With the recent use of IoT in the field of healthcare, a lot of patient data is being transmitted and made available online. This necessitates sufficient security measures to be put in place to prevent the possibilities of cyberattacks. In this regard, several authentication techniques have been designed in recent times to mitigate these challenges, but the physical security of the healthcare IoT devices against node tampering and node replacement attacks, in particular, is not addressed sufficiently in the literature. To address these challenges, a two-way two-stage authentication protocol using hardware security primitives called Physical Unclonable Functions (PUFs) is presented in this paper. Considering the memory and energy constraints of healthcare IoT devices, this protocol is made very lightweight. A formal security evaluation of this protocol is done to prove its validity. We also compare it with relevant protocols in the healthcare IoT scenario in terms of computation time and security to show its suitability and robustness.

中文翻译：

---

HARCI：用于三个实体医疗保健物联网网络的双向身份验证协议

随着最近物联网在医疗保健领域的使用，大量患者数据正在传输并在线提供。这需要采取足够的安全措施来防止网络攻击的可能性。在这方面，最近设计了几种身份验证技术来缓解这些挑战，但特别是医疗物联网设备针对节点篡改和节点替换攻击的物理安全性，在文献中并未得到充分解决。为了应对这些挑战，本文提出了一种使用称为物理不可克隆功能 (PUF) 的硬件安全原语的双向两阶段身份验证协议。考虑到医疗物联网设备的内存和能源限制，该协议非常轻量级。对该协议进行正式的安全评估以证明其有效性。我们还在计算时间和安全性方面将其与医疗物联网场景中的相关协议进行了比较，以显示其适用性和稳健性。