Lightweight Authentication Protocol for NFC Based Anti-Counterfeiting System in IoT Infrastructure

Counterfeit medications are known as the medications that were manufactured for the purpose of deceptively representing as authentic, effective and original in the market. Such medications cause severe health issues for patients. Counterfeited drugs have an inimical effect on the human health. The legal manufacturing companies also face threats to their revenue loss due to these counterfeited medicines. In this paper, we introduce a novel authentication protocol for anti-counterfeited drugs systems based on Internet of Things (IoT) to help checking the validity of drugs “unit dosage”. Our protocol uses the near-field communication (NFC) as it is convenient for mobile environment. The protocol also offers reliable update phase for NFC. Furthermore, our scheme is complemented with performance evaluation along with the use of random oracle model for formal security analysis. We also evaluate our protocol broadly using Py-Charm tool. Results show that proposed protocol resists most of common related flaws almost in equal computing cost with more added security features.


I. INTRODUCTION
The broad majority of business extensively utilizes the innovative technology of Internet of Things which is persuading almost every facet of the world. However, the nature of public communication over the Internet makes the objects and devices of IoT vulnerable to numerous cyber-attacks. Moreover, various standard solutions of security developed for enterprise systems are not efficient and implementable to IoT devices. This becomes even more serious in the case of sensitive and critical systems such as anti-counterfeiting which is constructed by the use of IoT infrastructure. As a result, the critical systems of IoT based anti-counterfeiting face various protection and security challenges. Therefore, it is crucial to observe IoT specific security attacks and develop a reliable, scalable, and secure mechanisms of security.
The associate editor coordinating the review of this manuscript and approving it for publication was Weizhi Meng . Counterfeit medicines are defined by World Health Organization (WHO) as those are fraudulently and deliberately unlabeled with identity [1]- [3]. Various products that are counterfeited, cause problems to various manufacturing companies such as automotive parts, jewelry, cosmetic, software food and beverage etc. Pharmaceutical products have serious threats from it. The counterfeit medicines do not offer any countermeasure to diseases, that is why the people, who use these medicines, suffer a lot. The legal manufacturing organizations are threatened by this problem because it causes loss in their revenue. Worldwide, the annual sale of counterfeit products is estimated as US$ 650 billion by the International Chamber of Commerce of Geneva [4].
WHO also estimated that the utilization of counterfeit products has caused almost 100,000 deaths in Africa in a year. According to the British ''International Policy Network', there were almost 700,000 death cases in a year due to utilization of tuberculosis and malarial medicines. Counterfeiting can happen with local as well as branded products. In some area of Latin America, Africa and Asia, the sale of VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ counterfeited medicines are more than 30%, as noticed by WHO. It has been also reported that anti-malarial, steroids, hormones, anti-viral, anti-biotic and anti-cancer are general counterfeited medicines [1]- [3]. At the same instant, different organizations of various countries are trying to overcome the problem of counterfeited drugs. According to Xinhua News Agency of China, China is utilizing the technology in which each medicine package that is sealed with anti-counterfeit labels are traced and recognized. The border posts and airports in African countries use hand-held spectrometer, known as Tru-Scan, for the detection of counterfeit drugs with the help of their chemical composition analysis. Counterfeit drugs are also being detected by the simple and free-text message technologies. Companies such as Sproxil and mPedigree Network developed a system in which the labels on medicine packages with an encrypted code is used by the legal medicine manufacturing companies. The label on the drug package is scratched-off by the user who wants to buy that drug and send the code to the company's system which checks the authenticity of medicine packet without any cost. After the verification of medicine packet, the system sends the response message to that user, whether the drug is fake or actual. Therefore, the drug package is known to authentic easily by the customer without any cost. But, the issue is that, this technique needs a lot involvement of user as it is not automated because users are required to remove the label and then to write the code and sending to the system [1]- [3].
Radio Frequency Identification (RFID) allows the identification of different items that use radio waves. A RFID reader usually communicates with RFID tags which have microchips containing the digital information [5]. To prevent counterfeiting, the anti-counterfeiting technology based on RFID has evolved as a powerful tool, because it has generally used anti-counterfeited approach (for example, chemical markers, finger-prints, shifting-inks, and colors). However, the automatic validation of authentic products are not used by these methods.
The technology that enables different devices for communicating directly with each other without any use of central infrastructure networking (i.e. base station and access point) is known as Device-to-Device (D2D) communication [6]. Some common applications of D2D communications depend on Wi-Fi direct, blue-tooth and near field communication. NFC is a high frequency short-range wire-less communication technology, in which NFC enabled devices can communicate with each other up-to 10cm distance. The small amount of data is stored in microchips of NFC tags for transmitting to another NFC supported devices, like mobile devices. The technology of NFC is an enhanced version of the current RFID technology. Such technology provides facility to single device for containing both the interface of a reader and smart card. The data can easily be shared between NFC-based devices [7]- [9].
Recently, numerous authentication schemes have been developed for the networks of wireless sensor and ambient-assisted living system [10]- [17]. A new anonymous authentication scheme is presented by Yan et al. [18] in which trust levels and pseudonyms are authenticated in order to provide reliable social networking with secured privacy. Afterwards, various anti-counterfeiting techniques based on RFID have been proposed [5], [19]- [23]. But, the most existed anti-counterfeiting protocols based on RFID are insecure and having various flaws, like main-in-the middle, replay and reader impersonation threats. Some of them do not have sufficient capability for the mobile environment, also do not have adequate RFID changing phase with non user friendly environment. The anti-counterfeiting methods based on NFC are very helpful for mobility environment which have no requirement of card reader as customers just need a mobile device with enabled NFC to interpret the information saved in NFC-tag and transmits to the service provider.
In our protocol, after every successful transaction or process of verification, the NFC tag record is updated in the repository. If there is a number of repositories between the user and the manufacturing company, then at every repository, the transaction of each NFC tag is required to be updated. These records are maintained at distributed database servers. These updated records can be observed by the respective database administration that where, when, and who updates the NFC tag. It also check whether a legal party updates the NFC tag or not.
A new authentication protocol for the system of drug anti-counterfeiting in IoT environment is presented in this paper. Our protocol has the capability for the validation of online drug dosage forms with the help of mobile device. The counterfeiting of drug dosage forms are prevented by the proposed scheme. The protocol offers a secure and robust mechanism of mutual-authentication between the server and NFC tag attached to the form of drug dosage. In the proposed protocol, the NFC operated on mobile devices is used as an interface between the server and the NFC tag that helps in reading the stored information in NFC-tag and transmits this info to the server. Then, drug dosage forms are authenticated by the server and the response message is sent to the user of NFC enabled mobile device. At the end, the customer can easily take his decision after receiving the response from the server whether the drug is able to purchase or not.
Section II explains the underlying system, its workflow and it integration with proposed authentication protocol. Section III exhibits commonly utilized notations and preliminaries. Section IV explains the scheme's related work. Whereas, Section V describes the details of the devised protocol. The rigid security analysis of our proposed protocol is given in Section VI. The performance comparison and analysis of the proposed protocol against related protocols is carried out in Section VII. Section VIII concludes the work with sated remarks.

II. ANTI-COUNTERFEIT SYSTEM
This section presents the underlying system's architecture, its workflow and its integration with a proposed authentication procedure. The details is delineated as follows:

A. SYSTEM ARCHITECTURE AND DESCRIPTION
The interconnection of different objects and devices through the Internet is known as Internet of Things.
The cloud and IoT based systems for anti-counterfeit are realised by developing a portal for anti-counterfeit. Such system design is shown in Fig. 1. The existence of the portal ensures to customers that the drug that they are about to purchase are legitimate and not injurious to health. The system is used by the manufacturers, retailers, distributors, and customers. The interaction and working of these users are elaborated as follows.

1) ADMINISTRATOR
The policies of the mechanism of anti-counterfeit is described by the administrator. The privileges are set by him to get access to the system. The system of code generation is maintained by the administrator and also the web services are provided to end users and clients by only him. The database of user's information and the data which helps to enable the authentication of product, is maintained by the administrator. The description of the product given by the manufacturer are also certified by the administrator so that fake drug products can easily be identified by the customers by scanning the purchased product. Moreover, the service or system updates can be offered by the administrator.

2) MANUFACTURER
The drug products are registered and the related details are entered in database by the web services. The system engenders a particular code for each drug product. Only corresponding manufacturer can access that unique code. That code is printed on related drug item in order to facilitate the authentication of each drug product using database that is maintained on the main server at the manufacturer end.

3) ULTIMATE USERS
Retailers, customers and distributors are assumed as ultimate users and the role of these end users are elaborated as follows:

1) Retailers and distributors:
From manufacturers to customers, the process of drug tracking and delivering is the responsibility of retailers and distributors. The received product is authenticated by them and the tracking record of drug products are also updated by them on the database using APP or text message through an Internet browser or mobile device. If the tracking record is maintained at each level, then in the future, it can help to trace that at which level it is counterfeited.

2) Consumer:
The originality of drug product using APP or text message can be checked by consumers with the help of computer or mobile. To verify the validity of the drug product by the anti-counterfeit system, the uncommon NFC tag is provided by customers. If the product is successfully authenticated then the condition of status in database is set as sold automatically, in order to prevent counterfeit. So, in this way, they can claim for the counterfeited product, if the status is already set to sold or authentication of product is not valid. Furthermore, the product feedback can be directly provided by the consumer to the manufacturer.

B. ANTI-COUNTERFEIT SYSTEM WORKFLOW
The working of the system of anti-counterfeit is described as follows: Anti-counterfeit portal helps the end users such as distributors, retailers and consumers to check the authenticity of the drug packet through computer or mobile device. The status of the product with particular tag can be verified by the customers. If the product with particular tag is not already sold then the customer is intimated through message that the product is genuine. This successful verification proceed and the product purchase status is set to sold with the that particular tag. However, if the sold status is already found set then customer is immediately intimated that the product you are going to purchase is fake or tempered. Instantly an alert message is also sent towards the manufacturer about this event. The authentication process is facilitated by a unique NFC tag which is placed on each product. These properties help the customers to check whether the status of the product is set as sold in early or not. If the status is set earlier then obviously the drug product is counterfeited so in this way the system gives the warning to the manufacturer and the user. The information about the original product in the system must have to be maintained by manufacturer, so that the authentication is facilitated. Then the system engenders a unique NFC for each item. The specific database of concerned system is used to keep the product related information. There are two important function in anti-counterfeiting (1) Authentication VOLUME 8, 2020 method (2) NFC code tracking and generation. These functions are described as follows:

1) TRACKING AND CODE GENERATION OF NFC
The blueprint of NFC tracking and code generation is given in Fig. 2, with the following details: Step 1: The anti-counterfeiting web services is accessed by manufacturers for their product registration by giving the relevant information. After providing the information, the approval request is sent to administrator to ensure the product registration.
Step 2: The received information upon approval request, is verified by the administration in order to register the products. Then, a request to system of code generation is sent after successful verification, otherwise manufacturer approval request is canceled.
Step 3: A unique code is generated by the system for each product item according to some standard algorithm of code generation. This manufacturer is notified by this engendered code and the database is also updated with this code. The product is assigned as a sold status which remains unset until the item is sold.

2) CODE GENERATION
There are various methods for code generation [24] discussed in the literature for preventing the medicine from counterfeiting. Basically, generated codes are used to check the legitimacy of medicine. The mechanism of code generation must be economical, fast and reliable. These codes should be easy for layman to check and robust enough to counterfeit. It is hard to design a perfect mechanism for code generation with all these discussed properties [25]. It is stated by the Food and Drug Administration (FDA) that almost all mechanisms for anti-counterfeiting are susceptible [26]. Here, a modified mechanism for code generation is described on the basis on the mechanism described in [27]. The next subsection is the brief description of the introduced code generation method.

3) ALPHANUMERIC TOKEN (AT)
Following are the entities involved in AT: 1) Product IDs: A unique identity is designated to each item which is tagged on its packing. Each layer of packing has different length of code. Secondary packing is tagged with 4 characters, 2 letters with 2 digits. 3 characters are assigned to tertiary packing in which first is a letter

4) PSEUDO RANDOM SELECTION RULES OF PRODUCT ID
• There should be unique ID of product within packing of tertiary layer. Same IDs can be of different cottons.
• ID should not be a predictable serial number but should be pseudo arbitrary.
• Each packing ID should be followed by specific format.
• The possible number of IDs should be 1500 times more than the item which is hold by tertiary container.

C. AUTHENTICATION PROCEDURE
The authentication procedure shown in Fig. 3 allows retailers, distributors and consumers to validate the legitimacy of specific product and the product tracking record can also be updated by retailers and distributors. Following is the briefly description of this procedure.
Step 1: When the anti-counterfeit system is accessed with the help of computer or mobile device by the end users then this procedure launches.
Step 2: The product NFC is provided by the end users. This NFC is decrypted by the system of anti-counterfeit.
Step 3: The information about expiry date and specific code of the product is recovered and authenticated after decrypting the NFC.
Step 4: The results can be recovered and viewed by the end users with the help of specific product code.
Step 5: At the last step of authentication method, the ultimate user is checked by the system, then the sold status of product is checked by the system if he is customer.
Step 6: The product item is set as sold status after authenticating the product successfully in order to identify the same product whether it is counterfeit or original.
Step 7: The product track record is updated by the system, if distributors and retailers are the end users. And in this case the sold status of product is not set by the system.

III. PRELIMINARIES
The hash functions, elliptic curve cryptography, and adversarial model that are used in this paper are described in this section.

A. HASH FUNCTIONS
By taking an input string O = H (String) of random size, a fixed size output is generated by hash. Generated output is called hash code. Any change in the value of string can cause a huge difference. A secure one way hash operation has following specification: • If the string is described, it is effortless to obtain O = H (String).
• If O = H (String) is described, it is impossible to find out the string.
• It is mundane task to distinguish input of String 1 and String 2 so that H (String 1 ) = H (String 2 ). This property is called collision resistance. where attacker is allowed to select a pair (String 1 , String 2 ) randomly. Attacker's pair is calculated against the randomly selections taken up with-in polynomial time (t). The resistance of collision conclude that Adv HASH A Adv (t) ≤∈, whereas ∈> 0, is an enough tiny value.

B. ELLIPTIC CURVE Cryptography(ECC)
The Elliptic curve equation is defined in the form E p (e, f ): , e, f and 4e 3 + 27f 2 = 0 (mod P). Where P is a selected huge prime number, the size of P is ≥ 160 bits. Scalar product is gained by repeated addition e.g. nt = t + t + t + · · · + t(ntimes), over a determined t a point on E P (e, f ) and the multiplier n. The variables (e, f , t, P, n) should be a part of limited field F P . E is supposed to be the abelian group. Whereas O, is stated as the ID's infinity point.

1) DEFINITION 2 (LOGARITHMIC ISSUES IN ECDLP)
ECDLP: is given two specified points over R, V ∈ E P (e, f ), calculate n a scalar so that R = nV . The chances that A Adv can determine n in polynomial time(T ) are described as Adv ECDLP

C. THREAT MODEL
The familiar attacker model is deliberated in this article, as declared in [28] and [29]. Where the following considerations are followed as per the expertise of the attacker A Adv :

1) A Adv has full control over the open communication channel.
A Adv is adept to eliminate, amend, rerun, interrupt or can transmit a new replicated message. 2) The confidential information saved in the smart card can be excerpted by A Adv , by doing power analysis. 3) A Adv can be a deceitful or intruder user or service provider of the system. 4) The identities of registered servers and users are not secret but familiar to insiders. 5) The attack on server cannot be launched by A Adv because the server is assumed to be secured.

IV. RELATED WORK
Chio et al. [5] presents an anti-counterfeiting method for products tracing & tracking and also studies numerous related RFID based anti-counterfeiting systems. The customer can authenticate the originality of the products which he selects to buy the products by the contributed system. Kim et al. [30] presents an application level system for anti-counterfeiting, which engages a RFID reader accessible to a customer's device and ensures originality of products. Kim et al.'s [31] proposed system is utilized to trace and track a product for entire life cycle using RFID tags, which authenticates product packages. This system utilizes location information system and on the basis of obtained information, can take right decision about the authenticity of product.
Public key cryptography can be utilized in the systems of anti-counterfeiting for product authenticity but key factor is its implementation in RFID tags. Batina et al. [20] studies Public-key cryptography anti-counterfeiting system for implementation feasibility. Jang et al. provides survey on methods used in this system and to make RFID tags also discuss in this survey. Furthermore, this survey provides research direction in anti-counterfeiting systems.
Chen et al. [21] introduces anti-counterfeiting secure transaction protocol, which able to do online authentication. This protocol uses one-way hash function, public key cryptographic functions, signature creation, and verification. Conversely, this protocol has some security boundaries, such as it does not offer RFID tag cloning and strong replay attacks protection.
Anti-counterfeiting protocol is presented by Rau and Hsiao [32] in which a new RFID approach is used to prevent different flaws, for example counterfeit, replay and forward key security attack. Conversely, this protocol has some security boundaries, such as it does not offer RFID-tag replication and strong replay attacks protection. Also, session key security is not provided by this protocol. Blass et al. [33] and Zanetti et al. [34] introduced a protocol, which allows object Authenticity in supply chains based on RFID. In [34], replication of tag is observed from a central detector. Tuyls et al. [35] reviews the methods that define the replication of RFID-tags, which is also used in anticounterfeiting applications.

V. PROPOSED SCHEME
This section discusses the proposed scheme for anticounterfeiting which consists of two stages: Registration, Login and Authentication stages. Each stage is described below in detail and as demonstrated in Fig. 4.

A. REGISTRATION STAGE
In order to register a product, the manufacturer sends EPC to the server S Auth and performs the following subsequent steps: REG 1: The manufacturer generates EPC and sends it to the server S Auth through private channel. REG 2: After getting the information, the server calculates N F C in which private key of the server is concatenated with EPC and a one-way hash function is applied on it.
REG 3: At the end the server S Auth stores {N F C, EPC, Flag = 0} to his database, and sends the N F C back to the manufacturer to engraved on the tag.

B. LOGIN AND AUTHENTICATION STAGE
Once the EPC of product is registered to the server S Auth successfully, N F C is generated and provided to the manufacturer. Now the user U p can scan it by N F C scanners to get the detail about the product by follows: Step AP1: Firstly mobile user scans N F C and selects the random number a 1 to calculate the following: and send the request message {DID u , B 1 , A u } to the server.
Step AP2: On obtaining the request message {DID u , B 1 , A u } from MU u , the server calculates the following: After the calculation of EPC server set flag to 1. Moreover server extract flag from DB by corresponding EPC. If the extracted flag is equal to 1, the session is aborted, otherwise the flag is updated to 1 in DB.
Step AP3: Using the server's private key x the server S Auth computes: and checksÁ u ? = A u . If it does not match, the session is aborted. Otherwise server engenders an arbitrary nonce a 2 and compute the following: Step AP4: Later, the server sends the challenge message Step AP5: Finally both the MU u and the server S Auth agrees on a shared common session keý SK = SK .

VI. SECURITY ANALYSIS A. INFORMAL SECURITY ANALYSIS
A complete informal security analysis for Anti-Counterfeiting protocol is described in this section. The following are the major features that the proposed protocol provides and also the major attacks that are prevented by the scheme.

1) MUTUAL AUTHENTICATION
Whenever the mobile user scans N F C tag for session initiation it sends the request message {DID u , B 1 , A u } to server. On receiving the requested message the server calculates the incoming literals and calculates the reliability of EPCÁ Similarly, the server is authenticated by the mobile user by verifyingÁ Where NFC involves the server private key which can only be computed by the legitimate server. So our scheme offers robust mutual authentication.

2) SERVER IMPERSONATION
Adversary cannot impersonate as a legitimate server because the calculation of N F C involves the server private key. So only the legitimate server can calculate the value of N F C N F C = h(x, EPC)P VOLUME 8, 2020 Moreover, the calculation of S Auth signature AS cs also involve N F C So the N F C value can only be calculated by legitimate server. Therefore our scheme resists server impersonation attack.

3) MAN-IN-THE-MIDDLE
Assume that if the attacker A Adv intercepts the login request information {DID u , B 1 , A u }, but the requested message can not be changed by him because the DID u that is transmitted through the public communication channel is different for each session. Moreover, A u has EPC concatenated with N F C and B 1 . A u = h 3 (EPC, B 1 , B1, N F C) and for N F C server private key is required. So, our devised scheme has a robust ability to resist man-in-the-middle attack.

4) REPLAY ATTACK
For each session random variable are generated by both MU u and S Auth if the adversary intercepts the request message, he can not reply it later, because for each session the challenge message against requested message contains different values.

5) PERFECT FORWARD SECRECY
The session key computed by S Auth includesB 1 and B 2 which are user's MU u specific & S Auth specific arbitrary nonce from both sides, respectively. Thus, if A Adv obtains long term secrete key of any participant, still he will not be able to get the previous session key. Hence the our introduced scheme offers perfect forward secrecy.

6) NO CLOCK SYNCHRONIZATION
Time Stamp is not used in the introduced scheme, instead a random number from each side for each session is generated. So no clock Synchronization is required.

B. FORMAL SECURITY ANALYSIS
For analysis purpose, the following oracles are defined in order to show that the proposed protocol withstands all the major attacks by adversary.
• Reveal: The oracle yields a string S is output from one way hash function U = h(S) • Extract: The oracle yields the scalar multiplier X out of a given elliptic curve points O = XP and P. Theorem 1: The proposed Protocol is unassailable and withstand A for secrecy of MU u 's, the server's private key (x) and SK between MU u & S Auth under the strict ECDLP supposition and contemplate the protected one-way hash functions as random oracle model.
Proof 1: Let A Adv with the potential to determine MU u 's of the system, S Auth 's private key x and SK session key. To achieve such purpose A Adv implements the algorithmic experiment EXPE1 HASH ,ECDLP A Adv ,PRUAS against the introduced  ⊕ h(B 1 , B 1 ), B 1 = a 1 P, A u = h (EPC, B 1 , B 1 , N F C) 2: if (B 1 = xB 1 ) then 3: Call Reveal oracle on EṔC and get (DID u ⊕  h(B 1 , B 2 )) ← Reveal(EPC) 4: Set Flag = 1 5: Extract Flag from DB by corresponding EPC 6: if Flag = 0 then 7: Update the Flag = 0 + 1 in DB 8: Call Extract oracle on N F C to get h(x, EṔC)P ← Extract(Ń F C) A Adv ,TFBAMS (t e , q ext , q rev ) = max A Adv (Succe 1 ). Where A Adv can utilize utmost q ext and q rev queries. The experiment indicates that A Adv can only compute x and SK if and only if A Adv can (i)reverse secure hash function and (2) find out the ECDLP. However, according to Def III-A.1, it is practically impossible to reverse one-way hash functions, also by Def III-B.1, it is practically infeasible to compute ECDLP. However, we have Advt1 ECDLP,HASH A Adv ,PRUAS (t, q rv , q ex ) ≤ . Therefore, the introduced protocol is withstand an attacker A Adv to compute MU u 's of the system, S Auth the server's secret key x and the session key SK .

VII. PERFORMANCE EVALUATION
The comparison between our protocol and various relevant existing schemes [21], [32], [36], [37] in terms of the computation and communication cost of login and authentication stage is discussed in this section. The security features of the introduced protocol and existing related schemes have been compared. As the registration phase is considered one time process, it is not covered in this evaluation. The NFC update phase has been used in the performance evaluation of existing schemes, but instead of updating NFC we have used flag value that automatically updates when a product is get purchased. The usage of the flag makes our scheme cost effective as compared to related schemes as shown in Table 2.

A. COMPARISON OF THE COMPUTATION COST
The analysis of computation cost between the proposed and existing schemes [21], [32], [36], [37] is shown in the Table 2. We have considered the following notations that have been used in both the proposed and existing schemes.   have been ignored and not included in the calculation of overall computation cost.
The comparison of the total computation cost between our devised and the related protocols is displayed in the Fig. 5. The list of all protocols is shown horizontally in the graph and execution time (in ms) of the computation cost is shown vertically. It can be seen that the computation cost of our protocol is far less than most of the existing protocols.

B. COMPARISON OF COMMUNICATION OVERHEAD
The comparison of the number of transmitted messages and communication overhead of our proposed protocol with related schemes [21], [32], [36], [37] is shown in Table 3. The length of EPC consists on 96 bits while the large prime number P that is used for the point multiplication consists on 160 bits. Furthermore, the length of randomly generated numbers, timestamps, symmetric encryption/decryption using AES algorithm and the hash function are 128, 32, 128 and 160 bits respectively. Table 3 shows that the required number of communication bits for the proposed scheme are less than the required bits of [21] and [37] while little bit higher than [32] and [36]. Figure 6 shows the communication cost comparison between our protocol and related ones. All the protocols are shown on X axis of the graph, while communication bits are shown vertically. It can noticed that our protocol takes few number of bits as compared to some of the existing protocols, which is evident to the efficiency of our protocol.

C. COMPARISON OF THE SECURITY FEATURES
The proposed scheme have aided security and functionality features as it provides resistance against User impersonation, Server impersonation, Replay and Man-In-Middle attacks.  Furthermore, the proposed scheme provides perfect forward secrecy. As no time stamp is used, there is no clock synchronization in the proposed scheme. Table 4 shows the comparative analysis of security features among the proposed and related protocols [21], [32], [36], [37]. Table 4 indicates that the related protocols are insecure against some attacks, while the proposed protocol is secure against major security attacks.
where the features: SF1: resistance against user impersonation MU u attack; SF2: provision of mutual authentication; SF3: resistance against server impersonation S auth attack; SF4: replay attack protection; SF5: Man-In-Middle attack resilience; SF6: provision of perfect forward secrecy; SF7: no clock synchronization. : indicates that a scheme is secure against that feature; : indicates that a protocol is insecure or does not provide against that feature.
At the end, after considering Table 2, 3 and 4 it can be said that our proposed protocol takes far less computation and communication cost compared to many of the existing protocols. The proposed protocol also provides aided security features that existing protocols do not offer.

VIII. CONCLUSION
We introduced a novel authentication protocol for anticounterfeited drugs systems based on Internet of Things. The scheme helps to check the validity of the drugs. It has been demonstrated that our proposed protocol is able to resist all the known attacks while preserving the novel approaches and functionalities. Furthermore, the security analysis shows that proposed protocol offers a better security and thus protect against most common attacks. The analysis of performance evaluation and formal security indicates that our protocol is also comparably better in term of computation cost and communication overhead. Additionally, the protocol has been evaluated using Py-Charm tool. In general, proposed scheme can be considered suitable for the anti-counterfeited medicines for added security features it provides. BANDER A. ALZAHRANI received the M.Sc. degree in computer security and the Ph.D. degree in computer science from Essex University, U.K., in 2010 and 2015, respectively. He is currently an Assistant Professor with King Abdulaziz University, Saudi Arabia. He has published more than 27 research articles in international journals and conferences. His current research interests include wireless sensor networks, information centric networks, Bloom filter data structure and its applications, secure content routing, and authentication protocols in the IoT.
KHALID MAHMOOD received the M.S. degree in computer science from Riphah International University, Islamabad, Pakistan, in 2010, and the Ph.D. degree in computer science from International Islamic University, Islamabad, Pakistan, in 2018. His Ph.D. dissertation is secure authenticated key agreement schemes for smart grid communication in power sector. He is currently with COMSATS University Islamabad, Sahiwal Campus. His research interests include lightweight cryptography, smart grid authentication, authenticated key agreement schemes, and the design and development of lightweight authentication protocols using lightweight cryptographic solutions for diverse infrastructures or systems like vehicular ad hoc networks, smart grid, and Telecare medical information system (TMIS).
SARU KUMARI received the Ph.D. degree in mathematics from Chaudhary Charan Singh University, Meerut, India, in 2012. She is currently an Assistant Professor with the Department of Mathematics, Chaudhary Charan Singh University. She has published more than 133 research articles in reputed international journals and conferences, including 115 publications in SCI-indexed journals. Her current research interests include information security and applied cryptography. She is a Technical Program Committee Member of many international conferences. She is on the Editorial Board of more than 12 journals of international repute including seven SCI journals. She served as the Lead/Guest Editor for four Special Issues in SCI journals of Elsevier, Springer, and Wiley.