Replay and eavesdropping attacks threaten the information security that is held by smart healthcare devices. An authenticated key exchange method to provide cryptography sessions is the best way to provide information security and secure authentication. However, smart healthcare devices do not have sufficient computation to perform heavy cryptography processes due to the limitations of the embedded devices used. We propose an authenticated key exchange protocol based on a physical unclonable function (PUF). The proposed protocol aimed to countermeasure from replay and eavesdropping attacks. We designed our protocol with one handshake process and three authentication processes. We evaluated our proposed protocol using Tamarin Prover. From the results of the evaluation, our proposed protocol can exchange properties correctly between communication actors and is valid in proving each lemma in eavesdropping and replay attacks.

Information security; smart healthcare device; PUF; Tamarin Prover; Authentication

F. Wu, X. Li, L. Xu, S. Kumari, and A. K. Sangaiah,“A novel mutual authentication scheme with formal proof for smart healthcare systems under global mobility networks notion,” Comput. Electr. Eng., vol. 68, pp. 107–118, May 2018, doi: 10.1016/j.compeleceng.2018.03.030.

Y. Zhang, M. Qiu, C. Tsai, M. M. Hassan, and A. Alamri, “Health-CPS: Healthcare Cyber-Physical System Assisted by Cloud and Big Data,” IEEE Syst. J., vol. 11, no. 1, pp. 88–95, Mar. 2017, doi: 10.1109/JSYST.2015.2460747.

N. Tariq, A. Qamar, M. Asim, and F. A. Khan, “Blockchain and Smart Healthcare Security: A Survey,” Procedia Comput. Sci., vol. 175, pp. 615–620, Jan. 2020, doi: 10.1016/j.procs.2020.07.089.

S. B. Baker, W. Xiang, and I. Atkinson, “Internet of Things for Smart Healthcare: Technologies, Challenges, and Opportunities,” IEEE Access, vol. 5, pp. 26521–26544, 2017, doi: 10.1109/ACCESS.2017.2775180.

Minahil, M. F. Ayub, K. Mahmood, S. Kumari, and A. K. Sangaiah, “Lightweight authentication protocol for e-health clouds in IoT based applications through 5G technology,” Digit. Commun. Netw., Jul. 2020, doi: 10.1016/j.dcan.2020.06.003.

R. R. Pahlevi, P. Sukarno, and B. Erfianto, “Implementation of Event-Based Dynamic Authentication on MQTT Protocol,” J. Rekayasa Elektr., vol. 15, no. 2, Art. no. 2, Sep. 2019, doi: 10.17529/jre.v15i2.13963.

P. Gope, O. Millwood, and N. Saxena, “A provably secure authentication scheme for RFID-enabled UAV applications,” Comput. Commun., vol. 166, pp. 19–25, Jan. 2021, doi: 10.1016/j.comcom.2020.11.009.

S. Kardaş, S. Çelik, M. Yıldız, and A. Levi, “PUF-enhanced offline RFID security and privacy,” J. Netw. Comput. Appl., vol. 35, no. 6, pp. 2059–2067, Nov. 2012, doi: 10.1016/j.jnca.2012.08.006.

A. Shamsoshoara, A. Korenda, F. Afghah, and S. Zeadally, “A survey on physical unclonable function (PUF)-based security solutions for Internet of Things,” Comput. Netw., vol. 183, p. 107593, Dec. 2020, doi: 10.1016/j.comnet.2020.107593.

M. Tahavori and F. Moazami, “Lightweight and secure PUF-based authenticated key agreement scheme for smart grid,” Peer--Peer Netw. Appl., vol. 13, no. 5, pp. 1616–1628, Sep. 2020, doi: 10.1007/s12083-020-00911-8.

M. Barbareschi, A. De Benedictis, E. La Montagna, A. Mazzeo, and N. Mazzocca, “A PUF-based mutual authentication scheme for Cloud-Edges IoT systems,” Future Gener. Comput. Syst., vol. 101, pp. 246–261, Dec. 2019, doi: 10.1016/j.future.2019.06.012.

S. Khan, A. P. Shah, N. Gupta, S. S. Chouhan, J. G. Pandey, and S. K. Vishvakarma, “An ultra-low power, reconfigurable, aging resilient RO PUF for IoT applications,” Microelectron. J., vol. 92, p. 104605, Oct. 2019, doi: 10.1016/j.mejo.2019.104605.