Multifactor authentication scheme using physically unclonable functions

We propose a secure telehealth system using multifactor authentication for the mobile devices as well as the IoT edge devices in the system. These two types of devices constitute the weakest link in telehealth systems. The mobile devices and edge devices are typically unsecured and contain vulnerable processors. The mobile devices use the healthcare professional's biometric and endowing the edge device with biometrics is accomplished by using physically unclonable functions (PUFs). The embedded PUF acts as a means of enabling mutual authentication and key exchange. Evaluating the security of the proposed authentication scheme is conducted using three approaches: (a) formal analysis based on Burrows-Abadi-Needham logic (BAN); (b) informal security analysis for protection against many attack types.; (c) model checking using automated validation of internet security protocols and applications (AVISPA) tool. (C) 2020 Elsevier B.V. All rights reserved.

Automated summary

A secure telehealth system is proposed, utilizing multifactor authentication to protect mobile devices and IoT edge devices. The system uses healthcare professional's biometrics and physically unclonable functions (PUFs) for the edge devices. Security evaluation is conducted through formal and informal analysis, as well as model checking using AVISPA tool.