Crowdsourcing Internet of Things (IoT) applications have resulted in the widespread use of smart mobile devices, such as wearable devices and smartphones. E-healthcare is a significant application of crowdsourcing IoT that enables authorized users (for instance, patients, doctors, and nurses) to access and store medical server data via the public Internet or openly available wireless channels. The public Internet and wireless channel are exposed to eclectic hazards and attacks. Thus, user authentication is paramount for the streamlined usage of these services. The article proposes a new authentication protocol called CMAP-IoT for crowdsourcing IoT, which utilizes chaotic maps and authenticated encryption. This protocol allows for mutual authentication between the user and server and establishes a session key for encrypted transmission. Unlike other protocols, CMAP-IoT effectively prevents attacks that compromise user authentication. The security of CMAP-IoT was validated through ROM-based validation and informal security analysis, which demonstrated its resilience against various malicious security vulnerabilities. Additionally, Scyther-tool-based validation confirmed that CMAP-IoT is secure. Lastly, performance evaluation showed that CMAP-IoT requires [2.63–32.73%] and [66.92–94.85%] lower communication and computational costs compared to other authentication protocols making it suitable for e-healthcare applications.