PUFchain 2.0: Hardware-Assisted Robust Blockchain for Sustainable Simultaneous Device and Data Security in Smart Healthcare.

This article presents the first-ever hardware-assisted blockchain for simultaneously handling device and data security in smart healthcare. This article presents the hardware security primitive physical unclonable functions (PUF) and blockchain technology together as PUFchain 2.0 with a two-level authentication mechanism. The proposed PUFchain 2.0 security primitive presents a scalable approach by allowing Internet of Medical Things (IoMT) devices to connect and obtain PUF keys from the edge server with an embedded PUF module instead of connecting a PUF module to each device. The PUF key, once assigned to a particular media access control (MAC) address by the miner, will be unique for that MAC address and cannot be assigned to other devices. PUFs are developed based on internal micro-manufacturing process variations during chip fabrication. This property of PUFs is integrated with blockchain by including the PUF key of the IoMT into blockchain for authentication. The robustness of the proposed Proof of PUF-Enabled authentication consensus mechanism in PUFchain 2.0 has been substantiated through test bed evaluation. Arbiter PUFs have been used for the experimental validation of PUFchain 2.0. From the obtained 200 PUF keys, 75% are reliable and the Hamming distance of the PUF module is 48%. Obtained database outputs along with other metrics have been presented for validating the potential of PUFchain 2.0 in smart healthcare.

Introduction

The demand for Internet of Medical Things (IoMT) devices is increasing not just for advancing healthcare technologies and services, but also for facilitating ease of living by reducing human intervention in monitoring health parameters and effectively easing the use of these advanced technologies for the people. As it is becoming more simple, efficient, and effective, the IoMT market is expanding along with its associated security vulnerabilities. Battery operated IoMT devices cannot sustain complex cryptographic key security protocols [8]. Blockchain Technology utilization in Smart Healthcare facilitates secure Electronic Health Record Management which is essential to ensure the confidentiality and integrity of patients’ sensitive medical records [19, 30]. In banking and financial transactions, the blockchain is introduced as a distributed, decentralized, immutable, and irreversible ledger technology where every node in the network maintains a complete record. Whenever a transaction occurs between any two nodes in the network, all participants in the network are acknowledged about the transaction details. The data once entered into a blockchain cannot be removed or changed and the respective data are hashed and a block is created and added to the blockchain. The block will be maintained at all nodes in that network [21]. PUFs generate cryptographic keys which are unique to the PUF module and for that particular challenge input. PUFs have been one of the most widely adopted hardware security primitives for IoT-based applications due to their simplicity, robustness, and energy efficiency [17].

The blockchain together with PUFs can bring more integrity, privacy, and confidentiality in the vibrant healthcare industry. PUF supported IoMT devices can be authenticated using the blockchain and the respective data can be stored in a distributed ledger, thereby assuring the integrity of IoMT devices and their data.

The introduction of 5G is making Smart Healthcare applications more accessible to people through smart phones which support high bandwidth, low latency, and high speed [13]. Figure 1 illustrates the applications of PUFchain 2.0. in Smart Healthcare.

Fig. 1

PUFchain 2.0 in Smart Healthcare

Smart Healthcare: Healthcare-Cyber Physical Systems (H-CPS)

Improving the efficiency of health services by including advanced technologies like IoT, artificial intelligence, machine learning, and Big data to facilitate ease of living is called Smart Healthcare [30].

In Smart Healthcare, the physiological parameters of patients can be monitored precisely using implantable and wearable medical devices which are placed on and inside the body. The remote monitoring using the IoMT helps in tracking a patient’s movement, eating habits, sleep schedule, heart rate, and blood pressure using implantable and wearable sensors which are connected to the Internet and can communicate with each other. Therefore, a patient’s fall detection or heart seizure can be accurately determined using IoMT [28].

Telemedicine can be defined as a communication interface between doctors and patients which utilizes telecommunications and the IoMT to provide clinical health remotely without requiring the physical presence of doctor and patients [7, 19].

IoMT

The market for the IoMT is increasing during the pandemic crisis and is expected to have a substantial growth in the coming years [22, 35]. The IoMT can be categorized as wearable and implantable devices. Wearable medical devices are used to monitor health parameters like heart beat, blood pressure, and other fitness-related metrics. These devices can be used just like a jacket. Implantable medical devices are placed inside the body through surgical processes like the cochlear implant, a consumer electronic device which consists of a microphone, speech processor, a transmitter, and receiver to provide assistance for the hearing impaired [30]. Figure 2 details the classification of IoMT.

Fig. 2

Selected devices of IoMT

The IoMT devices embedded on a patient collect sensitive data related to physiological parameters and send the information to the edge server and the cloud for analysis, processing, and decision making. The cloud is a centralized computing architecture, whereas the edge is a decentralized computing paradigm that performs swift processing, analysis, and decision-making. The cloud can be used for data storage and processing of data that takes a long time. Edge computing works by performing computations near the sensors for processing the data. The edge can also perform actuation by sending commands to implantable medical device actuators.

When the sensed physiological data from the IoMT devices suggest a chance for brain seizure, for example, instead of waiting for the commands from a doctor who needs to access the data from the cloud to analyze and suggest medication, the edge can send commands directly to a pacemaker-like device inside the brain which can stimulate neurological signals through electrodes which are implanted surgically. In this way, edge computing can be used for critical healthcare applications which require faster processing. Similarly, heart seizure can be identified by monitoring respiration. Nasal sensors can be used for analyzing the respiration rate by monitoring the temperature values while breathing [2].

Architecture of IoMT in Smart Healthcare

The sensors that perform data sensing and collection become the center components of the Smart Healthcare architecture. This layer can be called physical layer. This layer includes wearable medical devices (WMD) and implantable medical devices (IMD) [11, 31] placed on and inside a patient.

The second layer of IoMT is the communication layer where sensed data from these sensors are sent to an edge or cloud. Various technologies like Bluetooth, RFID, WiFi, LoRaWAN, Zigbee, and 5G can be used for enabling communication between the IoMT devices and edge.

The third layer is the edge cloud layer which includes processing, analyzing, and data storage. The fourth layer is the application layer which deals with conveying the analyzed data on physiological parameters to the user securely.

The network layer and the edge cloud layer constitute an important part in the architecture where security, privacy, and quality of data from the IoMT play an important role in decision-making. Along with data, hardware integrity also is an essential component as these devices are battery operated, and high-level cryptographic schemes are not compatible. Hence, low-power, energy-efficient device security primitives are essential for ensuring the authenticity of hardware. The security of the physical layer constitutes an important part in the IoMT system architecture. Figure 3 illustrates the architecture of Smart Healthcare.

Fig. 3

Layered architecture of Smart Healthcare

UAVs can also be used in remote diagnosing and treatment where they can be used for medication using deep neural network for emergency situations like pandemic time. They can also be used for contact tracing and carrying medical supplies from one place to another [23].

The rest of the paper is organized in the following manner: “Novel Contributions of This Paper” presents the novel contributions of the current paper. “Related Research on Smart Healthcare and Its Security” presents the applications of Smart Healthcare and related research on its security issues. PUFs and their characteristics are explained in “Physical Unclonable Function (PUF)”. Blockchain Technology and its importance in IoT-based applications are explained in “Blockchain Technology”. “Proposed Blockchain Integrated PUF-Enabled Security Mechanism for IoMT: PUFchain 2.0” presents the proposed novel PUFchain 2.0 primitive for security in smart healthcare. Experimental results are given in “Experimental Results”. “Conclusion and Future Research” presents the conclusion and direction for future research.

Novel Contributions of This Paper

Problem Formulation

In the IoMT, when a fake node is generated and the original node is impersonated by a malicious one, then it can send wrong data to the edge server. As there is no device authentication mechanism in place, the fake node is assumed to be the original one and health data are accepted from the fake node, and by processing the data, the edge server sends commands to actuators. Then, wrong dose of medication is administered to the patient which could risk the patient’s life [35].

To counter this, many symmetric or asymmetric cryptography-based key security mechanisms have been proposed, but all these key security primitives require a memory to store the secret key which could be vulnerable to various kinds of security attacks. The success of blockchain technology in bitcoin transactions has made it one of the formidable solutions for security in healthcare due to its transparency and irreversibility. The main challenges for realizing the potential of blockchain integration in Smart Healthcare are its energy consumption and computational resource requirements [21].

PUFs have shown the way for time and energy-efficient key generation mechanism for security in IoT-based applications. The novel feature of PUF to generate keys without requiring a non-volatile memory for key storage and its simplicity and robustness in design and application have made it one of the most reliable security alternatives in Smart Healthcare [10, 37].

Hardware-Assisted Secure Blockchain: The PUFchain

In this paper, a novel blockchain-assisted PUF-based IoMT security mechanism is proposed for edge computing-driven smart healthcare.

The PUF key is stored in an immutable blockchain through robust PUF enabled computationally efficient blockchain consensus mechanism for IoMT device authentication. The PUF key is not just a plain cryptographic key generated algorithmically, but is developed using the intrinsic delay variations in wiring the microelectronic components inside an electronic device. These variations make the response bit to be either zero or one randomly. More process variations in the design result in more random response bits. The PUF key is tested and evaluated to determine whether the obtained key is unclonable, reliable, and unique before applying it for the security solution

PUFchain [21] presents a novel PUF-based blockchain using a hybrid arbiter oscillator PUF module in proof of authentication consensus mechanism which has shown much more efficiency in performance as compared to Proof of Authentication (PoAh) consensus mechanism. Its results have shown enhanced performance efficiency in power consumption, thereby substantiating the application of the Blockchain as more suitable for security in IoT-based applications [26].

The proposed PUFchain 2.0 consists of a two-level authentication mechanism for secure smart healthcare applications. As compared to PUFchain protocol which consists of a single-level authentication mechanism, the proposed PUFchain 2.0 security primitive proposes a two-level authentication approach which consists of MAC and PUF key verification for IoMT device authentication using a 64-bit arbiter PUF module which is connected to a server (miner) and can generate PUF keys for IoMT devices.

A scalable approach for IoMT integration is proposed by assigning unique PUF keys for all the devices virtually from the server which is connected to a PUF module instead of connecting each device to an individual PUF module. After verification of device unique properties, PUF key is assigned to the MAC address of each device and is sent back to the client. The PUF key assigned to an MAC address is tested before assignment. The Authentication server checks whether the obtained PUF key meets the standard requirements of PUF metrics and then assigns it to the devices accordingly. Performance evaluation of PUFchain 2.0 and its comparison with PUFchain is given in “Experimental Results”.

Proposed Solution

The proposed PUFchain 2.0 consists of enrollment and authentication phases. During the device enrollment phase, the IoMT device sends its MAC address to the authentication miner in an encrypted form through secure user datagram protocol (UDP) socket encryption and decryption protocol. The server receives the message in encrypted form and decrypts the MAC address. The server then extracts a PUF key from the PUF module and assigns it to the device and sends it back to the client. The idea of integrating PUF with Blockchain is due to its simple design which is energy efficient, power optimized and can produce an output which cannot be extracted from the device even when the same PUF design is used [37].

The IoMT device performs data extraction and forms a block using the obtained PUF key, MAC Address, data, and time stamp. The block of data is sent to the server for verification. Figure 4a illustrates the enrollment process in PUFchain 2.0.

Fig. 4

Working of PUFchain 2.0

In the authentication phase, the server receives the block of data and extracts the MAC address. The authentication server checks the integrity of the block by comparing the received MAC address from the block of data and the MAC address received in the encrypted form. If the obtained MAC address in the encrypted form and the MAC address in the received block are matching, the first level of authentication is considered as successful. Once MAC verification is done, the PUF key is extracted from the PUF module corresponding to the assigned MAC address and compared with the one in the block of data. If the PUF keys are matching, then the second level of authentication is successful and the device is considered as authenticated. The authentication process in PUFchain 2.0 is explained in Fig. 4b.

The block of data is validated and hashed using the SHA-256 algorithm and broadcasted to all the client nodes in the Blockchain network.

Novelty of the Proposed Solution

Scalability is one of the challenges for PUF integration into the blockchain technology. By assigning the PUF keys to the MAC Address which is unique to each device and making sure that the PUF key assigned to one MAC address is unique to that MAC, various types of impersonation attacks can be avoided, since the PUF key is a unique identifier built using the variations in internal micro-manufacturing process of a chip. By authenticating the MAC along with the PUF key of the device, a two-level verification is done as the PUF is being accessed by the client remotely through the server. The MAC address being an IoT device property cannot be duplicated and can be used as a secure identity for the device. If the initial MAC verification is unsuccessful, the server will discard the block of data from the device. Instead of connecting each and every IoMT device to the PUF module, the PUF module can be connected to the Miner and PUF keys can be extracted from the PUF module, and checked and assigned to the client virtually. Once authentication is successful, then the block of data with PUF key and MAC is hashed and entered into a decentralized ledger which is maintained at all the nodes, thereby ensuring data and device security.

Related Research on Smart Healthcare and Its Security

Smart Healthcare is one of the most attractive research areas, as evident from its role during the pandemic. Its applications and security have become focal points for researchers. Smart Healthcare and its applications are summarized in Table 1.

Table 1

Smart Healthcare devices and applications

Works	Application	Features	Type
Webster et al. [34]	Implantable cardiac monitoring pacemaker	Pacemaker embedded with a pressure monitor to stimulate neurological signals to monitor and properly maintain heart rate	Implantable medical device
Lindvqvist et al. [18]	Deep brain neurostimulators	Through implanted electrodes, Neurological signals with various amplitude are stimulated to cure brain related diseases	Implantable medical device
Bui et al. [3]	Biosensors	Set of sensors for monitoring various physiological parameters inside the body	Implantable medical device
Rachakonda et al. [27]	Smart Yoga pillow	Blockchain-assisted smart pillow for monitoring sleeping habits using IoMT	Wearable medical device
Mahender Kumar et al. [16].	SAI-BA-IoMT	AI integrated blockchain-assisted IoMT system for COVID-19 diagnosing	–
Sethuraman et al. [32]	My wear	A smart garment to monitor the health parameters based on the muscle activity and stress levels	Wearable medical device
Olokodana et al. [24]	EZcap	A wearable to monitor seizure detection using kriging methods	Wearable medical device
Joshi et al. [9]	iGLU	A PUF embedded secure glucose monitoring with safe insulin dosage delivery system	Wearable medical device
Rachakonda et al. [29]	iMirror	A smart mirror for stress analysis by automatic facial recognition and appropriate stress response system	Wearable medical device

Device security has become a major issue where the vulnerabilities in medical electronic devices to impersonation attacks can have a negative impact on the overall security ecosystem [4]. For instance, if a cochlear implant’s security is compromised, then it can be programmed by hacker to work in a way that could impact the patient [4]. Various security attacks on IoMT devices have shown the importance of authentication and confidentiality of IoMT devices and their data.

Impersonation attack: In an impersonation attack, a hacker can impersonate an authorized user’s identity or secret key and obtains access to IoMT data [8].

Network attacks: A network attack results in denial of service (DoS) from either server or device by disrupting the network interface between IoMT devices.

Brute force attack: In this type of attack, a hacker tries all possible secret keys until it matches with the original one. Security features like blockchain technology and biometric identification can mitigate this type of attack [8].

In the area of hardware integrity in IoMT, various security protocols have been proposed to ensure sustainable and secure wearable and implantable medical devices for remote monitoring of patients’ physiological health metrics. A mutual device authentication scheme is proposed in [38] with an Authentication Server as a trusted intermediary in the IoMT. The security scheme is proposed to be effective against various machine learning and physical attacks.

A lightweight device authentication scheme for the IoT using PUFs is proposed in [14]. It works by updating each challenge–response pair for subsequent transactions after successfully verifying the PUF keys.

A PUF-based lightweight security protocol using a simple one-way hash and bit-wise Exclusive OR operations is proposed to build a secure key management protocol for medical device integrity in [20].

Physical Unclonable Function (PUF)

A PUF is developed using micro-manufacturing variations during the chip manufacturing process which includes fabrication, mask generation, and testing. The PUF key of a particular integrated circuit (IC) is considered as the fingerprint for that IC. The PUF does not require memory for key storage. The keys are generated at run time using silicon manufacturing variations affected by various parameters like Ion implantation, Lithography, and environmental effects [17, 36]. Applications of PUFs are given in Fig. 5.

Fig. 5

Applications of PUF

The input to a PUF and the output from a PUF are called as challenge–response pairs (CRP). A PUF can be categorized as a strong or weak PUF. A strong PUF is the one that supports a large number of challenges and responses, whereas a weak PUF can hold a limited number of CRPs. PUFs can also be classified as delay-based PUFs and memory-based PUF. A delay-based PUF is built based on the delay fluctuations associated with wiring of electronic components which leads to a race off condition between two signals in a symmetric circuit design. The memory PUF is based on the instability in the transistors during the startup phase of a volatile memory cell. Arbiter PUF, ring oscillator, and butterfly PUF modules are most widely used delay PUFs. SRAM PUF and DRAM PUF are the prominent memory-based PUFs.

The quality and robustness of a PUF can be determined using metrics which help in evaluating the strength of PUF keys. Hamming Distance, Uniqueness, Reliability, and Randomness are prominent PUF metrics.

Hamming distance: Hamming distance between two PUF keys is the amount variability of bits in the two PUF keys. A PUF module with a Hamming distance between 40 to 50 % is considered as a reliable one [10]In the above expression, i, j are the two PUF keys with the length of 64 bits generated using the same PUF module.

Reliability of a PUF module is the ability to generate the same response output at varying operating and environmental conditions[21]Uniqueness: The property of a PUF module to produce different outputs when two varying challenge inputs are given to the same PUF module is called uniqueness. When the same PUF module is built on another IC, uniqueness can be defined as a measure of amount of variability in the obtained PUF keys from the two PUF modules [10].

Randomness: Randomness of a PUF key is the measure of balance between number of zeros and ones in a PUF key. If the PUF key has equal number of random zeros and ones, then it is considered as secure PUF module which can sustain brute force and other key guessing attacks.

Blockchain Technology

Blockchain is an immutable decentralized transaction record maintained at each and every node in the network. Transactions between any two nodes in the network are validated and added to the chain using a standard protocol which is called a consensus mechanism. The nodes which have the privilege to validate the blocks are called trusted nodes. Figure 6 explains about applications of blockchain Technology.

Fig. 6

Selected applications of the blockchain technology

In financial transactions, a centralized approach for data storage, security, and validation could bring more problems where entrusting the process of transaction validation to one entity at times could compromise the security of data. The distribution of responsibilities and power to validate transactions among a group of entities could bring more transparency and authenticity, and reduces the chance for a single point failure [21].

In a banking transaction, if one person borrows some amount from another, then the transaction is stored inside a block and broadcasted through the network involving all concerned parties. The privileged nodes or miners examine the transaction based on the consensus mechanism and validate the block and add it into the blockchain. Trusted nodes which perform successful validation are rewarded with trust points based on the consensus mechanism.

There are many categorizations of blockchain technology. Permissioned and permissionless blockchain are two important types where permissioned blockchain is the one that exists among small group of nodes and can be used for applications requiring more privacy and anonymity. A public blockchain is an open platform and can be used for more general applications [26]. For Healthcare, private blockchain is the most suited, since confidentiality and privacy are required in healthcare which can be facilitated by a private blockchain.

Blockchain Technology in Smart Healthcare

Due to its characteristics of anonymity, decentralization, and irreversibility, the blockchain technology application in healthcare has become one of the most reliable solutions. All the medical records related to patients are now mostly in the traditional paper or cloud-based methods. Blockchain can be used for secure storage of data where all the patients’ records in a hospital can be stored in a decentralized ledger which guarantees the integrity of patient sensitive personal data by hashing the blocks and maintaining a record at all parties and can therefore restrict access to unauthorized users [5, 33].

In the pharmaceutical supply chain, if a ledger is maintained at each stage starting from the point where a product is manufactured to the stage where it finally reaches the end consumer, a step-by-step verification can be done at each point and it can be beneficial as more efficiency and accountability can be brought into the system. According to a report from the World Health Organization, improper management of supply chain in healthcare has resulted in deaths of millions of people [12, 15]. The products can therefore be tracked and checked at each stage during the supply chain process starting from clinical trials to distribution stage where it is being administered or prescribed to a patient [6, 19]. The applications of blockchain technology in Smart Healthcare are illustrated in Fig. 7.

Fig. 7

Blockchain-assisted Smart Healthcare

Consensus Mechanisms in the Blockchain

The transactions among the network of nodes are validated and added to the Blockchain based on an agreement which are the operating procedure guidelines for transaction validation [25]. Operating guidelines are called consensus mechanisms.

Proof of Work (PoW): PoW is a consensus mechanism developed for Bitcoin transactions where the privileged nodes or Miners use computational resources to obtain a Nonce, which is a target value set as per the consensus mechanism. If two or more miners successfully achieve the Nonce value which is the hash value of the block required to be added, then a condition called fork arises. Then, all the blocks are accepted and added to the blockchain [25].

Proof of Stake (PoS): PoS is a consensus mechanism where miners are selected based on the cryptocurrency stake. After successful validation of blocks, the miner is incentivized with a certain amount of stake. The objective of PoS consensus mechanism is to address the computational resource requirement in PoW. The disadvantage in PoS is lack of standardization in determining the miners. This makes the nodes with high stake to continuously become miner which may make the other nodes with low stake to be inactive.

Proof of Activity (PoA): An activity-based consensus protocol where nodes participating in the block validation and broadcasting process will be able to receive some stake as a reward, while the nodes not involved in the process will not able to win. The objective of PoA is to encourage the nodes in network to be active, so that all the nodes can be taken into confidence for block validation process which can address the problem in proof of stake where the entire process is concentrated among certain privileged nodes with higher amount of stake [25].

Proof of Authentication (PoAh): PoAh has been developed with the objective of integrating IoT with blockchain. In PoAh, once a block is received, it is added to the chain only after successful authentication. The authentication is done by verifying the properties of IoT devices, and on successfully adding the block, the trust value of miners increases by one unit. The miners with higher trust value are more preferred for subsequent block validation processes than miners with lower trust value [26].

PoP Consensus Mechanism for IoT Security

PUF-based authentication mechanism in an IoT-based environment consists of group of IoT devices as network of nodes where each node collects the data and sends the data to trusted nodes in the network for block validation. Along with the data, the PUF key of the respective device is also included in the block of data.

The trusted node listens to the message and receives the block. It verifies the integrity of the device by extracting the PUF key from the block of data and performing key extraction. The obtained PUF key and the PUF key in the block are compared and verified. Once the PUF key verification is successful, the block of data is hashed and added to the immutable ledger [1, 21]. Consensus mechanisms in blockchain and their properties are presented in Table 2.

Table 2

Characteristics of blockchain consensus mechanisms [25, 26]

Consensus algorithm	Features	Challenges
Proof of work	Miners compete to find hash value of the Block	High computational resources
Proof of stake	Miners entrusted for block validation are determined using their cryptocurrency stake which reduces computational burden	Does not take all the nodes with low stake into confidence
Proof of authentication	Block of data from IoT is validated only after successful verification of its device properties	Does not include hardware security aspect
Proposed proof of PUF-enabled authentication	Validates the block from IoT device by verifying its PUF key which is the fingerprint for the electronic devices thereby guaranteeing the authenticity of IoT devices with more time efficiency	No challenges

Proposed Blockchain Integrated PUF-Enabled Security Mechanism for IoMT: PUFchain 2.0

Blockchain technology which is considered as a data security primitive is integrated with secure hardware fingerprints (PUF) for device authentication of wearable and implantable electronic medical devices in Healthcare. The idea of PUFchain 2.0 is presented in Fig. 8.

Fig. 8

PUFchain 2.0

Blockchain consists of blocks where each block contains a hash value which is the identity of that block. All blocks in the blockchain are connected to one another using the previous hash value which is also included in the block of data. The hash is computed on the block of data containing information from the IoMT device and the hash value of the previous block.

The data, once entered inside a block, cannot be tampered and changed as the hash values of previous blocks will also change. PUF key of IoT device in proposed PUFchain 2.0 is included in the block of data, so the device ID is registered in the Blockchain and cannot be changed. Hence, during device authentication, when PUF keys are extracted, they can be verified from the blockchain and authentication of IoMT devices can be successful by efficient integration of PUF and blockchain technologies. The architecture and working of proposed PUFchain 2.0 in Smart Healthcare is illustrated in Fig. 9.

Fig. 9

PUFchain 2.0 for Secure Smart Healthcare

In the proposed PUFchain 2.0, to authenticate the IoMT devices, they initially enroll using their device properties and obtain the PUF key assigned by the miner, which is unique to that device. Once the data collection is done, the block of data is sent to the miner for validation. Algorithms 1 and 2 illustrate the enrollment and authentication phases in PUFchain 2.0 for secure Smart Healthcare.

Trusted nodes receive the data and check the authenticity of these devices by extracting the IoMT device credentials (i.e. PUF keys) and MAC address from the block and perform a key extraction process by giving a challenge input and obtain the response output from the PUF module.

Experimental Results

The experimental setup in PUFchain consists of two single-board computers as edge devices and an edge server for authentication and data validation. The PUF module is connected serially to edge server through serial communication with 9600 Baud rate.

PUF and hashing module are developed on Digilent Basys 3 Artix-7 Xilinx FPGA. In the enrollment phase, the MAC address is sent to the edge server in encrypted form through universal data gram protocol secure socket encryption and decryption program. The received MAC address is decrypted by the edge server. The PUF key is extracted by the miner and is checked. The PUF key is sent back to the IoMT device where it forms a block of data with its MAC, PUF, timestamp, and IoMT data.

Two client edge nodes are assigned two different PUF keys based on their MAC address. The PUF Key assigned to an MAC Address will be its key forever and the same PUF key will not be assigned to different MAC Address. Two transactions have been initiated from two clients and after authenticating, validating, and adding the transaction from one client node to the blockchain, the miner broadcasts the validated block to both the client nodes in the network. The transaction validation and outputs of the transaction from first client node are shown in Fig. 10. Figure 10a, b shows the transaction outputs of first client at Client1 and Client2. Block validation and authentication outputs at the miner for the first transaction are shown in Fig. 10c.

Fig. 10

First client transaction outputs

The design and architecture of proposed PUF module in PUFchain 2.0 is shown in Fig. 11. Since the PUF key assigned to one device is unique to that device, the transaction initiated by the second client will be assigned a different PUF key that is permanent for that client. Transaction validation outputs for the second client transactions are shown in Fig. 12a–c.

Fig. 11

Arbiter PUF module

Fig. 12

Outputs of the second client transaction in PUFchain 2.0

The Miner receives the block of data through UDP and extracts the MAC from the block to check if the obtained MAC and received MAC address from the block are matching. Once the device authenticity is verified, PUF keys from the PUF module are compared with the one in the block. If the keys are matching, the block is hashed using SHA-256 and added to SQlite Blockchain database developed at all the nodes.

The obtained database outputs at two clients and Miner are shown in Fig. 13a–c.

Fig. 13

Output of the proposed blockchain PUFchain 2.0

VIVADO is used to develop the PUF design and the code is transferred onto the FPGA board using UART serial communication. Baud rate of 9600 has been used to send and receive the challenges and responses. Python programming is used for developing blockchain database and enabling serial communication with the FPGA board to extract the PUF keys. An SQLite database is used to develop the PUFchain 2.0 databases at both client and trusted nodes. Time is an important metric in evaluating the efficiency of an application in IoT. The proposed PUFchain 2.0 security primitive has shown very good results. Time taken to validate, authenticate, and add the block to Blockchain at all the nodes is shown in Fig. 14a–c for both clients and edge server (miner).

Fig. 14

Timing analysis results for PUFChain 2.0

Time taken for miner from the point it received the block, performing key extraction, establishing connection with database, adding the block to the chain, and finally sending it back to the client node is approximately 3.6 s. On the client side, time taken to broadcast the block, receive the data, and adding it to the chain is within 0.4 s. The power report from VIVADO has shown that the total on-chip power for the PUF design after synthesis, implementation, and bit stream generation is 81 mW. The standard deviation of Hamming distance percentage is 1.6% for the PUF module with a variance of about 2.5%. The Raspberry pi’s power consumption while programming is between 3.1 and 3.5 W. Figure 15a shows the Hamming distance between the PUF keys of the Arbiter PUF module. Figure 15b gives the reliability of the PUF module, and randomness of zeros and ones in the PUF keys from arbiter PUF module is shown in Fig. 15c.

Fig. 15

A selected metrics for PUFchain 2.0 characterization

The arbiter PUF, which is a delay-based strong and secure PUF module, is used for implementing PUFchain 2.0. By supporting more challenge response pairs, the arbiter PUF established its position as one of the most widely used ones for cryptographic applications in the IoT. 64 instances of the PUF circuit design which consists of arbiter elements built using flip flops and multiplexers have been created to generate a 64-bit key. Figure 16 shows the prototype of PUFchain 2.0.

Fig. 16

Experimental setup for PUFchain 2.0 prototyping and validation

Metrics of the PUF substantiate its potential in a security application. 200 PUF keys were extracted and tested to evaluate the metrics of the PUF, using MATLAB. Randomness of 47% is achieved from the PUF keys and among 100 tested PUF keys, and 75 responses have been regenerated successfully. The proposed Proof of PUF-Enabled Authentication consensus mechanism is faster than proof of work which has a latency of 10 min [21]. The characteristics and experimental results of PUFchain 2.0 are given in Tables 3, 4a, b.

Table 3

Characterization of PUFchain 2.0

Parameters	Results
Client node	IoMT
Trusted node	Edge server
PUFchain database	SQLite
PUF module	64-bit arbiter PUF
IoMT	Single-board computer
PUF and Hashing module	Xilinx Artix-7 FPGA
Edge server	Raspberry pi 4
Communication	Serial (UART), UDP
Baud rate	9600
Programming	Verilog, Python
Consensus mechanism	Proof of PUF-enabled authentication

Table 4

Experimental results of PUFchain 2.0 for Secure Healthcare

(a) PUFchain 2.0 parameters	Values
Hamming distance	48.2%
Number of PUF keys	200
Variance	2.6%
Standard deviation	1.6%
Blockchain type	Private
Total on-chip power	0.081 W
Security mechanism	Two level authentication
Reliable PUF keys	75%
Intra Hamming distance	24.8%
Randomness	41.8%

(a) Metric evaluation for PUFchain 2.0

(b) Validation of time efficiency in PUFchain 2.0

The comparison of PUFchain 2.0 with other security protocols is illustrated in Table 5b. The PMsec protocol proposed in Ref. [35] for IoMT does not include the Blockchain for PUF key storage. In Ref. [21], the PUFchain (1.0) protocol utilizes single authentication and all the devices need to be embedded with a PUF module for establishing communication with server.

Table 5

Comparison of PUFchain 2.0 with other security protocols

Parameters	PMsec [35]	PUFchain[21]	PUF-based IoT authentication [14]	PUFchain 2.0 [this paper]
Application	IoMT	IoT	IoT	Smart Healthcare
Prototyped hardware	FPGA, 32-bit microcontroller based board	Altera DE-2, single-board computer	Coretex-M4 based STM32F4 MCU	Xilinx Artix -7 Basys3 FPGA and single-board computers
Blockchain type	–	Private	–	Private
Security mechanism	PUF key verification	PUF key verification	PUF key verification	MAC address and PUF key verification
PUF keys at client	Serial PUF keys	Serial PUF keys	Serial PUF	Edge assigned PUF keys
PUF circuit design	Hybrid oscillator arbiter PUF	Ring oscillators	RC PUF, PHY PUF, flash and PDRO PUF	Arbiter elements with multiplexers and D-flip flop
Randomness	44%	47%	–	41.8%
Reliability	0.85%(FinFET)	1.25%	–	75% of the keys are reliable
Consensus mechanism	-	Proof of PUF-enabled authentication	–	Proof of PUF-enabled authentication
Security levels	Single level authentication	Single level authentication	Single level authentication	Two level authentication
Blockchain transaction time (client)	–	46.5 ms(Raspberry pi 3)	–	309 ms (client 1), 314 ms (client 2)
Blockchain transaction time (miner)	–	120.03 ms(Raspberry pi 3)	–	3600 ms

This paper presented a novel multi-level device authentication approach which is capable of supporting more IoMT devices and can assign PUF keys virtually. This approach can enable more devices to integrate into the authentication scheme as these devices are assigned PUF keys virtually by miner.

Conclusion and Future Research

The success of smart healthcare lies in successful convergence of security and application. The applications of smart healthcare can facilitate ease of living. At the same time, its security lapse can equally have catastrophic impact on its application. This paper presents PUFchain 2.0 with the objective of realizing the fullest potential of blockchain technology and PUF for secure Smart Healthcare security through time and energy-efficient Proof of PUF enabled (PoP) authentication consensus mechanism. The implementation of proposed PUFchain 2.0 has shown better results in time and other performance metrics while being lightweight, scalable, and robust.

The blockchain and PUF integration together can contribute for secure smart healthcare which has been substantiated by the implementation and results. All the existing security protocols proposed for smart healthcare focus on either hardware-assisted security or blockchain-based data security [35]. This paper proposed and implemented the PUFchain 2.0 primitive with both Blockchain and PUF together providing security where IoMT device authentication and integrity of data from these devices can be guaranteed through two-level authentication protocol.

In future, we envisage to work on extending PUFchain 2.0 security primitive to other areas of IoT-based applications like Smart agriculture and autonomous vehicles security. One future research direction could be on linking PUFchain 2.0 with machine learning and AI technologies which could further enhance robustness and efficiency of AI- and ML-based applications in futuristic Healthcare Industry.