Abstract:
As the world grapples with an increase in diseases including COVID-19, the Internet of Medical Things (IoMT) emerges as a complementary technology to the healthcare staff, which is constantly overburdened. Untrained users’ increased online presence exposes them to cyberattack threats. Authentication is the first line of defense for protecting medical data, but existing solutions do not consider the user’s context and capabilities, making them unusable for some groups of users who eventually shun them. This paper proposes a Machine Learning based adaptive user authentication framework that adapts to user profiles and context during login to determine the likelihood of the attempt being illegitimate before assigning appropriate authentication mechanisms. The proposed edge-centric framework fuses the Naive Bayes classifier and CoFRA model to determine the risk associated with a login attempt based on biometric wearable sensor data, non-biometric smartphone sensor data, and some predefined data. User backgrounds and preferences were solicited, and results showed that users despite their ICTSkills, ages, jobs, and years of experience prefer to use simple physiological biometrics for authentication. An Android App was then developed using the User-Centred design and installed on a smartphone which communicated with a PineTime smartwatch. Sensor data was used as input in calculating the risk associated with an access request to decide whether to authenticate, step up authentication, or block a request using rule and role-based access control techniques while also non-intrusively monitoring health. Once implemented, the framework is expected to improve user experience in authentication promoting the use of IoT in healthcare.