An enhanced three-factor based authentication and key agreement protocol using PUF in IoMT

With the rapid development of Internet of Things (IoT) technology, Internet of Medical Things (IoMT) plays a huge important role in improving the quality of healthcare services. By using IoMT, doctors are able to remotely monitor real-time physiological information of patients automatically, thereby alleviating their burden. This approach is not only considered more efficient and cost-effective, but also provides support from medical experts for emergency treatment of patients. However, as these health data contain sensitive information related to patient privacy, any leakage or malicious tampering of information can lead to incorrect diagnosis by doctors, seriously endangering patient health. Therefore, ensuring the security of patients' health data has become particularly important. In 2023, Kim et al. proposed an improved lightweight user authentication protocol for IoMT. Unfortunately, we found that this protocol is vulnerable to security threats such as user device capture attacks, man-in-the-middle attacks. In response to the above security problems, we propose an enhanced three-factor based authentication and key agreement protocol. The protocol enhances security by utilizing both strong physical unclonable functions (PUF) and weak PUF. In terms of protocol security, we verify its properties using Real-or-Random (ROR) model, informal analysis, and AVISPA tool. Finally, this paper is compared with seven other protocols. We analyzed the security, computational cost, and communication cost of each scheme. The results show that our protocol has low computational and communication costs while ensuring security.