PAAF-SHS: PUF and authenticated encryption based authentication framework for the IoT-enabled smart healthcare system

The Internet of Things (IoT) is increasingly becoming a fundamental component of our everyday existence with the swift advancement in communication technology. Critical infrastructures, smart city monitoring, and smart healthcare systems (SHS) all make significant use of IoT-enabled devices. Nevertheless, the computing power of IoT devices utilized in SHS is constrained. These IoT devices gather sensitive patient data and send it to a medical server. Doctors use IoT-enabled devices to retrieve patient data that has been stored on the medical server using a public communication channel that is susceptible to different types of security attacks. In order to provide information security for IoT-enabled devices with limited resources, the NIST has developed an array of authenticated encryption algorithms. When compared to conventional security techniques, these authenticated encryption algorithms offer computational efficiency. The existing authentication schemes are developed by computationally expensive symmetric and asymmetric encryption schemes and are vulnerable to privileged insider and medical server key compromise attacks. Therefore, this paper introduces a physical unclonable function (PUF) and authenticated encryption (GIFT-COFB)-based authentication framework for IoT-enabled SHS, called PAAF-SHS. PAAF-SHS ensures secure encrypted communication between users and medical servers following mutual authentication. The PUF is incorporated within the medical server and the IoT-enabled device to improve resistance against insider attackers and potential compromises to the medical server key attack. Even in the case of a potential medical server key compromise attack, PAAF-SHS ensures that user-medical server communication remains confidential. The implementation of BAN logic ensures the logical exactitude of PAAF-SHS. Informal security analysis is conducted to validate PAAF-SHS's resilience against impersonation, replay, and denial-of-service attacks. Security validation using Scyther is performed to illustrate the robustness of PAAF-SHS. Finally, performance evaluations demonstrate that the proposed PAAF-SHS achieves a significant reduction in computational and communication costs while enhancing security features.