PUF-PSS: A Physically Secure Privacy-Preserving Scheme Using PUF for IoMT-Enabled TMIS

Abstract

With the development of telecare medical information system (TMIS), doctors and patients are able to access useful medical services via 5G wireless communications without visiting the hospital in person. Unfortunately, TMIS should have the essential security properties, such as anonymity, mutual authentication, and privacy, since the patient’s data is transmitted via a public channel. Moreover, the sensing devices deployed in TMIS are resource-limited in terms of communication and computational costs. Thus, we design a physically secure privacy-preserving scheme using physical unclonable functions (PUF) in TMIS, called PUF-PSS to resolve the security requirements and efficiency of the existing related schemes. PUF-PSS prevents the security threats and also guarantees anonymity, key freshness, and authentication. We evaluate the security of PUF-PSS by performing formal and informal security analyses, including AVISPA implementation and ROR oracle model. We perform the test bed experiments utilizing well-known MIRACL based on a Raspberry PI 4 and compare the communication and computational costs of PUF-PSS with the previous schemes for TMIS. Consequently, PUF-PSS guarantees better efficiency and security than previous schemes and can be applied to TMIS environments.

1. Introduction

The recent COVID-19 pandemic has posed “one of the most serious threats to patient safety ever recorded, and public health is confronted with one of humanity’s and the world’s greatest challenges” [1]. The situational factors such as redeployment to unfamiliar roles and health professional shortages due to COVID-19 have all hampered existing care processes in most healthcare systems around the world. If specific precautions are not presented to resolve these problems, potential medical threats are able to result in many deaths. In this regard, numerous researchers have studied applicative and systematic methods for preventing medical deaths and improving patient safety for many years.

With the development of “5G wireless communications” and “internet of medical things (IoMT)” technologies, users can access medical services, including diagnostics and treatments via telecare medical information systems (TMIS). IoMT-based TMIS provides various healthcare services, such as health response, rehabilitation, and health monitoring [2,3]. These applications can greatly help patients and doctors to ensure efficient, robust, and low-cost healthcare services in “low and middle-income countries” and carry out exact medical diagnoses. In general, IoMT-based TMIS have consisted of the TMIS server, user, and sensing device. The sensing devices (e.g., IoMT and wearable devices) collect and monitor the patient’s health data, including body temperature and blood pressure, and send health data to the medical systems for treatment. Furthermore, a TMIS server guarantees other medical information and healthcare services to the users. The doctors may access the TMIS server to get patient’s real-time health status. Unfortunately, despite the advantages of TMIS, there are several challenges and problems to be resolved. IoMT-based TMIS may cause serious privacy and security issues [4] because the information is transmitted over an open channel. If the patient’s data is exposed, an adversary may attempt potential security threats. Moreover, an adversary can attempt physical sensor capture attacks and extract the secret information from a physically captured sensing devices. In addition, since the sensing device is resource limited with regard to communication and computational overheads, it is not applicable to utilize “symmetric and asymmetric key cryptography” that needs high overheads. Thus, lightweight and robust authentication and key agreement (AKA) schemes are indispensable to providing effective healthcare services for IoMT-based TMIS.

Over the past few years, numerous researchers have designed a lightweight and robust AKA protocol for IoMT-based TMIS [5,6]. They claimed that their AKA protocol can resist potential physical/cyber security attacks, including “sensing device capture, session key disclosure, privileged insider, and impersonation attacks”, and also guarantee “user anonymity, mutual authentication, and key freshness”. However, the existing AKA schemes for IoMT-based TMIS are vulnerable to potential physical/cyber security threats and also fail to provide essential security features, such as untraceability, anonymity, and mutual authentication. In addition, the existing AKA schemes for TMIS are not suitable for resource-limited sensing devices since it uses public-key cryptosystems (PKC) that require high computational and communication overheads. Hence, we design a physically secure privacy-preserving AKA scheme using physical unclonable functions (PUF) for IoMT-based TMIS, called PUF-PSS, to address the efficiency and security issues of the related schemes.

1.1. Motivations

Recently, the various applications for healthcare in IoMT-based TMIS environments ensure multiple benefits and useful services to legitimate users. However, despite the multiple benefits of TMIS application, the previous AKA schemes for TMIS suffered from cyber security threats, including insider attacks, impersonation, offline password guessing attacks, a lack of security functionalities, and also caused damage and overload to the systems. Besides cyber security threats, the sensing devices in IoMT-based TMIS can be vulnerable to physical security attacks since they are deployed in unattended and hostile environments. This fact motivated us to design a “physically secure privacy-preserving scheme using PUF for IoMT-based MITS” that resolves potential “cyber/physical security attacks” and ensures the “essential security requirements” that exist in IoMT-based TMIS environments.

1.2. Contributions

The detailed contributions of this article can be summarized below:

• We design a “physically secure privacy-preserving scheme using PUF for IoMT-based TMIS” to improve the security weaknesses of the related AKA schemes. PUF-PSS ensures the low overheads suitable for IoMT-based TMIS by performing XOR and hash functions. Moreover, PUF-PSS using PUF ensures that the physical security of the smart devices deployed in IoMT-based TMIS environments.
• We carry out the formal security analysis using “Real-or-Random (ROR) model” [7] and “Automated Validation of Internet Security Protocols and Applications (AVISPA)” simulation [8] to demonstrate the security of PUF-PSS.
• We present the test bed experiments for various forms of cryptography utilizing “Multiprecision Integer and Rational Arithmetic Cryptographic Library (MIRACL)” [9].
• We demonstrate that PUF-PSS guarantees mutual authentication between each entity by performing Burrows–Abadi–Needham (BAN) logic [10].
• We evaluate the performance of PUF-PSS with existing schemes with regard to “security properties, computation cost, and communication cost”.

1.3. Organization

The rest of the article is organized as follows. Section 2 introduces the related works for TMIS and Section 3 presents preliminaries. Section 4 designs a physically secure privacy-preserving AKA scheme using PUF for IoMT-based TMIS to enhance the security shortcomings and efficiency of the existing schemes. In Section 5, we attest to the security of PUF-PSS by performing “informal security and formal security analyses”. Section 6 indicates the test bed experiments for cryptographic operations utilizing MIRACL and then Section 7 compares the security functionalities, computation, and communication overheads of PUF-PSS with existing schemes. Finally, we summarize the conclusion and future works in Section 8.

2. Related Works

Over the past decades, many AKA schemes [11,12,13] have been proposed for healthcare in IoMT-based TMIS to ensure privacy and security of legitimate users. Amin et al. [14] presented an elliptic curve cryptography (ECC)-based AKA protocol that allows servers and users to share temporal common keys. Unfortunately, their scheme [14] is vulnerable to offline password guessing and masquerade attacks and has high computational costs. Challa et al. [15] designed an efficient and robust three-factor-based AKA scheme for healthcare using ECC. However, their scheme [15] cannot prevent “forgery and replay attacks and does not guarantee mutual authentication”. Li et al. [16] proposed a robust and efficient three-factor AKA scheme using ECC for wireless medical sensor systems (WMSN). Unfortunately, their scheme [16] is fragile to “replay and privileged insider attacks”. Furthermore, these AKA schemes [14,15,16] are not applicable for actual IoMT-enabled TMIS since they use ECC which is generated with high overheads.

Numerous researchers have presented a lightweight AKA scheme for IoMT-based TMIS [17,18,19] to address the efficiency associated with ECC-based AKA and the security problems. Sharma et al. [20] designed an efficient and reliable AKA protocol for cloud-IoT-enabled healthcare. Nevertheless, Sharma et al.’s scheme [20] is fragile to “sensor node compromise and insider attacks and does not ensure untraceability and anonymity”. Wazid et al. [21] presented a reliable AKA protocol for edge-based IoT environments using hash and XOR functions, called LDAKM-EIoT. However, LDAKM-EIoT is insecure to “forgery and desynchronization attacks”. Zhou et al. [22] proposed a reliable and lightweight IoT-enabled AKA protocol applicable to cloud-based TMIS. However, Zhou et al.’s scheme [22], similar to LDKAM-EIoT, is resistant to potential security attacks. In addition, these AKA schemes [20,21,22] guarantee user-friendly and inefficient scalability since it is not included that “user pre-validation and passwords cannot be efficiently changed without server involvement”.

In recent years, numerous biometric-based lightweight and robust AKA schemes for TMIS [23,24,25] have been proposed to address the security, efficiency, and scalability issues. Gupta et al. [26] proposed a robust and lightweight AKA protocol with anonymity for wearable device-based medical services. Gupta et al.’s scheme [26] guarantees high scalability and low computing resources. Unfortunately, Hajian et al. [27] discover that Gupta et al.’s scheme [26] suffers from “potential security threats such as privileged insider, offline guessing, impersonation, desynchronization, and compromise sensing device attacks”. Moreover, these AKA schemes [26,27] guarantee “high scalability but may be fragile to physical sensor capture attacks because it does not require secure channel during the sensing device registration process”. Thus, we design a physically robust privacy-preserving scheme using PUF for IoMT-based TMIS to resolve the security problems of existing related schemes.

3. Preliminaries

We introduce the preliminaries for this article.

3.1. Physical Unclonable Functions

PUF is considered as a “solution for protecting smart devices with low computing capabilities from an adversary [28]”. In the last few years, many researchers have presented various PUF mechanisms, such as static random access memory (SRAM)-PUF for lightweight property [29], ring oscillator (RO)-PUF for reliability improvement [30], and quantum-PUF [31] for quantum attack resistance [32,33,34]. Especially, the sensing devices deployed in IoMT-enabled TMIS are suitable to apply SRMA PUF property because it is resource-limited with regard to memory, power, and computing. PUF is widely used to manufacture an “output for an input such as a fingerprint-based on the physical microstructure of the smart devices”. PUF does not store a “secret key on the smart devices and is practically difficult to clone successfully identical PUF” because it is “formed by generating nanoscale variations during the integrated circuit (IC) chip’s manufacturing process”. The ideal PUF offers the functionalities of “unpredictability, uniqueness, and reliability”. PUF secures the smart devices deployed in IoMT-based TMIS environments from cloning, tampering, and side-channel attacks. Since PUF depends on the unique physical features of the IC, any alteration to the system will change the PUF output. PUF allows the systems to prove the legality of the smart devices and entities prior to establishing a common session key [35]. The detailed features of the PUF are as described below:

• PUF is easy to evaluate and implement.
• Any try to tamper with the smart devices which contain PUF will update the behavior of the PUF and thus destroy it [36].
• PUF relies on the system’s physical microstructure.

As a result, these features combine to make a good solution for the authentication and group proof in IoMT-based TMIS environments.

3.2. Adversary Model

We introduce the adversary models such as the widely accepted “Dolev–Yao (DY)” model [37] and “Canetti and Krawczyk (CK) model” [38].

• In the DY model [37], a malevolent adversary ($MA$) can block, inject, eavesdrop, and resend the transmitted messages over an open channel.
• In the CK model [38], $MA$ can compromise “secret credentials and session states through session-hijacking attacks”. Therefore, a session key must be dependent on both “long-term secret or short-term secret credentials”.
• $MA$ can steal a mobile device ($MD$) of legal users and also has the ability to physically capture sensor devices by performing a differential power analysis [39,40]. Thus, $MA$ extracts the secret parameters stored in $MD$ or sensing devices [41].

3.3. Network Model

Similar to [26], we introduce the network model for healthcare that is a combination of TMIS, IoMT, and WBAN. As shown in Figure 1, the network model is comprised of three entities: the patient, sensing device, and TMIS server.

• TMIS server: This entity is a powerful and trusted authority and includes a secure database that stores medical information for legitimate patients. Moreover, TMIS server is responsible for the registration and mutual authentication of the user/gateway and wearable sensing devices.
• User/Gateway: This entity is a user or gateway terminal, such as an access point and an $MD$ in the ambulance access point or the smart home. The gateway acts as a bridge between mobile/sensing devices and the TMIS server by providing short and long distance communication interfaces that maintain connectivity with internal mobile users and sensing devices. Hence, the gateway provides real-time communication between internal and external environments. In the case of an emergency when a patient is transported to the hospital, the patient needs to be connected to one of the TMIS servers since he/she cannot have access to the mobile terminal. Thus, we indicate various types of gateways that are not limited to mobile terminals.
• Sensing device: This entity is a wearable sensing device, including a smart watch, heart rate sensor, and smart wristband, which is implanted on a patient’s body or deployed by them in homes. $SD$s are resource constrained with regard to computing power, memory, and computation cost.

4. Proposed Scheme

We design a “physically robust privacy-preserving scheme using PUF for IoMT-based TMIS” to improve the security shortcomings of the existing AKA scheme for IoMT-based TMIS. The proposed scheme provides superior scalability since it uses a public channel in the process of the registration of each $SD$. Moreover, the proposed scheme contains the biometric and password update phase without the involvement of the trusted authority. The notations utilized in this paper are as shown in

Table 1. Notations.

Notation	Description
$U_i/G{W}_i$	User and Gateway
$S{D}_j$	Sensing device
S	TMIS server
$GI{D}_i$	Identity of $G{W}_i$
$I{D}_i$	Identity of $U_i$
$SI{D}_j$	Identity of $S{D}_j$
$P{W}_i$	Password of $U_i$
$BIO$	Biometric of $U_i$
$S{K}_{ij}$	Session key between $G{W}_i$ and $S{D}_j$
$K_i$	Secret key of S
$X_{G{D}_i}$	Common secret key between $G{W}_i$ and S
$X_{S{D}_j}$	Common secret key between $S{D}_j$ and S
$T_i$	Timestamp
$\Delta T$	Maximum transmission delay
$h(·)$	Hash function
$PUF(·)$	Physical unclonable function
⊕	XOR operation
$\left|\right|$	Concatenation

.

4.1. System Setup Process

This process consists of two cases such as gateway setup and sensing device setup processes. A trusted authority (TA) or TMIS server must register the $S{D}_j$ and assign the unique values to it. The TMIS server chooses a secret key $X_{S{D}_j}$, a temporal identity $TSI{D}_j$, and an unique identity $SI{D}_j$ for each $SD$. Then, the TMIS server stores $\{SI{D}_j,TSI{D}_j,X_{S{D}_j}\}$ in $S{D}_j$’s memory. In addition, the TMIS server stores $\{SI{D}_j,TSI{D}_j,X_{S{D}_j}\}$ in secure database. In order to register a gateway, the TMIS server chooses a secret key $X_{G{D}_i}$, a temporal identity $TGI{D}_i$, and a unique identity $GI{D}_i$ for each gateway and stores $\{GI{D}_j,TGI{D}_j,X_{G{D}_i}\}$ in the memory of the gateway. The TMIS server stores $\{GI{D}_j,TGI{D}_j,X_{G{D}_i}\}$ in a secure database.

4.2. Registration Process

The process consists of two parts: the sensing device and user registration processes.

4.2.1. User Registration Process

$U_i$ should register with S to receive the healthcare services. We introduce the user registration process of PUF-PSS and it is described in detail below as follows:

UR-1: 

$U_i$ chooses a “$I{D}_i$, $P{W}_i$ and selects a random number $n_i$”. After that, $U_i$ calculates $RP{W}_i=h(P{W}_i\left|\right|n_i)$ and sends $\{I{D}_i.RP{W}_i\}$ to S over a secure channel.

UR-2: 

S computes $HI{D}_i=h(I{D}_i\left|\right|X_{G{D}_i}\left|\right|K_i)$ and $X_i=h(K_i\left|\right|X_{G{D}_i}\left|\right|HI{D}_i)$, and stores $\left\{HI{D}_i\right\}$ in a secure database. Then, S transmits $\{HI{D}_i,X_i\}$ to the $U_i$ through a secure channel.

UR-3: 

$U_i$ imprints $BI{O}_i$ and computes ${\gamma }_i=PUF\left(BI{O}_i\right)$, $({\alpha }_i,{\beta }_i)=Gen\left({\gamma }_i\right)$, ${\beta }_i^{*}=\beta \oplus h(I{D}_i\left|\right|X_{G{D}_i}\left|\right|P{W}_i)$, $n_i^{*}=n_i\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|P{W}_i)$, $X_i^{*}=X_i\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|X_{G{D}_i}\left|\right|RP{W}_i)$, $HI{D}_i^{*}=HI{D}_i\oplus h({\alpha }_i\left|\right|RP{W}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and $C_i=h(HI{D}_i\left|\right|{\alpha }_i\left|\right|X_i\left|\right|X_{G{D}_i})$. After that, $U_i$ replaces $\{HI{D}_i,X_i\}$ with $\{HI{D}_i^{*},X_i^{*}\}$ and then stores $\{n_i^{*},{\beta }_i^{*},C_i\}$ in the memory.

4.2.2. Sensing Device Registration Process

We show the sensing device registration process of PUF-PSS and it is described in detail as follows.

SDR-1: 

$S{D}_j$ chooses a random number $b_j$ and calculates $Q_j=b_j\oplus h(SI{D}_j\left|\right|X_{S{D}_j})$ and $W_j=h(SI{D}_j\left|\right|TSI{D}_j\left|\right|X_{S{D}_j}\left|\right|b_j)$. Then, $S{D}_j$ transmits the message $\{Q_j,W_j,TSI{D}_j\}$ to the S over an insecure channel.

SDR-2: 

S calculates $b_j=Q_j\oplus h(SI{D}_j\left|\right|X_{S{D}_j})$, $W_j^{*}=h(SI{D}_j\left|\right||TSI{D}_j\left|\right|X_{S{D}_j}\left|\right|b_j)$, and checks whether $W_j^{*}\stackrel{?}{=}{W}_j$. If the condition is equal, S computes $HSI{D}_j=h(SI{D}_j\left|\right|X_{S{D}_j}\left|\right|K_i)$, $Z_j=h(HSI{D}_j\left|\right|K_i\left|\right|X_{S{D}_j})$, $N_j=(HSI{D}_j\left|\right|b_j)\oplus h(X_{S{D}_j}\left|\right|SI{D}_j\left|\right|TSI{D}_j)$, and $M_j=Z_j\oplus h(HSI{D}_j\left|\right|X_{S{D}_j}\left|\right|b_j)$. After that, S generates a random challenge set $C_j$ and computes the response set $Re{s}_j$ for the $C_j$ as $Re{s}_j=PUF\left(C_j\right)$. Then, the sets $R_j$ and ${\delta }_j$ are computed by passing $Re{s}_j$ via PUF function $Gen(.)$, where $(R_j,{\delta }_j)=Gen\left(Re{s}_j\right)$.

SDR-3: 

After that, S computes $D_j={\delta }_j\oplus h(X_{S{D}_j}\left|\right|b_j\left|\right|HSI{D}_j)$, $F_i=h(b_j\left|\right|X_{S{D}_j}\left|\right|HSI{D}_j\left|\right|TSI{D}_j\left|\right|N_j)$, and transmits $\{N_j,M_j,D_j,F_j\}$ to the $S{D}_j$. Finally, S computes $V_j=Z_j\oplus K_i\oplus X_{S{D}_j}$ and then stores $\{V_j,(C_j,R_j)\}$ in the secure database.

SDR-4: 

$S{D}_j$ computes $F_j^{*}=h(b_j\left|\right|X_{S{D}_j}\left|\right|HSI{D}_j\left|\right|TSI{D}_j\left|\right|N_j)$ and checks whether $F_j^{*}\stackrel{?}{=}{F}_j$. If it is valid, $S{D}_j$ stores the secret credentials $\{C_j,N_j,M_j,D_j\}$ in the memory.

4.3. Authentication and Key Agreement Process

After performing the registration process, the registered $U_i$ and $S{D}_j$ carry out mutual authentication with S in order to establish a session key. The messages are transmitted via an open channel. We present the detailed AKA process of the PUF-PSS below.

AKP-1: 

$U_i/G{W}_i$ inputs a $I{D}_i$ and $P{W}_i$, and imprints $BI{O}_i$. After that, $MD$ calculates ${\gamma }_i=PUF\left(BI{O}_i\right)$, ${\beta }_i={\beta }_i^{*}\oplus h(I{D}_i\left|\right|X_{G{D}_i}\left|\right|P{W}_i)$, ${\alpha }_i=Rep({\gamma }_i,{\beta }_i)$, $n_i=n_i^{*}\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|P{W}_i)$, $RP{W}_i=h(P{W}_i\left|\right|n_i)$, $X_i=X_i^{*}\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|X_{G{D}_i}\left|\right|RP{W}_i)$, $HI{D}_i=HI{D}_i^{*}\oplus h({\alpha }_i\left|\right|RP{W}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and $C_i^{*}=h(HI{D}_i\left|\right|{\alpha }_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and checks whether $C_i^{*}\stackrel{?}{=}{C}_i$. “If it is not valid, $U_i$ terminates this process, otherwise $U_i$ selects a $r_1$ and calculates $M_1=r_1\oplus h(TGI{D}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and $Aut{h}_u=h(HI{D}_i\left|\right|r_1\left|\right|X_i$$\left|\right|X_{G{D}_i}\left|\right|TGI{D}_i)$, and transmits $\{TGI{D}_i,M_1,Aut{h}_u\}$ to $S{D}_j$”.

AKP-2: 

$S{D}_j$ computes $(HSI{D}_j\left|\right|b_j)=N_j\oplus h(X_{S{D}_j}\left|\right|SI{D}_j\left|\right|TSI{D}_j)$, $Z_j=M_j\oplus h(HSI{D}_j\left|\right|X_{S{D}_j}\left|\right|b_j)$, and generates a random nonce $r_2$. After that, $S{D}_j$ computes $M_2=(SI{D}_j\left|\right|r_2)\oplus h(X_{S{D}_j}\left|\right|Z_j)$ and $Aut{h}_{SD}=h(HSI{D}_j\left|\right|X_{S{D}_j}\left|\right|Z_j\left|\right|r_2)$, and transmits $\{TGI{D}_i,M_1,Aut{h}_u,TSI{D}_j,M_2,Aut{h}_{SD}\}$ to S.

AKP-3: 

S retrieves $\left\{HI{D}_i\right\}$ with $TGI{D}_i$ in the secure database and computes $X_i=h(K_i\left|\right|X_{G{D}_i}\left|\right|HI{D}_i)$, $r_1=M_1\oplus h(TGI{D}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and $Aut{h}_u^{*}=h(HI{D}_i\left|\right|r_1\left|\right|X_i\left|\right|X_{G{D}_i}\left|\right|TGI{D}_i)$. Then, S checks whether $Aut{h}_u^{*}\stackrel{?}{=}Aut{h}_u$. If it is valid, S computes $Z_j=V_j\oplus K_i\oplus X_{S{D}_j}$, $(SI{D}_j\left|\right|r_2)=M_2\oplus h(X_{S{D}_j}\left|\right|Z_j)$, $HSI{D}_j=h(SI{D}_j\left|\right|X_{S{D}_j}\left|\right|K_i)$, and $Aut{h}_{SD}^{*}=h(HSI{D}_j\left|\right|X_{S{D}_j}\left|\right|Z_j\left|\right|r_2)$, and then checks whether $Aut{h}_{SD}^{*}\stackrel{?}{=}Aut{h}_{SD}$. If it is correct, S retrieves $(C_j,R_j)$ through $SI{D}_j$ and computes $M_3=(C_j\left|\right|r_1)\oplus h(Z_j\left|\right|HSI{D}_j\left|\right|r_2\left|\right|X_{S{D}_j})$, $TSI{D}_j^{new}=h(r_2\left|\right|TSI{D}_j)$, $Aut{h}_{TM-SD}=h(TSI{D}_j^{new}\left|\right|X_{S{D}_j}\left|\right|Z_j\left|\right|R_j\left|\right|r_1)$, and $Aut{h}_{TM-U}=h(TGI{D}_i\left|\right|X_{G{D}_i}\left|\right|X_i\left|\right|r_1\left|\right|r_2)$, and then transmits $\{Aut{h}_{TM-SD},Aut{h}_{TM-U},M_3\}$ to $S{D}_j$.

AKP-4: 

$S{D}_j$ computes ${\delta }_j=D_j\oplus h(X_{S{D}_j}\left|\right|b_j\left|\right|HSI{D}_j)$, $(C_j\left|\right|r_1)=M_3\oplus h(Z_j\left|\right|HSI{D}_j\left|\right|r_2\left|\right|X_{S{D}_j})$, $R_j=Rep(PUF\left(C_j\right),{\delta }_j)$, $TSI{D}_j^{new}=h(r_2\left|\right|TSI{D}_j)$, and $Aut{h}_{TM-SD}^{*}=h(TSI{D}_j^{new}\left|\right|X_{S{D}_j}\left|\right|Z_j\left|\right|R_j\left|\right|r_1)$. Then, $S{D}_j$ checks whether $Aut{h}_{TM-SD}^{*}\stackrel{?}{=}Aut{h}_{TM-SD}$. If it is valid, $S{D}_j$ computes $M_4=(R_j\left|\right|r_2)\oplus h(r_1\left|\right|TGI{D}_i\left|\right|TSI{D}_j)$, $SK=h\left(r_1\right|\left|r_2\right|\left|R_j\right)$, and $Aut{h}_{SD-U}=h\left(SK\right||r_1\left|\right|r_2\left|\right|R_j)$. Finally, $S{D}_j$ transmits $\{TSI{D}_j,Aut{h}_{TM-U},Aut{h}_{SD-U},M_4\}$ to $U_i$, and updates $TSI{D}_j$ to $TSI{D}_j^{new}$ in the memory.

AKP-5: 

$U_i$ computes “$(R_j\left|\right|r_2)=M_4\oplus (r_1\left|\right|TGI{D}_i\left|\right|TSI{D}_j)$, $Aut{h}_{TM-U}=h\left(TGID\right||X_i\left|\right|R_j\left|\right|r_1\left|\right|r_2)$, and checks whether $Aut{h}_{TM-U}^{*}\stackrel{?}{=}Aut{h}_{TM-U}$. If it is correct, $U_i$ computes $TSI{D}_j^{new}=h(r_2\left|\right|TSI{D}_j)$, $SK=h\left(r_1\right|\left|r_2\right|\left|R_j\right)$, and $Aut{h}_{SD-U}^{*}=h\left(SK\right||r_1\left|\right|r_2\left|\right|R_j)$, and verifies whether $Aut{h}_{SD-U}^{*}\stackrel{?}{=}Aut{h}_{SD-U}$”. If it is valid, $U_i$ updates $\left\{TSI{D}_j^{new}\right\}$ for the next login.

4.4. Biometric and Password Update Process

If the legitimate users want a new $BI{O}_i$ and $P{W}_i$, $U_i$ can handily change their old $BI{O}_i$ and $P{W}_i$ [42].

PBU-1: 

$U_i$ inputs a “$I{D}_i$, a old $P{W}_i$, and imprints a old $BI{O}_i$ into $U_i$”.

PBU-2: 

$U_i$ calculates ${\gamma }_i=PUF\left(BI{O}_i\right)$, ${\beta }_i={\beta }_i^{*}\oplus h(I{D}_i\left|\right|X_{G{D}_i}\left|\right|P{W}_i)$, ${\alpha }_i=Rep({\gamma }_i,{\beta }_i)$, $n_i=n_i^{*}\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|P{W}_i)$, $RP{W}_i=h(P{W}_i\left|\right|n_i)$, $X_i=X_i^{*}\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|X_{G{D}_i}\left|\right|RP{W}_i)$, $HI{D}_i=HI{D}_i^{*}\oplus h({\alpha }_i\left|\right|RP{W}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and $C_i^{*}=h(HI{D}_i\left|\right|{\alpha }_i\left|\right|X_i\left|\right|X_{G{D}_i})$. Then, $U_i$ checks whether $C_i^{*}\stackrel{?}{=}{C}_i$. If the condition is not valid, $U_i$ aborts this session, otherwise $U_i$ transmits the authentication message to $U_i$.

PBU-3: 

After getting the authentication message, $U_i$ inputs a new password $P{W}_i^{new}$, and imprints a new biometric $BI{O}_i^{new}$ to the $U_i$ via a secure channel.

PBU-4: 

$U_i$ generates a new biometric token ${\alpha }_i^{new}$, and the corresponding secret parameter ${\beta }_i^{new}$ as (${\alpha }_i^{new}$, ${\beta }_i^{new}$)=$Gen\left({\gamma }_i^{new}\right)$. After that, $U_i$ calculates ${\beta }_i^{{}^{\prime }}={\beta }_i^{new}\oplus h(I{D}_i\left|\right|X_{G{D}_i}\left|\right|P{W}_i^{new})$, $n_i^{{}^{\prime }}=n_i\oplus h(I{D}_i\left|\right|{\alpha }_i^{new}\left|\right|P{W}_i^{new})$, $RP{W}_i^{new}=h(P{W}_i^{new}\left|\right|n_i)$, $X_i^{{}^{\prime }}=X_i\oplus h(I{D}_i\left|\right|{\alpha }_i^{new}\left|\right|X_{G{D}_i}\left|\right|RP{W}_i^{new})$, $HI{D}_i^{{}^{\prime }}=HI{D}_i\oplus h({\alpha }_i^{new}\left|\right|RP{W}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, and $C_i^{{}^{\prime }}=h(HI{D}_i\left|\right|{\alpha }_i^{new}\left|\right|X_i\left|\right|X_{G{D}_i})$. Finally, $U_i$ replaces $\{HI{D}_i^{{}^{\prime }},X_i^{{}^{\prime }},n_i^{{}^{\prime }},{\beta }_i^{{}^{\prime }},C_i^{{}^{\prime }}\}$ with $\{HI{D}_i^{*},X_i^{*},n_i^{*},{\beta }_i^{*},C_i\}$ in the memory.

5. Security Analysis

We carry out the informal/formal security analysis, such as “AVISPA implementation and ROR oracle model”. We demonstrate that PUF-PSS can prevent various cyber/physical security threats, including “impersonation, session key disclosure, and MITM attacks” and ensure “anonymity, perfect forward secrecy, and mutual authentications”.

5.1. Informal Security Analysis

We perform the “informal security analysis to prove the security of PUF-PSS”. We prove that PUF-PSS is able to prevent potential security threats and provide “secure anonymity, perfect forward secrecy, and mutual authentication”.

5.1.1. Impersonation Attack

We suppose that $MA$ tries to impersonate by intercepting the exchanged messages of each participant over an open channel. However, $MA$ cannot correctly generate the authentication request message $\{TGI{D}_i,M_1,Aut{h}_u\}$, $\{TGI{D}_i,M_1,Aut{h}_u,TSI{D}_j,M_2,Aut{h}_{SD}\}$ and response message $\{Aut{h}_{TM-SD},AUT{H}_{TM-U},M_3\}$, $\{TSI{D}_j,Aut{h}_{SD-U},Aut{h}_{TM-U},M_4\}$ because $MA$ does not receive the “random nonces $\{r_1,r_2\}$ and secret credentials $\{X_i,Z_j\}$”. Thus, PUF-PSS is resilient to this attack since $MA$ cannot calculate the valid authentication messages of each entity.

5.1.2. Physical Capture Attack

We assume that $MA$ can physically capture any $S{D}_j$, and then extract all the secret credentials in the memory of a physically captured $S{D}_j$, compromising of the data $\{N_j,M_j,D_j,C_j\}$ from the $S{D}_j$’s memory. However, there are independent and distinct factors for all deployed $S{D}_j$ since $SI{D}_j$ and $C_j$ are randomly generated. Thus, the compromised data does not help in computing a session key $SK$ between $U_i$ and an other non-compromised $S{D}_j$. Consequently, PUF-PSS is secure to this attack since the output of PUF challenge and response pair $\{({\alpha }_i,{\beta }_i),(C_j,R_j)\}$ depends upon the intrinsic physical variations in the IC chip.

5.1.3. Replay Attack

If $MA$ eavesdrops the transmitted messages over an open channel, $MA$ tries to authenticate with other participants by retransmitting the intercepted messages from the previous session. However, in PUF-PSS, all of the entities check the freshness of the random nonces $r_1$ and $r_2$. Moreover, the transmitted messages are protected with secret credentials $X_i$ and $Z_j$. Hence, PUF-PSS is resilient against replay attacks.

5.1.4. Session Key Disclosure Attack

$MA$ should obtain the “PUF response and random nonces (short-term secrets) $\{r_1,r_2,R_j\}$ and the long-term secrets credentials $\{X_i,Z_j\}$ to generate the correct $SK=h\left(r_1\right|\left|r_2\right|\left|R_j\right)$”. However, $MA$ cannot calculate because $\{X_i,Z_j\}$ is protected with the “shared secret key $\{X_{G{D}_i},X_{S{D}_j}\}$, random number $b_j$, and PUF challenge ${\alpha }_i$” using the hash function. Moreover, $MA$ cannot obtain $\{r_1,r_2,R_j\}$ since $MA$ does not know the “real identity $\{I{D}_i,SI{D}_j\}$ of $U_i$ and $S{D}_j$, the secret credentials $\{X_i,Z_j\}$, and PUF secret parameter $R_j$”. Thus, PUF-PSS is resilient to this attack under the CK model [38] as the presented threat model in Section 3.2.

5.1.5. Offline Password Guessing Attack

We suppose that $MA$ attempts to guess the $U_i$’s password $P{W}_i$, and also extract all secret credentials $\{HI{D}_i^{*},X_i^{*},n_i^{*},{\beta }_i^{*},C_i\}$ in $M{D}_i$’s memory using the differential power analysis. If $MA$ can guess $U_i$’s $P{W}_i$, $MA$ can calculate “several equations and the correct credentials with the guessed $P{W}_i$”. However, $MA$ should know a “unique biometric $BI{O}_i$ and a random number $n_i$ of $U_i$” to calculate the correct credentials and equations. Hence, $MA$ is difficult to correctly guess $U_i$’s $P{W}_i$ because $MA$ cannot obtain the biometric $BI{O}_i$ and random number $n_i$.

5.1.6. MITM Attack

We suppose that if $MA$ can eavesdrop the transmitted messages through an open channel, then this attack may be possible. However, $MA$ is unable to successfully calculate the authentication request and confirmation messages since $MA$ cannot obtain the “random nonces $\{r_1,r_2\}$, PUF secret parameter $\{{\beta }_i,R_j\}$, biometric $BI{O}_i$, real identity $\{I{D}_i,SI{D}_j\}$”. Consequently, PUF-PSS can prevent this attack since $MA$ cannot get the secret credentials of the legal entities.

5.1.7. Stolen Verifier Attack

We assume that $MA$ steals the secret credential stored in S’s database and then tries to impersonate the legitimate participant. Even if $MA$ obtains the secret credentials $\left\{HI{D}_i\right\}$ for $U_i$ and $\{V_j,(C_j,R_j)\}$ for $S{D}_j$ stored in database of $SP$, $MA$ cannot obtain sensitive information and impersonate as legitimate entities. Even if the secret credential $\left\{HI{D}_i\right\}$ for $U_i$ is revealed, $MA$ does not obtain the sensitive information without the fresh random nonce $r_1$, the correct shared secret key $X_{G{D}_i}$ for $U_i$ and S. Moreover, the secret credential $\left\{V_j\right\}$ for $S{D}_j$ is protected with the secret private key $K_i$ of S and the shared secret key $X_{S{D}_j}$ by performing XOR and hash functions. PUF challenge/response pairs $\{C_j,R_j)\}$ for $S{D}_j$ are computationally difficult to compromise the PUF secret value because the output of PUF relies on the unique physical characteristics. Hence, PUF-PSS is resilient to this attack since $MA$ cannot impersonate the legitimate participant because $MA$ does not receive the sensitive data for $S{D}_j$ and $U_i/GW$.

5.1.8. Ephemeral Secret Leakage (ESL) Attack

According to Section 3.2, we assume that $MA$ can compromise the session states and secret credentials under the CK adversary model. If the short-term secrets $\{r_1,r_2\}$ are revealed, an $SK$ is protected since $MA$ cannot obtain the sensitive information, such as the random nonces $\{n_i,b_j\}$ and the real identities $\{I{D}_i,SI{D}_j\}$. On the other hand, if the long-term secrets $\{X_i,Z_j\}$ are compromised, an $SK$ is still protected since $MA$ does not obtain the shared secret keys $\{X_{G{D}_i},X_{S{D}_j}\}$, the biometric secret value ${\beta }_i$, and the PUF secret value $R_j$. Thus, PUF-PSS resists an ESL attack based on the CK model [38].

5.1.9. Perfect Forward Secrecy

We assume that $MA$ can obtain TMIS server S’s secret key $K_i$. After that, $MA$ attempts to compute a session key $SK=h\left(r_1\right|\left|r_2\right|\left|R_j\right)$ between $U_i$ and $S{D}_j$. However, $MA$ cannot compute an $SK$ because $MA$ does not obtain the random nonces $\{r_1,r_2\}$ and the PUF value $R_j$. Therefore, PUF-PSS scheme ensures perfect forward secrecy.

5.1.10. Mutual Authentication

During the authentication and key agreement process, all of the participants successfully perform mutual authentication. After getting the messages $\{TGI{D}_i,M_1,Aut{h}_u\}$ from the $U_i$, S checks whether $Aut{h}_u^{*}\stackrel{?}{=}Aut{h}_u$. If it is correct, S authenticates $U_i$. After obtaining the messages $\{TSI{D}_j,M_2,Aut{h}_{SD}\}$ from $S{D}_j$, S verifies whether $Aut{h}_{SD}^{*}\stackrel{?}{=}Aut{h}_{SD}$. If the condition is correct, S authenticates $S{D}_j$. After getting the messages $\{Aut{h}_{TM-SD},C_j,M_4\}$ from S, $S{D}_j$ checks whether $Aut{h}_{TM-SD}^{*}\stackrel{?}{=}Aut{h}_{TM-SD}$. If it is valid, $S{D}_j$ authenticates S. After obtaining the message $\{Aut{h}_{TM-U},Aut{h}_{SD-U},M_3,M_5\}$ from $S{D}_j$ and S, $U_i$ verifies whether $Aut{h}_{TM-U}^{*}\stackrel{?}{=}Aut{h}_{TM-U}$ and $Aut{h}_{SD-U}^{*}\stackrel{?}{=}Aut{h}_{SD-U}$. If it is correct, $U_i$ authenticates $S{D}_j$ and S and establishes an $SK$. Consequently, all of the participants are “mutually authenticated because $MA$ cannot calculate the authentication request and confirmation messages successfully”.

5.1.11. Anonymity

According to Section 3.2, $MA$ can extract secret parameters stored in $M{D}_i$ and intercept the transmitted messages in each session. However, $MA$ cannot retrieve the “real identity $\{I{D}_i,SI{D}_j\}$ of $U_i$ and $S{D}_j$ because the transmitted messages are masked with random nonce $\{r_1,r_2\}$, secret credentials $\{X_i,Z_j\}$, biometric $\left\{BI{O}_i\right\}$ and shared secret key $\{X_{G{D}_i},X_{S{D}_j}\}$” using the PUF function, hash function, and XOR operation. Therefore, PUF-PSS guarantees the anonymity of $U_i$ and $S{D}_j$.

5.2. Formal Security Analysis Using BAN Logic

We demonstrate that PUF-PSS guarantees secure mutual authentication among $U_i,S{D}_j$, and S by performing BAN logic [10]. We introduce the symbols in

Table 2. BAN logic symbols.

Symbol	Description
$\zeta ,\phi$	Principals
$X,Y$	Statements
$SK$	Session key
$\zeta |\equiv X$	$\zeta$ believes X
$\zeta |\sim X$	$\zeta$ once said X
$\zeta ⤇X$	$\zeta$ controls X
$\zeta ⊲X$	$\zeta$ receives X
$\#X$	X is fresh
${\left\{X\right\}}_K$	X is encrypted with K
$\zeta \stackrel{K}{\leftrightarrow }\phi$	$\zeta$ and $\phi$ have shared secret key K

and also define rules, idealized forms, security goals, and assumptions for BAN logic.

1. 

Message meaning rule (MMR):

$$\frac{\zeta |\equiv \zeta \stackrel{K}{\leftrightarrow }\phi ,\zeta ⊲{\left\{X\right\}}_K}{\zeta |\equiv \phi |\sim X}$$

2. 

Nonce verification rule (NVR):

$$\frac{\zeta |\equiv \#(X),\zeta |\equiv \phi |\sim X}{\zeta |\equiv \phi |\equiv X}$$

3. 

Jurisdiction rule (JR):

$$\frac{\zeta |\equiv \phi ⤇X,\zeta |\equiv \phi |\equiv X}{\zeta |\equiv X}$$

4. 

Freshness rule (FR):

$$\frac{\zeta |\equiv \#(X)}{\zeta |\equiv \#(X,Y)}$$

5. 

Belief rule (BR):

$$\frac{\zeta |\equiv (X,Y)}{\zeta |\equiv X}$$

5.2.1. Security Goals

We present the security goals of PUF-PSS to prove the BAN logic.

Goal 1: 

$U_i|\equiv U_i\stackrel{SK}{\leftrightarrow }S{D}_j$

Goal 2: 

$S{D}_j|\equiv U_i\stackrel{SK}{\leftrightarrow }S{D}_j$

Goal 3: 

$U_i|\equiv S{D}_j|\equiv U_i\stackrel{SK}{\leftrightarrow }S{D}_j$

Goal 4: 

$S{D}_j|\equiv U_i|\equiv U_i\stackrel{SK}{\leftrightarrow }S{D}_j$

5.2.2. Idealized Forms

The idealized forms of the messages in PUF-PSS are as follows.

$MI{F}_1$:

 $U_i\to S{D}_j:{\{r_1,HI{D}_i,TGI{D}_i,X_i\}}_{X_{G{D}_i}}$

$MI{F}_2$:

 $S{D}_j\to S:{\{HI{D}_i,TGI{D}_i,r_1,X_i,r_2,SI{D}_j,TSI{D}_j,Z_j\}}_{X_{S{D}_j}}$

$MI{F}_3$:

 $S\to S{D}_j:{\{HI{D}_i,SI{D}_j,r_1,r_2,R_j\}}_{X_{S{D}_j}}$

$MI{F}_4$:

 $S{D}_j\to U_i:{\{\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right),TGI{D}_i,TSI{D}_j,r_2,X_i\}}_{X_{G{D}_i}}$

5.2.3. Assumptions

We present the assumptions of PUF-PSS as follows.

$A{S}_1$:

 $S{D}_j|\equiv \left(U_i\stackrel{X_{G{D}_i}}{\leftrightarrow }S{D}_j\right)$

$A{S}_2$:

 $S{D}_j|\equiv \#\left(r_1\right)$

$A{S}_3$:

 $S|\equiv (S\stackrel{X_{S{D}_j}}{\leftrightarrow }S{D}_j)$

$A{S}_4$:

 $S|\equiv \#(r_1,r_2)$

$A{S}_5$:

 $S{D}_j|\equiv \left(S\stackrel{X_{S{D}_j}}{\leftrightarrow }S{D}_j\right)$

$A{S}_6$:

 $S{D}_j|\equiv \#\left(r_2\right)$

$A{S}_7$:

 $U_i|\equiv \left(U_i\stackrel{X_{G{D}_i}}{\leftrightarrow }S{D}_j\right)$

$A{S}_8$:

 $U_i|\equiv \#\left(r_1\right)$

$A{S}_9$:

 $U_i|\equiv S{D}_j⤇\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right)$

$A{S}_{10}$:

 $S{D}_j|\equiv U_i⤇\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right)$

5.2.4. BAN Logic Proof

We then present the BAN logic proof as follows.

Step 1: 

Based on $MI{F}_1$, we obtain

$$\left(P_1\right):S{D}_j⊲{\{r_1,HI{D}_i,TGI{D}_i,X_i\}}_{X_{G{D}_i}}$$

Step 2: 

Using $P_1$ and $A{S}_1$ with the MMR, we obtain

$$\left(P_2\right):SD|\equiv U|\sim {\{r_1,HI{D}_i,TGI{D}_i,X_i\}}_{X_{G{D}_i}}$$

Step 3: 

Based on the $P_2$ and $A{S}_2$ with the FR, we obtain

$$\left(P_3\right):SD|\equiv \#{\{r_1,HI{D}_i,TGI{D}_i,X_i\}}_{X_{G{D}_i}}$$

Step 4: 

Using $P_2$ and $P_3$ with the NVR, we obtain

$$\left(P_4\right):SD|\equiv U|\equiv {\{r_1,HI{D}_i,TGI{D}_i,X_i\}}_{X_{G{D}_i}}$$

Step 5: 

Based on the $P_4$ with the BR, we obtain

$$\left(P_5\right):SD|\equiv U|\equiv \left(r_1\right)$$

Step 6: 

According to $MI{F}_2$, we obtain

$$\left(P_6\right):S⊲{\{HI{D}_i,TGI{D}_i,r_1,X_i,r_2,SI{D}_j,TSI{D}_j,Z_j\}}_{X_{S{D}_j}}$$

Step 7: 

Using $P_6$ and $A{S}_3$ with the MMR, we obtain

$$\left(P_7\right):S|\equiv S{D}_j|\sim {\{HI{D}_i,TGI{D}_i,r_1,X_i,r_2,SI{D}_j,TSI{D}_j,Z_j\}}_{X_{S{D}_j}}$$

Step 8: 

Based on the $P_7$ and $A{S}_4$ with the FR, we obtain

$$\left(P_8\right):S|\equiv \#{\{HI{D}_i,TGI{D}_i,r_1,X_i,r_2,SI{D}_j,TSI{D}_j,Z_j\}}_{X_{S{D}_j}}$$

Step 9: 

Using $P_7$ and $P_8$ with the NVR, we obtain

$$\left(P_9\right):S|\equiv S{D}_j|\equiv {\{HI{D}_i,TGI{D}_i,r_1,X_i,r_2,SI{D}_j,TSI{D}_j,Z_j\}}_{X_{S{D}_j}}$$

Step 10: 

According to $MI{F}_3$, we obtain

$$\left(P_{10}\right):S{D}_j⊲{\{HI{D}_i,SI{D}_j,r_1,r_2,R_j\}}_{X_{S{D}_j}}$$

Step 11: 

Using $P_{10}$ and $A{S}_5$ with the MMR, we obtain

$$\left(P_{11}\right):S{D}_j|\equiv S|\sim {\{HI{D}_i,SI{D}_j,r_1,r_2,R_j\}}_{X_{S{D}_j}}$$

Step 12: 

Based on the $P_{11}$ and $A{S}_6$ with the FR, we obtain

$$\left(P_{12}\right):S{D}_j|\equiv \#{\{HI{D}_i,SI{D}_j,r_1,r_2,R_j\}}_{X_{S{D}_j}}$$

Step 13: 

Using $P_{11}$ and $P_{12}$ with the NVR, we obtain

$$\left(P_{13}\right):S{D}_j|\equiv S|\equiv {\{HI{D}_i,SI{D}_j,r_1,r_2,R_j\}}_{X_{S{D}_j}}$$

Step 14: 

According to $MI{F}_4$, we obtain

$$\left(P_{14}\right):U_i⊲{\{\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right),TGI{D}_i,TSI{D}_j,r_2,X_i\}}_{X_{G{D}_i}}$$

Step 15: 

Using $P_{14}$ and $A{S}_7$ with the MMR, we obtain

$$\left(P_{15}\right):U_i|\equiv S{D}_j|\sim {\{\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right),TGI{D}_i,TSI{D}_j,r_2,X_i\}}_{X_{G{D}_i}}$$

Step 16: 

Based on the $P_{15}$ and $A{S}_8$ with the FR, we obtain

$$\left(P_{16}\right):U_i|\equiv \#{\{\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right),TGI{D}_i,TSI{D}_j,r_2,X_i\}}_{X_{G{D}_i}}$$

Step 17: 

Using $P_{15}$ and $P_{16}$ with the NVR, we obtain

$$\left(P_{17}\right):U_i|\equiv S{D}_j|\equiv {\{\left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right),TGI{D}_i,TSI{D}_j,r_2,X_i\}}_{X_{G{D}_i}}$$

Step 18: 

Based on the $P_{17}$ with the BR, we obtain

$$\left(P_{18}\right):U_i|\equiv S{D}_j|\equiv \left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right)\mathbf{\left(}\mathbf{Goal}\mathbf{3}\mathbf{\right)}$$

Step 19: 

Using $P_{18}$ and $A{S}_9$ with the JR, we obtain

$$\left(P_{19}\right):U_i|\equiv \left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right)\mathbf{\left(}\mathbf{Goal}\mathbf{1}\mathbf{\right)}$$

Step 20: 

Because of $SK=h\left(r_1\right|\left|r_2\right|\left|R_j\right)$ from $P_5$, $P_9$, $P_{13}$ and $P_{17}$, we obtain

$$\left(P_{20}\right):S{D}_j|\equiv U_i|\equiv \left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right)\mathbf{\left(}\mathbf{Goal}\mathbf{4}\mathbf{\right)}$$

Step 21: 

Based on the $P_{19}$ and $A{S}_{10}$ with the JR, we obtain

$$\left(P_{21}\right):S{D}_j|\equiv \left(U_i\stackrel{SK}{\leftrightarrow }S{D}_j\right)\mathbf{\left(}\mathbf{Goal}\mathbf{2}\mathbf{\right)}$$

Consequently, we prove that $U_i$, $S{D}_j$, and S are mutually authenticated because they achieve security goals 1–4.

5.3. Formal Security Analysis Using ROR Oracle Model

We evaluate a session key (SK) security of PUF-PSS from $MA$ under the ROR oracle model [7]. We define the necessary queries for the ROR model [7] as follows.

In PUF-PSS, there are three entities: the users $P_U^{t_1}$, the sensing devices $P_{SD}^{t_2}$, and the TMIS server $P_S^{t_3}$, where $P_U^{t_1}$, $P_{SD}^{t_2}$, and $P_S^{t_3}$ are instances $t_1^{th}$ of $U_i$, $t_2^{th}$ of $S{D}_j$, and $t_3^{th}$ of S, respectively.

Table 3. Queries and purposes.

Queries	Purpose
$Execute({\mathcal{P}}_U^{t_1},$${\mathcal{P}}_{SD}^{t_2},$${\mathcal{P}}_S^{t_3}$)	Based on $Execute\left(\right)$, $MA$ performs the passive/active attacks by eavesdropping the exchanged messages between each entity over a insecure channel.
$CorruptMD$$\left({\mathcal{P}}_U^{t_1}\right)$	This query indicates as the mobile device stolen attacks, where $MA$ can extract the secret credentials stored in $MD$.
$CorruptSD$$\left({\mathcal{P}}_{SD}^{t_2}\right)$	This query indicates as the physical capture attacks, where $MA$ can obtain the secret parameters stored in $SD$.
$Send$$({\mathcal{P}}^t,Msg)$	Based on this query, $MA$ can transmit the message $Msg$ to the $P^t$, and obtain the response message accordingly.
$Reveal\left({\mathcal{P}}^t\right)$	Under the this query, $MA$ reveals a SK generated between $P_U^{t_1}$ and $P_{SD}^{t_2}$.
$Test\left({\mathcal{P}}^t\right)$	An unbiased coin c is tossed prior to game start. If $MA$ gets the $c=1$ under the $Test\left(\right)$, it indicates a SK between $P_U^{t_1}$ and $P_{SD}^{t_2}$ is fresh. If $MA$ obtains the $c=0$, it indicate a SK is not fresh; otherwise, $MA$ obtains a null value (⊥).

shows the necessary queries, including “$Execute\left(\right)$, $CorruptMD\left(\right)$, $Send\left(\right)$, $Test\left(\right)$ and $Reveal\left(\right)$ to perform security analysis”. Furthermore, we use a “hash function $Hash$, and a PUF function $PUF$ as a random oracle”. We utilize Zipf’s law [43] to prove the SK security of PUF-PSS.

Theorem 1.

$Ad{v}_{MA}^{PUF-PSS}$ presents the “advantages of $MA$ in violating SK security for PUF-PSS”. Hence, we derive the following:

$$Ad{v}_{MA}^{PUF-PSS}\le \frac{q_h^2}{\left|Hash\right|}+\frac{q_P^2}{\left|PUF\right|}+2\{C·q_{send}^s,\frac{q_s}{2^{l_1}},\frac{q_s}{2^{l_2}}\}$$

$q_P$, $q_h$, $q_{send}$, and $Hash$ are “the range space of PUF $PUF(·)$, the range space of hash function $h(·)$, $Send(·)$ query, and the number of $Hash$ query”, respectively. In addition, $l_n$, s, $l_m$, and C are the Zipf’s credentials [43].

Proof. 

We introduce the five games $G{M}_i$ ($i\in [0,4]$). We present that $Ad{v}_{MA,G{M}_i}^{PUF-PSS}$ is the “probability of $MA$ winning the $G{M}_i$”. □

Game$G{M}_0$: “$G{M}_0$ is considered as an actual attack executed by $MA$ in PUF-PSS. The bit c is randomly selected prior to the beginning of $G{M}_0$”. Based on $G{M}_0$, the result is as follows:

$$Ad{v}_{MA}^{PUF-PSS}=|2·Ad{v}_{MA,G{M}_0}^{PUF-PSS}-1|$$

(1)

Game$G{M}_1$: “$G{M}_1$ presents that $MA$ executes an eavesdropping attack using $Execute\left(\right)$ query. $MA$ perform $Test\left(\right)$ and $Reveal\left(\right)$ queries to reveal $SK$. The output of the $Test\left(\right)$ and $Reveal\left(\right)$ queries decide if $MA$ gets the secret credentials and $SK=h\left(r_1\right|\left|r_2\right|\left|R_j\right)$. To reveal $SK$, $MA$ needs the PUF value $R_j$ and random nonces $\{r_1,r_2\}$. Thus, $MA$’s probability of winning $G{M}_1$ by eavesdropping on the exchanged messages does not increase”. Based on $G{M}_1$, the result is as presented below:

$$Ad{v}_{MA,G{M}_1}^{PUF-PSS}=Ad{v}_{MA,G{M}_0}^{PUF-PSS}$$

(2)

Game$G{M}_2$: $G{M}_2$ is considered as the “passive/active attacks by using $Send\left(\right)$ and $Hash$ queries”. $MA$ can intercept the messages $\{TGI{D}_i,M_1,Aut{h}_u\}$, $\{TGI{D}_i,M_1,Aut{h}_u,TSI{D}_j{M}_2,Aut{h}_{SD}\}$, $\{Aut{h}_{TM-SD},Aut{h}_{M-U},M_3\}$, and $\{TSI{D}_j,Aut{h}_{SD-U},Aut{h}_{TM-U},M_4\}$ during the AKA process. All of the messages are not compromised by $MA$ since it is protected by using $h(·)$ with the random nonces $r_1$ and $r_2$. Based on the birthday paradox [44], the $G{M}_2$’s result is as follows:

$$|Ad{v}_{MA,G{M}_2}^{PUF-PSS}-Ad{v}_{MA,G{M}_1}^{PUF-PSS}|\le \frac{q_h^2}{2\left|Hash\right|}$$

(3)

Game$G{M}_3$: $G{M}_3$ is an “extended game to $G{M}_2$ which the simulation of PUF query is included in this game”. By utilizing an analogous argument presented in $G{M}_2$, this game’s results is presented below:

$$|Ad{v}_{MA,G{M}_3}^{PUF-PSS}-Ad{v}_{MA,G{M}_2}^{PUF-PSS}|\le \frac{q_P^2}{2\left|PUF\right|}$$

(4)

Game$G{M}_4$: $G{M}_4$ is modeled on the simulation of the $CorruptMD\left(\right)$ and $CourruptSD\left(\right)$ qeries. $MA$ is able to extract the secret parameters $\{HI{D}_i^{*},X_i^{*},n_i^{*},{\beta }_i^{*},C_i\}$ in $MD$ memory by performing the differential power analysis. Note that $HI{D}_i^{*}=HI{D}_i\oplus h({\alpha }_i\left|\right|RP{W}_i\left|\right|X_i\left|\right|X_{G{D}_i})$, $X_i^{*}=X_i\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|X_{G{D}_i}\left|\right|RP{W}_i)$, $n_i^{*}=n_i\oplus h(I{D}_i\left|\right|{\alpha }_i\left|\right|P{W}_i)$, ${\beta }_i^{*}=\beta \oplus h(I{D}_i\left|\right|X_{G{D}_i}\left|\right|P{W}_i)$, and $C_i=h(HI{D}_i\left|\right|{\alpha }_i\left|\right|X_i\left|\right|X_{G{D}_i})$. In addition, $MA$ can obtain the secret credentials $\{C_j,N_j,M_j,D_j\}$ in $SD$ memory by performing physical capture attacks. Note that the PUF random challenge set $C_j$, $N_j=(HSI{D}_j\left|\right|b_j)\oplus h(X_{S{D}_j}\left|\right|SI{D}_j\left|\right|TSI{D}_j)$, $M_j=Z_j\oplus h(HSI{D}_j\left|\right|X_{S{D}_j}\left|\right|b_j)$, and $D_j={\delta }_j\oplus h(X_{S{D}_j}\left|\right|b_j\left|\right|HSI{D}_j)$. However, this game is computationally infeasible for $MA$ to compromise $P{W}_i$ over the $Send\left(\right)$ query without the $I{D}_i$, $n_i$, and ${\alpha }_i$. Moreover, $MA$ cannot distinguish the biometric and PUF value since the “probability of guessing the biometric credential of $l_1$ bits and the PUF secret value of $l_2$ by $MA$ is $\frac{1}{2^{l_1}}$ and $\frac{1}{2^{l_2}}$”. Consequently, $G{M}_3$ and $G{M}_4$ are “indistinguishable if the off-line biometric or password guessing attacks are not implemented”. The $G{M}_4$’s result is as follows:

$$|Ad{v}_{MA,G{M}_4}^{PUF-PSS}-Ad{v}_{MA,G{M}_3}^{PUF-PSS}|\le \{C·q_{send}^s,\frac{q_s}{2^{l_b}}\}$$

(5)

After $G{M}_0-G{M}_4$ are successfully executed, $MA$ tries to guess the “bit c to win the games by performing $Test\left(\right)$ query”. Hence, we obtain the following:

$$Ad{v}_{MA,G{M}_4}^{PUF-PSS}=\frac{1}{2}$$

(6)

Combining Formulas (1), (2) and (6), we obtain the following:

$$\begin{array}{cc}\hfill \frac{1}{2}Ad{v}_{MA}^{PUF-PSS}& =|Ad{v}_{MA,G{M}_0}^{PUF-PSS}-\frac{1}{2}|\hfill \\ \hfill & =|Ad{v}_{MA,G{M}_1}^{PUF-PSS}-\frac{1}{2}|\hfill \\ \hfill & =|Ad{v}_{MA,G{M}_1}^{PUF-PSS}-Ad{v}_{MA,G{M}_4}^{PUF-PSS}|\hfill \end{array}$$

(7)

Based on the “triangular inequality with the Formulas (3)–(5) and (7)”, we obtain the following:

$$\begin{array}{cc}\hfill \frac{1}{2}Ad{v}_{MA}^{PUF-PSS}& =|Ad{v}_{MA,G{M}_1}^{PUF-PSS}-Ad{v}_{MA,G{M}_4}^{PUF-PSS}|\hfill \\ \hfill & \le |Ad{v}_{MA,G{M}_1}^{PUF-PSS}-Ad{v}_{MA,G{M}_3}^{PUF-PSS}|\hfill \\ \hfill & +|Ad{v}_{MA,G{M}_3}^{PUF-PSS}-Ad{v}_{MA,G{M}_4}^{PUF-PSS}|\hfill \\ \hfill & \le |Ad{v}_{MA,G{M}_1}^{PUF-PSS}-Ad{v}_{MA,G{M}_2}^{PUF-PSS}|\hfill \\ \hfill & +|Ad{v}_{MA,G{M}_2}^{PUF-PSS}-Ad{v}_{MA,G{M}_3}^{PUF-PSS}|\hfill \\ \hfill & +|Ad{v}_{MA,G{M}_3}^{PUF-PSS}-Ad{v}_{MA,G{M}_4}^{PUF-PSS}|\hfill \\ \hfill & \le \frac{q_h^2}{2\left|Hash\right|}+\frac{q_P^2}{2\left|PUF\right|}+\{C·q_{send}^s,\frac{q_s}{2^{l_1}},\frac{q_s}{2^{l_2}}\}.\hfill \end{array}$$

(8)

Finally, by multiplying both sides of Equation (8) by a factor of 2, we obtain the following: $Ad{v}_{MA}^{PUF-PSS}\le \frac{q_h^2}{\left|Hash\right|}+\frac{q_P^2}{\left|PUF\right|}+2\{C·q_{send}^s,\frac{q_s}{2^{l_1}},\frac{q_s}{2^{l_2}}\}$

5.4. Formal Security Analysis Using AVISPA Simulation

AVISPA is a “formal security verification simulation that demonstrates whether the cryptographic protocol is resilient against various security threats such as MITM and replay attacks. AVISPA simulation is implemented by utilizing High-Level Protocol Specification Language (HLPSL) [45] to generate input format (IF) of the backends such as On-the-Fly Model Checker (OFMC), Constraint Logic-based Attack Searcher (CL-AtSE), Tree Automata based on Automatic Approximations for Analysis of Security Protocol (TA4SP), and SAT-based Model Checker (SATMC)”.

To evaluate the security of PUF-PSS, we first “express utilizing a rule-oriented HLPSL. The various specification roles for the $U/GW$, $SD$, and S, and for the mandatory roles for the sessions, environments and security goals are implemented in HLPSL for PUF-PSS. Since XOR operation is not provided for the SATMC and TA4SP backends, AVISPA implementation results for these backends are not included”.

Under the HLPSL, we simulated “PUF-PSS using the Security Protocol ANimator (SPAN) [46] for AVISPA. The simulation result for $MA$ utilizing SPAN is shown in Figure 2. Furthermore, the implementation results by performing CL-AtSe and OFMC back-ends are as shown in Figure 3”. Consequently, we demonstrate that PUF-PSS is resistant to the cyber security attacks.

6. Test Bed Experiments using MIRACL

We present the test bed experiments to estimate the computational time required for essential cryptographic operations utilized in PUF-PSS and previous schemes using the broadly utilized MIRACL [9]. In the following, we utilize two scenarios to estimate the computational time of the cryptographic operations. We denote “$T_{bp}$, $T_{ecpm}$, $T_h$, and $T_{sed}$ to estimate the execution times (in milliseconds) required for a bilinear pairing, an elliptic curve scalar point multiplication, a hash function (for example, Secure Hash Algorithm (SHA-256) [47]), and a symmetric key encryption/decryption (for example, Advanced Encryption Standard (AES) [48])”, respectively.

• Scenario I. In this case, we have modeled a desktop server setting as follows: “Model: Desktop, CPU Architecture: 64 bits, Processor: Intel Core i5-10400 @2.90 GHz, Six-core, OS: Ubuntu 18.04.4 LTS with 16 GB memory. Each primitive has run for 10,000 times. The maximum and minimum time in milliseconds are observed for each primitive. At the same, the average time (in milliseconds) is also measured out of these 100 runs”. The experimental results under sever setting are tabulated in

  Table 4. Execution time for a server.

  Operation	Max. Time (ms)	Min. Time (ms)	Average Time (ms)
  $T_{bp}$	5.157	2.940	3.002
  $T_{ecpm}$	2.737	0.472	0.522
  $T_h$	0.149	0.024	0.055
  $T_{sed}$	0.002	0.001	0.001

  .

• Scenario II. In this case, we have modeled a “Raspberry PI setting as follows: Model: Raspberry PI 4B (2019), CPU Architecture: 64 bit, Processor: 1.5 GHz Quad-core, OS: Ubuntu 20.04.2 LTS with 8 GB memory. Similar to Scenario I, each primitive has also run for 10,000 times and then measured the average, minimum and maximum time in milliseconds for the primitives”. The experimental results based on a Raspberry PI 4 are presented in

  Table 5. Execution time for a Raspberry PI 4.

  Operation	Max. Time (ms)	Min. Time (ms)	Average Time (ms)
  $T_{bp}$	18.722	18.132	18.294
  $T_{ecpm}$	2.920	2.766	2.848
  $T_h$	0.643	0.274	0.309
  $T_{sed}$	0.021	0.011	0.012

  .

7. Comparative Analysis

We demonstrate the comparative analysis for the performance of PUF-PSS with previous AKA schemes for TMIS [20,21,22] with regard to “communication costs”, “computation costs”, and “security properties”.

7.1. Communication Costs

This section evaluates the communication cost comparison analysis of our AKA scheme and the related schemes [20,21,22]. According to [27], we assume that the lengths (bits) for the “timestamp, identity, random nonce, hash function, and ECC are 32, 128, 128, 256, and 320 bits”, respectively. During the AKA process of PUF-PSS, the transmitted messages “$\{TGI{D}_i,M_1,Aut{h}_u\}$, $\{TGI{D}_i,M_1,Aut{h}_u,TSI{D}_j,M_2,Aut{h}_{SD}\}$, $\{Aut{h}_{TM-S},Aut{h}_{TM-U},M_3\}$, and $\{TSI{D}_j,Aut{h}_{SD-U},Aut{h}_{TM-U},M_4\}$ require (128 + 256 + 256 = 640 bits), (128 + 256 + 256 + 128 + 256 + 256 = 1,280 bits), (256 + 256 + 256 = 768 bits), and (128 + 256 + 256 + 256 = 896 bits)”, respectively. We show the analysis result for communication overhead comparison in Figure 4 and

Table 6. A communication cost summary.

Scheme	1st Message	2nd Message	3rd Message	4th Message	Total Costs
Sharma and Karla [20]	928 bits	1472 bits	1056 bits	832 bits	4288 bits
Wazid et al. [21]	672 bits	672 bits	800 bits	1088 bits	3232 bits
Zhou et al. [22]	1152 bits	2304 bits	1536 bits	768 bits	4760 bits
Our scheme	640 bits	1280 bits	768 bits	896 bits	3584 bits

. Although PUF-PSS has a somewhat greater communication overhead than Wazid et al.’s scheme [21], it offers more efficient communication costs compared with the existing related schemes [20,21,22]. Therefore, PUF-PSS is suitable for IoMT-based TMIS environments.

7.2. Computation Costs

We perform the computation cost comparison analysis of PUF-PSS with the existing schemes [20,21,22] during the AKA process. We use the “test-bed experimental results for a server setting and the Raspberry PI 4 setting, which are measured for the execution time needed for various cryptographic operations in Section 6”. We utilize the “experimental results for the average execution time needed for cryptographic operations under S environment is considered with a server setting (as shown in Table 4)”. In this scenario, we have presented “$T_{bp}\approx 3.002$ ms, $T_{ecpm}\approx 0.522$ ms, $T_h\approx 0.055$ ms and $T_{sed}\approx 0.001$ ms”. On the other side, we have used the “experimental results for the average execution time needed for cryptographic operations under $M{U}_i$ or $S{D}_j$ environment with a Raspberry PI 4 setting (as shown in Table 5)”. Under this scenario, we have presented “$T_{bp}\approx 18.294$ ms, $T_{ecpm}\approx 2.848$ ms, $T_h\approx 0.309$ ms and $T_{sed}\approx 0.012$ ms”. Finally, we show the performance results for the computation overhead comparison in Figure 5 and

Table 7. A computation cost summary.

Scheme	User	Sensing Device	TMIS Server	Total Costs
Sharma and Karla [20]	$11T_h\approx 3.399$ ms	$7T_h\approx 2.163$ ms	$12T_h\approx 0.66$ ms	$30T_h\approx 6.222$ ms
Wazid et al. [21]	$9T_h\approx 2.781$ ms	$12T_h\approx 3.708$ ms	$7T_h\approx 0.385$ ms	$28T_h\approx 6.874$ ms
Zhou et al. [22]	$10T_h\approx 3.09$ ms	$7T_h\approx 2.163$ ms	$15T_h\approx 0.825$ ms	$32T_h\approx 6.078$ ms
Our scheme	$12T_h\approx 3.708$ ms	$9T_h\approx 2.781$ ms	$9T_h\approx 0.495$ ms	$30T_h\approx 6.984$ ms

. PUF-PSS better offers the necessary security requirements and features, and also provides a similar computational costs compared with previous schemes [20,21,22]. Hence, PUF-PSS is applicable for IoMT-based TMIS.

7.3. Security Properties

We perform the security functionalities comparison analysis of PUF-PSS with the existing related schemes [20,21,22]. Referring to

Table 8. A comparative summary: security properties.

Properties	Sharma and Karla [20]	Wazid et al. [21]	Zhou et al. [22]	Ours
SPN1	√	√	√	√
SPN2	√	√	√	√
SPN3	×	√	√	√
SPN4	√	×	×	√
SPN5	√	√	√	√
SPN6	√	√	√	√
SPN7	√	√	√	√
SPN8	×	√	√	√
SPN9	√	×	×	√
SPN10	√	√	√	√
SPN11	√	√	√	√
SPN12	×	×	√	√
SPN13	×	×	×	√

SPN1: “Mobile device stolen attack”; SPN2: “Impersonation attack”; SPN3: “Stolen verifier attack”; SPN4: “Off-line password guessing attack”; SPN5: “Session key disclosure attack”; SPN6: “Replay attack”; SPN7: “MITM attack”; SPN8: “Physical capture attack”; SPN9: “Privileged insider attack”; SPN10: “Perfect forward secrecy”; SPN11: “Mutual authentication”; SPN12: “User anonymity”; SPN13: “Formal (mathematical) analysis”.

, the related schemes are fragile to potential security threats and cannot withstand anonymity and mutual authentication. In contrast, we prove that PUF-PSS is resilient against potential security threats, and guarantees anonymity and authentication. Consequently, PUF-PSS provides many essential security properties compared with the existing related schemes [20,21,22].

8. Conclusions and Future Works

We prove that the previous AKA schemes for IoMT-based TMIS suffer from potential security- and privacy-related issues because they are fragile to passive/active security threats, such as impersonation, physical capture, and stolen verifier attacks. We design a physically secure privacy-preserving scheme using PUF for IoMT-based TMIS to improve the security flaws of the previous AKA scheme. We demonstrate that PUF-PSS prevents potential security attacks and provides the essential security properties. We then show that PUF-PSS is secure against various security threats by using well-known formal security analysesm such as AVISPA implementation and the ROR oracle model. Furthermore, we present the test bed experiments of our AKA scheme on the MIRACL-based Raspberry PI 4. Furthermore, PUF-PSS ensures efficient computational and communication costs and also offers superior security functionality compared with previous schemes. Consequently, PUF-PSS is suitable for IoMT-based TMIS because it is more secure compared with previous schemes for IoMT-based TMIS.

In future works, we have planned to develop a new architecture and protocol using blockchain technology to integrate PUF-PSS into a more complete IoMT-enabled TMIS.