Can Cross-Layer Design Bridge Security and Efficiency? A Robust Authentication Framework for Healthcare Information Exchange Systems
For healthcare systems requiring secure and efficient device authentication, this work offers a practical cross-layer solution that balances security and overhead, though it is an incremental improvement over existing multi-factor authentication approaches.
This paper proposes a cross-layer authentication scheme for healthcare information exchange networks that combines PKI-based initial authentication with PHY-layer feature extraction and ML-based re-authentication, reducing computational and communication overhead while maintaining security. The scheme achieves lightweight continuous authentication and demonstrates robustness against impersonation, MitM, replay, and Sybil attacks via BAN logic analysis.
As healthcare systems become increasingly interconnected, ensuring secure and continuous device authentication in health information exchange (HIE) networks is critical to safeguarding patient data and clinical operations. In this context, this paper proposes a novel cross-layer authentication scheme for HIE networks that integrates cryptographic mechanisms with physical (PHY) layer-based authentication to ensure reliable communication while minimizing computational and communication overheads. The initial authentication phase leverages a traditional public key infrastructure (PKI)-based approach, employing elliptic curve cryptography (ECC) and digital certificates to verify the legitimacy of communicating devices. Simultaneously, it extracts unique hardware-level features such as carrier frequency offset (CFO) and quadrature skewness from the devices. These features are then used to train a machine learning (ML) model during an offline phase managed by a regional centralized authority (RCA). For re-authentication, the system re-extracts these PHY-layer features from incoming orthogonal frequency division multiplexing (OFDM) symbols and verifies the device identity in real-time using the trained ML classifier. This cross-layer strategy enables continuous, lightweight identity verification without the need to exchange and validate cryptographic signatures for each message, thereby reducing system overhead. The proposed scheme further enhances privacy through the use of encrypted, frequently refreshed pseudo-identities, ensuring unlinkability and resistance to identity tracking. A formal security analysis using Burrows-Abadi-Needham (BAN) logic demonstrates the scheme's robustness against various threats, including impersonation, man-in-the-middle (MitM), replay, and Sybil attacks.