LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things
Abstract
:1. Introduction
- (1)
- To address the current security issues frequently encountered in healthcare IoT systems, we designed a three-factor IoHT-based protocol that incorporates authentication and key negotiation, thereby guaranteeing privacy and access control.
- (2)
- The introduction of biometrics, which protects the anonymity of users with unique information, can provide better user experience and privacy protection. In addition to using common one-way hash functions and simple XOR operations, we adopted asymmetric encryption and decryption in the protocol to provide higher security.
- (3)
- Based on a shared ROR model, we performed a formal security analysis to evaluate the security, soundness, and integrity of the session key and protocol. Moreover, the informal security analysis provided strong evidence that the protocol is resistant to currently known security attacks.
- (4)
- We conducted a comparative study and analyzed the performance of several protocols of the same type, taking into account the computational cost, time efficiency, and security properties. The results demonstrated that our protocol exhibits a significant performance advantage.
2. Related Work
3. Proposed LAP-IoHT
3.1. Network Model
- (1)
- Wearable sensors are set on the bodies of patients. They can observe various body indicators, such as the electrocardiogram (ECG), electromyography (EMG), electroencephalogram (EEG), respiratory rate, pulse, blood pressure, blood glucose, and oxygen saturation. These wearable sensors should be registered with a gateway before being deployed to human bodies for precise management.
- (2)
- Users are organizations or groups of people who can view the health data of patients. For example, users may be hospital administrators, doctors, pharmacists, nurses, families of patients, data analysts, and drug trialists. If a person needs to enter the network and view patient medical data, the person must register with the gateway in advance and become a legitimate user with the appropriate authorities.
- (3)
- The gateway in our IoHT architecture acts as a trusted server. Prior to entering this network, all wearable sensors and users should register with the gateway. Subsequently, the gateway manages the list of all sensors and legitimate users.
3.2. LAP-IoHT
3.3. User Registration Phase
- (1)
- prepares his or her own and and unique biometric and selects a random number . Subsequently, computes , , , and . Thereafter, transmits , , to .
- (2)
- first verifies whether has already been registered. Thereafter, calculates , , , and . Subsequently, stores in its database and transmits , , to .
- (3)
- computes and , and then stores , , , , in his or her smart card.
3.4. Sensor Registration Phase
- (1)
- sends its identity to .
- (2)
- generates a random number b and calculates the pseudo-identity of , where . Subsequently, calculates and with its own private key . also uses an asymmetric encryption system to encrypt with the public key of . At this point, calculates , sends , to , and stores , in the database.
- (3)
- stores , in its own memory.
3.5. Login and Authentication Phase
- (1)
- inserts his or her smart card into a smart card reader/computer and provides his or her identity , password , and biometrics . This computer calculates , , and , where and . Subsequently, it determines whether is equal to M stored in the smart card. If , the computer generates and timestamp and calculates , , and . calculates and then sends to .
- (2)
- first verifies the freshness of and retrieves the corresponding from its own database according to . Thereafter, calculates , , and . If and the received are equal, generates a random number and current timestamp . Subsequently, calculates , , , , , and . Thereafter, transmits , , , , to .
- (3)
- verifies the freshness of and then obtains by decrypting L with his or her private key . Thereafter, calculates , , , , and . determines whether is the same as the received . If so, generates , , and computes , , , and . Finally, calculates the session key as . At this point, transmits , , , to .
- (4)
- first verifies the freshness of , and calculates , , and . Subsequently, verifies the legitimacy of by determining whether is equal to . If they are equal, generates a timestamp , computes , , and , and produces a session key . provides for mutual authentications with the user and sends , , , , to .
- (5)
- The computer of inspects the timestamp from , and computes and . Thereafter, it calculates and verifies whether . Subsequently, it calculates , where . At this time, can successfully calculate the session key . Obviously, , , and have the same session key at this point.
4. Security Analysis
4.1. Adversary Model
- (1)
- can eavesdrop, block, replay, alter, and delete messages that are sent over a public channel.
- (2)
- can steal the smart card or smart device of a user and obtain the information stored therein.
- (3)
- can capture a sensor node to extract the information stored therein.
- (4)
- can obtain the long-term key of the gateway and acquire the contents stored therein as an internal privileged person.
4.2. Protection against Well-Known Attacks
4.2.1. Replay Attack
4.2.2. User Impersonation Attack
4.2.3. Server Impersonation Attack
4.2.4. Privileged Insider Attack
4.2.5. Known Session Specific Temporary Information Attack
4.2.6. Stolen Smart Card Attack
4.2.7. Perfect Forward Security
4.3. ROR Security Analysis
4.3.1. ROR Model
4.3.2. Security Proof
4.4. Security Comparisons
5. Performance Comparison
5.1. Computation Time
5.2. Communication Cost
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Abbreviations
IoT | Internet of Things; |
WSN | Wireless sensor network; |
IoHT | Internet of Health Things; |
ECG | Electrocardiogram; |
EMG | Electromyography; |
EEG | Electroencephalogram; |
DY | Dolev–Yao; |
ROR | Real-or-Random; |
XOR | Exclusive OR; |
DoS | Denial of service. |
References
- Huang, X.; Xiong, H.; Chen, J.; Yang, M. Efficient Revocable Storage Attribute-based Encryption with Arithmetic Span Programs in Cloud-assisted Internet of Things. IEEE Trans. Cloud Comput. 2021. [Google Scholar] [CrossRef]
- Liu, G.; Zhu, Y.; Xu, S.; Chen, Y.C.; Tang, H. PSO-based power-driven X-routing algorithm in semiconductor design for predictive intelligence of IoT applications. Appl. Soft Comput. 2022, 114, 108114. [Google Scholar] [CrossRef]
- Chen, X.; Zhang, J.; Lin, B.; Chen, Z.; Wolter, K.; Min, G. Energy-efficient offloading for DNN-based smart IoT systems in cloud-edge environments. IEEE Trans. Parallel Distrib. Syst. 2021, 33, 683–697. [Google Scholar] [CrossRef]
- Shen, S.; Yang, Y.; Liu, X. Toward data privacy preservation with ciphertext update and key rotation for IoT. Concurr. Comput. Pract. Exp. 2021, e6729. [Google Scholar] [CrossRef]
- Cheng, H.; Shi, Y.; Wu, L.; Guo, Y.; Xiong, N. An intelligent scheme for big data recovery in Internet of Things based on multi-attribute assistance and extremely randomized trees. Inf. Sci. 2021, 557, 66–83. [Google Scholar] [CrossRef]
- Cheng, H.; Wu, L.; Li, R.; Huang, F.; Tu, C.; Yu, Z. Data recovery in wireless sensor networks based on attribute correlation and extremely randomized trees. J. Ambient. Intell. Humaniz. Comput. 2021, 12, 245–259. [Google Scholar] [CrossRef]
- Zou, W.; Guo, L.; Huang, P.; Lin, G.; Mei, H. Linear time algorithm for computing min-max movement of sink-based mobile sensors for line barrier coverage. Concurr. Comput. Pract. Exp. 2022, 34, e6175. [Google Scholar] [CrossRef]
- Chu, S.C.; Dao, T.K.; Pan, J.S. Identifying correctness data scheme for aggregating data in cluster heads of wireless sensor network based on naive Bayes classification. EURASIP J. Wirel. Commun. Netw. 2020, 2020, 52. [Google Scholar] [CrossRef] [Green Version]
- Xue, X.; Jiang, C. Matching Sensor Ontologies with Multi-Context Similarity Measure and Parallel Compact Differential Evolution Algorithm. IEEE Sens. J. 2021, 21, 24570–24578. [Google Scholar] [CrossRef]
- Fan, F.; Chu, S.C.; Pan, J.S.; Lin, C.; Zhao, H. An optimized machine learning technology scheme and its application in fault detection in wireless sensor networks. J. Appl. Stat. 2021, 1–18. [Google Scholar] [CrossRef]
- Wei, D.; Xi, N.; Ma, X.; Shojafar, M.; Kumari, S.; Ma, J. Personalized Privacy-aware Task Offloading for Edge-Cloud-Assisted Industrial Internet of Things in Automated Manufacturing. IEEE Trans. Ind. Inform. 2022. [Google Scholar] [CrossRef]
- Xiaojun, C.; Xianpeng, L.; Peng, X. IOT-based air pollution monitoring and forecasting system. In Proceedings of the 2015 International Conference on Computer and Computational Sciences (ICCCS), Greater Noida, India, 27–29 January 2015; pp. 257–260. [Google Scholar]
- Nikooghadam, M.; Amintoosi, H.; Islam, S.H.; Moghadam, M.F. A provably secure and lightweight authentication scheme for Internet of Drones for smart city surveillance. J. Syst. Archit. 2021, 115, 101955. [Google Scholar] [CrossRef]
- Yu, Z.; Zheng, X.; Huang, F.; Guo, W.; Sun, L.; Yu, Z. A framework based on sparse representation model for time series prediction in smart city. Front. Comput. Sci. 2021, 15, 151305. [Google Scholar] [CrossRef]
- Chaudhry, S.A.; Irshad, A.; Khan, M.A.; Khan, S.A.; Nosheen, S.; AlZubi, A.A.; Zikria, Y.B. A Lightweight Authentication Scheme for 6G-IoT Enabled Maritime Transport System. IEEE Trans. Intell. Transp. Syst. 2021. [Google Scholar] [CrossRef]
- Xiong, H.; Chen, J.; Mei, Q.; Zhao, Y. Conditional privacy-preserving authentication protocol with dynamic membership updating for VANETs. IEEE Trans. Dependable Secur. Comput. 2020, 1. [Google Scholar] [CrossRef]
- Dourado, C.M.; da Silva, S.P.P.; da Nobrega, R.V.M.; Reboucas Filho, P.P.; Muhammad, K.; de Albuquerque, V.H.C. An open IoHT-based deep learning framework for online medical image recognition. IEEE J. Sel. Areas Commun. 2020, 39, 541–548. [Google Scholar] [CrossRef]
- Rahman, M.A.; Hossain, M.S.; Showail, A.J.; Alrajeh, N.A.; Alhamid, M.F. A secure, private, and explainable IoHT framework to support sustainable health monitoring in a smart city. Sustain. Cities Soc. 2021, 72, 103083. [Google Scholar] [CrossRef]
- Chaudhry, S.A.; Irshad, A.; Nebhen, J.; Bashir, A.K.; Moustafa, N.; Al-Otaibi, Y.D.; Zikria, Y.B. An anonymous device to device access control based on secure certificate for internet of medical things systems. Sustain. Cities Soc. 2021, 75, 103322. [Google Scholar] [CrossRef]
- Wu, T.Y.; Wang, T.; Lee, Y.Q.; Zheng, W.; Kumari, S.; Kumar, S. Improved authenticated key agreement scheme for fog-driven IoT healthcare system. Secur. Commun. Netw. 2021, 2021, 6658041. [Google Scholar] [CrossRef]
- Xiong, H.; Hou, Y.; Huang, X.; Zhao, Y.; Chen, C.M. Heterogeneous signcryption scheme from IBC to PKI with equality test for WBANs. IEEE Syst. J. 2021, 16, 2391–2400. [Google Scholar] [CrossRef]
- Wu, T.Y.; Yang, L.; Meng, Q.; Guo, X.; Chen, C.M. Fog-driven secure authentication and key exchange scheme for wearable health monitoring system. Secur. Commun. Netw. 2021, 2021, 8368646. [Google Scholar] [CrossRef]
- Chen, C.M.; Li, Z.; Chaudhry, S.A.; Li, L. Attacks and solutions for a two-factor authentication protocol for wireless body area networks. Secur. Commun. Netw. 2021, 2021, 3116593. [Google Scholar] [CrossRef]
- Reddy, G.T.; Kaluri, R.; Reddy, P.K.; Lakshmanna, K.; Koppu, S.; Rajput, D.S. A novel approach for home surveillance system using IoT adaptive security. In Proceedings of the International Conference on Sustainable Computing in Science, Technology and Management (SUSCOM), Amity University Rajasthan, Jaipur, India, 26–28 February 2019. [Google Scholar]
- Jian, M.S.; Wu, J.M.T. Hybrid Internet of Things (IoT) data transmission security corresponding to device verification. J. Ambient. Intell. Humaniz. Comput. 2021, 1–10. [Google Scholar] [CrossRef]
- Yang, Y.; Zheng, X.; Guo, W.; Liu, X.; Chang, V. Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Inf. Sci. 2019, 479, 567–592. [Google Scholar] [CrossRef]
- Pereira, F.; Crocker, P.; Leithardt, V.R. PADRES: Tool for PrivAcy, Data REgulation and Security. SoftwareX 2022, 17, 100895. [Google Scholar] [CrossRef]
- Onasanya, A.; Elshakankiri, M. Smart integrated IoT healthcare system for cancer care. Wirel. Netw. 2021, 27, 4297–4312. [Google Scholar] [CrossRef]
- Sun, Y.; Liu, J.; Yu, K.; Alazab, M.; Lin, K. PMRSS: Privacy-preserving medical record searching scheme for intelligent diagnosis in IoT healthcare. IEEE Trans. Ind. Inform. 2021, 18, 1981–1990. [Google Scholar] [CrossRef]
- Zhang, Y.; Sun, Y.; Jin, R.; Lin, K.; Liu, W. High-performance isolation computing technology for smart IoT healthcare in cloud environments. IEEE Internet Things J. 2021, 8, 16872–16879. [Google Scholar] [CrossRef]
- Selvaraj, S.; Sundaravaradhan, S. Challenges and opportunities in IoT healthcare systems: A systematic review. SN Appl. Sci. 2020, 2, 139. [Google Scholar] [CrossRef] [Green Version]
- Alassaf, N.; Gutub, A. Simulating light-weight-cryptography implementation for IoT healthcare data security applications. Int. J. Health Med Commun. (IJEHMC) 2019, 10, 1–15. [Google Scholar] [CrossRef]
- Kumari, A.; Kumar, V.; Abbasi, M.Y.; Kumari, S.; Chaudhary, P.; Chen, C.M. Csef: Cloud-based secure and efficient framework for smart medical system using ecc. IEEE Access 2020, 8, 107838–107852. [Google Scholar] [CrossRef]
- Hossein, K.M.; Esmaeili, M.E.; Dargahi, T.; Khonsari, A.; Conti, M. BCHealth: A novel blockchain-based privacy-preserving architecture for IoT healthcare applications. Comput. Commun. 2021, 180, 31–47. [Google Scholar] [CrossRef]
- Wang, K.; Chen, C.M.; Tie, Z.; Shojafar, M.; Kumar, S.; Kumari, S. Forward Privacy Preservation in IoT-Enabled Healthcare Systems. IEEE Trans. Ind. Inform. 2021, 18, 1991–1999. [Google Scholar] [CrossRef]
- Amin, R.; Islam, S.; Biswas, G.; Khan, M.K.; Kumar, N. An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J. Med. Syst. 2015, 39, 180. [Google Scholar] [CrossRef] [PubMed]
- Challa, S.; Das, A.K.; Odelu, V.; Kumar, N.; Kumari, S.; Khan, M.K.; Vasilakos, A.V. An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks. Comput. Electr. Eng. 2018, 69, 534–554. [Google Scholar] [CrossRef]
- Preeti, S.; Arup, K.P.; SK, H.I. An improved three-factor authentication scheme for patient monitoring using WSN in remote health-care system. Comput. Methods Programs Biomed. 2019, 182, 105504. [Google Scholar]
- Aghili, S.F.; Mala, H.; Shojafar, M.; Peris-Lopez, P. LACO: Lightweight three-factor authentication, access control and ownership transfer scheme for e-health systems in IoT. Future Gener. Comput. Syst. 2019, 96, 410–424. [Google Scholar] [CrossRef]
- Amintoosi, H.; Nikooghadam, M.; Shojafar, M.; Kumari, S.; Alazab, M. Slight: A lightweight authentication scheme for smart healthcare services. Comput. Electr. Eng. 2022, 99, 107803. [Google Scholar] [CrossRef]
- Gupta, A.; Tripathi, M.; Shaikh, T.J.; Sharma, A. A lightweight anonymous user authentication and key establishment scheme for wearable devices. Comput. Netw. 2019, 149, 29–42. [Google Scholar] [CrossRef]
- Hajian, R.; ZakeriKia, S.; Erfani, S.H.; Mirabi, M. SHAPARAK: Scalable healthcare authentication protocol with attack-resilience and anonymous key-agreement. Comput. Netw. 2020, 183, 107567. [Google Scholar] [CrossRef]
- Kumar, V.; Mahmoud, M.S.; Alkhayyat, A.; Srinivas, J.; Ahmad, M.; Kumari, A. RAPCHI: Robust authentication protocol for IoMT-based cloud-healthcare infrastructure. J. Supercomput. 2022, 1–30. [Google Scholar] [CrossRef] [PubMed]
- Yu, S.; Park, Y. A Robust Authentication Protocol for Wireless Medical Sensor Networks Using Blockchain and Physically Unclonable Functions. IEEE Internet Things J. 2022. [Google Scholar] [CrossRef]
- Dolev, D.; Yao, A. On the security of public key protocols. IEEE Trans. Inf. Theory 1983, 29, 198–208. [Google Scholar] [CrossRef]
Protocols | Advantages | Limitations |
---|---|---|
Amin et al. [36] | (1) Resist impersonation attack (2) Resist smart card stolen attack (3) Resist replay attack | (1) Cannot resist privileged insider attack (2) Cannot resist offline password guessing attack |
Challa et al. [37] | (1) Provide user anonymity (2) Resist offline password guessing attack (3) Resist man-in-the middle attack | (1) Cannot resist sensor node capture attack |
Preeti et al. [38] | (1) Provide mutual authentication (2) Resist DoS attack (3) Resist known-session-specific temporary information attack | (1) Cannot provide perfect forward security (2) Cannot resist sensor node capture attack |
Aghili et al. [39] | (1) Provide user untraceability (2) Resist de-synchronization attack (3) Resist DoS attack | (1) Cannot provide perfect forward security (2) Cannot resist malicious sensor attack (3) Cannot resist server impersonation attack |
Amintoosi et al. [40] | (1) Resist known-session-specific temporary information attack (2) Provide perfect forward security (3) Resist privileged insider attack | – |
Gupta et al. [41] | (1) Provide perfect forward security (2) Resist impersonation attack (3) Provide anonymity and untraceability | (1) Cannot resist privileged insider attack (2) Cannot resist offline password guessing attack (3) Cannot resist de-synchronization attack |
Hajian et al. [42] | (1) Resist replay attack (2) Resist privileged insider attack (3) Resist de-synchronization attack | (1) Cannot provide perfect forward security (2) Cannot resist session key disclosure attack (3) Cannot resist impersonation attack |
Kumar et al. [43] | (1) Resist privileged insider attack (2) Resist man-in-the-middle attack (3) Resist replay attack | – |
Yu et al. [44] | (1) Provide user untraceability and anonymity (2) Resist session key disclosure attack (3) Provide mutual authentication | – |
Notations | Descriptions |
---|---|
ith user | |
Identity of | |
Password of | |
Biometrics of | |
jth sensor node | |
Identity of | |
Gateway node | |
Private key of GWN | |
Public key of | |
Private key of | |
Session key | |
Time stamp, where s = 1, 2, 3, 4 | |
Temporary random number | |
⊕ | XOR operation |
‖ | Concatenate operation |
h(·) | Hash function |
(·)/(·) | Fuzzy extractor/reproduction function |
Asymmetric encryption/decryption | |
→ | The public channel |
⇒ | The secure channel |
Adversary |
Protocols | A1 | A2 | A3 | A4 | A5 | A6 | A7 | A8 | A9 | A10 |
---|---|---|---|---|---|---|---|---|---|---|
Ours | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
Kumar et al. [43] | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
Yu et al. [44] | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y |
Amin et al. [36] | Y | Y | N | Y | Y | Y | N | Y | Y | Y |
Challa et al. [37] | Y | Y | Y | Y | Y | Y | Y | N | Y | Y |
Preeti et al. [38] | Y | Y | Y | N | Y | Y | Y | N | Y | Y |
Aghili et al. [39] | Y | N | N | Y | Y | Y | Y | Y | Y | Y |
Devices | Model | Operating System | Memory | Processor |
---|---|---|---|---|
mobile phone | MI 8 | Android | 6 GB | Qualcomm Snapdragon 845 |
laptop computer | DELL G15 5510 | Windows 10 | 16 GB | Intel(R) Core(TM)i7-10870H |
desktop computer | LENOVO 90M2A0A6CD | Windows 10 | 8 GB | Intel(R) Core(TM)i5-9500 |
Operations | MI 8 | DELL G15 5510 | LENOVO 90M2A0A6CD |
---|---|---|---|
20.7028 ms | 2.2823 ms | 1.6197 ms | |
47.6405 ms | 5.2520 ms | 3.7272 ms | |
0.00044 ms | 16 ms | 13 ms | |
0.2009 ms | 0.1551 ms | 0.0879 ms | |
0.02812 ms | 0.0031 ms | 0.0022 ms | |
69 ms | 270 ms | 139 ms |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chen, C.-M.; Chen, Z.; Kumari, S.; Lin, M.-C. LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things. Sensors 2022, 22, 5401. https://doi.org/10.3390/s22145401
Chen C-M, Chen Z, Kumari S, Lin M-C. LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things. Sensors. 2022; 22(14):5401. https://doi.org/10.3390/s22145401
Chicago/Turabian StyleChen, Chien-Ming, Zhaoting Chen, Saru Kumari, and Meng-Chang Lin. 2022. "LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things" Sensors 22, no. 14: 5401. https://doi.org/10.3390/s22145401
APA StyleChen, C. -M., Chen, Z., Kumari, S., & Lin, M. -C. (2022). LAP-IoHT: A Lightweight Authentication Protocol for the Internet of Health Things. Sensors, 22(14), 5401. https://doi.org/10.3390/s22145401