Lightweight fog computing-based authentication protocols using physically unclonable functions for internet of medical things

https://doi.org/10.1016/j.jisa.2021.102817Get rights and content

Highlights

  • This paper develops a lightweight authentication scheme using PUFs for IoMT.

  • Our scheme is suitable for the fog computing model with cooperative D2D communication support.

  • In our scheme, the sensors do not have to keep secret keys.

  • Our scheme provides more security functions than related schemes.

  • Our scheme has a lower computational cost than related schemes.

Abstract

The Internet of Medical Things (IoMT) is a network of connections between a medical information system and medical equipment. Fog computing for IoMT is a model for extending cloud computing and medical services to the edge of the network, but the conventional fog computing model does not support some necessary features, such as device-to-device (D2D) communications for the effective exchange of data and processing thereof between devices in the IoMT. This investigation develops a secure authentication scheme for the fog computing model with cooperative D2D communication support. Since the power and resources of the medical sensors are limited, the proposed protocols use lightweight cryptographic operations, including a one-way cryptographic hash function, the Barrel Shifter Physically Unclonable Function (BS-PUF), to ensure the security of the sensors and fog nodes and to avoid a computational burden on devices. The proposed protocols not only resist possible attacks and provide more security than related schemes, but also are more efficient.

Introduction

Cloud computing is relatively mature and has several applications, including the Internet of Things (IoT). The Internet of Medical Thing (IoMT) is the primary IoT-related application, supporting various services for the healthcare industry, such as Radio Frequency Identification (RFID), and wearable medical devices. IoMT devices are designed to collect data (such as a patient's physiological data, including blood pressure, brain activity, and others) and to transmit them to the processing center (such as the cloud) for storage, processing, and analysis. However, medical devices are exposed to various security risks, such as eavesdropping, hijacking, denial of service, tampering messages, device cloning, and others [24]. IoMT devices have particular limitations, such as low battery capacity, low memory, and low processing power, which markedly affect their interoperability and security [10]. The bulk of the related processing is carried out at a remote data center site that may be physically located in another country, causing some problems [1], such as those described below.

  • Limited connectivity

In a cloud computing model, all data and requests are transmitted to, and processed by, the cloud server, which is the central server for the network. However, as the number of IoT devices increases, the amount of data to be transmitted, processed and stored increases. IoT devices typically have limited networking and computing capacity and are not designed for mobile devices. Therefore, delivering associated services continuously and reliably in a constrained network environment is difficult, and requires a lot of effort to maintain.

  • Geographical restriction

IoT applications can be geographically distributed such as in vehicular ad hoc networks (VANETs), smart grids, and medical equipment at home or on the go. The distance between sensor devices and remote cloud servers affects latency and consequently the quality of service that the cloud provides.

  • Real-time sensor applications

Cloud servers are typically deployed in a static location, but IoT devices often have high mobility to enable environmental monitoring and smart data transport of data across multiple devices. Therefore, maintaining the instantaneity of data between the server and IoT devices has become an important issue for cloud computing.

Fog computing has been proposed to mitigate the disadvantages of cloud computing [3,23,25]. In such a paradigm shown in Fig. 1, it is deployed at the edge of the network, geographically close to sensor devices [12,17]. Fog nodes provide network context information, including client status information or local network condition, fog nodes supporting context-aware optimization by the use of fog applications. Patients and elderly people who are lonely at home can thus monitor medical data to prevent the sudden onset of diseases and accidents. The medical system also needs to be able to make an immediate response to the emergency of patients. Accordingly, to develop a medical authentication scheme by using fog computing is feasible [11].

Many problems associated with fog computing have not yet been addressed. These include security and performance issues [5,16,24]. The authentication of a large number of sensors may substantially increase the burden of fog nodes. Some tiny sensors are associated with challenges that arise in their limited resources, which may limit the quality of service (QoS) that they provide in the IoMT. Unlike a centralized cloud computing (CCS) system, fog devices are typically deployed in environments with insufficient security measures so sensors and fog nodes may easily attack. For example, transmitted data can be eavesdropped upon, modified, and replayed between devices and devices, devices and fog nodes, and fog nodes and cloud servers. Such attacks may lead to the leakage of a user's private information concerning their identity, location, health status, and medical records, for example.

The emerging fifth-generation wireless communication (5G) system can support multimedia interactive, autopilot, vehicle connectivity, and other applications. Some small base stations (BS) are located in various areas to improve connectivity and communication link quality in fog computing and 5G. In 2009, Osseiran et al. [18] proposed the use of D2D communication to enhance network performance by allowing devices to communicate directly with their destinations instead of using a BS or access point (AP). D2D communication enables nearby devices to help each other in providing services more effectively.

Various communicating protocols have been recently developed to solve the aforementioned problems of fog computing. For example, in 2018, Shen et al. [22] presented a lightweight authentication and matrix-based key agreement scheme, which was based mainly on the elliptic curve. They combined the features of fog computing with authentication and key agreement to ensure the security of transmitted health data. However, the PUF can be calculated more efficiently than the elliptic curve. In 2018, Jia et al. [13] presented a key agreement scheme for a fog-driven IoT healthcare system that was based on bilinear pairing. Only a fraction of authentication schemes fit this fog architecture, especially when privacy is required. Chen et al. [2] showed that the AKE scheme of Jia et al. [13] is vulnerable to an ephemeral secret leakage attack. In 2019, Gope [5] introduced a novel privacy-preserving security architecture for the D2D-Aided fog computing model that can verify the end-user devices without involving a centralized server. The proposed scheme used lightweight cryptographic operations, including the one-way hash function and exclusive-OR operations, to support security. However, when the pseudo-identity of edge devices is running out, those devices must again be registered with a centralized cloud server. In 2018, Simone et al. [20] presented an identity-based anonymous key agreement protocol for fog computing was based on Elliptic Curve Qu-Vanstone certificates. Simone et al. [20] did not consider scenarios of D2D-Aided fog computing.

To overcome the aforementioned shortcomings, this article proposes a lightweight authentication scheme that is based on fog computing and involves four security protocols that correspond to the four scenarios of D2D-Aided fog computing. The proposed scheme uses lightweight cryptographic operations, including the one-way cryptographic hash function and the Barrel Shifter Physically Unclonable Function (BS-PUF), to provide security in each device, and efficiently realizes the mutual authentication of devices in D2D-Aided fog computing. The proposed scheme not only resists possible attacks and provides greater security properties than other schemes but also is more efficient.

The rest of the paper is organized as follows. Section 2 introduces D2D-Aided fog computing and BS-PUF. Section 3 introduces the proposed security architecture and lightweight authentication scheme. Section 4 analyzes the security and performance of the proposed scheme. Finally, Section 5 draws conclusions.

Section snippets

Related work

This section describes the method and architecture that are used in this investigation. The first subsection describes BS-PUF. The second subsection reviews in greater detail the security architecture of the D2D-assisted fog computing paradigm that was proposed by Gope [5].

Lightweight authentication scheme for D2D-Aided fog computing paradigm

This section first presents the proposed security architecture that is shown in Fig. 3. It is based on Gope's [5] security architecture but uses different approaches to hit its security goals. The proposed security architecture considers additional scenarios for D2D-Aided fog computing in the realm of mutual authentication. Second, this section provides the notation that will be used in the rest of this paper. Finally, the four security protocols of the proposed authentication scheme for the

Security and performance analysis

This section analyzes the security and performance of the proposed scheme and compares them with those of other schemes.

Conclusions

This investigation considers various scenarios in D2D-Aided fog computing and develops a lightweight authentication scheme that is based on BS-PUF. The proposed scheme involves four authentication protocols, which are the initial authentication protocol for D2D-Aided fog computing (SFC), Authentication protocol for Sensors in D2D-Aided fog computing (SFS) , Authentication protocol with the cooperation of fog servers in D2D-Aided fog computing (SFF), Authentication protocol with two sensors of

Declaration of Competing Interest

None.

Acknowledgements

This work was supported by the Ministry of Science and Technology of the Republic of China, Taiwan, under Contract No. MOST 109-2221-E-320-003 and by Tzu Chi University, under Contract No. TCRPP109001. Ted Knoy is appreciated for his editorial assistance.

Reference (25)

  • Y. Chen et al.

    A novel mutual authentication scheme based on quadratic residues for RFID systems

    Computer Networks

    (2008)
  • P. Gope

    LAAP: Lightweight anonymous authentication protocol for D2D-Aided fog computing paradigm

    computers & security

    (2019)
  • A.S. Patil et al.

    Efficient privacy-preserving authentication protocol using PUFs with blockchain smart contracts

    Computers & Security

    (2020)
  • F. Bonomi et al.

    Fog computing: A platform for internet of things and analytics

    Big data and internet of things: A roadmap for smart environments

    (2014)
  • C.M. Chen et al.

    A secure authenticated and key exchange scheme for fog computing

    Enterprise Information Systems

    (2020)
  • S.L. Chen et al.

    VLSI implementation of an ultra-low-cost and low-power image compressor for wireless camera networks

    Journal of Real-Time Image Processing

    (2018)
  • P. Gope et al.

    An efficient privacy-preserving authenticated key agreement scheme for edge-assisted internet of drones

    IEEE Transactions on Vehicular Technology

    (2020)
  • P. Gope et al.

    Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks

    IEEE transactions on industrial informatics

    (2019)
  • P. Gope et al.

    A secure IoT-based modern healthcare system with fault-tolerant decision making process

    IEEE Journal of Biomedical and Health Informatics

    (2020)
  • Y. Guo et al.

    Barrel Shifter Physical Unclonable Function Based Encryption

    Cryptography

    (2018)
  • G. Hatzivasilis et al.

    Review of security and privacy for the Internet of Medical Things (IoMT)

  • C.H. Hsia et al.

    Finger-vein recognition based on parametric-oriented corrections.

    Multimedia Tools and Applications

    (2017)
  • Cited by (19)

    • A designated tester-based certificateless public key encryption with conjunctive keyword search for cloud-based MIoT in dynamic multi-user environment

      2023, Journal of Information Security and Applications
      Citation Excerpt :

      They also employ linked devices, sensors, and mobile phones to authenticate users, track usage, and manage the data. The MIoT is a unique health care IoT application [9,10]. First, the medical monitoring centre records human physiological real-time data such as heartbeat, blood pressure, and temperature.

    • A survey on silicon PUFs

      2022, Journal of Systems Architecture
      Citation Excerpt :

      Wang et al. [98] proposed a lightweight and reliable authentication protocol for wireless medical sensor networks, that is composed of cutting-edge blockchain technology and a PUF. Also, Lee and Chen [99] used a one-way cryptographic hash function and BS-PUF to ensure lightweight authentication between IoMT sensors and fog devices. Gope et al. [100] introduced a new lightweight anonymous authentication protocol for IoMT that is resilient against machine learning attacks on PUFs.

    • A decentralized strongly secure attribute-based encryption and authentication scheme for distributed Internet of Mobile Things

      2021, Computer Networks
      Citation Excerpt :

      Finally, the conclusion of this paper is shown in Section 6. In recent years, some works [34–38] build the entity authentication protocol for the mobile networks, IoT devices and vehicular networks by using the identity-based signature (IBS) [39–41]. To solve the key escrow problem in traditional IBS, some works construct the certificateless IBS [42,43] for entity authenticating.

    • FogSec: A secure and effective mutual authentication scheme for fog computing

      2024, Concurrency and Computation: Practice and Experience
    • An Efficient and Secure Mechanism for Ubiquitous Sustainable Computing System

      2024, IFIP Advances in Information and Communication Technology
    View all citing articles on Scopus
    View full text