{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T23:07:15Z","timestamp":1768345635732,"version":"3.49.0"},"reference-count":45,"publisher":"MDPI AG","issue":"18","license":[{"start":{"date-parts":[[2021,9,9]],"date-time":"2021-09-09T00:00:00Z","timestamp":1631145600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>Wireless medical sensor networks (WMSNs) are used in remote medical service environments to provide patients with convenient healthcare services. In a WMSN environment, patients wear a device that collects their health information and transmits the information via a gateway. Then, doctors make a diagnosis regarding the patient, utilizing the health information. However, this information can be vulnerable to various security attacks because the information is exchanged via an insecure channel. Therefore, a secure authentication scheme is necessary for WMSNs. In 2021, Masud et al. proposed a lightweight and anonymity-preserving user authentication scheme for healthcare environments. We discover that Masud et al.\u2019s scheme is insecure against offline password guessing, user impersonation, and privileged insider attacks. Furthermore, we find that Masud et al.\u2019s scheme cannot ensure user anonymity. To address the security vulnerabilities of Masud et al.\u2019s scheme, we propose a three-factor-based mutual authentication scheme with a physical unclonable function (PUF). The proposed scheme is secure against various security attacks and provides anonymity, perfect forward secrecy, and mutual authentication utilizing biometrics and PUF. To prove the security features of our scheme, we analyze the scheme using informal analysis, Burrows\u2013Abadi\u2013Needham (BAN) logic, the Real-or-Random (RoR) model, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation. Furthermore, we estimate our scheme\u2019s security features, computation costs, communication costs, and energy consumption compared with the other related schemes. Consequently, we demonstrate that our scheme is suitable for WMSNs.<\/jats:p>","DOI":"10.3390\/s21186039","type":"journal-article","created":{"date-parts":[[2021,9,9]],"date-time":"2021-09-09T21:36:58Z","timestamp":1631223418000},"page":"6039","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":27,"title":["Provably Secure Three-Factor-Based Mutual Authentication Scheme with PUF for Wireless Medical Sensor Networks"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0014-1965","authenticated-orcid":false,"given":"DeokKyu","family":"Kwon","sequence":"first","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"}]},{"given":"YoHan","family":"Park","sequence":"additional","affiliation":[{"name":"School of Computer Engineering, Keimyung University, Daegu 42601, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0406-6547","authenticated-orcid":false,"given":"YoungHo","family":"Park","sequence":"additional","affiliation":[{"name":"School of Electronic and Electrical Engineering, Kyungpook National University, Daegu 41566, Korea"},{"name":"School of Electronics Engineering, Kyungpook National University, Daegu 41566, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2021,9,9]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Lara, E., Aguilar, L., Sanchez, M.A., and Garc\u00eda, J.A. (2020). Lightweight authentication protocol for M2M communications of resource-constrained devices in industrial Internet of Things. Sensors, 20.","DOI":"10.3390\/s20020501"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"119387","DOI":"10.1109\/ACCESS.2020.3005592","article-title":"LAKS-NVT: Provably secure and lightweight authentication and key agreement scheme without verification table in medical internet of things","volume":"20","author":"Park","year":"2020","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Oh, J., Yu, S., Lee, J., Son, S., Kim, M., and Park, Y. (2021). A secure and lightweight authentication protocol for IoT-based smart homes. Sensors, 21.","DOI":"10.3390\/s21041488"},{"key":"ref_4","unstructured":"Abdulsalam, Y., and Hossain, M.S. (2020). COVID-19 networking demand: An auction-based mechanism for automated selection of edge computing services. IEEE Trans. Netw. Sci. Eng., 1\u201311."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Aileni, R.M., and Suciu, G. (2020). IoMT: A blockchain perspective. Decentralised Internet of Things, Springer.","DOI":"10.1007\/978-3-030-38677-1_9"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Rahman, M., and Jahankhani, H. (2021). Security vulnerabilities in existing security mechanisms for IoMT and potential solutions for mitigating cyber-attacks. Information Security Technologies for Controlling Pandemics, Springer.","DOI":"10.1007\/978-3-030-72120-6_12"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Masud, M., Gaba, G.S., Choudhary, K., Hossain, M.S., Alhamid, M.F., and Muhammad, G. (2021). Lightweight and anonymity-preserving user authentication scheme for IoT-based healthcare. IEEE Internet Things J.","DOI":"10.1109\/JIOT.2021.3080461"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Dodis, Y., Reyzin, L., and Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2\u20136 May 2004, Springer.","DOI":"10.1007\/978-3-540-24676-3_31"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1145\/77648.77649","article-title":"A logic of authentication","volume":"8","author":"Burrows","year":"1990","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Fouque, P., and Pointcheval, D. (2005). Password-based authenticated key exchange in the three-party setting. Lecture Notes in Computer Science, Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC\u201905), Les Diablerets, Switzerland, 23\u201326 January 2005, Springer.","DOI":"10.1007\/978-3-540-30580-4_6"},{"key":"ref_11","unstructured":"AVISPA (2021, July 20). Automated Validation of Internet Security Protocols and Applications. Available online: http:\/\/www.avispa-project.org\/."},{"key":"ref_12","unstructured":"(2021, July 20). SPAN: A Security Protocol Animator for AVISPA. Available online: http:\/\/www.avispa-project.org\/."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1625","DOI":"10.3390\/s120201625","article-title":"E-SAP: Efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks","volume":"12","author":"Kumar","year":"2012","journal-title":"Sensors"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1007\/s00530-013-0346-9","article-title":"Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks","volume":"21","author":"He","year":"2015","journal-title":"Multimed. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1007\/s12083-015-0408-1","article-title":"Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks","volume":"10","author":"Mir","year":"2017","journal-title":"Peer-to-Peer Netw. Appl."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"727","DOI":"10.1016\/j.future.2017.08.042","article-title":"A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks","volume":"82","author":"Wu","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"534","DOI":"10.1016\/j.compeleceng.2017.08.003","article-title":"An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks","volume":"69","author":"Challa","year":"2018","journal-title":"Comput. Electr. Eng."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1109\/JSYST.2019.2899580","article-title":"A secure three-factor user authentication protocol with forward secrecy for wireless medical sensor network systems","volume":"14","author":"Li","year":"2019","journal-title":"IEEE Syst. J."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"67555","DOI":"10.1109\/ACCESS.2020.2985719","article-title":"A privacy-preserving authentication, authorization, and key agreement scheme for wireless sensor networks in 5G-integrated Internet of Things","volume":"8","author":"Shin","year":"2020","journal-title":"IEEE Access"},{"key":"ref_20","first-page":"102502","article-title":"A robust authentication and access control protocol for securing wireless healthcare sensor networks","volume":"52","author":"Ali","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"196553","DOI":"10.1109\/ACCESS.2020.3035076","article-title":"Three-factor UCSSO scheme with fast authentication and privacy protection for telecare medicine information systems","volume":"8","author":"Hsu","year":"2020","journal-title":"IEEE Access"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1327","DOI":"10.1109\/JIOT.2017.2703088","article-title":"Mutual authentication in IoT systems using physical unclonable functions","volume":"4","author":"Aman","year":"2017","journal-title":"IEEE Internet Things J."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"102951","DOI":"10.1109\/ACCESS.2019.2931472","article-title":"End-to-end authenticated key exchange based on different physical unclonable functions","volume":"7","author":"Byun","year":"2019","journal-title":"IEEE Access"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"3474","DOI":"10.1109\/JIOT.2020.2970974","article-title":"A flexible and efficient authentication and secure data transmission scheme for IoT applications","volume":"7","author":"Fang","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Chen, Y., and Chen, J. (2021). An efficient mutual authentication and key agreement scheme without password for wireless sensor networks. J. Supercomput., 1\u201323.","DOI":"10.1007\/s11227-021-03820-6"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","article-title":"On the security of public key protocols","volume":"29","author":"Dolev","year":"1983","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Canetti, R., and Krawczyk, H. (2002). Universally composable notions of key exchange and secure channels. Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques\u2014Advances in Cryptology (EUROCRYPT\u201902), Amsterdam, The Netherlands, 28 April\u20132 May 2002, Springer.","DOI":"10.1007\/3-540-46035-7_22"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Kocher, P., Jaffe, J., and Jun, B. (1999, January 15\u201319). Differential power analysis. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-48405-1_25"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"30225","DOI":"10.1109\/ACCESS.2018.2844190","article-title":"2PAKEP: Provably secure and efficient two-party authenticated key exchange protocol for mobile environment","volume":"6","author":"Park","year":"2018","journal-title":"IEEE Access"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"e3929","DOI":"10.1002\/dac.3929","article-title":"Secure user authentication scheme with novel server mutual verification for multiserver environments","volume":"32","author":"Park","year":"2019","journal-title":"Int. J. Commun. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Lee, J., Yu, S., Kim, M., Park, Y., Lee, S., and Chung, B. (2020). Secure key agreement and authentication protocol for message confirmation in vehicular cloud computing. Appl. Sci., 10.","DOI":"10.3390\/app10186268"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"12879","DOI":"10.1109\/ACCESS.2021.3050402","article-title":"On the design of lightweight and secure mutual authentication system for global roaming in resource-limited mobility networks","volume":"9","author":"Shashidhara","year":"2021","journal-title":"IEEE Access"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"9954089","DOI":"10.1155\/2021\/9954089","article-title":"Secure patient authentication framework in the healthcare system using wireless medical sensor networks","volume":"2021","author":"Jan","year":"2021","journal-title":"J. Healthc. Eng."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"2776","DOI":"10.1109\/TIFS.2017.2721359","article-title":"Zipf\u2019s law in passwords","volume":"12","author":"Wang","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"85627","DOI":"10.1109\/ACCESS.2019.2926578","article-title":"Physically secure lightweight anonymous user authentication protocol for internet of things using physically unclonable functions","volume":"7","author":"Banerjee","year":"2019","journal-title":"IEEE Access"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"8804","DOI":"10.1109\/JIOT.2019.2923611","article-title":"AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment","volume":"6","author":"Wazid","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Lee, J., Kim, G., Das, A.K., and Park, Y. (2021). Secure and efficient honey list-based authentication protocol for vehicular ad hoc networks. IEEE Trans. Netw. Sci. Eng.","DOI":"10.1109\/TNSE.2021.3093435"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Boyko, V., MacKenzie, P., and Patel, S. (2000). Provably secure password-authenticated key exchange using Diffie-Hellman. Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Bruges, Belgium, 14\u201318 May 2000, Springer.","DOI":"10.1007\/3-540-45539-6_12"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"192177","DOI":"10.1109\/ACCESS.2020.3032680","article-title":"Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain","volume":"8","author":"Son","year":"2020","journal-title":"IEEE Access"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"107046","DOI":"10.1109\/ACCESS.2020.3000790","article-title":"On the design of secure and efficient three-factor authentication protocol using honey list for wireless sensor networks","volume":"8","author":"Lee","year":"2020","journal-title":"IEEE Access"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"54796","DOI":"10.1109\/ACCESS.2021.3071499","article-title":"Design of secure decentralized car-sharing system using blockchain","volume":"9","author":"Kim","year":"2021","journal-title":"IEEE Access"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"1005","DOI":"10.1109\/SURV.2013.091513.00050","article-title":"A survey of SIP authentication and key agreement schemes","volume":"16","author":"Kilinc","year":"2013","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"580","DOI":"10.1109\/JIOT.2018.2846299","article-title":"Lightweight and privacy-preserving two-factor authentication scheme for IoT devices","volume":"6","author":"Gope","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"2070","DOI":"10.1002\/sec.1464","article-title":"An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks","volume":"9","author":"Das","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Shnayder, V., Hempstead, M., Chen, B.R., Allen, G.W., and Welsh, M. (2004, January 3\u20135). Simulating the power consumption of large-scale sensor network applications. Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems, Baltimore, MD, USA.","DOI":"10.1145\/1031495.1031518"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/18\/6039\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:59:37Z","timestamp":1760165977000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/18\/6039"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,9]]},"references-count":45,"journal-issue":{"issue":"18","published-online":{"date-parts":[[2021,9]]}},"alternative-id":["s21186039"],"URL":"https:\/\/doi.org\/10.3390\/s21186039","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,9]]}}}