ACM-SH: An Efficient Access Control and Key Establishment Mechanism for Sustainable Smart Healthcare

Abstract

Sustainable smart healthcare applications are those in which health services can be provided to remotely located patients through the Internet without placing extra burden on environmental resources. They should be operated with minimum power consumption using biodegradable, recyclable, and environmentally friendly healthcare equipment and products. In an Internet of Medical Things (IoMT)-enabled sustainable smart healthcare environment, all the health services are capable of producing informative data whenever some raw information is provided as the input or are capable of performing work on their own with less intervention from humans. As a result, they provide great advantages over the traditional healthcare system. As sustainable smart healthcare devices are operated through the Internet, it is possible that they could be attacked by various hackers. To mitigate these issues, in this paper, we propose a new access control along with a key-establishment mechanism for a sustainable smart healthcare system. The results of the security analysis showed that the proposed scheme was highly robust against a variety of passive and active attacks. In comparison to existing competing schemes, the proposed scheme is lightweight, as well as delivers high security and additional functionality. Finally, a practical demonstration of the proposed scheme is provided to show its impact on the key network performance parameters.

1. Introduction

The Internet of Medical Things (IoMT) is a connected network of healthcare information technologies, such as infrastructure, devices, software, and hardware. There are many forms technologies that are part of the IoMT, such as heart monitors, blood glucose monitors, remote biometric scanners, and even technologies that notify patients to take medications or refill prescriptions [1].

Remote healthcare consultation and treatment in the smart healthcare industry have become attainable thanks to IoMT-empowered gadgets, opening the possibility to keep patients safe and comfortable while additionally permitting clinicians to give them extraordinary attention. As contacts with specialists have become simpler and more productive, this has likewise supported patient investment and fulfillment. Remote observation of a patient’s wellbeing helps shorten stays in the clinic and reduces re-admittance. The IoMT likewise brings down medical care expenses and improves the results of therapies. The IoMT is verifiably changing medical services by reforming the space of technologies and individuals’ collaboration in providing medical care [1,2].

In smart health care, the IoMT has several applications that benefit patients, families, doctors, emergency clinics, and insurance agencies. Sustainable smart healthcare applications are those in which health services are provided to remotely located patients through the Internet without placing extra burden on environmental resources [3]. They should be operated with minimum power consumption using biodegradable, recyclable, and environmentally friendly healthcare equipment and products. In an Internet of Medical Things (IoMT)-enabled sustainable smart healthcare environment, all the health services are capable of producing informative data whenever some raw information is provided as the input or are capable of performing work on their own with less intervention from humans. Likewise, whenever we deploy any sensing device in an environment, it takes the input from the corresponding entity and provides results to the respective authority. Similarly, in the current scenario, not only sensing devices, but various technologies are being used in smart environments. The idea of smart medical services has logically acquired greater status as data innovation advances. Smart medical care takes advantage of this age of data advances, such as the IoMT, big data, cloud computing, and artificial intelligence, to totally reform the current clinical framework, making it more effective, simpler, and more robust [4,5,6].

The motivation behind the proposed scheme in this paper is as follows. The current era is moving toward sustainable computing. Sustainable smart healthcare applications provide an enormous number of advantages over the traditional system. However, as sustainable smart healthcare devices and tools are operated through the Internet, it is possible that they could be attacked by various hackers. Various types of attacks are possible, such as the “replay, man-in-the-middle, impersonation and privileged-insider” attacks [1,4]. This demands the deployment of a robust security scheme that can not only protect the data of the sustainable healthcare system, but it also must be efficient in terms of communication and computation. To deal with this, an authentication or access control mechanism should be designed that can facilitate session key establishment dynamically among the communicating entities for secure data communication.

The main contributions of this paper are given as follows.

• We propose a new access control and key establishment scheme for the sustainable smart healthcare applications (ACM-SH). The proposed ACM-SH provides secure access control among the smart healthcare devices, as well as between the smart healthcare device and the healthcare server. Through mutual authentication among the entities, they establish session keys that can be utilized for secure data aggregation at the healthcare server;
• We suggest system models containing the network and threat models. The defined threat model describes the capabilities of a passive or an active adversary to mount various types of attacks;
• A detailed security analysis with the help of the defined threat model shows that the proposed ACM-SH is robust against a variety of attacks including replay, man-in-the-middle, impersonation, ephemeral secret leakage (ESL) under the Canetti and Krawczyk’s adversary model [7,8], physical smart healthcare device stolen and stolen verifier attacks. In addition, ACM-SH is lightweight in nature, because it requires less computation and communication costs as compared to the existing competing schemes. Furthermore, ACM-SH provides high security and offers extra functionality features as compared to the existing competing schemes;
• A demonstration of ACM-SH is then provided through simulation study in order to show its impact on the key performance indicators, such as accuracy in detecting the illnesses of the patients in IoMT environment.

The rest of the paper is organized as follows. In Section 2, a discussion on several existing state of art relevant schemes is provided. The network model along with threat model of ACM-SH are given in Section 3. Section 4 contains the details of various phases associated with the proposed scheme (ACM-SH). The security analysis of ACM-SH is then given in Section 5. Section 6 contains a detailed comparative study of ACM-SH with other existing competing schemes. Section 7 also deals with the practical implementation of ACM-SH. Finally, Section 8 concludes the paper.

2. Related Work

Access control in smart devices is an important security service, and it is also a trending technology to safeguard an insecure access to the devices and their associated data. Therefore, various studies have proposed different ideas and surveys in the field of access control. Rana et al. [9] presented an access control mechanism. They proposed a model in which the shrewd well-being clinical framework was projected to significantly work on the nature of medical care administrations. These frameworks keep up with the patient-related records and convey administrations over an unstable public channel, which might raise information security and protection issues in a shrewd well-being framework.

Alabdulatif et al. [10] presented a computing platform for secure and smart healthcare surveillance services based on the Edge of Things (EoT). They have used “fully homomorphic encryption” to preserve the privacy of sensitive healthcare data, which is stored and processed under their proposed EoT framework. Lu et al. [11] presented a user-centric privacy access control scheme. It was based on an attribute-based access control and a new privacy-preserving scalar product computation (PPSPC) mechanism. Their system allows the selected medical users to help with processing through opportunistic computing.

Saini et al. [12] proposed four different forms of smart contracts to make their uses in relevant processes, such as “user verification”, “access authorization”, “misbehavior detection” and “access revocation”. In their scheme, the electronic medical records (EMRs) are stored in cloud servers after being encrypted using cryptographic encryption an signature, such as “elliptic curve cryptography (ECC)” and “Edwards-curve digital signature algorithm (EdDSA)” by taking into account the block size of the ledger and the large amount of patient data. To improve the security properties, computation and communication costs of wireless medical sensor networks deployed for e-healthcare, Ever proposed [13] an anonymous-based user authentication approach. Their scheme is based on elliptic curve cryptography (ECC), and it is also protected against password guessing and smart card theft attacks.

Pal et al. [14] proposed a security scheme, which is based on symmetric key cryptography for the use of authentication of a user. With the minimal burden and low cost, they developed a secured scheme. Roy et al. [15] provided the idea of multi-cloud server access control, in which their scheme was a maiden fine grained data access control scheme. For heterogeneous wireless sensor networks (WSNs), Turkanovic et al. [16] developed a “user authentication and key establishment technique”. However, their approach was later proven to be vulnerable to various attacks, such as “offline password guessing”, “offline identity guessing”, “smart card theft”, “sensor node impersonation” and “user impersonation” attacks. Furthermore, one of the most important qualities, known as “mutual authentication”, was not also supported in their approach [17].

For heterogeneous WSNs, Farash et al. [18] provided a strategy for user authentication and key establishment in order to provide secure IoT communication. Later, Amin et al. [19] performed a security analysis on Farash et al.’s scheme [18] and discovered that it was vulnerable to offline password guessing attack, session-specific temporary information leakage attack, and user impersonation attack. Later, an ECC-based user authentication protocol for IoT applications was proposed by Challa et al. [20]. However, Jia et al. [21], on the other hand, discovered that Challa et al.’s scheme [20] does not prevent impersonation attack and it also does not preserve untraceability property.

Sharma and Kalra [22] developed a lightweight user authentication technique that might be utilized in a cloud-based IoT healthcare application. However, during the registration of medical professionals, their mechanism is not safe against a privileged-insider attack. Furthermore, it does not provide the sensor node anonymity and session key security under the Canetti and Krawczyk (CK) adversary model. Zhou et al. [23] developed a method of authentication that combines the IoT-based systems and cloud servers. Martinez-Pelaez et al. [24] later discovered that Zhou et al.’s scheme [23] was vulnerable to a number of attacks, including user impersonation attack, replay attack, privileged-insider attack, and man-in-the-middle attack.

Finally, a summary regarding various techniques and security flaws or limitations among the competing existing schemes is provided in

Table 1. Critical analysis of existing state of art schemes.

Protocol	Technique Used	Security Flaws and Other Issues
Farash et al. [18]	Efficient user authentication and key agreement scheme	Absence of smart card revocation process, absence of anonymity property, vulnerable to privileged-insider attack, vulnerable to off-line password guessing attack, insecure against stolen smart card attack, insecure against user impersonation attack, not provide session-key security under the CK adversary model and absence of healthcare data analysis and prediction process.
Challa et al. [20]	Signature-based authenticated key establishment scheme	Absence of untraceability property, vulnerable to smart IoT device impersonation attack and absence of healthcare data analysis and prediction process.
Turkanovic et al. [16]	Efficient authentication and key agreement scheme	Vulnerable to privileged-insider attack, insecure against off-line password guessing attack, insecure against stolen smart card attack, vulnerable to impersonation attack, absence of untraceability property, not provide biometric update phase, not provide smart card revocation and absence of healthcare data analysis and prediction process.
Sharma and Kalra [22]	Lightweight user authentication for cloud-IoT based healthcare services	Absence of anonymity property, vulnerable to privileged-insider attack, vulnerable to off-line password guessing attack, vulnerable to stolen smart card/mobile device attack, absence of biometric update phase, absence of smart card revocation process, not provide session-key security under the CK adversary model.
Zhou et al. [23]	Lightweight IoT-based authentication scheme	Vulnerable to most of the potential attacks and not provide essential functionality features.
Neha et al. [2]	Privacy-preserving secure communication for IoT-enabled e-health applications	Absence of healthcare data analysis and prediction process.

.

3. System Models Used in the Proposed ACM-SH

In this section, we provide the “network model”, as well as the “threat model”, for designing our proposed scheme (ACM-SH) and also for analyzing its security.

3.1. Network Model

The network model of the proposed scheme given in Figure 1 shows the flow of communications among various entities of a sustainable smart healthcare system. It consists of the health server, various smart healthcare devices and a trusted registration authority $\left(RA\right)$. The communications occurred between the smart healthcare devices, and also between the smart healthcare device and health server, are susceptible to various attacks as the messages travel through open channels (i.e., Internet). Therefore, it becomes essential to secure this communication with the deployment of some access control mechanism. In the given network model, the $RA$ does the registration of various entities, such as smart healthcare devices, health servers and users. The smart healthcare devices are registered with their unique credentials issued by the trusted $RA$. The healthcare devices generate the data and send it to the health server for further processing and analysis. The health server stores the healthcare related data in its database, which can be utilized to make some useful outcomes from it (i.e., prediction of an illness).

3.2. Threat Model

ACM-SH is designed through the guidelines of two widely used threat models: (1) Dolev-Yao (DY) threat model [25] and (2) Canetti and Krawczyk’s adversary model [7,8].

• Under the assumptions of the DY model, any two communicating parties communicate through an open channel, and the end-point entities, such as smart healthcare devices and health servers, are not commonly trusted. Over an insecure channel, an adversary, say $\mathcal{A}$, can read (eavesdrop) the exchanged messages as well as modify, update or delete them.
• In addition, we also use the widely-recognized current de facto model, known as the Canetti and Krawczyk’s adversary model [7,8] or the CK-adversary model. According to the CK-adversary model, $\mathcal{A}$ can have all the capabilities like the DY model, plus the ability to compromise “secret credentials and session states (session keys)”. Aside from that, $\mathcal{A}$ can physically seize some smart healthcare devices and extract the data they contain using a sophisticated power analysis attack [26]. The extracted data can be further utilized to carry out a variety of malicious operations, including collecting secret credentials and computing session keys to launch device impersonation attack, replay attack, privileged-insider, and man-in-the-middle attacks.

The registration authority $RA$ is considered to be a fully trustworthy body in the network that will not be hacked by any means. However, a privileged-insider user acting as an attacker can misuse the registration credentials of the entities and try to mount other attacks, like impersonation attacks. Thus, we assume that a privileged insider attack is possible even though the $RA$ is fully trusted entity.

4. The Proposed Scheme: ACM-SH

In this section, we explain different phases of the proposed scheme (ACM-SH). ACM-SH is divided into the following phases: (a) “registration phase”, (b) “access control and key establishment phase” and (c) “dynamic device addition phase”. The brief description of each phase is explained below.

• The “registration phase” is required to perform the registration of various entities, such as health servers and smart healthcare devices. In this phase, the trusted $RA$ of the network performs the registration of these entities. After that, the entities need to be deployed in the network.
• The “access control and key establishment phase” allows the legitimate entities, such as smart healthcare devices and health servers execute the steps of access control mechanism. When these steps are executed successfully, the entities establish the session keys for their secure communication after mutual authentication.
• There is a possibility that some smart healthcare devices stop their working or may be physically stolen by an adversary. In that situation, it is preferable to deploy new smart healthcare devices in the network to perform the intended activities of the system. To perform this task, we can use the “dynamic device addition phase”.

A list of notations and their respective meanings is provided in

Table 2. Notations used in the paper.

Notation	Meaning
$\mathcal{A}$	An adversary
$RA$	Trusted registration authority
$H{D}_i$	$i^{th}$ smart healthcare device
$H{S}_k$	$k^{th}$ health server
$T_i$ or $T{S}_i$	$i^{th}$ timestamp value
$r{s}_i$ or $R{S}_i$	$i^{th}$ random secret value
$h(·)$	Collision-resistant cryptographic one-way hash function
$S{K}_{A,B}$	Session key between two communicating parties A and B
$\left|\right|$	Concatenation operation
⊕	Bitwise exclusive-OR ($XOR$) operation

that are used for describing and analyzing the proposed ACM-SH. The details of various phases are explained in the following subsections.

4.1. Registration Phase

The registration of various entities (i.e., smart healthcare devices and health server) is performed by the trusted registration authority $\left(RA\right)$ in offline mode.

4.1.1. Registration of Smart Healthcare Device

This phase allows the smart healthcare devices to be registered by the $RA$ using the following steps:

• RHD1:$RA$ starts the process and generates its own secret key and secret key of each smart healthcare device $\left(H{D}_i\right)$ as $k_{RA}$ and $k_{H{D}_i}$, respectively. Then, the $RA$ selects a unique identity for each smart healthcare device $H{D}_i$ as $I{D}_{H{D}_i}$ and calculates its corresponding pseudo-identity as $RI{D}_{H{D}_i}$$=h\left(I{D}_{H{D}_i}\right||$$k_{RA})$.
• RHD2: The $RA$ calculates the temporal credential of each $H{D}_i$ as $T{C}_{H{D}_i}$$=h\left(I{D}_{H{D}_i}\right||$$RT{S}_{H{D}_i}\left|\right|$$k_{RA}\left|\right|$$k_{H{D}_i})$, where $RT{S}_{H{D}_i}$ is the registration timestamp value of $H{D}_i$. $RA$ also generates a temporary identity for each $H{D}_i$ as $TI{D}_{H{D}_i}$. $RA$ further stores $\left\{\right(TI{D}_{H{D}_i},$$RI{D}_{H{D}_i},$$T{C}_{H{D}_i},$$h\left(\right)\}$ in the memory of each $H{D}_i$. Finally, the registered devices $H{D}_i$ can be deployed for the required healthcare services.

4.1.2. Registration of Health Server

In this phase, the health servers are registered by the $RA$ using the following steps:

• RHS1: The $RA$ starts the process and generates the secret key of health server $\left(H{S}_k\right)$ as $k_{H{S}_k}$. The $RA$ then selects a unique identity for the health server $H{S}_k$ as $I{D}_{H{S}_k}$ and calculates its pseudo-identity as $RI{D}_{H{S}_k}$$=h\left(I{D}_{H{S}_k}\right||$$k_{RA})$.
• RHS2: The $RA$ calculates the $H{S}_k$’s temporal credentials as $T{C}_{H{S}_k}$$=h\left(I{D}_{H{S}_k}\right||$$RT{S}_{H{S}_k}\left|\right|$$k_{RA}\left|\right|$$k_{H{S}_k})$, where $RT{S}_{H{S}_k}$ is the registration timestamp value of $H{S}_k$. $RA$ then stores the registration information {$\left\{\right(TI{D}_{H{D}_i},$$RI{D}_{H{D}_i},$$T{C}_{H{D}_i}$$\left)\right|$$i=1,$$2,\cdots ,$$n_{HD}\},$$RI{D}_{H{S}_k},$$T{C}_{H{S}_k},$$h(·)$} in the secured region of the database of $H{S}_k$, where $n_{HD}$ are the total number of smart healthcare devices in the network. Here, it is important to mention that after the registration of $H{D}_i$ and $H{S}_k$, the secret values like $TI{D}_{H{D}_i}$, $RI{D}_{H{D}_i}$, $T{C}_{H{D}_i}$, $I{D}_{H{S}_k}$, $RI{D}_{H{S}_k}$, $k_{H{D}_i}$, $k_{H{S}_k}$, $RT{S}_{H{D}_i}$ and $RT{S}_{H{S}_k}$ are deleted from the database of $RA$ in order to thwart the attempts to launch stolen verifier, privileged insider, credential guessing and session key computation attacks by the adversary.

4.2. Access Control and Key Establishment Phase

This phase is necessary for implementing a safe access control among smart healthcare devices $H{D}_i$ and $H{D}_j$, and also between a smart healthcare device $H{D}_i$ and its associated health server $H{S}_k$.

4.2.1. Access Control in between Smart Devices $H{D}_i$ and $H{D}_j$

This phase gives a safe access control and key arrangement between two smart healthcare devices $H{D}_i$ and $H{D}_j$. Both devices must mutually authenticate each other before establishing a session key $S{K}_{H{D}_i,H{D}_j}$ for secure their communication. After successful authentication, both devices can communicate securely. The various steps involved this process are as follows.

• ACDD1: Note that $H{D}_i$ stores $\left\{\right(TI{D}_{H{D}_i},$$RI{D}_{H{D}_i},$$T{C}_{H{D}_i},$$h\left(\right))$, which help us to provide the “secure access control and key establishment”. $H{D}_i$ begins the access control by creating a new timestamp $T{S}_1$ and a random secret value $r{s}_1$. Then, $H{D}_i$ computes $M_1$$=h(r{s}_1\left|\right|T{C}_{H{D}_i})\oplus h(RI{D}_{H{D}_i}\left|\right|$$T{S}_1)$ and $M_2$$=h\left(h\right(r{s}_1\left|\right|$$T{C}_{H{D}_i}\left)\right||$$RI{D}_{H{D}_i}\left|\right|$$T{S}_1)$. to send the message $ms{g}_1$$=\{RI{D}_{H{D}_i},$$M_1,$$M_2,$$T{S}_1\}$ to $H{D}_j$ by means of an open channel.
• ACDD2:$H{D}_j$ validates the timeliness of the received timestamp value $T{S}_1$ through the condition $T{S}_1-T{S}_1^{\ast }\le \Delta T$ when $ms{g}_1$ arrives, where $T{S}_1^{\ast }$ is the time when $ms{g}_1$ is received and $\Delta T$ is the maximum transmission delay that can be used to prevent a replay attack. If this condition holds, the $H{D}_j$ computes $h\left(r{s}_1\right||$$T{C}_{H{D}_i})$$=M_1\oplus h(RI{D}_{H{D}_i}\left|\right|$$T{S}_1)$ and $M_2^{\prime }$$=h\left(h\right(r{s}_1\left|\right|$$T{C}_{H{D}_i}\left)\right||RI{D}_{H{D}_i}\left|\right|T{S}_1)$, and checks the validity of the condition: $M_2^{\prime }$$=M_2$. If both conditions are valid, the $H{D}_i$ is authenticated with $H{D}_j$. After that, $H{D}_j$ generates another random secret $r{s}_2$ and a fresh timestamp value $T{S}_2$ to compute $M_3$$=h\left(r{s}_2\right||$$T{C}_{H{D}_j})\oplus h(RI{D}_{H{D}_j}\left|\right|$$T{S}_2)$. It further computes the session key shared with $H{D}_i$ as $S{K}_{H{D}_j,H{D}_i}=h\left(h\right(r{s}_1\left|\right|$$T{C}_{H{D}_i}\left)\right||$$h\left(r{s}_2\right||$$T{C}_{H{D}_j}\left)\right||$$T{S}_1\left|\right|$$T{S}_2\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_j})$. The $H{D}_j$ also computes $M_4$$=h\left(S{K}_{H{D}_j,H{D}_i}\right||$$RI{D}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_j}\left|\right|$$T{S}_1\left|\right|$$T{S}_2)$. After these computations, $H{D}_j$ sends the message $ms{g}_2$$=\{RI{D}_{H{D}_j},$$M_3,$$M_4,$$T{S}_2\}$ to $H{D}_i$ via an open channel.
• ACDD3:$H{D}_i$ validates the timeliness of the received timestamp value $T{S}_2$ through the condition: $T{S}_2-T{S}_2^{\ast }\le \Delta T$ when $ms{g}_2$ arrives. If this holds, the $H{D}_i$ computes $h\left(r{s}_2\right||$$T{C}_{H{D}_j})$$=M_3\oplus h(RI{D}_{H{D}_j}\left|\right|$$T{S}_2)$ and the session key shared with $H{D}_j$ as $S{K}_{H{D}_i,H{D}_j}$$=h\left(h\right(r{s}_1\left|\right|$$T{C}_{H{D}_i}\left)\right||$$h\left(r{s}_2\right||$$T{C}_{H{D}_j}\left)\right||$$T{S}_1\left|\right|$$T{S}_2\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_j})$. Next, $H{D}_i$ computes $M_4^{\prime }$$=h\left(S{K}_{H{D}_i,H{D}_j}\right||$$RI{D}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_j}\left|\right|$$T{S}_1\left|\right|$$T{S}_2)$ and checks if $M_4^{\prime }$$=M_4$ holds or not. If it matches, the computed session key by $H{D}_i$ is considered as a correct one and $H{D}_j$ is authenticated with $H{D}_i$. After that, $H{D}_i$ generates another timestamp value $T{S}_3$ and computes session key verifier as $M_5$$=h\left(S{K}_{H{D}_i,H{D}_j}\right||$$T{S}_3)$ to send the message $ms{g}_3$$=\{M_5,$$T{S}_3\}$ to $H{D}_j$ via a public channel.
• ACDD4: Upon the arrival of $ms{g}_3$, $H{D}_j$ checks the validity of timestamp value $T{S}_3$ as per the condition discussed above. If it holds, the $H{D}_j$ computes $M_5^{\prime }$$=h\left(S{K}_{H{D}_j,H{D}_i}\right||$$T{S}_3)$ and checks the condition: $M_5^{\prime }$$=M_5$. If it matches, the $H{D}_j$ assumes that the session key computed by $H{D}_i$ is also correct. Finally, both $H{D}_i$ and $H{D}_j$ establish the common session key $S{K}_{H{D}_i,H{D}_j}$$=\left(S{K}_{H{D}_j,H{D}_i}\right)$ for their secure transmission of data.

The overall access control process between the smart healthcare devices $H{D}_i$ and $H{D}_j$ is briefed in Figure 2.

4.2.2. Access Control in between Smart Device $H{D}_i$ and Health Server $H{S}_k$

The secure access control and key establishment between the deployed smart healthcare devices $H{D}_i$ and their associated health server $H{S}_k$ is provided in this phase. Both entities must mutually authenticate each other to establish the session keys $S{K}_{H{D}_i,H{S}_k}$ for secure exchange of data. The healthcare data of the patients can be stored over the health server $H{S}_k$ in a secure way. The steps involved in this process are given below.

• ACDS1:$H{D}_i$ starts the process, and generates a fresh timestamp value $T_1$ and a random secret value $R{S}_1$ to compute $M{S}_1$$=h\left(R{S}_1\right||$$T_1)\oplus h(RI{D}_{H{D}_i}\left|\right|$$T_1\left|\right|$$T{C}_{H{D}_i})$ and $M{S}_2$$=h\left(h\right(R{S}_1\left|\right|$$T_1\left)\right||$$RI{D}_{H{D}_i}\left|\right|$$T{C}_{H{D}_i}\left|\right|$$T_1)$. The $H{D}_i$ then sends the message $MS{G}_1$$=\{TI{D}_{H{D}_i},$$M{S}_1,$$M{S}_2,$$T_1\}$ to $H{S}_k$ via an open channel.
• ACDS2: Upon the arrival of $MS{G}_1$, $H{S}_k$ checks the validity of timestamp using the condition: $T_1-T_1^{\ast }\le \Delta T$, where $T_1^{\ast }$ is the time when $MS{G}_1$ is received and $\Delta T$ is the maximum transmission delay. If it holds, the $H{S}_k$ fetches $RI{D}_{H{D}_i}$, $T{C}_{H{D}_i}$ corresponding to the received $TI{D}_{H{D}_i}$. The $H{S}_k$ computes $h\left(R{S}_1\right||$$T_1)$$=M{S}_1\oplus h(RI{D}_{H{D}_i}\left|\right|$$T_1\left|\right|$$T{C}_{H{D}_i})$ and $M{S}_2^{\prime }$$=h\left(h\right(R{S}_1\left|\right|$$T_1\left)\right||$$RI{D}_{H{D}_i}\left|\right|$$T{C}_{H{D}_i}\left|\right|$$T_1)$, and checks if $M{S}_2^{\prime }$$=M{S}_2$ holds or not. If it holds, the $H{D}_i$ is authenticated with the $H{S}_k$. Now, $H{S}_k$ generates another timestamp value $T_2$ and a random secret value $R{S}_2$ for calculating the parameters $M{S}_3$$=h\left(R{S}_2\right||$$T{C}_{H{S}_k}\left|\right|$$RI{D}_{H{S}_k})\oplus h(T{C}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$T_2)$. Furthermore, $H{S}_k$ computes the session key shared with $H{D}_i$ as $S{K}_{H{S}_k,H{D}_i}$$=h\left(R{S}_2\right||$$T{C}_{H{S}_k}\left|\right|RI{D}_{H{S}_k}\left)\right||$$T{C}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$T_1\left|\right|$$T_2\left|\right|$$h\left(R{S}_1\right||$$T_1\left)\right)$. In addition, $H{S}_k$ generates a new temporary identity of $H{D}_i$ as $TI{D}_{H{D}_i}^{new}$ and computes $M{S}_4$$=h\left(S{K}_{H{S}_k,H{D}_i}\right||$$T_1\left|\right|$$T_2\left|\right|$$T{C}_{H{D}_i}\left|\right|$$h\left(R{S}_1\right||$$T_1\left)\right)$ and $M{S}_5$$=TI{D}_{H{D}_i}^{new}$$\oplus h\left(h\right(R{S}_1\left|\right|$$T_1\left)\right||$$h\left(R{S}_2\right||$$T{C}_{H{S}_k}\left|\right|$$RI{D}_{H{S}_k}\left)\right||$$T_1\left|\right|$$T_2\left)\right)$. Then, $H{S}_k$ sends the message $MS{G}_2$$=\{M{S}_3,$$M{S}_4,$$M{S}_5,$$T_2\}$ to $H{D}_i$ via a public channel.
• ACDS3: Upon the arrival of $MS{G}_2$, $H{D}_i$ checks the timeliness of $T_2$. If it holds, the $H{D}_i$ computes $h\left(R{S}_2\right||$$T{C}_{H{S}_k}\left|\right|$$RI{D}_{H{S}_k})$$=M_3\oplus h(T{C}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$T_2)$ and the session key shared with $H{S}_k$ as $S{K}_{H{D}_i,H{S}_k}$$=h\left(h\right(R{S}_2\left|\right|$$T{C}_{H{S}_k}\left|\right|$$RI{D}_{H{S}_k}\left)\right||$$T{C}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$T_1\left|\right|$$T_2\left|\right|$$h\left(R{S}_1\right||$$T_1\left)\right)$. The $H{D}_i$ computes $M{S}_4^{\prime }$$=h\left(S{K}_{H{D}_i,H{S}_k}\right||$$T_1\left|\right|$$T_2\left|\right|$$T{C}_{H{D}_i}\left|\right|$$h\left(R{S}_1\right||$$T_1\left)\right)$ and checks if $M{S}_4^{\prime }$$=M{S}_4$ holds or not. If it holds, the $H{S}_k$ is authenticated with the $H{D}_i$ and the computed session key is considered to be correct. $H{D}_i$ also computes its new temporary identity as $TI{D}_{H{D}_i}^{new}$$=M{S}_5\oplus h\left(h\right(R{S}_1\left|\right|$$T_1\left)\right|\left|h\right(R{S}_2\left|\right|$$T{C}_{H{S}_k}\left|\right|$$RI{D}_{H{S}_k}\left)\right||$$T_1\left|\right|$$T_2)$ and updates $TI{D}_{H{D}_i}$ with $TI{D}_{H{D}_i}^{new}$ in its memory. After that, $H{D}_i$ generates another timestamp value $T_3$ and computes $M{S}_6$$=h\left(S{K}_{H{D}_i,H{S}_k}\right||$$TI{D}_{H{D}_i}^{new}\left|\right|$$T_3)$ to send the message $MS{G}_3$$=\{M{S}_6,$$T_3\}$ to $H{S}_k$ via an open medium.
• ACDS4: Upon the arrival of $MS{G}_3$, $H{S}_k$ checks the timeliness of $T_3$ and if it holds, the $H{S}_k$ computes $M{S}_6^{\prime }$$=h\left(S{K}_{H{D}_i,H{S}_k}\right||$$TI{D}_{H{D}_i}^{new}\left|\right|$$T_3)$ to check the condition: $M{S}_6^{\prime }$$=M{S}_6$. If the condition is satisfied, the session key computed by $H{D}_i$ is treated as correct and it is assumed that $H{D}_i$ has successfully updated its temporary identity. After that, both $H{D}_i$ and $H{S}_k$ share the common session key $S{K}_{H{D}_i,H{S}_k}$$=\left(S{K}_{H{S}_k,H{D}_i}\right)$ for their secure transmission of data.

The overall access control process in between a smart device $H{D}_i$ and its corresponding health server $H{S}_k$ is briefed in Figure 3.

4.3. Dynamic Smart Healthcare Device Addition Phase

It is sometimes required to provide the possibility of the addition of the new smart healthcare devices in the network. The addition of new smart healthcare devices can be done using the following steps.

• DHD1: The $RA$ starts the process by generating the secret key of a new smart healthcare device $\left(H{D}_i^{\nu }\right)$ as $k_{H{D}_i}^{\nu }$ and then selecting an identity for the new smart healthcare device $H{D}_i^{\nu }$ as $I{D}_{H{D}_i}^{\nu }$ for calculating its pseudo-identity as $RI{D}_{H{D}_i}^{\nu }$$=h\left(I{D}_{H{D}_i}^{\nu }\right||$$k_{RA})$.
• DHD2: The $RA$ also calculates its temporal credential as $T{C}_{H{D}_i}^{\nu }$$=h\left(I{D}_{H{D}_i}^{\nu }\right||$$RT{S}_{H{D}_i}^{\nu }\left|\right|$$k_{RA}\left|\right|$$k_{H{D}_i}^{\nu })$, where $RT{S}_{H{D}_i}^{\nu }$ is the registration timestamp value of $H{D}_i^{\nu }$. In addition, the $RA$ generates a temporary identity for $H{D}_i^{\nu }$ as $TI{D}_{H{D}_i}^{\nu }$.
• DHD3: The $RA$ stores $\left\{\right(TI{D}_{H{D}_i}^{\nu },$$RI{D}_{H{D}_i}^{\nu },$$T{C}_{H{D}_i}^{\nu },$$h\left(\right)\}$ in the memory of $H{D}_i^{\nu }$ and then the device needs to be deployed for the required healthcare services. Furthermore, the $RA$ sends the registration information related to $H{S}_i^{\nu }$ to $H{S}_k$ in a secure way, i.e., encryption of information through a pre-shared master secret key $\left(M{K}_{H{S}_k,RA}\right)$ between $H{S}_k$ and $RA$.

5. Security Analysis

In this section, we provide a detailed security analysis of the proposed scheme (ACM-SH) using the threat model defined in this paper. Through the security analysis, we show that the proposed ACM-SH is robust against various potential attacks including the replay attack, man-in-the-middle (MiTM) attack, impersonation attack, ephemeral secret leakage (ESL) attack, privileged insider attack, physical smart healthcare device stolen attack and stolen verifier attack, which are provided in Propositions 1–6.

Proposition 1.

ACM-SH is secure against replay attack.

Proof. 

In the proposed ACM-SH, we use different freshly generated timestamp values, such as $T_1$, $T_2$ and $T_3$ in the transmitted messages $ms{g}_1$, $ms{g}_2$ and $ms{g}_3$, and $T{S}_1$, $T{S}_2$ and $T{S}_3$ in the messages $MS{G}_1$, $MS{G}_2$ and $MS{G}_3$, respectively. Suppose these messages are intercepted by an adversary $\mathcal{A}$ and then these are re-sent to the receivers after some time. However, the timestamp values attached in the transmitted messages are verified at the receiver’s end through the condition: $T_i-T_i^{\ast }\le \Delta T$ or $T{S}_i-T{S}_i^{\ast }\le \Delta T$. If these conditions hold, the messages are accepted by the receivers; otherwise, the receivers discard the messages. As a result, acceptance of the messages necessarily implies that the messages are fresh and they are not replayed one. In this way, ACM-SH is able to defend the replay attack against the adversary $\mathcal{A}$. □

Proposition 2.

ACM-SH is secure against man-in-the-middle (MiTM) and impersonation attacks.

Proof. 

In ACM-SH, we have used different “timestamp values, random secret values, pseudo identities, and secret keys”. The secret identities and secret key values are only known to the concerned parties, such as $H{D}_i$ and $H{S}_k$. If an adversary $\mathcal{A}$ intercepts the communicated messages and later on, he/she tries to modify them, and under the deployed mechanism it is very difficult for $\mathcal{A}$ to update the messages as he/she does not know various secret values. Therefore, $\mathcal{A}$ cannot modify the messages $ms{g}_1$, $ms{g}_2$, $ms{g}_3$ and $MS{G}_1$, $MS{G}_2$ and $MS{G}_3$. In a similar way, $\mathcal{A}$ cannot construct the messages $ms{g}_1$, $ms{g}_2$, $ms{g}_3$ and $MS{G}_1$, $MS{G}_2$ and $MS{G}_3$ as valid messages, and send them on behalf of the sender. Hence, under these conditions, it is not possible for $\mathcal{A}$ to launch the MiTM attacks as well as impersonation attacks on the proposed ACM-SH. □

Proposition 3.

ACM-SH is secure against ephemeral secret leakage (ESL) attack.

Proof. 

In ACM-SH, the session keys $S{K}_{H{D}_j,H{D}_i}=h\left(h\right(r{s}_1\left|\right|$$T{C}_{H{D}_i}\left)\right||$$h\left(r{s}_2\right||$$T{C}_{H{D}_j}\left)\right||$$T{S}_1\left|\right|$$T{S}_2\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_j})$ and $S{K}_{H{S}_k,H{D}_i}$$=h\left(R{S}_2\right||$$T{C}_{H{S}_k}\left|\right|RI{D}_{H{S}_k}\left)\right||$$T{C}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$T_1\left|\right|$$T_2\left|\right|$$h\left(R{S}_1\right||$$T_1\left)\right)$ are established between $H{D}_i$ and $H{D}_j$ and $H{S}_k$ and $H{D}_i$, respectively. The short term secret values (i.e., random secret values) and long term secret values are used to generate session keys in the proposed ACM-SH. However, we get different session keys in different sessions by using these secret values as random secrets, and current timestamps are applied. Furthermore, an attacker $\mathcal{A}$ is unaware of the secret credentials. Thus, $\mathcal{A}$ is unable to calculate the session keys. As a result, under the CK-adversary model, ACM-SH protects against the ephemeral secret leaking (ESL) attack. □

Proposition 4.

ACM-SH is secure against privileged insider attack.

Proof. 

In ACM-SH, the $RA$ deletes all sensitive information from its database once the successful registration of the entities, such as $H{D}_i$ and $H{S}_k$, performed successfully. Therefore, a privileged insider user of the $RA$ does not have any knowledge of secret credentials (i.e., $k_{H{D}_i}$, $k_{H{S}_k}$, $RT{S}_{H{D}_i}$, $RT{S}_{H{S}_k}$, $T{C}_{H{D}_i}$, $T{C}_{H{S}_k}$) associated with the entities. Hence, the privileged insider user of the $RA$ can not launch various attacks, like session key computation and credentials guessing attacks on the proposed ACM-SH. As a result, ACM-SH has ability to defend the privileged insider attack. □

Proposition 5.

ACM-SH is resilient against physical smart healthcare device stolen attack.

Proof. 

In ACM-SH, the smart healthcare device $H{D}_i$ stores stores $\left\{\right(TI{D}_{H{D}_i},$$RI{D}_{H{D}_i},$$T{C}_{H{D}_i},$$h\left(\right)\}$ in its memory. Moreover, the session keys are computed between $H{D}_i$ and $H{D}_j$, and $H{D}_i$ and $H{S}_k$ as $S{K}_{H{D}_j,H{D}_i}=h\left(h\right(r{s}_1\left|\right|$$T{C}_{H{D}_i}\left)\right||$$h\left(r{s}_2\right||$$T{C}_{H{D}_j}\left)\right||$$T{S}_1\left|\right|$$T{S}_2\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_j})$ and $S{K}_{H{S}_k,H{D}_i}$$=h\left(R{S}_2\right||$$T{C}_{H{S}_k}\left|\right|RI{D}_{H{S}_k}\left)\right||$$T{C}_{H{D}_i}\left|\right|$$RI{D}_{H{D}_i}\left|\right|$$T_1\left|\right|$$T_2\left|\right|$$h\left(R{S}_1\right||$$T_1\left)\right)$, respectively. Each session generates and establishes a new session key. The parameters, like $TI{D}_{H{D}_i}$, $RI{D}_{H{D}_i}$, $T{C}_{H{D}_i}$, $RT{S}_{H{D}_i}$ and $k_{H{D}_i}$ are different and unique for different entities. This helps in producing different session keys for the different entities in various sessions. Now, assume an attacker physically steals a smart healthcare device and then uses the advanced power analysis attack [26] to obtain the secret credentials from its memory. However, this malicious task only causes revealing of this particular session key, but not the session keys of other future sessions or the session keys of other devices. Hence, the remaining part of the communication is still safe. This means that ACM-SH has ability to defend the physical smart healthcare device stolen attack. □

Proposition 6.

ACM-SH is resilient against stolen verifier attack.

Proof. 

In ACM-SH, $H{S}_k$ stores information {$\left\{\right(TI{D}_{H{D}_i},$$RI{D}_{H{D}_i},$$T{C}_{H{D}_i}$$\left)\right|$$i=1,$$2,\cdots ,$$n_{HD}\},$$RI{D}_{H{S}_k},$$T{C}_{H{S}_k},$$h(·)$} in the secured region of its database. These values are not known to an adversary $\mathcal{A}$. Therefore, $\mathcal{A}$ cannot extract the secret values from the database of $H{S}_k$. Thus, other linked attacks, such as “session key computation” and “credential guessing” attacks on ACM-SH are not possible. As a result, ACM-SH can protect against the stolen verifier attack. □

6. Comparative Study

In this section, the proposed ACM-SH is compared to other relevant competing schemes, such as the schemes of Challa et al. [20], Farash et al. [18], Sharma and Kalra [22], Zhou et al. [23], Turkanovic et al. [16] and Neha et al. [2]. It is worth noting that these schemes are also applicable for IoT-based healthcare applications.

6.1. Comparison of Communication Costs

We consider the identity, random nonce or random secret, hash digest (in case of secure hash algorithm (SHA-1) [27]), and timestamp as 160, 128, 160, and 32 bits, respectively. It is known that an “1024 bit RSA public key cryptosystem” provides the same-level security as that for an “160 bit elliptic curve cryptography (ECC) cryptosystem” [28]. An elliptic curve point of the form $P=(P_x,P_y)$ is considered as $(160+160)=320$ bits, where x and y coordinates of the point P are $P_x$ and $P_y$, respectively. The communication costs of ACM-SH (i.e., for $H{D}_i$ to $H{D}_j$ communication) and other protocols are given in

Table 3. Comparison of communication costs.

Scheme	No. of Messages	No. of Bits
ACM-SH	3	1216
Neha et al. [2]	3	1824
Turkanovic et al. [16]	4	2720
Sharma and Kalra [22]	4	2912
Farash et al. [18]	4	2752
Zhou et al. [23]	4	3840
Challa et al. [20]	3	2528

. In ACM-SH, the messages $ms{g}_1$, $ms{g}_2$ and $ms{g}_3$ exchanged between $H{D}_i$ and $H{D}_j$ require 512, 512 and 192 bits as communication costs, respectively. Thus, the total communication cost of our proposed ACM-SH becomes $(512+512+192)$$=1216$ bits. On the other hand, the schemes of Challa et al. [20], Farash et al. [18], Sharma and Kalra [22], Zhou et al. [23], Turkanovic et al. [16] and Neha et al. [2] are estimated as 2528, 2752, 2912, 3840, 2720 and 1824 bits, respectively. As indicated in Table 3, ACM-SH performs much better in communication costs than other existing schemes.

6.2. Comparison of Computation Costs

In this comparative study, the notations $T_{ecm}$, $T_{fe}$, and $T_h$ are used to signify the time required for an “ECC point multiplication”, a “fuzzy extractor function” for biometric verification in the case of the schemes of Challa et al. [20], and a “one way hash function”, respectively. On the basis of available results reported in [29], we have considered $T_h$$\approx 0.00032$ s, $T_{ecm}$$\approx 0.0171$ s, and $T_{fe}$$\approx T_{ecm}$, that is, $T_{fe}$$\approx 0.0171$ s. The comparison of computation costs among the proposed schemes and other exitsing schemes is given in

Table 4. Comparison of computation costs.

Scheme	Total Cost
ACM-SH	$14T_h$$\approx 4.48$ ms
Neha et al. [2]	$8T_{ecm}+$$17T_h$$\approx 142.24$ ms
Challa et al. [20]	$1T_{fe}+14T_{ecm}+$$12T_h$$\approx 260.34$ ms
Farash et al. [18]	$32T_h$$\approx 10.24$ ms
Sharma and Kalra [22]	$23T_h$$\approx 7.36$ ms
Zhou et al. [23]	$36T_h$$\approx 11.52$ ms
Turkanovic et al. [16]	$19T_h$$\approx 6.08$ ms

. It is noted that the proposed ACM-SH incurs $14T_h$$\approx 4.48$ ms as the computation cost, which is less than the computation costs required in other existing schemes.

6.3. Comparison of Security and Functionality Features

Table 5. Comparison of functionality and security features.

Feature	Farash	Challa	Turkanovic	Sharma	Zhou	Neha	ACM-SH
	et al. [18]	et al. [20]	et al. [16]	Kalra  [22]	et al. [23]	et al. [2]
$\varphi S{\varphi }_1$	×	✓	✓	×	✓	✓	✓
$\varphi S{\varphi }_2$	×	✓	×	×	×	✓	✓
$\varphi S{\varphi }_3$	×	✓	×	×	✓	NA	✓
$\varphi S{\varphi }_4$	×	✓	×	×	✓	NA	NA
$\varphi S{\varphi }_5$	✓	✓	✓	✓	✓	✓	✓
$\varphi S{\varphi }_6$	×	✓	×	✓	×	NA	NA
$\varphi S{\varphi }_7$	✓	✓	✓	✓	×	✓	✓
$\varphi S{\varphi }_8$	✓	✓	✓	✓	×	✓	✓
$\varphi S{\varphi }_9$	✓	✓	✓	✓	×	✓	✓
$\varphi S{\varphi }_{10}$	✓	✓	✓	✓	✓	✓	✓
$\varphi S{\varphi }_{11}$	✓	×	×	✓	✓	✓	✓
$\varphi S{\varphi }_{12}$	✓	✓	✓	✓	NA	✓	✓
$\varphi S{\varphi }_{13}$	✓	✓	✓	✓	×	NA	NA
$\varphi S{\varphi }_{14}$	✓	×	✓	✓	NA	✓	✓
$\varphi S{\varphi }_{15}$	NA	✓	×	×	×	NA	NA
$\varphi S{\varphi }_{16}$	×	✓	×	×	×	NA	NA
$\varphi S{\varphi }_{17}$	×	✓	✓	×	×	✓	✓
$\varphi S{\varphi }_{18}$	×	×	×	×	×	×	✓

Note: ϕSϕ1: “presence of device or user anonymity property”; ϕSϕ2: “prevent privileged-insider attack”; ϕSϕ3: “prevent off-line password guessing attack”; ϕSϕ4: “prevent stolen smart card or mobile device attack”; ϕSϕ5: “prevent denial-of-service attack”; ϕSϕ6: “prevent user impersonation attack”; ϕSϕ7: “prevent replay attack”; ϕSϕ8: “prevent man-in-the middle attack”; ϕSϕ9: “provide mutual authentication”; ϕSϕ10: “provide session key agreement”; ϕSϕ11: “presence of untraceability property”; ϕSϕ12: “prevent sensor node/sensor/smart IoT device/smart healthcare device physical capture attack”; ϕSϕ13: “availability of server independent password update phase”; ϕSϕ14: “prevent sensor node/sensing device/smart IoT device/smart healthcare device impersonation attack”; ϕSϕ15: “support biometric update phase”; ϕSϕ16: “availability of smart card revocation process”; ϕSϕ17: “provide session-key security under the CK adversary model”; ϕSϕ18: “availability of healthcare data analysis and prediction process”; ✓: “insecure against a specific attack or not provide that feature”; X: “secure against a specific attack or provide that feature”; NA: “not applicable”.

compares the security and functionality attributes of the proposed ACM-SH with those for the other existing schemes. Various features, such as $\varphi S{\varphi }_1$–$\varphi S{\varphi }_4$, $\varphi S{\varphi }_6$, $\varphi S{\varphi }_{16}$, $\varphi S{\varphi }_{17}$ and $\varphi S{\varphi }_{18}$ are not supported or available in Farash et al.’s scheme [18]. Contrary to that, Challa et al.’s scheme [20] does not support the features $\varphi S{\varphi }_{11}$ and $\varphi S{\varphi }_{14}$. Furthermore, other schemes like Sharma and Kalra [22], Zhou et al. [23], Turkanovic et al. [16] and Neha et al. [2] lack the necessary functionality and security characteristics. However, when compared to other existing schemes, ACM-SH provides superior security and additional functionality features.

7. Practical Implementation

In this section, we provide a practical implementation of out proposed scheme (ACM-SH) by implementing both the registration and access control phases. As discussed in the network model of the proposed ACM-SH, the data analysis task is performed at the health server. It is essentially required to predict the health-related information from the securely collected healthcare data.

7.1. Simulation Environment

The implementation of the proposed ACM-SH has been done on the following system configuration: Intel(R) Core (TM) i3-5005U processor @ 2.00 GHz with installed of RAM 4 GB. The integrated development environment (IDE) was anaconda, Jupyter notebook with Python 3 programming language. The storage was done through Firebase by the Google. The considered libraries were Pandas, Numpy, Keras, Tensorflow, PIL, tkinter (for GUI). We have taken the pneumonia images dataset from the kaggle website [30]. The considered dataset contains 5683 images. Note that the Keras model was used along with the Tensorflow libraries. The sequential Keras vgg16 module is based on the transfer learning so that we can train our model and save it for the future analysis. The details of the simulation parameters are given in

Table 6. Details of simulation parameters.

Parameter	Description
Platform	Windows 10
Processor	Intel(R) Core (TM) i3-5005U processor
Random access memory (RAM) size	4 GB
Development environment	integrated development environment (IDE) with Anaconda, Jupyter notebook
Programming environment	python 3
Online storage	Firebase by Google
Libraries used	Pandas, Numpy, Keras, Tensorflow, PIL, tkinter (for GUI), Keras model Tensorflow
Dataset used	pneumonia images dataset [30]

.

7.2. Discussions on Simulation Results

In the implemented system, different tasks were performed, such as (a) training of model, (b) uploading X-ray image to the system through unique patent’s identification number, and (c) fetching images from the database and analyzing the patient’s illness through identification number. In the implemented system, the images of different registered patients can be provided through various unique identification numbers (refer to Figure 4). This one has been implemented with the help of the proposed registration phase of smart healthcare device along with the registration of health server described in Section 4.1.1 and Section 4.1.2, respectively. After getting the images, the system does the analysis as per the trained model. Note that we have implemented the access control phases described in Section 4.2.1 and Section 4.2.2 in order to make secure communication of the entities and also for fetching the data securely with the help of the established session keys. In this way, we emphasize the role of the access control in this simulation.

The system predicts about the illness of the patients with the following two scenarios:

• Case 1 (Normal): This case is considered as no illness for a patient. For example, a patient with ID 200204 has no healthcare issues.
• Case 2 (Abnormal): This refers to an illness detected for a patient. For example, a patient suffering from pneumonia for the case of the patient with ID 101006.

The implemented system can then detect the symptoms of pneumonia in a patient with ID 101006 with an accuracy of $93\%$. These results are illustrated in Figure 5 and Figure 6, respectively. Here, Figure 4, Figure 5 and Figure 6 depict a user’s view of the implemented software, which is a practical implementation of the proposed ACM-SH. Figure 4 basically illustrates how the data of a smart device belonging to a patient is securely uploaded with the information in the health server with the help of the established session key between the device and the health server. Figure 5 and Figure 6 illustrate the the analysis as per the trained model on the genuine data stored at the health server for different patients’ cases.

8. Conclusions and Future Work

Sustainable smart healthcare system provides an enormous number of advantages over a traditional system. To overcome the security problems, a scheme for secure access control and key establishment for a long-term sustainable smart healthcare system (in short, ACM-SH) has been presented. The results of the security analysis show that ACM-SH is secured against a variety of attacks that are possible in an IoMT-enabled sustainable smart healthcare system. The proposed ACM-SH offers superior security and additional functionality capabilities as compared to those for other competing schemes. Furthermore, a simulation study shows that ACM-SH can determine its impact on the key performance indicators. Since ACM-SH is lightweight in nature and requires less computation, communication and storage resources, it seems to be practical for the real-time sustainable smart healthcare applications and usage.

In the future, we would like to add more functionality features, such as device revocation phase and key revocation phase in the presented scheme while keeping the same level of security as offered currently.