Next Article in Journal
A Multi-View-Based Federated Learning Approach for Intrusion Detection
Next Article in Special Issue
The SMA: A Novel 2D Matrix-Based Lightweight Block Cipher for IoT Security
Previous Article in Journal
The Role of Graph Neural Networks, Transformers, and Reinforcement Learning in Network Threat Detection: A Systematic Literature Review
Previous Article in Special Issue
Power Profiling of Smart Grid Users Using Dynamic Time Warping
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 21
10.3390/electronics14214164
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Review
Peer-Review Record

Exploring Authentication Protocols for Secure and Efficient Internet of Medical Things Systems

Electronics 2025, 14(21), 4164; https://doi.org/10.3390/electronics14214164
by Seungbin Lee, Kyeong A Kang, Soowang Lee and Jiyoon Kim *
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3:
Nikolay Kakanakov
Electronics 2025, 14(21), 4164; https://doi.org/10.3390/electronics14214164
Submission received: 8 September 2025 / Revised: 21 October 2025 / Accepted: 21 October 2025 / Published: 24 October 2025
(This article belongs to the Special Issue Advanced IoT Security Solutions for Healthcare and Critical Infrastructures)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

1. the Modern Studies section lists and analyzes 10 works ([31]–[41]) but does not document how they were selected (databases, date range, query strings/keywords, inclusion and exclusion criteria, screening/eligibility steps). Please add a transparent selection protocol (ideally a PRISMA‑style flow with counts) so future readers can reproduce and trust the corpus. This will also clarify whether some families (e.g. PQC‑based and DID/VC‑based IoMT authentication) are under‑represented

2. table 3 aggregates diverse operations (hash/XOR/AES/RSA/ECC/DH/PUF/Merkle) into a single Computation time in microseconds (e.g., 2.691 µs, 30.631 µs), but the paper does not specify the benchmark environment, the mapping from counts of operations to time, or whether times were re‑measured or inherited from heterogeneous sources. Please (a) state the exact hardware/OS/compiler and measurement procedure if you benchmarked, or (b) if you derived times from prior papers, explain the normalization used to make cross‑paper numbers comparable. Consider replacing absolute microseconds with operation counts plus a separate table of portable weights (e.g. 1×H, 3000×RSA‑decrypt, etc.) and perform a sensitivity analysis. This will avoid misleading precision and make the results portable across platforms.

3. in fig. 2 the y‑axis counts how many requirements each scheme satisfies, implicitly assigning equal importance to, say, "untraceability" and "forward secrecy" The paper recognizes this as a limitation. Please add a weighted analysis (e.g. several clinically plausible weight vectors for hospital vs. home monitoring scenarios) and a sensitivity analysis showing whether your main ranking is robust to reasonable re‑weighting.

4. the paper states that roles, messages, and claims were encoded in SPDL and that certain simplifications were made (e.g. modeling a fog node’s private key SKF as a random nonce to resolve ambiguity in [37])-choices that could materially affect “Fail/OK” outcomes. Please: Provide all SPDL code and SVO derivation files as supplementary material (the text already refers to supplementary derivations, include the SPDL too). Also, for each protocol that failed Nisynch/Niagree/SKR, add a one‑paragraph diagnosis of the precise cause (e.g. missing key‑confirmation step, replayable nonce without freshness guarantee, unilateral authentication only). This will greatly improve utility for implementers.

5. state explicitly that the analysis uses a Dolev–Yao adversary with full network control (if that’s the case), the assumptions about trusted channels during registration (some models assume it), and what properties were not checked (e.g. side‑channels, denial‑of‑service, clock drift effects in freshness). This will align reader expectations with the formal tools’ guarantees.

6. Discussion and Conclusions accurately highlight the security–efficiency trade‑off and note Miao et al. [35] as an appealing balance, but practitioners would benefit from a clear checklist: e.g. if you must support emergency override at the bedside, include X; if device pairing is intermittent, prioritize Y; if post‑quantum resilience is required, choose Z, etc. Consider a small decision table mapping common IoMT deployment contexts (IMD vs. wearable vs. ward mesh) to minimum recommended properties (mutual auth, freshness, forward secrecy, privacy, emergency mode, key‑confirmation).

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The reviewed article is a review of authentication protocols for the Internet of Medical Things. The following comments may contribute to improving the quality of the article:
1. It is worth considering whether to use the abbreviation (IoMT) in the title; in the reviewer's opinion, only the full name "Internet of Medical Things" should be used.

2. The article has been classified as a review. However, it is worth adding basic information about the methodology of the literature review. How was the literature selected and retrieved?

3. The article presents an interesting assessment method included in the section. In the reviewer's opinion, it is worth separating point 3.2 as a separate section, which will highlight the most important contribution of the authors. In its current form, section 3 seems too long.

4. The method described in lines 464-499 requires better description. Currently, it is described in bullet points, which may hinder the authors' intention.

5. The limitations of the presented assessment method should be precisely described.

6. The abstract should be described in more detail.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The paper aims to make a review of security protocol that are used in IoT and are good enough for IoMT. The title focuses on the authentication, but the paper is not so narrow. It contains protocols that provide authentication, authorization, confidentiality, and integrity. 
The abstract is too short and does not describe the whole research covered in the aper.

The paper need some revision of the style and organization to be more readable and easier to understand.

"IoMT devices fall into two main categories: Implantable Medical Devices (IMDs) and Internet of Wearable Devices (IoWDs). Is this a claim by the authors or otherwise it should have some reference (citation)." This classification does not seem very general and well-known.

In figure 1, the architecture is not well defined. The first layer should be the patient not the user. Th user is on the last layer and can be the patient himself or the doctor/physician.

In whole section 2 there are some claims and short sentences that are not backed up with citation or description. It is not a very good style.

The title of section 3 does not sound well. "Modern" is not a common word in scientific work and can be very undefined. 

Place Table 1 later in the text after description of sources and add some conclusion on its content after it. And it is called Table 1 but referenced as Table 1-1 in the text.

Add some names of the protocols in table 2, otherwise it is difficult for reader.

It is not very clear how the values in table 3 are obtained. Where are the experiments?

The trendline in figure 2 is not very useful. You can try with other type not linear.

In 3.2. You use "Scyther and SVO-Logic" -  why, and what are they, how they work? No citations, not descriptions, no motivation.

Table 5 is not referenced in the text. Table 4 is referenced far later then it was introduced. Both Tables should be placed well and referenced and described in the text.


What is the Idea of appendices that are not from the authors but are from references? They have no place in the current paper unless they are made by the authors or modified by them. 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

The paper has been improved. I recommend publication of the manuscript.

Author Response

Thank you for your kind comments. Your feedback helped us improve the quality of the manuscript.

Reviewer 3 Report

Comments and Suggestions for Authors

The Authors have added more description as a response to previous comment 2, which are good enough. But they add a Figure which is borrowed from external source. This can lead to issues with copyright of graphical content. Leave only the description and link to the graphic in the original source.

The first sentence in section 3.1. the Authors use "Modern studies" instead of "Recent research". This is a comment that was already given in previous review.

The trendline in Figure 3 still is not well-defined for readers. The Authors could try to redesign the figure to make it more clear what they what to present. There is left and right Y-axis but only the left has description.

The Authors have replied to the comments for the appendices, but the answer will be visible only to the Reviewers and Editors. Some explanation of the appendices should be added that is visible to readers.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Back to TopTop