (classical, hybrid, and post-quantum), authentication trust models, and clinical system constraints. In addition, it presents a comparative evaluation of authentication approaches with respect to security strength, latency, computational overhead, energy consumption, and real-time clinical applicability, thereby revealing critical trade-offs that are often not explicitly addressed in the existing literature.
Accordingly, the objectives of this review are to: (i) Synthesize IoMT architectural characteristics, operational constraints, and trust-establishment mechanisms relevant to authentication design; (ii) Critically analyze existing authentication and key-management approaches with respect to their exposure to quantum-era threats; (iii) Comparatively evaluate post-quantum cryptographic schemes for IoMT authentication under resource and clinical constraints, while acknowledging complementary non-cryptographic trust mechanisms such as hardware-rooted security and behavioral authentication approaches; (iv) Derive design-oriented authentication architectures and configuration strategies that balance security strength, latency, and energy efficiency in safety-critical medical systems.
The remainder of this paper is organized as follows. Section 2 presents the research methodology used for the structured literature review. Section 3 introduces IoMT architectures and outlines key system requirements and constraints. Section 4 reviews existing authentication and trust-management mechanisms and discusses their limitations under quantum-capable adversaries. Section 5 surveys post-quantum cryptographic approaches relevant to IoMT authentication and analyzes their performance implications. Section 6 examines heterogeneity across IoMT ecosystems and associated security challenges. Section 7 provides a comprehensive multi-perspective literature review. Section 8 discusses architectural considerations for quantum-resilient authentication. Section 9 highlights practical deployment challenges. Section 10 outlines open research challenges and future directions, and Section 11 concludes the paper.

2. Research Methodology

This section describes the methodology adopted for the structured literature review conducted in this study. The methodological workflow follows the PRISMA 2020 reporting guidelines and consists of four main stages: search strategy, eligibility criteria definition, study selection process, and data extraction and synthesis. The overall review process is illustrated in Figure 1.
This systematic review was conducted in accordance with the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA 2020) guidelines to ensure methodological transparency, reproducibility, and structured coverage of authentication mechanisms in the Internet of Medical Things (IoMT) [17]. The review protocol, including the search strategy, eligibility criteria, and screening procedure, was defined prior to study selection in order to minimize potential selection bias. The adopted methodology focuses on security, cryptography, and healthcare-oriented IoT domains relevant to IoMT authentication frameworks.

2.1. Search Strategy

The literature search covered publications from 2017 to 2026. Searches were conducted across major scientific databases, including IEEE Xplore, ScienceDirect, SpringerLink, the ACM Digital Library, and MDPI. In addition, official documentation published by the National Institute of Standards and Technology (NIST) was examined to capture relevant post-quantum cryptographic standardization developments.
A structured Boolean search strategy was employed to identify relevant literature across the selected databases. The search expression combined thematic categories related to IoMT systems, authentication and trust mechanisms, post-quantum security, and heterogeneity in healthcare IoT environments. The full Boolean search string applied across the databases was as follows:
(“Internet of Medical Things” OR “IoMT” OR “Medical IoT” OR “Healthcare IoT” OR “Internet of Health Things” OR “Smart Healthcare”) AND (“Authentication” OR “Trust Management” OR “Key Management” OR “Identity Management” OR “Access Control”) AND (“Post-Quantum” OR “Quantum-Resistant” OR “PQC” OR “Quantum-Safe”) AND (“Heterogeneity” OR “Heterogeneous IoMT” OR “Heterogeneous IoT”)
Minor syntax adjustments were applied when required to accommodate database-specific search interfaces.

2.2. Eligibility Criteria

Studies were selected according to predefined inclusion and exclusion criteria.
Inclusion criteria required:
(i)
Peer-reviewed journal or conference publications indexed in the selected databases;
(ii)
Studies addressing authentication, trust mechanisms, or identity management in IoMT or healthcare-oriented IoT systems;
(iii)
Studies discussing cryptographic design, security properties, performance considerations, or deployment constraints;
(iv)
English-language publications.
Exclusion criteria eliminated:
(i)
IoT studies not related to healthcare environments or lacking relevance to resource-constrained or safety-critical contexts;
(ii)
Studies focusing solely on encryption without authentication, key management, or trust establishment components;
(iii)
Non-peer-reviewed publications (e.g., white papers, editorials, or non-reviewed preprints);
(iv)
Studies with inaccessible or incomplete full texts.

2.3. Study Selection Process

The initial search identified 95 records across the selected databases. No additional records were identified through registers. Prior to screening, 16 duplicate records were removed. Following duplicate removal, 79 records proceeded to title and abstract screening.
During this phase, 16 records were excluded based on the predefined eligibility criteria. Specifically, 8 studies were not focused on IoMT authentication, 5 did not consider post-quantum cryptographic aspects, and 3 were not peer-reviewed primary studies or review articles.
Consequently, 63 reports were retrieved and assessed for full-text eligibility. All 63 studies met the inclusion criteria and were included in the final qualitative synthesis. The complete study selection workflow following the PRISMA 2020 guidelines is illustrated in Figure 1.

2.4. Data Extraction and Synthesis

For each included study, descriptive attributes were recorded to enable structured qualitative comparison. These attributes included:
  • Publication year;
  • Proposed authentication or cryptographic mechanism;
  • Calidation context (hardware implementation, simulation-based evaluation, or conceptual/theoretical proposal).
In addition, the analysis considered whether each study explicitly discussed deployment constraints relevant to IoMT environments and whether post-quantum security aspects were addressed within its stated scope. Where available, reported performance indicators—such as latency, computational overhead, memory footprint, and energy consumption—were also documented.
The extracted information was synthesized narratively rather than quantitatively. No meta-analysis or cross-study numerical aggregation was performed. When quantitative performance values were explicitly reported, they were summarized within their original experimental context.
Due to heterogeneity in hardware platforms, evaluation environments, protocol configurations, and reporting formats across the included studies, direct normalization or statistical comparison of performance metrics was not feasible. Instead, studies were comparatively interpreted according to their reported validation context, documented performance characteristics, and analytical scope.
Comparative conclusions were aligned proportionally with the strength and maturity of the underlying validation evidence in order to maintain methodological transparency and avoid overstated generalizations. This approach ensures consistency with the qualitative nature of the review while preserving analytical rigor in the comparative assessment of authentication mechanisms for IoMT systems.

3. Internet of Medical Things (IoMT): System Architecture and Requirements

3.1. IoMT Architecture and Connectivity

IoMT deployments are commonly organized using multi-layer architectures that separate data acquisition, local processing, and large-scale analytics across device, edge, and cloud layers [18,19,20,21], as illustrated in Figure 2. This layered structure reflects both functional design considerations and security boundaries inherent to healthcare environments.
At the device layer, heterogeneous medical endpoints—including wearable sensors, implantable devices, bedside monitors, infusion pumps, and smart imaging systems—collect physiological signals and clinical context in close proximity to the patient. These devices often operate within body area networks or short-range clusters and are typically constrained in terms of processing capability, memory resources, and battery lifetime [22,23]. As a result, connectivity at this layer relies primarily on short-range, low-power communication technologies such as Bluetooth Low Energy (BLE), IEEE 802.15.4/Zigbee, IEEE 802.15.6 wireless body area networks (WBANs), and near-field communication (NFC). While these technologies enable energy-efficient data exchange, they remain susceptible to interference, jamming, and eavesdropping if not adequately secured [22,23].
The edge layer aggregates and preprocesses data from multiple devices via local gateways, fog nodes, or multi-access edge computing (MEC) servers deployed within hospital premises or colocated with cellular infrastructure. Edge nodes support functions such as data filtering, feature extraction, local anomaly detection, and short-term storage, thereby reducing end-to-end latency and backbone bandwidth usage while enabling timely clinical feedback for delay-sensitive applications, including continuous cardiac monitoring and fall detection [18,20,24]. Moreover, the edge layer often performs protocol translation between device-level communication technologies (e.g., BLE, Zigbee, and WBAN) and IP-based networks, and commonly serves as a local enforcement point for access control and authentication policies [19,21]. For in-building and local-area connectivity among medical devices, clinicians, and edge infrastructure, Wi-Fi (IEEE 802.11) is widely adopted due to its higher throughput, albeit at the expense of increased energy consumption and greater exposure to interference-prone environments [24]. The cloud layer provides scalable storage, long-term integration with electronic health records (EHRs), large-scale data analytics, and AI-driven clinical decision support services. Cloud platforms execute computationally intensive workloads, including deep learning models for diagnosis, population-level analytics, and long-term risk stratification [18,20,25]. Communication between the edge and cloud layers, as well as in remote monitoring scenarios, typically relies on wide-area networking technologies such as LTE, 4G/5G, NB-IoT, LTE-M, and low-power wide-area networks (LPWANs) including LoRaWAN. These technologies enable connectivity for home-based patients, emergency response systems, and geographically distributed healthcare deployments [24,25]. Each communication technology introduces distinct performance constraints and security considerations. Ultralow-power WBAN links may not support computationally intensive cryptographic handshakes; LPWAN technologies impose strict payload size and duty-cycle limitations; and 5G-enabled IoMT systems offer high data rates and ultralow latency while introducing complex multi-tenant networking and edge slicing environments [23,24,25]. Consequently, the hierarchical device–edge–cloud architecture, combined with the heterogeneity of underlying communication technologies, plays a central role in the design of authentication mechanisms. These characteristics introduce diverse trust boundaries, latency constraints, and resource limitations, often requiring a combination of end-to-end and hop-by-hop authentication across devices, gateways, and cloud services.

3.2. System Constraints and Requirements in IoMT

IoMT systems operate under multi-dimensional operational constraints that are considerably stricter than those encountered in many general-purpose IoT deployments. Latency, in particular, represents a critical requirement for applications such as real-time vital sign monitoring, closed-loop drug delivery, telesurgery support, and emergency response. In these scenarios, delays introduced during authentication or key establishment may directly translate into delayed alarms or control actions, potentially affecting patient safety [18,20,26]. Communication reliability is another fundamental requirement, as IoMT environments must operate under conditions of wireless interference, user mobility, and dynamic channel variability. These challenges are especially pronounced in wireless body area networks (WBANs) and multi-hop wireless topologies, where frequent re-authentication procedures or complex handshake retries can exacerbate packet loss and increase the likelihood of service disruption [22,23,26]. Energy efficiency constitutes a dominant constraint for battery-powered wearable and implantable medical devices, in which radio transmissions and cryptographic operations account for a significant portion of overall energy consumption. Authentication schemes with high computational or communication overhead can substantially shorten device lifetime, increasing maintenance requirements and, in the case of implantable devices, introducing additional clinical risks [22,26]. In parallel, privacy protection and regulatory compliance requirements—such as those imposed by HIPAA-like regulations and GDPR-style data protection frameworks—necessitate strict control over access to protected health information (PHI). These requirements extend beyond confidentiality to encompass access authorization, contextual data usage, auditability, and secure revocation, thereby placing strong demands on authentication and key-management mechanisms to ensure robust identity binding, minimal data exposure, and accountability [20,25]. Finally, IoMT applications are inherently safety-critical, as security failures may directly influence clinical outcomes rather than merely causing inconvenience or financial loss. Authentication mechanisms must therefore be not only cryptographically strong but also predictable, resilient to partial failures, and free from unnecessary complexity or single points of failure that could impede incident response and recovery. Taken together, these constraints motivate the design of authentication frameworks that are lightweight, context-aware, and capable of operating reliably across heterogeneous and resource-constrained medical environments. At the same time, such frameworks must incorporate post-quantum cryptographic considerations to ensure long-term security against emerging quantum-capable adversaries. These requirements directly inform the threat model illustrated in Figure 3.

4. Authentication and Trust Management in IoMT Systems

4.1. Role of Authentication in IoMT

Authentication represents a foundational security function in IoMT systems, ensuring that only legitimate devices, users, and services can access sensitive healthcare data and participate in system operations. Given that IoMT networks frequently involve direct interactions among patients, clinicians, and medical devices, weaknesses in authentication can lead to unauthorized device control, exposure to protected health information (PHI) and disruption of clinical workflows critical to safety [10,11]. Beyond basic identity verification, authentication plays a central role in establishing trust relationships that underpin secure key exchange, session establishment, and access control. End-to-end authentication provides assurance that medical data originates from trusted sources, while cross-layer authentication mechanisms enable trust validation across device, gateway, and cloud layers within hierarchical IoMT architectures [10]. In distributed and heterogeneous IoMT environments, authentication further contributes to trust management by supporting accountability, non-repudiation, and traceability. These properties are essential for regulatory compliance, incident response, and forensic auditing in modern healthcare systems [11].

4.2. Authentication Mechanisms and Challenges in IoMT

Transport Layer Security (TLS), particularly TLS 1.3, is widely adopted in Internet communications to establish secure channels that provide confidentiality, integrity, and endpoint authentication. In IoMT systems, TLS 1.3 is commonly used to protect communications between medical devices, gateways, and cloud services by validating digital certificates and safeguarding session data against tampering or interception [27]. Certificate-based authentication relies on public key infrastructure (PKI), where trusted certificate authorities bind device or service identities to cryptographic public keys, thereby mitigating impersonation and man-in-the-middle attacks. However, the certificate management overhead and handshake complexity associated with TLS 1.3 can be burdensome for resource-constrained medical devices unless optimized through lightweight profiles, session resumption, or delegated authentication mechanisms [10,27]. Figure 4 illustrates the main phases of the TLS 1.3 handshake and its role as a primary security protocol in IoMT communications. Given the limited computational capability, memory, and battery capacity of many IoMT devices, lightweight authentication has emerged as a critical design requirement. Lightweight schemes aim to minimize cryptographic computation and message-exchange overhead while remaining resilient to common threats such as impersonation, replay, and man-in-the-middle attacks [11,28]. Mutual authentication further enhances trust by ensuring that both communicating entities are verified prior to sensitive data exchange, preventing adversaries from masquerading as legitimate medical devices or clinical systems [27]. To achieve this balance, lightweight mutual authentication protocols often employ symmetric cryptography, optimized key-agreement techniques, or hybrid approaches that combine public-key authentication with efficient symmetric verification. In some cases, contextual or biometric factors are incorporated to strengthen authentication assurance while preserving energy efficiency [28,29]. Despite their effectiveness against current adversaries, classical authentication frameworks, such as PKI-based TLS 1.3, rely on RSA and elliptic-curve cryptography (ECC), which are vulnerable to quantum computing attacks. Shor’s algorithm demonstrates that sufficiently powerful quantum computers could efficiently break the mathematical foundations of RSA and ECC, enabling the compromise of digital certificates and authentication mechanisms [6]. This vulnerability raises significant concerns for the long-term confidentiality and integrity of IoMT communications, particularly under the “harvest now–decrypt later” threat model, where encrypted medical data may be collected today for future decryption. Post-quantum cryptography (PQC) has been proposed to address these risks by introducing cryptographic primitives that remain secure against quantum-capable adversaries. However, PQC schemes typically involve larger key sizes, increased communication overhead, and higher computational costs, which pose practical challenges for resource-constrained IoMT deployments [6,27]. These limitations motivate the development of adaptive authentication frameworks that dynamically balance security strength, performance, and energy consumption while providing long-term quantum resilience in medical IoT environments.

5. Post-Quantum Cryptography for IoMT Authentication

5.1. Quantum Threat and Long-Term Security

Most existing IoMT authentication systems rely on public-key cryptographic primitives based on RSA or elliptic-curve cryptography (ECC), whose security depends on the computational hardness of integer factorization and discrete logarithm problems. Shor’s algorithm demonstrates that a sufficiently powerful quantum computer could efficiently solve both problems, thereby enabling the compromise of digital certificates, authentication protocols, and public-key infrastructures currently deployed in IoMT systems [6]. This fundamental vulnerability is conceptually illustrated in Figure 5.
The emergence of quantum-capable adversaries introduces a significant long-term security risk for IoMT environments, in which medical data, device identities, cryptographic credentials, and audit records often require confidentiality and integrity guarantees over extended time horizons. In this context, the “harvest now–decrypt later” threat model is particularly concerning, as adversaries may collect and store encrypted IoMT communications today with the intention of decrypting them once large-scale quantum computing becomes practical [7,8]. Such attacks threaten not only data confidentiality but also the long-term trustworthiness of authentication infrastructures and identity bindings.
In response to these challenges, post-quantum cryptography (PQC) has emerged as a critical research and standardization direction aimed at developing cryptographic primitives and authentication mechanisms that remain secure against both classical and quantum-capable adversaries. Ongoing international standardization efforts, most notably led by the National Institute of Standards and Technology (NIST), seek to define quantum-resistant algorithms for key establishment and digital signatures. These efforts provide a foundational basis for designing future-proof authentication and trust-management mechanisms in IoMT systems [8,30].

5.2. Post-Quantum Authentication and Deployment Considerations in IoMT

Digital signatures play a central role in authentication, certificate validation, and trust establishment within secure IoMT systems. Among the leading post-quantum cryptography (PQC) candidates, lattice-based signature schemes—most notably CRYSTALS-Dilithium—derive their security from hard lattice problems such as Module-LWE and Module-SIS and are widely regarded as resistant to quantum attacks. Owing to its strong security guarantees and relatively balanced performance characteristics, Dilithium has been selected by the National Institute of Standards and Technology (NIST) for post-quantum digital signature standardization [8,31].
Another important category of post-quantum authentication primitives is hash-based digital signature schemes, including XMSS and SPHINCS+. These schemes rely on the pre-image and collision resistance of cryptographic hash functions rather than number-theoretic assumptions. XMSS has been standardized through RFC 8391, while SPHINCS+ offers a stateless design with conservative security assumptions, making it attractive for long-term security guarantees [30,32]. Together, lattice-based and hash-based signatures represent viable replacements for classical RSA- and ECC-based signatures in certificate-driven authentication infrastructures.
Despite their strong quantum resistance, PQC-based authentication mechanisms introduce non-negligible performance and resource overhead when compared to classical ECC-based systems. Lattice-based schemes typically involve larger public keys and signatures, whereas hash-based schemes often incur even larger signature sizes and higher verification costs [8,32,33]. These overheads directly affect memory footprint, computational latency, network bandwidth, and battery consumption—factors that are already tightly constrained in wearable medical sensors, implantable devices, and mobile IoMT gateways.
To highlight these trade-offs, Table 1 summarizes representative classical and post-quantum cryptographic schemes using standardized parameter sets (e.g., NIST-recommended security levels). Reported values correspond to public key sizes and signature sizes relevant to certificate-based authentication and key exchange procedures. The indicated deployment suitability considerations are derived from reported performance characteristics in the literature and should be interpreted relative to device capabilities, memory constraints, computational budgets, and clinical operational context rather than as universal prescriptions. Given the heterogeneity of IoMT ecosystems—ranging from ultralow-power implantable and wearable medical devices to resource-rich edge gateways and cloud platforms—the suitability of post-quantum authentication schemes must be assessed on a per-device-class basis. Lattice-based signatures such as Dilithium generally offer balanced signing and verification performance and are therefore appropriate for edge gateways, hospital infrastructure, and computationally capable clinical systems [8,31,33]. In contrast, highly constrained medical devices may encounter challenges related to public key storage, signature size, and verification cost, despite the enhanced security guarantees provided by PQC. Hash-based schemes provide strong long-term security assurances but may introduce substantial signature sizes and, in the case of XMSS, require careful state management [30,32].
These observations motivate profiling-driven deployment strategies in which authentication primitives are selected according to measurable device constraints (e.g., available memory, processing capability, energy budget, and communication bandwidth) and clinical criticality requirements.
Finally, the transition toward post-quantum security is expected to be incremental rather than immediate, leading to the adoption of hybrid authentication models that combine classical cryptographic algorithms (e.g., ECC) with post-quantum primitives [8,34]. Hybrid certificates and hybrid TLS handshakes enable backward compatibility with existing infrastructures while preserving security even if one cryptographic component is compromised. Effective migration further requires careful consideration of certificate lifecycle management, firmware update mechanisms, regulatory constraints, and interoperability across heterogeneous IoMT deployments. Consequently, adaptive authentication architectures that flexibly integrate post-quantum cryptography based on operational context and device capabilities represent a promising pathway for sustaining long-term trust management in quantum-era healthcare systems.
Table 1. Comprehensive Comparison of Post-Quantum Cryptography Schemes Across NIST Security Levels for IoMT.
Table 1. Comprehensive Comparison of Post-Quantum Cryptography Schemes Across NIST Security Levels for IoMT.
AlgorithmVariant (NIST Level)Signature Size (B)Public Key Size (B)Q-SafeIoMT Suitability Considerations
CRYSTALS-Dilithium (ML-DSA)ML-DSA-44 (Level 2)24201312YesBalanced choice for edge gateways and clinical workstations [35,36].
ML-DSA-65 (Level 3)33091952YesHigher security for hospital infrastructure and data centers [35].
ML-DSA-87 (Level 5)45952592YesMaximum security for long-term archiving and critical systems [35].
CRYSTALS-Kyber (ML-KEM)ML-KEM-512 (Level 1)N/A800YesLightweight key exchange for constrained sensors (if KEM is used) [36].
ML-KEM-768 (Level 3)N/A1184YesRecommended for general-purpose TLS 1.3 in IoMT gateways [35].
ML-KEM-1024 (Level 5)N/A1568YesHigh-security key establishment for cloud backends [35].
SPHINCS+ (SLH-DSA)SLH-DSA-SHA2-128s (Level 1)785632YesStateless, conservative security; ideal for certificate authorities (CAs) [36].
SLH-DSA-SHA2-128f (Level 1)17,08832YesFaster signing, suitable for firmware updates where bandwidth is less constrained [35,36].
FalconFalcon-512 (Level 1)666897YesMay be more suitable for highly constrained implantable devices due to smaller signature size [36].
Falcon-1024 (Level 5)12801793YesCompact signatures for high-security applications on capable hardware [35].
ECDSAsecp256r1 (Legacy)6464NoBaseline for performance comparison; vulnerable to quantum attacks [35,36].

6. Heterogeneity and Its Security Implications in IoMT

IoMT ecosystems comprise a highly heterogeneous collection of interconnected components, including wearable health monitors, implantable medical sensors, bedside clinical equipment, edge gateways, and cloud-based analytics platforms. These components differ substantially in terms of processing capability, memory availability, energy constraints, operating systems, and supported communication interfaces, resulting in widely varying security capabilities across the system [10,11]. For instance, implantable medical devices must operate under strict battery, thermal, and safety constraints, whereas hospital imaging systems and edge gateways can support more computationally intensive cryptographic operations. This diversity complicates the design of uniform authentication mechanisms and motivates the adoption of capability-aware security models that explicitly account for device class and functional role within clinical workflows [10].
Beyond device diversity, IoMT systems operate over a range of heterogeneous communication technologies, including Bluetooth Low Energy (BLE), IEEE 802.15.4/WBAN, Wi-Fi, cellular networks (LTE/5G), and low-power wide-area networks (LPWANs). These technologies differ markedly in latency, bandwidth, reliability, energy consumption, and coverage characteristics [11,23]. For example, WBAN links prioritize ultralow-power operation and may experience intermittent connectivity due to patient mobility, whereas 5G networks provide high-throughput and ultra-reliable low-latency communication suitable for mission-critical healthcare applications [18,23]. Such variability directly influences authentication latency, handshake reliability, and the consistent enforcement of security policies across IoMT communication paths.
IoMT applications also vary considerably in terms of clinical criticality, ranging from low-risk wellness and lifestyle monitoring to safety-critical systems such as intensive care monitoring, closed-loop insulin delivery, and emergency medical response. High-criticality applications demand stringent guarantees of authentication correctness, availability, and real-time responsiveness, as failures may directly affect patient safety and clinical outcomes [1,10]. In contrast, lower-risk applications may tolerate increased latency or reduced availability, suggesting that authentication strength, frequency, and recovery mechanisms should be adaptable to the clinical importance of the service.
Deployment environments introduce an additional layer of heterogeneity. IoMT systems may operate within well-managed hospital infrastructures supported by professional IT administration, network segmentation, and structured public key infrastructures, or within less-controlled environments such as home-care and community settings that rely on consumer-grade networking equipment and limited supervision [1,11]. Home-based deployments are therefore more vulnerable to misconfiguration, weak credential management, and physical tampering, while mobile environments such as ambulances face challenges related to mobility and intermittent connectivity. These conditions necessitate deployment-aware authentication and trust-management strategies capable of maintaining end-to-end security beyond traditional institutional boundaries.
Taken together, the interaction of device diversity, network variability, application criticality, and heterogeneous deployment contexts creates a complex and dynamic trust landscape in IoMT systems. Authentication mechanisms that are effective in one setting may be impractical or unsafe in another. Consequently, IoMT authentication frameworks must be lightweight yet robust, interoperable across heterogeneous platforms, resilient to intermittent connectivity, and sensitive to contextual risk and device capability [1,11,18], as illustrated in Figure 6. Moreover, heterogeneity increases the likelihood of attack-surface fragmentation, whereby weaker devices or poorly secured environments can become entry points for broader system compromise. These challenges underscore the need for adaptive, capability-aware, and risk-driven authentication architectures to support secure and scalable IoMT deployments.

7. Literature Review

This section surveys prior research on authentication mechanisms in the Internet of Medical Things (IoMT) from multiple complementary perspectives. Table 2 positions the present review relative to existing surveys by comparing their scope, awareness of post-quantum threats, and consideration of clinical and system-level constraints.
To ensure transparency in the comparative positioning presented in Table 2, the surveyed works were evaluated using predefined qualitative assessment criteria. Each survey was examined based on the extent of explicit discussion, analytical depth, and technical scope reported in the original publication. The evaluation focused on whether each work explicitly addressed post-quantum security awareness, system-level architectural considerations, clinical constraints, heterogeneity aspects, performance trade-offs, and practical deployment implications within IoMT environments.
Beyond this high-level positioning, the subsequent comparative analysis adopts an evidence-informed synthesis strategy intended to reduce narrative bias and strengthen analytical rigor. Each reviewed study was assessed according to two primary dimensions: (i) validation maturity and (ii) the availability of reported performance metrics.
Validation maturity was categorized as follows:
  • Hardware-validated (H): Implementations evaluated on embedded platforms or medical-grade devices with empirically measured performance results.
  • Simulation-based (S):Evaluations conducted using software simulation environments or modeled experimental setups without deployment on physical hardware.
  • Conceptual/Theoretical (C): Analytical frameworks, surveys, or design proposals without implementation or simulation-based validation.
This classification enables explicit differentiation between experimentally validated implementations and preliminary analytical contributions, particularly in a rapidly evolving domain where conceptual proposals and survey studies remain prevalent.
Comparative interpretations of latency, computational overhead, energy consumption, and clinical applicability were aligned proportionally with the strength of validation evidence. Hardware-validated studies were prioritized when drawing conclusions related to deployment feasibility and real-world constraints. Simulation-based studies were used to identify performance trends under modeled conditions, while conceptual contributions were primarily considered for architectural insights, research directions, and theoretical design implications rather than quantitative deployment claims.
By explicitly linking comparative conclusions to validation maturity, the review ensures that discussions of trade-offs and suitability remain evidence-grounded and consistent with the strength of the underlying empirical support.
To improve transparency and reduce interpretive ambiguity, the qualitative indicators used in Table 2 were assigned according to explicit operational criteria derived from the content of the surveyed publications. A double checkmark (✓✓) indicates comprehensive coverage of the criterion, typically supported by dedicated sections, detailed architectural analysis, or extensive technical discussion. A single checkmark (✓) denotes clear but limited coverage where the topic is discussed but not explored in depth. The symbol (∼) represents partial or indirect coverage, where the criterion is briefly mentioned without structured analysis. The symbol (×) indicates that the criterion was not explicitly addressed in the surveyed publication.
Table 2 summarizes the comparative positioning of existing IoMT authentication surveys based on these predefined criteria and their alignment with the four analytical objectives of this review. The comparison dimensions in Table 2 are aligned with the four analytical objectives defined in Section 1. Objective (i) corresponds to IoMT focus, heterogeneity awareness, and clinical constraints; Objective (ii) relates to the post-quantum threat model and TLS authentication considerations; Objective (iii) reflects the discussion of NIST PQC algorithms and performance trade-offs; and Objective (iv) captures system-level architectural perspectives and adaptive authentication visions.
The qualitative indicators reported in Table 2 directly reflect the predefined assessment criteria described above and were assigned based on explicit statements, architectural analysis, performance evaluation, or threat-model discussions documented in each cited work.

7.1. Post-Quantum Security Perspective

Research on post-quantum cryptography (PQC) for IoT and IoMT security has evolved along multiple complementary trajectories, each addressing different facets of the quantum transition while revealing persistent gaps in clinically-aware design.
Ref. [35] proposed a lattice-based PQC framework that enhances authentication security with lower computational overhead than classical RSA/ECC. While demonstrating efficiency gains, the framework assumes static configurations, lacking adaptability for the heterogeneous and dynamic IoMT device landscape.
In [36], dynamic PQC scheme switching within TLS 1.3 was explored on actual IoT platforms, revealing inherent trade-offs among latency, throughput, and energy. Although adaptive selection is feasible, the required protocol modifications complicate adoption in regulated clinical environments where standardization and interoperability are paramount.
Survey studies [14,15,16] systematically examined lattice-based schemes (Kyber, Dilithium, NTRU) for constrained devices, consistently identifying them as promising candidates. However, these analyses remain largely conceptual, lacking validation under realistic IoMT workloads or adaptive security configurations that match clinical risk profiles.
Migration-focused research includes [40], which presented a structured enterprise PQC migration framework but omitted IoMT-scale considerations and medical operational constraints. Benchmarking efforts such as [41] quantified PQC performance and energy characteristics on embedded hardware, yet excluded authentication protocols and clinical integration from their scope.
Within healthcare specifically, Refs. [42,43] proposed PQC-enhanced architectures, including blockchain-based designs for medical data integrity. While advancing long-term security, these approaches introduce computational and scalability overhead that may conflict with the low-latency requirements of time-sensitive IoMT applications.
More recent work includes QAuth-IoMT [44], a lightweight lattice-based authentication protocol employing heuristic optimizations. Although promising in energy efficiency, its simulation-based evaluation leaves open critical questions about real-world performance, interoperability with existing medical systems, and feasibility under actual clinical conditions.
Overall, the literature demonstrates growing momentum toward quantum-resilient IoMT security while underscoring the absence of adaptive, energy-aware, and clinically validated authentication frameworks. Table 3 summarizes these representative approaches and highlights the progression from early benchmarking efforts toward more context-aware post-quantum authentication mechanisms.

7.2. Authentication-Model Perspective

Recent IoMT authentication research has diversified along several model-oriented directions, emphasizing lightweight design, privacy preservation, and decentralized trust establishment in distributed healthcare ecosystems.
Concrete protocol designs include the blockchain–fog–assisted group authentication framework of [45], which leverages elliptic-curve cryptography and hash verification to improve scalability while resisting impersonation and replay attacks. Similarly, MedIoT-LAP [46] integrates authenticated encryption with associated data (AEAD) and physically unclonable functions (PUFs) to achieve mutual authentication with low computational overhead, preserving confidentiality, device anonymity, and resistance to active adversaries.
Survey studies [12,13,38,47] converge on the conclusion that practical IoMT authentication must be lightweight, interoperable across heterogeneous clinical environments, and resilient to evolving threats. These reviews further stress the importance of adaptability to dynamic device states and deployment contexts—a requirement often unmet by static cryptographic designs.
Complementary efforts focus on enhancing specific security properties: [37,48] target data integrity, anonymity, and multi-factor authentication, while blockchain-based approaches such as [39] explore decentralized trust management and auditability for medical data exchanges.
Initial quantum-aware designs are emerging, exemplified by [49], which combines classical elliptic-curve techniques with SPHINCS+ hash-based signatures to provide mutual authentication with modest communication overhead. Although this hybrid construction represents a preliminary step toward post-quantum readiness, it remains unevaluated under realistic IoMT operational conditions, including large-scale heterogeneous deployments, prolonged clinical use, and integration with legacy medical systems.
The primary research strands in IoMT authentication can be categorized into lightweight and privacy-preserving schemes, blockchain-based trust mechanisms, and emerging post-quantum solutions. A detailed comparative analysis of representative approaches is provided in Table 4.
In summary, while IoMT authentication has matured significantly, the majority of existing frameworks remain anchored in classical cryptographic assumptions, offer limited adaptability to dynamic clinical contexts, and lack systematic integration of post-quantum security requirements. These limitations underscore the need for context-aware, energy-efficient, and hardware-validated authentication architectures capable of supporting trustworthy IoMT operation as quantum computing capabilities advance.

7.3. Heterogeneous-Environment Perspective

Several studies have examined post-quantum cryptography and security interoperability in heterogeneous IoT and IoMT environments. For example, ref. [50] proposed a multiple-time hash-based signature scheme (SOMT-HSS) to improve post-quantum security while reducing communication overhead compared to twin-signature constructions. However, these gains come at the cost of increased storage requirements and limited support for real-time adaptability, which may limit applicability in dynamic clinical scenarios.
A comprehensive performance evaluation in [51] assessed representative PQC schemes, including Kyber, Dilithium, and SPHINCS+, across heterogeneous computing platforms such as CPUs, GPUs, and embedded systems. The results revealed substantial variation in latency, energy consumption, and memory usage, highlighting the importance of selecting cryptographic primitives based on device capability and deployment context rather than applying uniform security configurations.
From a system-design perspective, ref. [52] introduced a heterogeneous key-management approach for e-health and implantable devices that combines symmetric cryptography with PUF-derived credentials. This approach reduces key-management overhead for constrained nodes while preserving acceptable security properties, although scalability and integration with post-quantum mechanisms remain unresolved.
Risk assessment in heterogeneous IoMT systems was considered in [53], which analyzed threats across sensing, networking, and application layers. However, post-quantum adversaries and adaptive security strategies were not addressed. Interoperability challenges were explored in [54], where the IoT-SIM semantic interoperability model uses RDF and SPARQL to enable data integration across heterogeneous healthcare platforms. While effective at the semantic level, this approach does not incorporate cryptographic trust management or quantum-resilient authentication.
Overall, the reviewed studies emphasize the need for heterogeneity-aware, interoperable, and energy-efficient security mechanisms in IoMT systems, while also revealing the absence of adaptive, context-aware authentication frameworks that jointly address heterogeneity and post-quantum security requirements. This gap motivates further research into adaptive, capability-aware, and quantum-resilient authentication architectures for practical IoMT deployments. Table 5 summarizes the identified challenges, representative solutions, and the corresponding research directions in heterogeneous IoMT environments.

7.4. Synthesis of Findings Across Research Objectives

Based on the evidence-informed synthesis of the 63 reviewed publications, the main findings align with the four research objectives. To move beyond a narrative summary, this synthesis relates reported performance metrics to the validation maturity framework (H, S, C), highlighting discrepancies between simulated assumptions and real-world IoMT constraints. Objective (i): IoMT architectures and constraints. IoMT systems operate under strict device heterogeneity and energy limitations. While simulation-based studies [44,46] typically assume ideal connectivity, hardware-validated implementations [36,50] reveal additional overhead introduced by physical I/O operations, certificate verification, memory access, and communication interfaces. For example, experimental TLS authentication evaluations on IoT devices report handshake latencies of approximately 131.65 ms over Wi-Fi and 236.4 ms over BLE when Falcon512 signatures are used without certificate validation [36], demonstrating the influence of real communication layers in constrained environments. Objective (ii): Quantum-era threat exposure. Most IoMT authentication protocols still rely on classical ECC/RSA primitives. Although simulation studies [44] suggest limited performance impact when transitioning to post-quantum cryptography, hardware benchmarks [41,51] indicate that implementing PQC algorithms on embedded platforms introduces additional computational overhead and increased energy consumption due to the higher complexity of quantum-resistant cryptographic primitives. Objective (iii): Post-quantum scheme evaluation. The efficiency of post-quantum cryptographic schemes depends strongly on the validation tier. Simulation-based studies generally report lower computational costs and latency, whereas hardware-based implementations on constrained devices reveal higher overhead due to communication delays, memory constraints, and processing limitations. For instance, experimental TLS measurements show authentication latencies of approximately 206.85 ms over Wi-Fi and 269.7 ms over BLE when using the Dilithium2 signature scheme [36]. These results illustrate how larger post-quantum signatures and verification operations can increase authentication latency compared with classical mechanisms. Objective (iv): Design-oriented strategies. Hybrid and capability-aware authentication approaches are increasingly proposed to balance strong cryptographic security with the limited resources of IoMT devices. However, practical deployment remains constrained by trade-offs between security strength, computational cost, communication overhead, and device capabilities [52,54]. In particular, hybrid classical–post-quantum authentication architectures may increase TLS handshake latency by approximately 30–35% when higher-security hybrid configurations are deployed [36]. Consequently, future IoMT security designs must consider adaptive or resource-aware cryptographic strategies that balance quantum-resilient security with the operational constraints of heterogeneous medical devices.

8. Architectural Considerations for Quantum-Resilient Authentication in IoMT

Authentication in IoMT systems relies on public-key cryptography for certificate validation and trust establishment. However, classical schemes (RSA, ECC) are vulnerable to quantum attacks [6]. Post-quantum cryptography (PQC) addresses this through quantum-resistant signatures like CRYSTALS-Dilithium and SPHINCS+, which are increasingly considered key candidates for maintaining long-term trust anchors in quantum-ready IoMT systems [8,31].
IoMT environments are inherently heterogeneous, spanning implantable devices to cloud platforms with varying computational and energy constraints. Static authentication configurations may therefore be insufficient across heterogeneous deployments. Policy-driven architectures enable dynamic adaptation of cryptographic parameters based on device capability, clinical risk, and deployment context [10,11].
Transitioning to PQC introduces challenges beyond algorithm replacement, including certificate lifecycle management, hybrid operation with legacy PKI, and increased computational/communication overhead from larger keys and signatures [8,31,34]. These factors affect latency and energy consumption in resource-constrained devices.

8.1. Comparative Analysis of PQC Schemes

To provide a structured comparison grounded in reported evaluations, Table 6 summarizes representative PQC signature schemes across three dimensions derived from recent literature [35,36,55]:
  • Security strength: Based on NIST security levels (1–5), where Level 5 provides AES-256 equivalent security.
  • Performance overhead: Interpreted primarily from signature sizes, which directly influence communication latency and bandwidth consumption.
  • Deployment feasibility: Reflects qualitative interpretation of reported performance characteristics and device constraints discussed in the literature rather than experimentally validated deployment outcomes.

8.2. Quantitative Inputs for Capability-Aware Decision Making

To ground the proposed capability-aware framework in empirical data, Table 7 summarizes quantitative device constraints and cryptographic performance metrics drawn from recent evaluations [35,36,55]. These values are reported from individual experimental or simulation-based studies and are presented here for contextual illustration rather than cross-study benchmarking or meta-analytic comparison. They illustrate the type of inputs that would inform a concrete decision framework, including device resource limits, operation latencies, and energy costs.
Under specific constrained hardware conditions (32–200 MHz class devices with 64 KB–256 MB RAM), simulation-based evaluations report average encryption and decryption times of approximately 120 ms and 110 ms respectively, with energy consumption below 4 mJ on edge-class devices [55]. These figures are indicative of trends observed in controlled simulation environments rather than universally generalizable performance guarantees.
Building on these illustrative quantitative inputs, a concrete decision framework could define example-based thresholds such as: devices with <64 KB RAM and battery power may prioritize Falcon-512 (666 B signatures) over Dilithium variants (2420–4595 B) when communication overhead is the primary constraint, based on findings reported in [36,55]. Conversely, edge gateways with >256 MB RAM and stable power supply may accommodate ML-DSA-65 or ML-DSA-87 for higher security levels, as suggested in [35]. These example thresholds are intended to illustrate the type of reasoning that profiling-driven strategies might employ, rather than to serve as validated deployment rules.

8.3. Towards Capability-Aware Decision Making

Building on the comparative analysis and illustrative quantitative inputs above, Table 8 translates these scheme characteristics into an example-based decision framework for capability-aware PQC selection. The framework synthesizes findings from recent experimental evaluations [35,36,55] and considers three primary decision inputs: (i) device resource constraints (memory, CPU capability, energy budget), (ii) communication characteristics (bandwidth and latency tolerance), and (iii) clinical criticality level. While not intended as a definitive deployment guide—given the heterogeneity of IoMT hardware and the absence of standardized benchmarking—it offers a structured starting point for profiling-driven authentication design.

8.4. Key Findings and Implications

The comparison suggests that Falcon-512 may be more suitable for implantable devices due to its relatively small signature size (666 B) and low reported energy footprint under evaluated conditions (1.3–1.5 mJ), though implementation complexity must be considered [36,55]. ML-DSA-44 may offer a trade-off between security and performance for edge gateways (2420 B; 3.8–4.0 mJ in simulation studies). ML-DSA-65 and ML-DSA-87 may be better aligned with hospital infrastructure and critical systems respectively, offering higher security at increased overhead. SPHINCS+ variants (7856–17,088 B) may be less suitable for highly constrained IoMT devices, remaining appropriate for CAs or infrequent firmware updates. ECDSA provides a widely deployed baseline for comparison but lacks quantum resistance. Simulation-based evaluations in specific constrained hardware contexts indicate that while PQC schemes introduce higher communication overhead (approximately 72% larger ciphertexts under the evaluated conditions), latency (110–150 ms) and energy consumption (<4 mJ on edge-class devices) may remain within acceptable bounds for certain IoMT applications [55]. However, these figures are illustrative of trends observed in controlled simulation environments rather than universally applicable performance guarantees.
These trade-offs motivate profiling-driven deployment strategies that align PQC selection with device constraints and clinical requirements [10,11], though further empirical validation across diverse hardware platforms and operational conditions remains necessary.

9. Implementation Challenges and Practical Considerations

Deploying post-quantum–ready authentication mechanisms in Internet of Medical Things (IoMT) environments entails a set of closely interrelated technical, operational, and regulatory challenges. These challenges must be carefully addressed to ensure that long-term cryptographic robustness does not come at the expense of clinical safety, reliability, or system usability.

9.1. Performance and Resource Constraints

Many IoMT applications are inherently time-sensitive, including intensive-care monitoring, remote diagnostics, and closed-loop therapeutic systems. In such settings, excessive authentication latency or computational delay can disrupt clinical workflows and degrade real-time responsiveness. Post-quantum cryptographic (PQC) schemes typically introduce additional overhead due to larger key sizes, longer signatures, and increased message exchanges, resulting in higher latency compared to classical ECC-based mechanisms [8,31]. At the same time, wearable and implantable medical devices operate under strict energy and thermal constraints, where additional computation and communication may significantly accelerate battery depletion and reduce device lifespan, potentially necessitating premature maintenance or invasive replacement [8,34]. These limitations necessitate latency-aware and energy-aware authentication design, including careful parameter selection, optimized handshake frequency, and, where feasible, the use of hardware-assisted cryptographic operations.

9.2. Trust Management and Credential Lifecycle Complexity

IoMT authentication infrastructures rely predominantly on public-key infrastructures (PKI), making secure certificate issuance, renewal, and revocation critical. The transition toward post-quantum authentication complicates these processes due to larger credentials, hybrid cryptographic deployments, and evolving standardization efforts. Certificate revocation remains particularly challenging for intermittently connected devices, where conventional mechanisms such as certificate revocation lists (CRLs) or online certificate status protocol (OCSP) services may be unavailable or unreliable [8,56]. Interoperability further complicates deployment, as IoMT ecosystems often span multiple vendors, legacy systems, and heterogeneous platforms, requiring hybrid authentication mechanisms and multi-algorithm trust chains during migration phases [8,56].

9.3. Long Device Lifecycles and Regulatory Constraints

Medical devices typically have long operational lifecycles, often ranging from five to ten years, while regulatory certification processes (e.g., FDA approval or EU MDR compliance) limit the feasibility of frequent firmware updates. As a result, cryptographic migration strategies must be aligned with secure boot mechanisms, trusted update channels, and lengthy recertification requirements [34,57]. In parallel, privacy and compliance regulations such as HIPAA and GDPR impose strict constraints on authentication design, requiring strong guarantees of confidentiality, accountability, and minimal exposure of protected health information (PHI) throughout the authentication and access-control process [58,59].

Illustrative Approaches for Certificate and Key Lifecycle Management

Addressing these challenges may require differentiated strategies based on device class and connectivity profile within IoMT deployments:
  • Intermittently connected implantable and wearable devices: For devices with limited connectivity and battery constraints, short-lived certificates (valid for days or weeks rather than years) can reduce reliance on real-time revocation checking. Where CRL/OCSP mechanisms are unavoidable, OCSP stapling with server-side caching can help reduce device-side communication overhead [36]. Post-quantum certificate sizes (e.g., Dilithium parameter sets with public keys ranging from approximately 1312–2592 B) should be considered during provisioning for storage-constrained devices [35,36].
  • Edge gateways and hospital infrastructure: Devices with reliable network connectivity may support hybrid certificate chains combining classical (ECC) and post-quantum (e.g., Dilithium) signatures during migration phases, enabling backward compatibility while progressively introducing quantum-resistant authentication [34,35]. Standardized mechanisms such as TLS Certificate Compression and Cached Information Extensions can help mitigate handshake overhead associated with larger certificate chains [36].
  • Long-lived devices (5–10 year lifecycles): For devices with infrequent firmware update cycles, quantum-safe firmware signing using hash-based signatures (e.g., SLH-DSA-128s) may be employed for software updates, while hybrid operational certificates with shorter validity periods can support cryptographic agility over extended device lifetimes [34,36]. Alignment with regulatory frameworks, such as FDA pre-certification pathways, may also need consideration during cryptographic suite selection [57].
Table 9 summarizes these recommended strategies, providing a structured reference for selecting appropriate certificate and key lifecycle approaches based on device connectivity, operational constraints, and security requirements. The table maps each device class to a recommended approach, supported by a concise rationale, relevant references, and representative device examples to guide practical deployment decisions.
These approaches are presented as illustrative considerations rather than prescriptive deployment rules, as actual implementation choices depend on device-specific constraints, clinical requirements, and evolving regulatory guidance.

9.4. Safety-Critical Operation and Fail-Safe Behavior

IoMT systems operate in life-critical environments where authentication failures, expired credentials, or denial-of-service conditions may directly affect patient outcomes. Consequently, post-quantum–enabled authentication mechanisms should incorporate fail-safe behavior, redundancy, and graceful degradation. This includes controlled fallback mechanisms during transitional or failure scenarios, as well as emergency access modes that prioritize patient safety while preserving auditability and accountability [34,57].
To translate these requirements into engineered solutions, three complementary mechanisms may be considered, each grounded in established security engineering principles and adapted for the IoMT context:
  • Break-glass access with audit trails: For emergency scenarios where a patient’s life is at risk and normal authentication is unavailable (e.g., expired certificate, network outage), a break-glass mechanism can temporarily bypass standard authentication. This approach is mandated by healthcare IT standards, which require that systems “SHALL audit each occurrence when extraordinary access is successful (e.g., ’break the glass’ scenario)" and capture comprehensive metadata including identity of user, system, location, timestamp, and rationale [60].In practice, representative commercial electronic health record (EHR) systems implement such mechanisms by logging access events and notifying compliance officers for review [61]. To ensure safety without compromising security, this access must be:
    Time-limited: Automatically expires after a predefined interval (e.g., 15–30 min), following the principle that emergency privileges should be temporary.
    Restricted to essential functions: Adheres to the principle of least privilege [8], granting only the minimum permissions required for life-saving interventions (e.g., reading vital signs but not modifying device firmware).
    Fully auditable: All emergency access events are logged with timestamp, device identity, and actions performed, enabling post-incident review and accountability as required by healthcare regulations [60,62].
  • Redundant authentication paths: Critical systems may implement redundant authentication paths, such as dual certificates signed by different algorithms (e.g., ECC for legacy fallback and Dilithium for primary PQC). This approach, sometimes called cryptographic agility [14], ensures that failure of one cryptographic component does not completely block access. Experimental evaluations on adaptive PQC switching demonstrate the feasibility of such redundancy while maintaining acceptable performance overhead [36]. However, such redundancy must be carefully managed to avoid downgrade attacks; hybrid certificate chains combining classical and post-quantum signatures during migration phases can help mitigate this risk while ensuring backward compatibility [34,35].
These mechanisms represent illustrative engineering approaches derived from established security principles (least privilege, defense in depth, cryptographic agility) and adapted to the IoMT context based on recent experimental evaluations [35,36,63]. Their implementation requires careful balancing of safety, security, and regulatory compliance, and should be developed in consultation with clinical stakeholders and medical device certification bodies [57]. Ensuring that enhanced cryptographic protection does not introduce new operational risks remains an important consideration for maintaining clinical trust.
Overall, addressing these practical considerations is critical for translating post-quantum authentication from theoretical security guarantees into solutions that are deployable, reliable, and suitable for real-world IoMT systems operating under clinical, regulatory, and resource constraints.

10. Open Challenges and Future Directions for Secure IoMT Authentication

Despite steady progress in post-quantum–resilient authentication and trust management, several open challenges remain unresolved in Internet of Medical Things (IoMT) environments.
Lightweight Implementation of PQC. One of the most critical challenges concerns the practical optimization of post-quantum cryptographic (PQC) schemes for resource-constrained medical devices. Existing PQC-based approaches often incur substantial overhead in terms of key size, signature length, computational complexity, latency, and energy consumption, which directly conflicts with the strict hardware, thermal, and clinical constraints of wearable and implantable devices [8,31]. Addressing this challenge will likely require advances beyond software-level optimization, including energy-efficient hardware acceleration, side-channel-resistant implementations, and integration with trusted execution environments, while remaining compatible with medical certification and regulatory processes [8,34].
Transition and Hybrid Deployment Challenges. A second major challenge arises from the gradual and unavoidable transition toward post-quantum security. In practice, this transition is expected to rely heavily on hybrid authentication infrastructures that combine classical and post-quantum mechanisms. While hybrid approaches can provide backward compatibility and incremental security gains, they also introduce new sources of complexity and risk, such as extended certificate chains, interoperability issues, downgrade vulnerabilities, and operational fragility across heterogeneous trust infrastructures [8,34]. Currently, there is a lack of formal models, design guidelines, and best practices for managing hybrid authentication in safety-critical IoMT systems, leaving this area insufficiently explored.
Evaluation and Benchmarking Gaps. From an evaluation standpoint, existing research is constrained by the absence of standardized benchmarking frameworks and clinically representative test environments. Many studies rely on simulation-based evaluations or isolated performance metrics, which limits reproducibility and complicates meaningful comparison across different approaches [11]. There is a clear need for standardized evaluation methodologies and shared testbeds capable of jointly assessing authentication latency, energy overhead, scalability, and impact on clinical workflows under realistic operational conditions.
Interoperability and Lifecycle Management. Interoperability and credential lifecycle management further complicate large-scale deployment of quantum-resilient authentication. Effective adoption requires consistent certificate formats, device identity models, trust policies, and lifecycle management mechanisms that operate seamlessly across heterogeneous vendors, platforms, and healthcare environments, without compromising safety, privacy, or regulatory compliance [8,30]. Moreover, most PQC-enabled authentication solutions have not yet been validated in real clinical settings, highlighting the need for controlled deployment studies that evaluate usability, resilience, performance, and patient safety under realistic workloads [11,34].
Taken together, the literature indicates that secure authentication in IoMT must address three tightly coupled realities: the emergence of quantum-capable adversaries, the severe resource constraints of medical devices, and the pronounced heterogeneity of healthcare infrastructures. Classical mechanisms based on RSA and ECC are therefore insufficient for long-term protection, positioning post-quantum cryptography as a structural requirement rather than an optional enhancement [6,8]. At the same time, effective adoption demands authentication mechanisms that are lightweight, capability-aware, and context-adaptive, aligning cryptographic strength with device limitations and clinical criticality [8,34].
In light of these challenges, a promising direction for future research is the development of adaptive, system-level frameworks for quantum-resilient authentication in IoMT environments. Rather than proposing isolated protocols, such frameworks should provide high-level architectural guidance that integrates contextual awareness, policy-driven decision making, and post-quantum cryptographic primitives. By dynamically aligning authentication strength with device capability, deployment context, and clinical risk, these frameworks can balance long-term quantum resistance with real-time performance and energy efficiency. Modular separation of cryptographic mechanisms, trust lifecycle management, and fail-safe policies would further support interoperability, regulatory compliance, and graceful degradation, offering a practical foundation for future implementations and empirical validation in real-world healthcare systems.

11. Conclusions

This review has examined the evolving challenges of authentication in the Internet of Medical Things (IoMT) in the presence of emerging quantum-capable adversaries. Current IoMT authentication systems continue to rely predominantly on RSA- and ECC-based cryptographic primitives, which can no longer guarantee long-term security once quantum attacks become practical. In this context, post-quantum cryptography (PQC) should be regarded as a fundamental requirement for preserving trust, privacy, and clinical safety in future IoMT ecosystems rather than a discretionary enhancement.
At the same time, IoMT deployments are inherently heterogeneous, encompassing highly resource-constrained medical devices, diverse communication technologies, and deployment environments ranging from tightly managed hospital infrastructures to loosely controlled home-care settings. These characteristics impose stringent constraints on authentication design, necessitating mechanisms that are not only quantum-resilient, but also lightweight, interoperable, and sensitive to clinical criticality and operational context.
Through a structured synthesis of the recent literature, this review identified key technical and practical challenges that must be addressed to enable secure, quantum-ready IoMT authentication. These challenges include the efficient optimization of PQC schemes for constrained devices, the secure management of hybrid authentication infrastructures during transitional phases, the lack of standardized benchmarking and evaluation frameworks, and the limited validation of proposed solutions in real clinical environments. By introducing a multi-dimensional classification framework and systematically analyzing trade-offs between quantum resilience and clinical constraints, this review provides a structured foundation for the design of context-aware authentication solutions.
Overall, the findings indicate that the future of IoMT authentication will be shaped not solely by advances in cryptographic algorithms, but by their integration with system-level architecture, operational resilience, regulatory compliance, and clinical risk management. Addressing these dimensions in a coordinated manner is essential for aligning long-term quantum security with real-world performance constraints and patient-safety requirements. The development of adaptive, context-aware, and quantum-resilient authentication frameworks therefore represents a key step toward enabling trustworthy digital healthcare ecosystems capable of sustaining secure medical data exchange and safe clinical operation in the quantum era.

Author Contributions

T.S.A.: Conceptualization, Methodology, Supervision, Validation, Writing—review and editing. F.G.A.: Investigation, Data curation, Formal analysis, Writing—original draft, Writing—review and editing. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study.

Conflicts of Interest

The authors declare that they have no known competing financial interests or personal relationships that could have influenced the work reported in this paper. During the preparation of this manuscript, the authors used automated language-editing tools to improve the clarity and readability of the text. The authors subsequently reviewed, edited, and validated the content and take full responsibility for the integrity and accuracy of the work.

References

  1. Saxena, A.; Mittal, S. Internet of Medical Things (IoMT) Security and Privacy: A Survey of Recent Advances and Enabling Technologies. In Proceedings of the 2022 Fourteenth International Conference on Contemporary Computing; ACM: New York, NY, USA, 2022; pp. 550–559. [Google Scholar] [CrossRef]
  2. Sebestyen, H.; Popescu, D.E.; Zmaranda, R.D. A literature review on security in the Internet of Things: Identifying and analysing critical categories. Computers 2025, 14, 61. [Google Scholar] [CrossRef]
  3. Papaioannou, M.; Karageorgou, M.; Mantas, G.; Sucasas, V.; Essop, I.; Rodriguez, J.; Lymberopoulos, D. A Survey on Security Threats and Countermeasures in Internet of Medical Things (IoMT). Trans. Emerg. Telecommun. Technol. 2022, 33, e4049. [Google Scholar] [CrossRef]
  4. Shojaei, P.; Vlahu-Gjorgievska, E.; Chow, Y.W. Security and Privacy of Technologies in Health Information Systems: A Systematic Literature Review. Computers 2024, 13, 41. [Google Scholar] [CrossRef]
  5. Al Hayajneh, A.; Bhuiyan, M.Z.A.; McAndrew, I. Improving internet of things (IoT) security with software-defined networking (SDN). Computers 2020, 9, 8. [Google Scholar] [CrossRef]
  6. Shor, P.W. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 1997, 26, 1484–1509. [Google Scholar] [CrossRef]
  7. Mavroeidis, V.; Vishi, K.; Zych, M.D.; Jøsang, A. The Impact of Quantum Computing on Present Cryptography. Int. J. Adv. Comput. Sci. Appl. 2018, 9, 3. [Google Scholar] [CrossRef]
  8. National Institute of Standards and Technology. Post-Quantum Cryptography Project; Technical Report; NIST: Gaithersburg, MD, USA, 2024. [Google Scholar]
  9. Alagic, G.; Bros, M.; Ciadoux, P.; Cooper, D.; Dang, Q.; Dang, T.; Kelsey, J.; Lichtinger, J.; Liu, Y.K.; Miller, C.; et al. Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process; NIST IR 8545, National Institute of Standards and Technology; US Department of Commerce: Gaithersburg, MD, USA, 2025. [CrossRef]
  10. Alsaeed, N.; Nadeem, F. Authentication in the Internet of Medical Things: Taxonomy, Review, and Open Issues. Appl. Sci. 2022, 12, 7487. [Google Scholar] [CrossRef]
  11. Khan, M.A.; Din, I.U.; Majali, T.; Kim, B.S. A Survey of Authentication in Internet of Things-Enabled Healthcare Systems. Sensors 2022, 22, 9089. [Google Scholar] [CrossRef]
  12. Ghubaish, A.; Salman, T.; Zolanvari, M.; Unal, D.; Al-Ali, A.; Jain, R. Recent Advances in the Internet-of-Medical-Things (IoMT) Systems Security. IEEE Internet Things J. 2021, 8, 8707–8718. [Google Scholar] [CrossRef]
  13. Dargaoui, S.; Azrour, M.; Allaoui, A.E.; Guezzaz, A.; Alabdulatif, A.; Alnajim, A. Internet of Things Authentication Protocols: Comparative Study. Comput. Model. Eng. Sci. 2024, 79, 65–91. [Google Scholar] [CrossRef]
  14. Liu, T.; Ramachandran, G.; Jurdak, R. Post-Quantum Cryptography for Internet of Things: A Survey on Performance and Optimization. arXiv 2024, arXiv:2401.17538. [Google Scholar] [CrossRef]
  15. Nguyen, H.; Huda, S.; Nogami, Y.; Nguyen, T.T. Security in Post-Quantum Era: A Comprehensive Survey on Lattice-Based Algorithms. IEEE Access 2025, 13, 89003–89024. [Google Scholar] [CrossRef]
  16. Mahdi, L.H.; Abdullah, A.A. Fortifying Future IoT Security: A Comprehensive Review on Lightweight Post-Quantum Cryptography. Eng. Technol. Appl. Sci. Res. 2025, 15, 21812–21821. [Google Scholar] [CrossRef]
  17. Page, M.J.; McKenzie, J.E.; Bossuyt, P.M.; Boutron, I.; Hoffmann, T.C.; Mulrow, C.D.; Shamseer, L.; Tetzlaff, J.M.; Akl, E.A.; Brennan, S.E.; et al. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ 2021, 372, n71. [Google Scholar] [CrossRef]
  18. He, P.; Huang, D.; Wu, D.; He, H.; Wei, Y.; Cui, Y.; Wang, R.; Peng, L. A Survey of Internet of Medical Things: Technology, Application and Future Directions. Digit. Commun. Netw. 2024; in press. [Google Scholar] [CrossRef]
  19. Ozcelik, M.M.; Kok, I.; Ozdemir, S. A Survey on Internet of Medical Things (IoMT): Enabling Technologies, Security and Explainability Issues, Challenges, and Future Directions. Expert Syst. 2025, 42, e70010. [Google Scholar] [CrossRef]
  20. Gallo, G.D.; Micucci, D. Internet of Medical Things Systems Review: Insights into Non-Functional Factors. Sensors 2025, 25, 2795. [Google Scholar] [CrossRef] [PubMed]
  21. Niu, Q.; Li, H.; Liu, Y.; Qin, Z.; Zhang, L.B.; Chen, J.; Lyu, Z. Toward the Internet of Medical Things: Architecture, Trends and Challenges. Math. Biosci. Eng. 2023, 21, 650–678. [Google Scholar] [CrossRef] [PubMed]
  22. Yaghoubi, M.; Ahmed, K.; Miao, Y. Wireless Body Area Network (WBAN): A Survey on Architecture, Technologies, Energy Consumption, and Security Challenges. J. Sens. Actuator Netw. 2022, 11, 67. [Google Scholar] [CrossRef]
  23. Taleb, H.; Nasser, A.; Andrieux, G.; Charara, N.; Motta Cruz, E. Wireless Technologies, Medical Applications and Future Challenges in WBAN: A Survey. Wirel. Netw. 2021, 27, 5271–5295. [Google Scholar] [CrossRef]
  24. Tunc, M.A.; Gures, E.; Shayea, I. A Survey on IoT Smart Healthcare: Emerging Technologies, Applications, Challenges, and Future Trends. arXiv 2021, arXiv:2109.02042. [Google Scholar] [CrossRef]
  25. Alturki, B.; Al-Haija, Q.A.; Alsemmeari, R.A.; Alsulami, A.A.; Alqahtani, A.; Alghamdi, B.M.; Bakhsh, S.T.; Shaikh, R.A. IoMT Landscape: Navigating Current Challenges and Pioneering Future Research Trends. Discov. Appl. Sci. 2024, 7, 26. [Google Scholar] [CrossRef]
  26. Hussain, A.; Gan, Z.; Li, S.; Hussain, T.; Attar, R.W.; Alhazmi, A.H.; Zaman, K.; Qi, X. Improved Distance and Energy Aware Link Stability Protocol for Internet of Medical Things. Sci. Rep. 2025, 15, 36495. [Google Scholar] [CrossRef] [PubMed]
  27. McKay, K.A.; Cooper, D.A. Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations; NIST SP 800-52r2, National Institute of Standards and Technology; US Department of Commerce: Gaithersburg, MD, USA, 2019. [CrossRef]
  28. Ali, Z.; Mahmood, S.; Hassan, K.M.U.; Daud, A.; Alharbey, R.; Bukhari, A. A Lightweight and Secure Authentication Scheme for Remote Monitoring of Patients in IoMT. IEEE Access 2024, 12, 73004–73020. [Google Scholar] [CrossRef]
  29. Julaihi, A.B.A.; Ngadi, M.A.; Radzi, R.Z.B.R.M. A Comprehensive Authentication Taxonomy and Lightweight Considerations in the Internet-of-Medical-Things (IoMT). Int. J. Adv. Comput. Sci. Appl. 2024, 15, 1013. [Google Scholar] [CrossRef]
  30. Bernstein, D.J.; Lange, T. Post-Quantum Cryptography—Dealing with the Fallout of Physics Success. Cryptol. Eprint Arch. 2017; Preprint. Available online: https://eprint.iacr.org/2017/314 (accessed on 3 February 2026).
  31. NIST PQC Project. CRYSTALS-Dilithium Algorithm Specifications; Technical Report, National Institute of Standards and Technology; US Department of Commerce: Gaithersburg, MD, USA, 2024.
  32. Hülsing, A.; Butin, D.; Gazdag, S.; Rijneveld, J.; Mohaisen, A. XMSS: EXtended Merkle Signature Scheme; RFC 8391; Association Management Solutions, LLC: Fremont, CA, USA, 2018. [Google Scholar] [CrossRef]
  33. Chen, C.; Danba, O.; Hoffstein, J.; Hülsing, A.; Rijneveld, J.; Schanck, J.M.; Schwabe, P.; Whyte, W.; Zhang, Z. Algorithm Specifications and Supporting Documentation; Brown University and Onboard Security Company: Wilmington, DE, USA, 2019. [Google Scholar]
  34. Campagna, M.; Chen, L.; Dagdelen, O.; Ding, J.; Fernick, J.; Gisin, N.; Hayford, D.; Jennewein, T.; Lütkenhaus, N.; Mosca, M.; et al. Quantum Safe Cryptography and Security: An Introduction, Benefits, Enablers and Challenges; Technical Report; European Telecommunications Standards Institute: Sophia Antipolis, France, 2015. [Google Scholar]
  35. Mansoor, K.; Afzal, M.; Iqbal, W.; Abbas, Y.; Mussiraliyeva, S.; Chehri, A. PQCAIE: Post Quantum Cryptographic Authentication Scheme for IoT-Based E-Health Systems. Internet Things 2024, 27, 101228. [Google Scholar] [CrossRef]
  36. Hanna, Y.; Bozhko, J.; Tonyali, S.; Harrilal-Parchment, R.; Cebe, M.; Akkaya, K. A Comprehensive and Realistic Performance Evaluation of Post-Quantum Security for Consumer IoT Devices. Internet Things 2025, 33, 101650. [Google Scholar] [CrossRef]
  37. Li, C.; Jiang, B.; Guo, Y.; Xin, X. Efficient Group Blind Signature for Medical Data Anonymous Authentication in Blockchain-Enabled IoMT. Comput. Model. Eng. Sci. 2023, 76, 591–606. [Google Scholar] [CrossRef]
  38. Bibhu, V.; Shukla, A.K.; Shivahare, B.D.; Kaur, J.; Shukri, M.; MGM, A.Y.J.; Faaq, A.S.; AlShujairi, M.K.; Pandey, S. Analysis of Security and Privacy Challenges of Smart Health and Sensing Systems. Results Eng. 2024, 24, 103466. [Google Scholar] [CrossRef]
  39. Aboshosha, B.W.; Zayed, M.M.; Khalifa, H.S.; Ramadan, R.A. Enhancing Internet of Things Security in Healthcare Using a Blockchain-Driven Lightweight Hashing System. Beni-Suef Univ. J. Basic Appl. Sci. 2025, 14, 56. [Google Scholar] [CrossRef]
  40. Hasan, K.F.; Simpson, L.; Baee, M.A.R.; Islam, C.; Rahman, Z.; Armstrong, W.; Gauravaram, P.; McKague, M. A Framework for Migrating to Post-Quantum Cryptography: Security Dependency Analysis and Case Studies. IEEE Access 2024, 12, 23427–23450. [Google Scholar] [CrossRef]
  41. Halak, B.; Gibson, T.; Henley, M.; Botea, C.B.; Heath, B.; Khan, S. Evaluation of Performance, Energy, and Computation Costs of Quantum-Attack Resilient Encryption Algorithms for Embedded Devices. IEEE Access 2024, 12, 8791–8805. [Google Scholar] [CrossRef]
  42. SaberiKamarposhti, M.; Ng, K.W.; Chua, F.F.; Abdullah, J.; Yadollahi, M.; Moradi, M.; Ahmadpour, S. Post-Quantum Healthcare: A Roadmap for Cybersecurity Resilience in Medical Data. Heliyon 2024, 10, e31406. [Google Scholar] [CrossRef] [PubMed]
  43. Liu, A.; Zhang, Q.; Xu, S.; Feng, H.; Chen, X.; Liu, W. QBIoT: A Quantum Blockchain Framework for IoT with an Improved Proof-of-Authority Consensus Algorithm and a Public-Key Quantum Signature. Comput. Model. Eng. Sci. 2024, 80, 1727–1751. [Google Scholar] [CrossRef]
  44. Barna, T.L.; Isaac, S.; Habu, C.; Habu, S. Post-Quantum Cryptographic Frameworks for Internet of Things (IoT) and Internet of Medical Things (IoMT) Authentication Systems. Phys. Access 2025, 5, 116–125. [Google Scholar] [CrossRef]
  45. Alsaeed, N.; Nadeem, F.; Albalwy, F. A Scalable and Lightweight Group Authentication Framework for Internet of Medical Things Using Integrated Blockchain and Fog Computing. Future Gener. Comput. Syst. 2024, 151, 162–181. [Google Scholar] [CrossRef]
  46. Tanveer, M.; Aldossari, S.A. MedIoT-LAP: Secure and Efficient Lightweight AEAD-Based Authentication Protocol for Medical IoT. Ain Shams Eng. J. 2025, 16, 103605. [Google Scholar] [CrossRef]
  47. Yalli, J.S.; Hasan, M.H.; Jung, L.T.; Al-Selwi, S.M. Authentication Schemes for Internet of Things (IoT) Networks: A Systematic Review and Security Assessment. Internet Things 2025, 30, 101469. [Google Scholar] [CrossRef]
  48. Xie, Q.; Ding, Z.; Xie, Q. A Lightweight and Privacy-Preserving Authentication Protocol for Healthcare in an IoT Environment. Mathematics 2023, 11, 3857. [Google Scholar] [CrossRef]
  49. Innab, N. Securing the Internet of Health Things with Certificateless Anonymous Authentication Scheme. Comput. Model. Eng. Sci. 2024, 80, 2237–2258. [Google Scholar] [CrossRef]
  50. Sedghighadikolaei, K.; Yavuz, A.A.; Nouma, S.E. Signer-Optimal Multiple-Time Post-Quantum Hash-Based Signature for Heterogeneous IoT Systems. arXiv 2024, arXiv:2411.01380. [Google Scholar] [CrossRef]
  51. Abbasi, M.; Cardoso, F.; Váz, P.; Silva, J.; Martins, P. A Practical Performance Benchmark of Post-Quantum Cryptography Across Heterogeneous Computing Environments. Cryptography 2025, 9, 32. [Google Scholar] [CrossRef]
  52. Jellen, I.; Callenes-Sloan, J.; Fang, D. Heterogeneous System Model for Security in E-Health Applications. In Proceedings of the 2021 IEEE International Conference on Communications Workshops (ICC Workshops), Montreal, QC, Canada, 14–23 June 2021; pp. 1–6. [Google Scholar] [CrossRef]
  53. Pritika, P.; Shanmugam, B.; Azam, S. Risk Assessment of Heterogeneous IoMT Devices: A Review. Technologies 2023, 11, 31. [Google Scholar] [CrossRef]
  54. Jabbar, S.; Ullah, F.; Khalid, S.; Khan, M.; Han, K. Semantic Interoperability in Heterogeneous IoT Infrastructure for Healthcare. Wirel. Commun. Mob. Comput. 2017, 2017, 9731806. [Google Scholar] [CrossRef]
  55. Shirisha, N.; Manoj, H.; Hussain, S.J.; Kotoju, R.; Kolikipogu, R.; Mohan, A. Post-quantum security framework for resource-constrained systems: Emerging trends, challenges, sustainability, and future directions. Discov. Comput. 2026, 29, 85. [Google Scholar] [CrossRef]
  56. Rescorla, E. The Transport Layer Security (TLS) Protocol Version 1.3; RFC 8446; IETF: Wilmington, DE, USA, 2018. [Google Scholar] [CrossRef]
  57. U.S. Food and Drug Administration. Medical Devices; Technical Report; U.S. FDA: Silver Spring, MD, USA, 2024. [Google Scholar]
  58. European Commission. Data Protection; Technical Report; European Commission: Brussels, Belgium, 2024. [Google Scholar]
  59. U.S. Department of Health and Human Services. HIPAA Home; Technical Report; HHS: Washington, DC, USA, 2024. [Google Scholar]
  60. HL7 International/Electronic Health Records Work Group. TI.2.1.2.8 Extraordinary User Access (Break the Glass) Security Audit Trigger; Ehr System Functional Model Release 2.1, Health Level Seven International; HL7 International/Electronic Health Records Work Group: Ann Arbor, MI, USA, 2024. [Google Scholar]
  61. University of Iowa Health Care. Break-the-Glass—Epic Resources; University of Iowa Health Care: Iowa City, IA, USA, 2024. [Google Scholar]
  62. Al Amin, M.; Shah, R.; Tummala, H.; Ray, I. Did You Break the Glass Properly? A Policy Compliance Framework for Protected Health Information (PHI) Emergency Access. In Proceedings of the International Conference on Security and Cryptography, Science and Technology Publications, Lda, Bilbao, Spain, 11–13 June 2025; pp. 195–208. [Google Scholar]
  63. Catoni, L.; Puliafito, C.; Dini, G. Fast and secure service continuity in the edge-cloud continuum: A study of TLS 1.3 resumption and post-quantum key exchange. In Proceedings of the 2025 IEEE International Conference on Smart Computing (SMARTCOMP); IEEE: Piscataway, NJ, USA, 2025; pp. 396–401. [Google Scholar]
Computers 15 00189 g001
Figure 1. PRISMA 2020 flow diagram illustrating the study selection process.
Figure 1. PRISMA 2020 flow diagram illustrating the study selection process.
Computers 15 00189 g001
Computers 15 00189 g002
Figure 2. Layered architecture of the Internet of Medical Things (IoMT).
Figure 2. Layered architecture of the Internet of Medical Things (IoMT).
Computers 15 00189 g002
Computers 15 00189 g003
Figure 3. IoMT threat model under quantum-capable adversaries.
Figure 3. IoMT threat model under quantum-capable adversaries.
Computers 15 00189 g003
Computers 15 00189 g004
Figure 4. TLS 1.3 handshake illustrating its role as a primary security protocol in IoMT communications.
Figure 4. TLS 1.3 handshake illustrating its role as a primary security protocol in IoMT communications.
Computers 15 00189 g004
Computers 15 00189 g005
Figure 5. Quantum threat timeline and the resulting long-term security gap between classical and post-quantum cryptography.
Figure 5. Quantum threat timeline and the resulting long-term security gap between classical and post-quantum cryptography.
Computers 15 00189 g005
Computers 15 00189 g006
Figure 6. PQC algorithm compatibility across heterogeneous IoMT device classes.
Figure 6. PQC algorithm compatibility across heterogeneous IoMT device classes.
Computers 15 00189 g006
Table 2. Comparative positioning of IoMT authentication surveys with respect to post-quantum readiness and system-level considerations.
Table 2. Comparative positioning of IoMT authentication surveys with respect to post-quantum readiness and system-level considerations.
Feature/Survey[27][28][37][38][39]This Survey
IoMT-specific focus×✓✓
Explicit post-quantum threat model×××××
Coverage of NIST PQC algorithms×××××
TLS 1.3 authentication analysis××
Heterogeneity-aware analysis✓✓
Clinical latency and safety constraints×××✓✓
Performance and energy trade-off discussion×
System-level architectural perspective××✓✓
Adaptive or context-aware authentication vision×××××
Research gaps and future roadmap×✓✓
Table 3. Summary of Representative Post-Quantum Security and Authentication Studies for IoT and IoMT.
Table 3. Summary of Representative Post-Quantum Security and Authentication Studies for IoT and IoMT.
Ref.YearVal.TechniqueFocus AreaKey ContributionIdentified Limitation
[35]2025SLattice-based PQC with lightweight encryptionQuantum-safe IoT/IoMT authenticationSecure authentication with reduced computational overheadStatic configuration; limited adaptability
[36]2025HAdaptive PQC switching in TLS 1.3IoT performance and energy evaluationContext-aware PQC selection for latency and energy efficiencyProtocol modification complexity
[14]2024CLattice-, code-, and hash-based PQC surveyPQC optimization in IoTComparative analysis for constrained  devicesConceptual; limited real-world validation
[40]2024CGraph-based PQC migration frameworkEnterprise PQC transitionStructured dependency analysis and migration planningNot evaluated for IoT-scale systems
[41]2024HPQC benchmarking on embedded devicesPerformance and energy characterizationEmpirical evaluation on IoT hardwareAuthentication not addressed
[42]2024CHybrid post-quantum cryptographic architectureIoMT cybersecurity resilienceConceptual roadmap for medical data securityNo implementation or quantitative analysis
[43]2024CBlockchain with lattice-based PQCPost-quantum IoT data integritySecure PQC-enabled blockchain sharingHigh overhead; scalability concerns
[44]2025SNTRU-based optimized authenticationLightweight PQC authenticationEnergy-efficient quantum-resilient designSimulation-based evaluation only
[15]2025CLattice-based PQC analysisPost-quantum IoT securityAssessment of resistance and efficiencyTheoretical analysis only
[16]2025CLightweight lattice-based PQCQuantum-resistant IoT securityEfficiency and scalability evaluationNo hardware or real-world validation
Validation Types: H = Hardware-validated implementation; S = Simulation-based evaluation; C = Conceptual, survey, or analytical study without experimental validation.
Table 4. Summary of Classical and Pre-PQC IoMT Authentication Studies with Validation Maturity.
Table 4. Summary of Classical and Pre-PQC IoMT Authentication Studies with Validation Maturity.
Ref.YearValidationTechniqueFocus AreaProposed SolutionLimitation
[45]2024HBlockchain, Fog, ECCGroup IoMT authenticationScalable mutual authentication; replay and impersonation resistanceNo post-quantum security; no adaptivity
[46]2025SAEAD (GIFT-COFB) + PUFIoMT authenticationConfidentiality, anonymity; MITM and insider resistanceNo PQ support; static design
[47]2025CSystematic review (SLR)IoT authenticationComparative analysis of security and efficiencyNo PQ or AI-based evaluation
[37]2023SGroup blind signatureIoMT data authenticationAnonymous and secure data authenticationNot quantum resistant
[48]2023SECC + PUFHealthcare IoT authenticationLightweight, anonymous, three-factor authenticationQuantum vulnerable; no adaptation
[38]2024CSurvey: crypto, AI, blockchainSmart healthcare securityMulti-layer attacks and mitigations reviewSurvey only; no PQ validation
[49]2024SSPHINCS+ with ECCIoHT authenticationCertificate-based partial PQ resilienceLimited scalability; no heterogeneity analysis
[39]2025SBlockchain + SHA-3Healthcare IoT securityData integrity and decentralized trustNot fully PQ secure; static
[12]2021CSymmetric, asymmetric, AIMulti-layer IoMT securityFramework covering multiple attack vectorsNo PQ resilience; no hardware tests
[13]2024CHash-based, ECC, hybridIoT authentication reviewComparison of lightweight protocolsLimited IoMT focus; non-PQ
Validation Types: H = Hardware-validated implementation; S = Simulation-based evaluation; C = Conceptual, survey, or analytical study without experimental validation.
Table 5. Classification of Heterogeneity Challenges in IoMT Systems.
Table 5. Classification of Heterogeneity Challenges in IoMT Systems.
Ref.YearValidationTechniqueFocus AreaProposed SolutionLimitation
[50]2024HPost-quantum hash-based signature (SOMT-HSS)IoT authentication and digital signaturesImproved signing efficiency and quantum resistance for heterogeneous IoT systemsHigh storage overhead; limited adaptability
[51]2025HPQC benchmarking (Kyber, Dilithium, SPHINCS+)Post-quantum performance analysisLatency, energy, and memory evaluation across CPUs, GPUs, and IoT devicesNo adaptive deployment strategy for IoMT
[52]2021SPUF-based heterogeneous key managementE-health IoT and WBAN securityReduced key-management overhead for constrained medical devicesLimited scalability; no PQC integration
[53]2024CMulti-layer risk assessment and threat modelingIoMT device securityVulnerabilities identified across sensing, network, and application layersNo post-quantum or adaptive security
[54]2017SSemantic interoperability (RDF, SPARQL, IoT-SIM)Healthcare IoT interoperabilitySemantic integration of heterogeneous medical data sourcesNo cryptographic trust model; non-quantum-safe
Table 6. Comparative Analysis of Post-Quantum Authentication Schemes for IoMT Applications.
Table 6. Comparative Analysis of Post-Quantum Authentication Schemes for IoMT Applications.
AlgorithmVariantNIST LevelSecurity StrengthPerformance OverheadDeployment Feasibility
FalconFalcon-512Level 1HighLow (666 B)May be more suitable for constrained devices due to small signature size (666 B); implementation complexity must be considered [36,55]
Falcon-1024Level 5Very HighModerate (1280 B)May be appropriate for wearables or moderately constrained platforms [35]
CRYSTALS-
Dilithium
(ML-DSA)		ML-DSA-44Level 2HighModerate (2420 B)May be appropriate for edge gateways and resource-capable clinical systems [35,36]
ML-DSA-65Level 3HigherModerate-High (3309 B)May be better aligned with hospital infrastructure [35]
ML-DSA-87Level 5Very HighHigh (4595 B)May be better aligned with critical systems [35]
SPHINCS+
(SLH-DSA)		SLH-DSA-128sLevel 1Very HighVery High (7856 B)May be less suitable for highly constrained IoMT devices due to communication overhead; appropriate for CAs [36]
SLH-DSA-128fLevel 1Very HighExtreme (17088 B)May be appropriate for infrequent operations such as firmware signing [35,36]
ECDSAsecp256r1LegacyLowMinimal (64 B)Widely deployed legacy baseline for comparison but lacks quantum resistance [35,36]
Note: Security strength based on NIST levels [8,31]; overhead from signature sizes [35,36,55]; deployment feasibility interpreted from literature discussions of device constraints and implementation characteristics [35,36,55].
Table 7. Illustrative Quantitative Inputs for PQC Selection in IoMT Devices.
Table 7. Illustrative Quantitative Inputs for PQC Selection in IoMT Devices.
Device ClassComputational CapacityMemory (RAM)Communication TechnologyEnergy Cost per Operation (mJ)
Implantable Medical Device [36,55]Ultra-constrained (32 MHz class)16–64 KBBLE1.3–1.5 (dec/enc)
Wearable Sensor [35,36,55]Constrained (48 MHz class)64–256 KBBLE/Wi-Fi1.5–2.5 (enc)
Edge Gateway [35,55]Moderate (200 MHz class)256 MB+Wi-Fi/Ethernet3.8–4.0 (enc)
Hospital Infrastructure [35]Resource-rich (>1 GHz)>1 GBWiredTolerable (>5 mJ)
Note: Values compiled from experimental and simulation-based evaluations in [35,36,55] under specific hardware and network configurations. Actual thresholds may vary based on implementation and deployment context. Communication overhead for PQC schemes under the evaluated conditions is approximately 72% higher than classical baselines (220 bytes vs. 128 bytes) [55].
Table 8. Illustrative Decision Framework for Capability-Aware PQC Selection in IoMT.
Table 8. Illustrative Decision Framework for Capability-Aware PQC Selection in IoMT.
Device ClassTypical ConstraintsCandidate PQC SchemeRationale
Implantable medical devices (e.g., pacemaker, insulin pump)Ultra-constrained: 16–64 KB RAM, BLE, battery, 5–10 year lifespanFalcon-512Smallest signature size (666 B); minimizes bandwidth and energy (1.3–1.5 mJ per operation under evaluated conditions) despite implementation complexity [36,55]
Wearable sensors (e.g., smart watch, glucose monitor)Constrained: 64–256 KB RAM, BLE/Wi-Fi, batteryML-DSA-44 or Falcon-512Balanced trade-off between security (Level 2) and overhead (2420 B); Falcon-512 suggested for ultra-low latency applications based on reported performance profiles [35,36,55]
Edge gatewaysModerate: 256 MB–1 GB RAM, Wi-Fi/Ethernet, power supplyML-DSA-44 or ML-DSA-65Higher security (Level 2–3) acceptable due to available resources (3.8–4.0 mJ per operation in simulation studies); supports TLS 1.3 handshake [35,55]
Hospital infrastructureResource-rich: >1 GB RAM, wired networks, power supplyML-DSA-65 or ML-DSA-87Maximum security (Level 3–5) for critical systems; overhead tolerable [35]
Certificate Authorities (CAs)High-performance serversSLH-DSA-128sConservative security; large signatures (7856 B) acceptable for infrequent operations [36]
Note: Device constraints and recommendations synthesized from [35,36,55]. Actual deployment decisions require further profiling of specific hardware and clinical requirements. The quantitative values cited are drawn from individual studies under specific experimental conditions and are presented for illustrative rather than comparative purposes.
Table 9. Connectivity-aware certificate and key lifecycle strategies for IoMT device classes.
Table 9. Connectivity-aware certificate and key lifecycle strategies for IoMT device classes.
ConnectivityApproachRationaleExample
IntermittentShort-lived PQ certificatesReduced CRL/OCSP dependence and communication
overhead [35]		Pacemaker, Glucose monitor
Always-connectedHybrid chains (ECC + Dilithium)Backward compatibility with gradual PQ migration [34,35]Hospital edge
gateway
Long-lived (5–10+ yrs)SPHINCS+ firmware signing (offline)Hash-based signatures support long-term integrity requirements in extended-lifecycle devices for infrequent operations (e.g., firmware updates); unsuitable for repeated TLS handshakes due to large signature sizes (7856–17,088 B) [34,36]Implantable
neurostimulator
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Abdullah, F.G.; Atia, T.S. Post-Quantum Authentication in the Internet of Medical Things: A System-Level Review and Future Directions. Computers 2026, 15, 189. https://doi.org/10.3390/computers15030189

AMA Style

Abdullah FG, Atia TS. Post-Quantum Authentication in the Internet of Medical Things: A System-Level Review and Future Directions. Computers. 2026; 15(3):189. https://doi.org/10.3390/computers15030189

Chicago/Turabian Style

Abdullah, Fatima G., and Tayseer S. Atia. 2026. "Post-Quantum Authentication in the Internet of Medical Things: A System-Level Review and Future Directions" Computers 15, no. 3: 189. https://doi.org/10.3390/computers15030189

APA Style

Abdullah, F. G., & Atia, T. S. (2026). Post-Quantum Authentication in the Internet of Medical Things: A System-Level Review and Future Directions. Computers, 15(3), 189. https://doi.org/10.3390/computers15030189

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop