1. Introduction
With the rise of the fourth industrial revolution, Internet of Things (IoT) technology is attracting attention. IoT technology has been used in various fields such as in sensing technology, and the importance of IoT technology will only increase in the future [
1,
2,
3]. Among the areas where IoT technology is currently being utilized, hospital medical services are trying to provide services that can efficiently manage patient conditions and prevent negative outcomes, based on information collected through IoT devices. However, hospital medical services as they currently operate are inefficient, leading to staff being overworked and poor management of medical information, lowering the quality of medical services.
In addition, in the existing hospital system, management supervision and monitoring procedures for patients are often performed manually by the nursing staff, which causes an efficiency bottleneck [
4,
5].
Various studies have been carried out to ensure that the connection between IoT devices and medical services have a positive effect on medical service efficiency, and result in cost reductions [
6,
7,
8]. However, integrating IoT devices into the hospital system causes various security vulnerabilities related to patient privacy issues. In particular, newly developed IoT devices have different security requirements than existing wired and wireless network-based services [
9,
10]. It is difficult to converge most IoT-based and services, as they are often provided through unique platforms. Because IoT-based platforms and services do not comply with related security standards, it is necessary to develop a common open platform for IoT-based medical services, to solve the problem of the difficulty in connecting services due to the lack of compatibility between medical services.
Phunchongharn et al. studied the interference of E-healthcare applications caused by IoT devices installed in hospitals [
6,
7]. However, this approach did not address mobile medical services that are not supported when an emergency occurs in areas outside the hospital.
Shen et al. investigated whether data was normal or not, according to the amount of power when wirelessly monitoring a patient condition in the vicinity of a hospital IoT device [
8]. However, their approach did not solve the problem of high power being used for RF transmission, which can adversely affect hospital IoT devices.
In this paper, we propose an efficient authentication protocol to provide services to automatically connect hospital IoT devices according to patient illness, in order to improve the convenience of medical services for hospital patients, and to reduce medical staff workloads. The proposed protocol has the characteristics of minimizing the time required for administrating treatment and procedures by automatically communicating measured information (weight, body fat, BMI, heart rate, air pollution, etc.) through devices attached to patients through Wi-Fi or Bluetooth using IoT healthcare platforms (Withings, Fitbit Flex, SAMI, etc.). In addition, information collected through IoT devices can be utilized in initial diagnoses, and medical teams can determine whether or not additional medical services are needed, depending on the condition of the patient. Hospitals often have different medical service systems, so the IoT devices provided by hospitals may also be different. The proposed protocol provides a means for the use of IoT equipment in hospitals with respect to the condition of the patient.
The proposed protocol has four aspects which utilize the authentication key, allowing use of hospital IoT devices for the entire medical service.
First, staff register the basic information of patients in order to receive pre-certification keys to IoT devices, which ensure compatibility with hospital medical services. The medical institution minimizes the time required for administration and procedures by providing information to medical staff on a patient’s health status and the status of medical service provisions in real time.
Second, if a patient visits a hospital due to a sudden deterioration in their condition, the hospital will be able to access the information necessary for emergency treatment through medical records stored in the pre-registered IoT device.
Third, in order to shorten the time required for hospital medical staff to assess a patient, it is possible to provide medical services directly to the patient by using disease management information from patient information registered on their condition, and the hospital IoT device usage record.
Fourth, the proposed protocol collects patient information through the hospital IoT device and minimizes the time required for procedures, treatment, and administration of patients with similar conditions.
The proposed protocol can improve hospital services through hospital IoT devices by generating authentication keys with probabilistic vector approximations through the interconnection of IoT devices. In addition, the proposed protocol does not use any additional algorithm like existing authentication methods, instead extracting arbitrary color information used for the authentication key by using the multi-dimensional color vector method in hospital IoT devices. The proposed protocol improves the efficiency of hospital IoT devices by allowing medical staff to accurately understand the health status of patients by integrating the sensor information generated in the hospital IoT device, in real-time.
The composition of this paper is as follows. In
Section 2, we discuss hospital IoT device-based medical services and existing research.
Section 3 proposes a medical service model using a hospital IoT device.
Section 4 evaluates the security of the proposed model and its performance, and compares it with the existing model. Finally, we conclude in
Section 5.
4. A Medical Service Model Using Hospital IoT Devices
In recent years, as the 4th industrial revolution has proceeded, interest in IoT has increased, and the hospital medical environment has provided various methods to maximize the convenience of medical service to users, but the complaints of medical service users who visit hospitals still has not decreased [
21,
22,
23,
24]. This section proposes an efficient authentication protocol for hospitals IoT devices to improve the medical environment of medical staff performing many medical tasks while shortening the time of medical service for users visiting the hospital. The proposed protocol aims to shorten the user’s medical service time and minimize the workload of medical staff.
4.1. Overview
Recently, hospitals have begun to apply IoT devices to hospital medical services to minimize the difficulties of user management supervision and reduction of medical expenses [
25]. In particular, the IoT devices used in hospitals are used for measuring and diagnosing the health values of users by using cameras, microphones, accelerometers, gyro sensors, and the like. In addition, IoT devices operating in hospitals can measure biometrics such as user’s calorie consumption, sleep pattern, activity, and a number of steps, as well as real-time clinical medical data such as oxygen saturation, blood pressure, blood glucose, body temperature, and the electrocardiogram You can check. However, even if the hospital IoT device performs many functions, the user’s health conditions still cannot be continuously checked [
26].
In the proposed protocol, when the user visits a hospital, the purpose is to minimize the waiting time of the medical service provided by the user by allocating the hospital IoT device suitable for the user’s medical service. Another goal of the research is to improve the quality of medical services for users by minimizing the burden of the medical staff providing medical services. In the proposed protocol, in order to provide the optimal hospital IoT device according to the medical service, the user must generate an authentication key for synchronizing the user and the hospital IoT. In the proposed protocol, instead of the encryption research method used in the existing research, a group of hospital IoT devices corresponding to the scope of the user’s medical service is grouped to generate an authentication key for processing the authentication service. At this time, the proposed protocol randomly extracts the color information used in the color model according to the number of hospital IoT devices in order to improve the authentication processing speed. The extracted arbitrary information is vectorized to obtain key information necessary for user authentication as a sum of orthogonal vectors.
In order to use the hospital IoT device, the user’s personal information is delivered to the medical staff in real-time by using the IoT device (e.g., bracelet, heart rate sensor, smart band, smart shoe service, etc.). This paper shows the healthcare service structure of the proposed protocol that can minimize the shortening and administrative processing. As shown in
Figure 2, in order to provide delay-free medical service to the user, the proposed protocol should be largely divided into the IoT device part and the server part. In the IoT device part, the sensor detects the user information and confirms the user information. In the server part, the hospital IoT devices are allocated to the users through the sensed user information and the hospital IoT devices to manage the resources efficiently.
4.2. Notations
The Notations used in this paper are shown in
Table 2.
4.3. Hospital IoT Key Generation Process Using Probabilistic Vector Approximation
In order to improve the safety of the hospital IoT device used for patient care, this section outlines a process of generating a key with a stochastic vector approximation to the hospital IoT device, so that the key assigned to the hospital IoT device improves the management of the hospital IoT device.
We proposed a protocol that generates a cartesian vector space so that the n multidimensional color vector information
,
,
,
generated by the server are orthogonal to each other for hospital IoT device authentication. In
Figure 3, the
vector information located in the Cartesian vector space uses arbitrary color information extracted based on probability. The key for the unique hospital IoT device first selects two of the three orthogonal vectors and obtains the vector
as shown in Equation (1)
where the vector
means a primary information value for generating a key used for authenticating the hospital IoT device. The constants
and
are the only constant values used to obtain the vector
.
In the proposed protocol, error
is extracted to approximate the vector
in order to improve the reliability of the key of the hospital IoT device. The error
used in the proposed protocol is performed as in Equation (2), and minimizes the error
for approximating the vector
where error
means the vertical value of the plane connecting
and
, while
and
means the values at which the error
reaches its minimum when calculating the vector
in the plane connecting
and
.
In order to generate the key of the hospital IoT device, the proposed protocol generates the n-dimensional color vector information , , , which is generated by the server as Equation (1) to (2). At this time, the image group with the same color key groups as the -dimensional color vector information , , , is generated by the server in a probabilistic manner.
In the proposed protocol, the optimal approximation for the vector g is obtained as Equation (3) so that the
n-dimensional color vector information
,
,
,
are orthogonal to each other.
In this case, the constants
,
,
,
are obtained using the Equation (4) so that the vector
is no longer an approximation but is an identity equation.
The key of the hospital IoT equipment used in the proposed protocol should be the same condition as the Equation (5) in order to obtain the vector
in which all the color information vectors {
} are mutually orthogonal.
4.4. Hospital IoT Device Authentication Process
In this section, we show the process of authenticating the hospital IoT device using the vector g generated by using the color information.
4.4.1. Hospital IoT Device Attribute
In order to authenticate the hospital IoT device, the proposed protocol first assigns attribute information as shown in
Table 3 according to the IoT device information used in the hospital.
The hospital server is represented by a correlation matrix such that a set of attribute values
can be hierarchically distributed in an n-bit format such as Equation (6) so that attributes can be assigned to a hospital IoT device used in a hospital. At this time, it is assumed that the number of attributes of the hospital IoT device is
.
where
denotes correlation information between the hospital IoT device attribute information.
If the attribute is 0 in Equation (6), then the correlation between the attribute information becomes a meaningless result.
4.4.2. Hospital IoT Device Authentication
Hospital IoT device authentication uses the server-generated color vector key g. The color vector key g synchronizes the user and the hospital IoT device when a user visiting the hospital applies for the medical service so that the user can easily use the hospital medical service.
When the user and the hospital IoT device are synchronized, the authentication process is performed so that a third party cannot see the information of the hospital IoT device unless they are an administrator. In particular, the color vector key g used in the authentication process is used to perform mutual authentication between the hospital IoT device and the user, together with information obtained by dividing the random number R generated by the user into arbitrary sizes. This process does not require additional cryptographic calculations for hospital IoT devices and users, which results in low computational costs. The hospital IoT device authentication process consists of eight steps.
Step 1: The server asks the user for pre-registered information to verify the identity of the visiting user. When the requested information is verified, the server automatically generates an arbitrary random number using the user information as shown in Equation (7), confirms the hospital IoT devices which will be used for provide medical services for the user, and calculates a random number based on the number of hospital IoT devices divided into an arbitrary size.
Step 2: The server combines the random number randomly divided by the number of hospital IoT devices with the color vector key () to generate and transmit the shared key to the user. The shared key is used to perform mutual authentication between the hospital IoT device and the user, together with the user identifier , which can confirm the identity of the user.
Step 3: The server encrypts the random number
and the user identifier
, as the equation (8) using the shared key
. Then, the server XOR(exclusive or)s the random number R generated by the user with the shared key
and assigns it to the hash function, and sends Equation (10) to the user through the challenge together with Equation (8)
Step 4: The user extracts the hash value (=
(
||
)) using random number
, which is randomly generated by the user, and obtains the shared key
. This process can prevent unauthorized spoofing attacks by intercepting user information by accessing hospital IoT devices. The user concatenates the hash value received from the server with the user identifier
to obtain a random number
to be used by the hospital IoT device. The user attempts to synchronize with the hospital IoT device supporting the hospital medical service using the random number
, and if the communication connection state of the current session normally appears, then the current session information
is transmitted to the other information (random number
and the identifier
), which is encrypted with the shared key
and transmitted to the server.
Step 5: The server decrypts it with the shared key to extract the session information received from the user. The random number and the user identification of the decrypted information are used to verify whether the user is a normal user.
Step 6: The server uses the shared key MSK shared between the server and the IoT device to resynchronize with the hospital IoT device if the user’s information is matched. Then, the server obtains the user identifier , the random number and color vector key g. Otherwise, the user and the hospital IoT device detect that the deactivation has occurred, and retransmit ( ||) with the synchronization request message to the user.
Step 7: The server accesses the database, searches the user’s information, and compares the user with the user . The server compares the random number received from the user. If the matching user information is delivered from the server, the random number of the user and the current session information are updated. Otherwise, the communication is terminated.
Step 8: After the user confirmation, the server gives the attribute to the hospital IoT device according to the medical service applied by the user, and transmits a confirmation message to the hospital IoT device so that the user does not have trouble receiving the medical service.
4.4.3. Control Access to User Medical Records
In order to access IoT devices installed in hospitals, authentication keys that are created for mutual connection between IoT devices are needed. At this point, the authentication key performs the same approach as
Figure 4 to extract any color information used for the authentication key. Unlike previous authentication techniques, access control of medical service records stored in hospital IoT devices can be integrated and managed for hospital IoT devices without using additional cryptographic algorithms. In this case, the server restricts attempts by third parties to access medical service records using the attribute value
given to hospital IoT devices and authority level information based on the status of hospital officials (doctors, nurses, etc.) to prevent attempts by third parties to illegally access users’ medical service records stored on hospital IoT devices.
Hospital officials are granted authority levels by the server, but the level of authority of the hospital staff can vary depending on the work environment of each area operated by the hospital, so hospital officials with lower levels of authority cannot access basic care of the users who receive medical services.
If the patient’s biometric information is available in a hospital or has information about a specific illness with a high level of access, then the hospital official will ask the other hospital to share the user’s information. At this time, the use of the assigned user identifier is prevented from illegally abusing the authority of the user or the hospital personnel. In addition, according to the proposed protocol, the hospital personnel can access the patient ‘s medical records using the separation of duties and minimum privileges according to the security grade policy set by the hospital, thereby preventing leakage of the patient’s personal information and loss of medical information.
5. Evaluation
The proposed protocol was divided into security evaluation and performance evaluation. Security evaluation was performed focusing on internal attacks and external attacks. In the performance evaluation, the efficiency of the hospital IoT device, the delay time of the medical service, and the overhead of the medical staff providing the medical service were evaluated.
5.1. Security Evaluation
The proposed protocol uses the color vector information g and the shared key to update the user’s information even if the user’s information is captured by the attacker using the user identifier and the hash function . Therefore, even if the communication between the user and the hospital IoT device, the hospital IoT device, and the server is intercepted, the safety of the information is guaranteed. Also, since the proposed protocol uses a different random number for each hospital IoT device, the third party does not recognize the user’s privacy information even if the user copies the information.
In the proposed protocol, the random number generated by the user is used to extract the hash value (= (||)) and then obtains the shared key . The third-party cannot generate the shared key because it does not know the color vector key g even if it tries to obtain the shared key , so it is safe from a third party’s spoofing attack. In addition, in the proposed protocol, even if (||) is used in other hospitals after assuming that the attacker is a legitimate user, the proposed protocol can prevent attacks by using random number of different hospital IoT devices as (||) to prevent attacks.
In the proposed protocol, we extract the hash value (= (||)) using the random number randomly generated by the user who wants to receive the medical service for each hospital and obtain the shared key . The personal medical information of the user is not exposed by the person. The server automatically counts the temporary security identifier whenever someone accesses the user’s information to prevent unauthorized use of the user’s information and stores it in the hospital database to update the information.
In the proposed protocol, the server requests information registered in advance by the user to confirm the identity of the user visiting the hospital. After the verification of the requested information is completed, the server automatically generates an arbitrary random number using the user information, we check the hospital IoT device to receive medical service and divide the random number into arbitrary size according to the number of hospital IoT devices, so that information exposure is prevented. In addition, since the random number is applied to the hash function using a random number generator for each session that establishes synchronization between the IoT device and the user, the third party cannot predict what value will be outputted, and it is practically impossible to trace the hospital IoT device or the user.
5.2. Performance Evaluation
For the performance evaluation of the proposed protocol, the experimental environment as shown in
Table 4 was set and performance evaluation was performed using the Opnet simulator. The data used for the proposed protocol were tested using the same Intel Galileo board used in references [
27,
28] to increase objectivity for performance evaluations. The reason why Intel’s Kalilio board of
Figure 5 was used in the proposed protocol was that it was designed for Intel Quark SoC X1000, chip compact core products, and low power consumption. In addition, the Kalireo board has the ability to run a Linux kernel, and the onboard Ethernet port provides a network. The underside of the calico board offers a mini PCI and is designed to add Wi-Fi connections using an Express slot card for Intel wireless networks.
5.2.1. Efficiency for Hospital IoT Devices
Figure 6 compares the effectiveness of a hospital IoT device installed in a hospital with the existing hospital system that does not use the hospital IoT device when applied to the user’s medical service. As a result of the experiment shown in
Figure 6, the efficiency of the proposed protocol is improved by 31.1% for the hospital IoT device compared to the protocol used by the existing hospital system. This result shows that the proposed protocol performs the iterative process needed to generate the key for providing the medical service to the user so that the n multidimensional color vector information
,
,
,
generated by the hospital server are orthogonal to each other. At this time, in the proposed protocol, the image groups with the same color key are stochastically grouped. In addition, the proposed protocol does not perform the additional task conducted by the medical staff because it sends the user’s medical service result through the color vector information from the optimal state to the medical staff in real-time. Through this process, the efficiency of the proposed protocol increases as the number of hospital IoT devices increases. However, even though the existing protocol increases the number of medical staff performing the role of hospital IoT device, the work process is inefficient and work efficiency is not proportionally increased.
5.2.2. Delay Time of Medical Service
Figure 7 assesses the delays in the work of medical staff who use hospital-installed IoT devices for health care work. As a result of the experiment shown in
Figure 7, the delay time of the medical service of the proposed protocol is improved by an average of 19.8% over the existing protocol. This result is the result of the hospital IoT device diagnosing the user’s disease and automatically storing the diagnosis result in the server so that the medical staff could complete the analysis of the user’s disease state in advance before consulting with the user. As shown in
Figure 6, the proposed protocol has a lower delay time as the disease diagnosis sensor increases in the hospital IoT device. However, since the existing protocol does not integrate the diagnosis process of the medical service, the delay time increases as the operation time increases.
5.2.3. The Overhead of the Medical Staff Providing Medical Services
Figure 8 compares the work overhead of health care providers working in hospitals. As shown in
Figure 8, the proposed protocol automatically collects and analyzes the patient’s disease status through the hospital IoT device rather than the existing protocol, so that the overhead of the medical staff is 15.3% lower because it is delivered to the medical staff accurately. This result is a result of the fact that the work of the additional medical staff is not increased because the state of the network is adjusted to the best condition according to the multi-dimensional color vector information value given to the hospital IoT device. In addition, the result is that the medical staff automatically processes the post-medical service contents, even if the medical staff does not proceed to the additional medical service through the color vector information given to the hospital IoT device.
5.2.4. Patient Wait Time for Medical Service
Figure 9 shows the patient’s waiting time needed to receive medical services depending on the number of users using the IoT equipment. The data from patients who use IoT equipment will be collected in advance through IoT gateway equipment from the medical department. On average, patients who used IoT equipment waited for five to seven minutes to receive medical services, which was less than the waiting time for other patients. These results are the result of patients receiving medical services by attaching IoT equipment and transferring patient care information to the medical staff at each medical department in real-time. In addition, IoT equipment checks basic patient information and disease information when a patient tries to access the medical department and processes computer tasks that should be handled by the medical department in advance. In addition to patient care and analysis, the clinical workforce has also reduced patient latency.
5.2.5. Reliability between Medical Staff and Patients
Figure 10 shows the level of trust between medical staff and patients regarding medical services that use IoT equipment. The level of trust between medical staff and patients was 17.1% higher on average in cases when patients used and attached IoT equipment. These results are due to the fact that a medical team can provide medical services for the psychological stability of patients as well as disease treatment, as well as providing a patient with disease information and management methods. In addition, these results came from an improved understanding of the results measured in IoT equipment, as a medical team can accurately convey the meaning of the figures shown through IoT equipment as well as management measures.