Abstract

The expansion of Internet of Things (IoT) devices in healthcare has created an urgent need for secure authentication methods that protect sensitive patient data. Traditional centralized authentication approaches often require aggregating data in the cloud, raising privacy concerns and creating security vulnerabilities. This research proposes a federated learning (FL) based authentication framework for healthcare IoT, which enables distributed model training on medical devices without sharing raw data. We outline the unique challenges of healthcare IoT environments including resource constrained devices, heterogeneous data, and strict privacy regulations and describe how FL can address these issues by keeping patient information local. The proposed framework combines physiological and behavioral biometrics (e.g. heart signals, motion patterns) to authenticate users, enhanced with privacy preserving techniques. We evaluate the system on representative healthcare IoT datasets, demonstrating authentication accuracy above 95% while significantly reducing patient data exposure. Key metrics show a low false acceptance rate (~1–2%) and improved resilience against common attacks compared to baseline methods. The results indicate that federated learning can achieve secure, reliable authentication in healthcare IoT, preserving privacy without compromising performance. This work highlights a novel approach to safeguard medical IoT networks, ensuring only authorized access to devices and sensitive health data, and paving the way for secure, scalable healthcare applications.