Abstract
The Internet of Medical Things (IoMT) is a network of medical devices, hardware infrastructure, and software that allows healthcare information technology to be communicated over the web. The IoMT sensors communicate medical data to server for the quick diagnosis. As, it handles private and confidential information of a user, security is the primary objective. The existing IoT authentication schemes either using two-factor(Username, password) or multi-factor (username, password, biometric) to authenticate a user. Typically the structural characteristics-based biometric trait like Face, Iris, Palm print or finger print is used as a additional factor. There are chances that these biometrics can be fabricated. Thus, these structural biometrics based authentication schemes are fail to provide privacy, security, authenticity, and integrity. The biodynamic-based bioacoustics signals are gained attention in the era of human-computer interactions to authenticate a user as it is a unique feature to each user. So, we use a frequency domain based bio-acoustics as a biometric input. Thus, this work propose a Secure Lightweight Bioacoustics based User Authentication Scheme using fuzzy embedder for the Internet of Medical Things applications. Also, the IoT sensors tends to join and leave the network dynamically, the proposed scheme adopts chinese remainder technique for generate a group secret key to protect the network from the attacks of former sensor nodes. The proposed scheme’s security is validated using the formal verification tool AVISPA(Automated Validation of Internet Security Protocols and Applications). The system’s performance is measured by comparing the proposed scheme to existing systems in terms of security features, computation and communication costs. It demonstrates that the proposed system outperforms existing systems.
Keywords
Introduction
The development of the Internet and technologies causes people to access countless numbers of services via the Internet. People utilized their electric gadgets like notebooks, tablets, and mobiles to contact the remote server and access various information. The remote access concept implemented in health industries and most countries concentrates on telemedicine and e-health services to provide the easy and high availability of medical services [1]. The e-health services include the eCW health care portal [2] (eClinical Works, Georgia), Manage MyHealth [3] (NewZealand), Boynton Health [4](Minnesota University), and National Health Portal [5] (Government of India). The low-cost internet services cause most people to access health services remotely. Rapid development of new innovative technology in e-healthcare services, people access several healthcare assistance via the Internet that reduce the physical contact time and complexities [6]. This IoMT network requires a stronger security infrastructure than the other domains like Industrial IOT, Vehicular Adhoc NETworks [7], Mobile Ad-hoc NETworks [8] and others.Due to the impact of Covid-19, various self-medical devices available in the market such as insulin pumps, cardiac monitoring devices, blood pressure monitors, blood glucose monitors, respiratory devices, multipara meter monitors, Imaging systems, anesthesia machines, patient monitoring, neurological devices, implantable cardioverter defibrillators, fetal monitoring devices, ventilators, infusion pump, implantable cardiac monitors which are continuously monitoring patient health. The digital data from the sensor are stored as an Electronic Health Records(EHR) and transferred to the third-party medical server for the clinical analysis[9]. These remote sensors are reduce the unnecessary hospital visit, hospital stays, and overload hospital capacity.
The IoMT has become an emerging field in the domain of IoT nowadays. As per the report of Precedence Research, global healthcare market size is projected to reach around USD 960.2 billion by 2030 with a compound annual growth rate (CAGR) of 20.41% during the forecast period 2022 to 2030. The Remote Patient Monitoring(RPM) system is the primary application of IoMT. As in the RPM application layered architecture shown in Fig. 1, the perception layer sensors with the patient body monitors the change in a remote patient body signal and sends to the medical server via the Gateway Node. The data is shared using the wireless networks like bluetooth or Wi-Fi. As the data transferred are private, personal and sensitive in nature, it is important to secure the communication from the venerable attacks and store safely [10]. The key challenge for the medical IoT market is to establish the Secure wireless connectivity between the remote patient and the doctor in the RPM system. The mutual authentication schemes are helping to address this challenge [53].

IoMT RPM application Layered Architecture.
Initially, the two factor authentication schemes are proposed to establish the secure session between the users. Various attacks are breaking these schemes and intrude the applications. To improve the security, additional factors are introduced in the authentication schemes like biometric, multimodal and multifactor. The majority of IoMT applications employ a two-factor or multi-factor authentication system based on structural characteristics-based (fingerprint, face recognition, iris recognition, or any other form of biometric trait) biometric authentication methods to resolve the privacy, authenticity, and integrity issues. However, these physical characteristics based biometrics can be manipulated.[11]. To address this research gap, researchers are proposing several biodynamic-based bioacoustics signal to authenticate a user in the era of human-computer interactions. These frequency-based bio-acoustic inputs as a lightweight signal to use in the IoMT environment. Bio-acoustics is the study of the production, dispersion, and reception of sound in human beings. The human body produces various bio-acoustic sounds like heart sounds, lung sounds, stomach sounds, ligament sounds, etc., It has been found that the bio-acoustic sounds are unique for each human being. Existing studies proved the classification accuracy of these bioacoustic signals using various machine learning and deep learning models [11]. The state-of-the-art protocols are proven to be vulnerable to various cyber threats. Even the most resource-efficient protocols have significant computation and communication overhead in an environment like the Internet of Things.
With this motivation, this work propose a secure authentication scheme with bio-acoustics input to authenticate a IoMT user and establish a secure session. Smartwatches can be used for sensing bio-acoustic sound vibrations with the help of the gyroscope and accelerometer sensor [12]. The users can register themselves with the help of smartwatches and the smartwatch can be used for authentication purposes as well. The Internet of Things(IoT) sensors are resource constrained and work on low-memory devices, which requires lightweight protocols. We propose a novel lightweight bio-acoustic based authentication scheme with fuzzy embedder technique for securing the IoMT RPM applications. The security goals considered to propose this scheme are to provide a Strong security that the attacker cannot successfully impersonate, preserve the user anonymity and identity, resistivity against password guessing and dictionary attacks and maintain the key Freshness that protects temporary sensitive data from information leakage attacks.
Authentication is the process of identifying whether a user or a program or a request is genuine or malign. It is the process of validating the identity of a program or a registered user when they try to login or access a protected resource. Authentication is very important as it ensures that only authorized users or processes are allowed to access protected resources. The data or the attribute which is used for authenticating a user is called an authentication factor. Based on the authentication factor, the authentication technique can be classified as Two-factor authentication, Three-factor authentication, Multi-factor authentication, Multimodal authentication.
Two-factor authentication
In a two-factor authentication system, two authentication factors(smartcard and password/password and fingerprint) are used for authenticating the user. The most commonly used two-factor authentication scheme is the smartcard and password authentication. But if the smartcard gets compromised the system will become prone to various attacks. Comprehensive and systematic metrics are not available for schemes to be assessed objectively. Wang et al. [13] proposed a Fuzzy extractor along with honeywords to overcome the problem of systematic metrics by providing a benchmark for the evaluation of current and future two-factor authentication systems. But the storage cost is higher when compared to other models.
Advanced hacking techniques produce a severe threat to the traditional authentication system like pin/password/fingerprint. Zhang et al. [14] proposed a usable two-factor authentication called MagAuth along with COTS wrist wearables to increase the security and usability of password-based authentication systems in mobile touchscreen devices. A major defect of this system is that the accuracy will be low while swiping fast. Most of the systems require extra user effort for authentication which seriously affects user interaction and delays authentication time. To avoid this problem, Yetong Cao et al. [15] proposed a novel two-factor authentication for mobile called PPGpass which uses unique PPG features as one factor of authentication, that is used to increase the security of existing mobile authentication. But the quality of the signal from the PPG sensor is low and the measurement from the sensor varies with positioning.
To overcome that issue Qingxuan Wang et al. [16] proposed Quantum 2FA, a practical quantum-resistant smartcard-based password authentication system that employs lattice-based key exchange and the “fuzzy-verifier + honeywords” technique which provides the best computational efficiency than the other two-factor authentication. But there is a chance of man-in-the-middle attacks, in which an attacker may attack communication between the server and authentication system. To strengthen the two factor authentication system, multifactor and multimodal systems are being introduced.
Three-factor authentication
The Qi Jiang et al. [17] proposed a three-factor authentication with a unified biometric privacy-preserving scheme. They provided security for remote access of aerial vehicles through a three-factor authentication system. The model provided a system that can provide authentication while preserving the privacy of the user. When the number of IoT devices increases, it is not possible for a single server architecture to provide high security. To solve this problem, Chien-Lung et al. [18] proposed a dynamic time-bound key distribution scheme with three-factor authentication. They provided a highly secure environment with multi-server-based architecture. This model provides high security and gives resistance to many attacks but the computational costs are higher when compared to other models. There are schemes[19–24] proposed for graph based authentication codes generation using the mutually orthogonal graph squares.
The IoT devices are not capable of computing traditional authentication protocols, which require more memory & Computaional capacity. Hence, Shuming Qiu et al. [25] proposed a three-Factor Authentication Protocol Based on Extended Chaotic-Maps for Mobile Lightweight Devices. This model outperformed other models by meeting all 13 evaluation criteria regarding security. But this model is too complex and expensive. As long as data is collected and sent from less secure devices such as wearables or home appliances, it remains difficult to ensure the security of both data-at-rest and data-in-transit. Zhang et al. [26] proposed a Fast Authentication and Key Agreement based on three-factor authentication using biohash technique on iris.The Sahoo et al. [27] proposed the three factor authentication system for the health sector using the IoT devices, they use Elliptic Curve Cryptography(ECC) due to its small key size and high security and fuzzy extractor for the biometric feature extraction.
Multifactor authentication
In a multifactor authentication system, the security will be low when there is a leakage in one of the factors. Existing multifactor protocols do not provide much security and efficiency. To conquer, Rui Zhang et al. [28] proposed the MFAKE protocol which provides security higher than the previous model. But it requires more time for execution. There is rapid development in mobile technologies and the new challenges regarding multifactor authentication are also increasing. Dragan Korac et al. [29] proposed a model called the Fishbone model in the form of a universal authentication framework (UAF) which is more efficient in practice.
In Biometric-based authentication, performing user authentication depends on explicit user input and Internet connection. Tiantian Zhu et al. [30] proposed the system called RiskCog which does not require the user’s explicit input and has no necessity on the device placement. But here authentication is slow when compared to other models. Vehicle to Grid (V2G) networks must carefully manage shared keys due to security and privacy concerns. V2G networks have been proposed to employ several key agreement protocols in recent years. The existing lightweight schemes do not provide much security properties. So Dariush Abbasinezhad-Mood et al. [31] proposed an anonymous key agreement scheme with chaotic map cryptography which provides performance as well as security.
Nowadays, the scope of online healthcare services has increased enormously. One of the interfaces is Telecare Medicine Information System(TMIS).In this system, there is a connection between users from remote areas and hospitals to share the necessary information between them.The security of information that is transferred is very important. Dharminder Dharminder1 et al. [32] proposed a secure, efficient chaotic map-based authentication protocol that can be utilized in telemedicine information systems.
Multifactor authentication is mainly used in safeguarding high-value assets. Wenting Li et al. [33] proposed a protocol called T-MFAKE to bring back flexibility and usability without loss of security. But they use a fuzzy extractor in which if biometrics gets compromised then the security key will also get compromised. Multifactor authentication is slightly complicated as it requires extra factors for authentication from the user. Mangal Sainet et al.[34] discussed the evolution of the authentication process from single-factor authentication through two-factor and ending with multi-factor authentication.
Multimodal authentication
IoT is enormously developed in the modern world which interconnects several devices into smaller portable devices like smartwatches. Most smart devices like Smartwatches use explicit authentication like biometric in one kind and the same application is accessed in the internet via another mode of login like pin, password or OTP[35]. But due to the small display, users don’t feel comfortable typing in the pin, password, etc. To overcome this problem, Sudip Vhaduri et al. [36] proposed an implicit authentication system that uses behavioral (step counts), physiological (heart rate), and hybrid (calorie burn and metabolic equivalent of task). But in heartbeat authentication, the accuracy will be low.
Mikel Labayen et al. [37] proposed different biometric technologies to authenticate and proctor the students’ activities in online courses. They used biometric recognition and digital signal processing algorithms to authenticate the students. And also, they used AI algorithms to monitor the students’ activities automatically. The proposed model wasn’t able to verify the student’s identity due to variance in face pose, dim light, and sound conditions. L. Nisha Evangelin et al. [38] proposed to protect the multimodal biometric images using cryptography techniques. They used the Elliptic Curve Cryptography method and the Visual Shadow Creation Process to create a secret image from shadows by encryption and decoding process. This model takes more computational time. To overcome a spoof attack in a unimodal biometric authentication system, Basma Abd El-Rahiem et al. [39] proposed a multimodal authentication system using ECG and finger vein. They used preprocessing and feature extraction using CNN for authentication. And they also used some machine learning classifiers to authenticate the user. First-time authentication takes more time to authenticate in this proposed model and to obtain high performance it needs a big dataset.
The Table 1 compares the various schemes discussed in the literature review. Comparison is given among the schemes with unique techniques used for biometric keys. The table summarizes the different technique used to generate a secret key from the biometric input. Schemes[40–43] uses fuzzy extractor for the biometrics secret key. Few schemes like[44, 45] uses fuzzy commitment technique for the biometric processing. The scheme[46] uses the fuzzy embedder technique. All these schemes are using the physical traits as a biometric and which could be fabricated and vulnerable to impersonation attack. The multifactor and multimodal authentication schemes are using techniques like OTP, PUF, ECC and many more, which are computationally costly.
Summary of the literature’s
Summary of the literature’s
The discussed schemes are either vulnerable to attacks or failed to preserve the user anonymity, privacy and user biometric template protection. Otherwise, the schemes resulting the overhead in terms of communication cost, computational cost or storage cost by increase the number of security factors. To overcome the listed limitations in the existing schemes, this work proposes a lightweight authentication scheme with better security, biometric template protection and privacy preservation.
The major contributions of the proposed system are: In the IoMT system, we introduce a lightweight authentication system with frequency-based biometric input(bio-acoustics) instead of structural characteristics-based biometrics(fingerprint, face, iris, Palm and others). As the structural characteristics based biometrics can be tampered. Most of the authentication system uses either fuzzy extractor or fuzzy commitment schemes to process the biometric features. As, the fuzzy extractor technique is vulnerable to Biometric-Template attack and allows the impersonation attack during the password change phase and the fuzzy commitment technique is computationally high. Hence, In the proposed system, a fuzzy embedder technique is used to process the user Bioacoustic data. The dynamic nature of the IoT network is detailed in the proposed scheme with the dynamic sensor node join and revocation phases and the proposed scheme security analysis is carried using the AVISPA simulation tool. An informal security analysis is done to ensure that the proposed bio-acoustic based authentication scheme secure against well-known attacks. Also, the comparative study on Communication Cost, Computation Cost and Security features is done to establish that the proposed scheme is performing better than the other existing schemes.
This section discusses the authentication model, Threat model, Notations used and other preliminaries that are required to understand the proposed secure user authentication scheme for medical IoT clearly.
Authentication model
A remote patient monitoring system with IoT-based smart sensing devices is given in the below Fig. 2. The remote patient monitoring(RPM) system is built to create smart hospital environments and has the IoT sensors and devices to improve data-driven clinical decision making, improve quality of care, and increase the capacity for physicians to treat more patients. The admin of the system will monitor the sensors and devices in regular intervals. Due to the limited availability of resources of IoT sensors and devices in such an environment, it will be a more difficult challenge to provide secure on-demand data transmission. Also, there is a problem with the physical capturing of deployed devices. In order to solve this problem, we propose a secure and efficient user authentication system in which only a legitimate authorized user (such as a doctor or patient) can get real-time data from sensors and smart IoT devices. A legitimate user can set up a secure connection to an IoT sensor using a Gateway Node via the user authentication system under this authentication model.

Authentication System Model.
As in the DY model, the CK adversary model allows Attacker
Fuzzy based biometric feature extraction techniques
In this section, introduces various techniques available for generating secret key based on biometric input data. Most commonly used techniques are the fuzzy extractor[47], fuzzy commitment[48] & fuzzy embedder[46].
Embed (BA i , m) = CW i
Notations table
The notations used in this work are listed in the Table 2.
Notations Used
Notations Used
This section introduce a lightweight fuzzy embedder based user authentication system with bio-acoustics signal for the IoMT applications. The proposed work is explained with following phases namely Pre-deployment, User Registration, Login & Authentication and Bio-acoustics based biometric Password change, followed by the Bio-acoustics based biometric Extraction process. The dynamic nature of the medical IoT environment the sensor nodes can enter and exit from the system after the deployment. Therefore, Two additional phases namely Dynamic join and Revocation of Sensor Nodes has been given in the proposed scheme for the flexible architecture[49, 50] of IoT environment.
Bio-acoustics biometric extraction
An acoustic sensor and a transducer are placed on the finger as shown in Fig. 3 The transducer sends a signal through the finger which is then captured by the acoustic sensor. The captured signal now contains several information about the finger such as the structure of bone, cartilage, etc., The biometrics feature is extracted as frequency domain information as similar to [11, 51] and fed as input to our proposed scheme.

A system model for extracting bio acoustics signals.
In the Pre-deployment Phase, the IoMT sensors(IS
j
) are register with the Gateway Node(G) before they are deployed in the network. The G computes a secret master key (SK
G
) based on the number of devices are being deployed using the chinese remainder theorem principle. In addition the G generates secret keys for for each sensor. The G selects a n-dimensional matrix, where n denotes the number of sensors, assigns a unique identities for all the sensors namely IS
j
and generates sec
j
= j
th
row × x
j
along with pairwise prime numbers p1, . . . p
n
, where j= 1, 2,..., n. Then, G computes
User registration phase
In this phase, the Users can register themselves with the Gateway Node(G) in a closed environment via a secure channel. The detailed procedure and the computations involved with the user registration are given in Table 3.
User Registration Protocol
User Registration Protocol
The user(Doctor/Patient) selects a User ID and password. The bio-acoustic data is read with the help of sensors and it will be processed using the fuzzy embedded’s Embedd (.) function. Two random numbers m and n are generated. Then, User(P i ) calculates the following CW i = embed (BA i , m) , AID i = h (U id ∥ m ∥ pwd ∥ n). Then, the user P i sends the registration request which contains AID i , U id , CW i to the Gateway Node(G) via a secure channel. Upon receiving the registration request, G picks random numbers a, b and then Calculates P i = h (U id ||a||b), Q i = h (U id ||h (b) ||AID i ||CW), R i = h (P i ||h (a||b)) ⊕ AID i , and S i = P i ⊕ h (a||b). Then the G stores Q i , R i , S i , h (.) , h (b) in a smartcard and issues the smartcard to the User(Pi) via a secure channel. When the smartcard is received, the User(Pi) stores the following {n, CW i , Q i , R i , S i , h (.) , h (b)} in smartcard.
Once the User(Pi) is registered with the Gateway Node(G), they can login to the system with the smartcard, password and Bioacastics biometric. The protocol authenticate the user and then authorize them to access the data from the sensors as discribed in Table 4.
Login and Authentication Protocol
Login and Authentication Protocol
The user(Doctor/Patient) inserts the smart card(SM
i
) into a card reader. The user inputs the User ID and password. The bio-acoustic data is read with the help of sensors. Then, the user calculates,
The Gatewaynode(G) receives the parameters and checks for the freshness of the message by calculating |TS1’-TS1| < ΔT, where TS1’ is the time at which the parameters were received by the Gateway and ΔT is the maximum time delay allowed between each message. If |TS1’-TS1| < ΔT is satisfied, then it computes the following, S i = CW ij ⊕ h (IS j ||h (b) ||NC i ), P i = S i ⊕ h (a||b), T i = h (P i ||h (a||b), A1 i = AID i ⊕ N j ⊕ T i and Checks if MSG1 is matching with {h (CW ij ||ICD i ||A1 i ||NC i )}. If so, generates a timestamp TS2 and computes the values for NC k = h (IS j || (k j ⊕ SK G )) , MSG2 & MSG3. The gateway node sends the parameters NC i , A1 i , MSG2, MSG3 to the sensor node IS j .
Upon receiving the parameters from the gateway node, the sensing device checks the freshness of the message by computing |TS2’-TS2| < ΔT. If so, then compute NC k = A1 i ⊕ NC i ⊕ MSG3 ⊕ h (XKey j ||IS j ). Checks if the received MSG2 is equal to the computed one. If so, generate a timestamp TS3. Computes, MSG4 = h (T i ||A1 i ||NC i ||IS j ). The IS j sends the parameters MSG4, IS j to the User(P i ).
Upon receiving the parameters from the gateway node, the sensing device checks the freshness of the message by computing |TS3’-TS3| < ΔT. If so, then compute the value of MSG4 with the parameters as follows h (T
i
||A1
i
||NC
i
||IS
j
). The user then verified, if the computed MSG4 is matched with the received MSG4. If the condition is satisfied, then the secure communication session between the P
i
and the Sensing device IS
j
is established with the secret key
The user can update their credentials as the steps detailed in this phase. The user has to insert their smart card SM
i
and enter their old credentials
AID i = h (U id ||m||pwd||n)
If the
User selects new secret parameters m
new
, n
new
and imprints the biometric input BA
i
new
. The fuzzy embedder function Embedd (.) generates a fresh secret key CW
i
new
= embed (BA
i
new
, m
new
) and finally the smart card parameters AID
i
, Q
i
and R
i
are updated with the recomputed
This way new keys are being generated for varying the user secret parameter for the same user every time during the biometric password updation phase. Thus, the key freshness/renewability is achieved in the proposed scheme using the fuzzy embedder technique, which prevents the biometric template attack.
Dynamic sensor node join phase
Connect In the dynamic nature of IoT network, the sensor devices are often join the network post deployment. Sooner the new sensor initiates the registration request to the G, the secret parameters
Dynamic sensor node revocation phase
As a Reverse of section 4.6, few sensor nodes may leave the network dynamically after the deployment. The G should protect the network from these sensor nodes capturing attacks after they moved out of network. The G recomputes its secret key
Simulation results and security analysis discussion
In this section, The simulation of the proposed authentication scheme against the potential attacks of IoMT has been presented using the AVISPA simulator. The security of the authentication protocol is verified using Formal and Informal security analysis. In formal security verification, the designed algorithm is written using HLPSL (High Level Protocol Specification Language) for running the algorithm in the AVISPA tool. Informal security analysis is carried out by analyzing the algorithm theoretically against various security attacks.
Formal Security Verification using AVISPA Simulator
The AVISPA simulator is commonly used to simulate to verifying the security of the authentication protocols. The tool integrates four backends for processing the code. They are namely i) On-the-fly Model-Checker (OFMC), ii) Constraint Logic based Attack Searcher (CL-AtSe), iii) SAT-based Model-Checker (SATMC) and 4) Tree Automata based on Automatic Approximations for the Analysis of Security Protocols (TA4SP). These backends utilize different analysis techniques. The proposed protocol is first defined in HLPSL(High Level Protocol Specification Language). The code is then converted into Intermediate Format(IF) code by the HLPSL2IF translator. The IF code is run by one of the four backends and the result is then produced which displays whether the proposed protocol is secure or not.
The HLPSL implementation of the proposed scheme
The proposed system is simulated using Security Protocol ANimator (SPAN) for the AVISPA tool to imitate the RPM system of IoMT. The proposed scheme’s registration and authentication phases are implemented in HLPSL code. The scheme involves five fundamental roles. The User, Gateway, Sensor, Environment, Session, and Goal sections are written in HLPSL code. The HLPSL code for the user role in registration and authentication is shown in Fig. 4. Like this, Code for other roles in the system are implemented in HLPSL.

HLPSL code for User role in Registration.
Figures 5,6,7 and 8, Figures 5,6,7 and 8 shows the simulation results of the proposed scheme using CL-AtSe and OFMC backends. The simulation result shows that the protocol has been proved to be safe against the potential attacks in both backends of the AVISPA simulator.

Result of User Registration using OFMC Backend.

Result of User Registration using CL-ATSE Backend.

Result of Login and Authentication using OFMC Backend.

Result of Login and Authentication using CL-ATSE Backend
This section explores the proposed model’s functionality and security aspects using theoretically (non-mathematical) security investigation against various security attacks.
Privileged insider and stolen smartcard attack
We assume that a registered user P
i
’s smart card has been misplaced or stolen in these attacks. During the user registration, P
i
sends a registration request to the G by sending {AID
i
, U
id
, CW
i
} where CW
i
= embed (BA
i
, m) , AID
i
= h (U
i
d ∥ m ∥ pwd ∥ n) via the secure channel. In this example, we assume that an adversary
Untraceability and user anonymity
In accordance with the threat model, we assume that
Replay attack
Let us consider that the adversary
Sensing device capturing attack
Let us imagine, based on the threat model presented, that
Man-in-the-middle attack
Let us consider that the adversary
Bio-metric template attack
In a bio-metric template attack, the adversary
Impersonation attacks
Consider the scenario in which
Mutual authentication
In this authentication system, the mutual authentication among P
i
, G and IS
j
is done by the following three scenarios: 1) G validates P
i
by checking
Suitable for IoT applications
The typical IoT network, connects a of physical IoT devices such as sensors, actuators, gateway nodes and servers as shown in the Fig. 1. The sensor nodes are communicated to the servers via the Gateway nodes. The computational capacities and storage of the devices are differs. The sensor devices are very low in computational power and Servers has more. As these devices are resource constrained in nature, the cryptographic schemes designed for these devices must use only the lightweight operations like one-way hash functions and ex-OR. As the proposed scheme uses only the lightweight operations and follows the IoT network architecture. Thus, the proposed scheme is suitable for IoT applications like medical and Industrial IoT.
Comparative analysis
In this section, a complete analysis of the proposed method is given in terms of security features, communication, and computation cost in comparison with the existing authentication schemes. In this comparative study, only the fuzzy extractor, fuzzy commitment, and fuzzy embedder based authentication schemes are considered. The schemes chosen for the comparison are Vinoth et al. (2021)[42], Sudhakar et al. (2020)[46], Wu et al. (2021)[45], Rehman et al. (2021)[44], Abdi et al. (2021)[40], Zhang et al. (2022)[26] & Shao et al. (2022)[41].
Comparison of security and functionality features
In Table 6, the other existing schemes are compared with the proposed scheme in terms of Various security feature and functionality features. As given in the Table 6, the schemes of Sudhakar et al. (2020)[46] and Wu et al. (2021)[45] are not suitable for the IoT environment, as these schemes are failed to include the G in their proposal. The schemes (Vinoth et al. (2020)[42],Abdi et al. (2021)[40] & Shao et al. (2022)[41]) using fuzzy extractors are prone to biometric template attack and Impersonation attacks. Even though the Rehman et al. (2021)[44] and Zhang et al. (2022)[26] are secure against the various well known attacks, they are using the structural information of physiological characteristics as the biometric input. These structural information of physiological characteristics are not reliable and has the problem of being vulnerable to spoofing in future. Our proposed scheme is using frequency-domain based bioacoustic trait as teh biometric input, which is safe against all the attacks including biometric template attack.
Security and Functionality Features Comparison
Security and Functionality Features Comparison
The various notation and their experiment operational computing time[44, 52] as listed in Table 5, which are used as it’s to calculating the computation cost of the proposed scheme. The Table 7 provides the computation cost estimation for the proposed and all the comparable schemes. The proposed scheme’s computational time is calculated as ≈
Computational Cost Operations
Computational Cost Operations
Comparison of Computation Cost
The suggested scheme’s efficiency is examined in terms of the communication expenses associated with sending messages during the login and authentication stage, as the registration is one time activity, its expense is not considered for the comparison. The bit sizes of the random number, identity, timestamp, Symmetric Encryption/Decryption points, and hash output (if we apply h(.)) are 160, 160, 32, 320, 320, 160 bits, respectively, with the presumption. Furthermore, the bit values utilized for modular exponentiation and inversion operations are 1024 bits because the 160-bit ECC gives the same level of security as the 1024-bit RSA security. The Table 8 summarizes the comparative result on communication costs during the login and authentication phases. The proposed scheme consumes the number of bits in three messages are, in message 1 = (160 + 160 + 160 + 160 + 32) = 672 bits, in message 2 = (160 + 160 + 160) = 480 bits and in message 3 = (160 + 160) = 320 bits, respectively. The total communication cost of the proposed scheme is (672 + 480 + 320) = 1472 bits.
Comparison of Communication Cost
Comparison of Communication Cost
As shown in Table 8, the proposed scheme consumes lesser bits for the communication than the Vinoth et al. (2021)[42], Rehman et al. (2021)[44], Abdi et al. (2021)[40] & Shao et al. (2022)[41] schemes.
The schemes Sudhakar et al. (2020)[46] and Wu et al. (2021)[45] are failed to implement the G. So, achieved the lesser communication cost, which are not suitable for IoT applications. The Zhang et al. (2022)[26] scheme achieves 17.11% lesser in communication cost than the proposed scheme but consumes 222.89% higher in computation cost wise. As a summary, the proposed scheme is the ideal scheme with respect to Communication cost comparison.
In this work, a lightweight bioacoustic based authentication scheme has been proposed for securing the IoMT applications with the fuzzy embedder technique. The proposed Fuzzy-embedder based user authentication scheme security has been formally verified using the AVISPA simulator and the results confirms the proposed scheme safeness. Additionally, the security and functionality features of the scheme has been compared with the prevailing schemes and affirmed that the proposed scheme withstands well-known security attacks and features. Finally, the proposed bioacoustic scheme performance has been compared with prevailing schemes in terms of computation and communication costs and found that the proposed scheme has outperformed.
In future, the proposed scheme can be adopted to the multimodal authentication systems for e-healthcare. It is also possible to expand it further and extend its use to other areas of the Internet of Things, such as the industrial Internet of Things, the Internet of Vehicles, the Internet of Drones, Smart Farming, and many other sectors for the secure authentication. In the future research direction, the frequency domain based biometrics can be fused with physical biometric traits to authenticate a user.
