PUF-based Lightweight Mutual Authentication Protocol for Internet of Things (IoT) Devices

The Internet of Things(IoT) can transfer data between the sensor node and the cloud server with the Internet's help for various automated tasks like remote monitoring and controlling. IoT has various applications in different sections, including healthcare, also called the Internet of Medical Things(IoMT). IoT used in healthcare applications can collect patient's biomedical data through medical sensors, which is sent to the cloud server with the help of the Internet. IoT/IoMT systems are having serious challenging concerns such as data security and IoT device's security. Hence, this paper proposes a Physically Unclonable Function(PUF) based lightweight mutual authentication and key agreement protocol for IoT/IoMT devices. A lightweight AEAD cipher, ASCON, and a PUF are used for mutual authentication and key agreement between the IoT/IoMT device and the server. The agreed key is used for encrypting the sensor node data using ASCON cipher. The protocol is implemented in Artix-7 FPGA, and the formal verification is performed using the automated tool Proverif. The proposed protocol takes 912 bits of communication cost, which is 13% less compared to the best existing protocol. Further, the protocol requires a node storage cost of 128 bits, which is only 66% of the best existing protocol.