A decentralized framework for device authentication and data security in the next generation internet of medical things

Abstract

Internet of Things (IoT) applications have gained a huge momentum and have spanned across all domains adding innovations to the prevailing solutions. The IoT networks generate enormous data comprising meteorological information, patient critical body parameters, finance, logistics, location of a tracking object, etc. Security for sensitive data,such as patient body critical parameters from an attached monitoring device, streaming over IoT networks is vital and is a need of the hour. Data integrity and user (or device) authentication are crucial for building a trust-worthy communication network among the peers in IoT networks. Most networks still employ specific software encryption algorithms that provide considerable data security. But quantum computing has proved the vulnerability of computationally vigorous cryptographic algorithms. A decentralized and scalable framework for device authentication and data security is proposed in this paper based on blockchain platform and Physical Unclonable Functions (PUFs). An authentication protocol is developed using PUF-based cryptographic primitives. The PUF-based keys are hard to replicate and almost impossible to predict because of the randomness in the physical design and complex mathematical modeling of the system. Lightweight Smart contracts are used to facilitate role-based access control. Data privacy is preserved by storing the sensitive data off-chain. As a proof of concept, an IoT-based healthcare system based on Ethereum permissioned blockchain is developed using the proposed framework. The​ designed PUF exhibits 48.46% uniqueness and 2.38% reliability. A comparative analysis with existing similar models shows that the proposed approach is feasible and provides a scalable solution for device authentication and data security in resource-limited medical IoT networks.