1. Introduction
The Internet of Medical Things (IoMT) is a connected network of healthcare information technologies, such as infrastructure, devices, software, and hardware. There are many forms technologies that are part of the IoMT, such as heart monitors, blood glucose monitors, remote biometric scanners, and even technologies that notify patients to take medications or refill prescriptions [
1].
Remote healthcare consultation and treatment in the smart healthcare industry have become attainable thanks to IoMT-empowered gadgets, opening the possibility to keep patients safe and comfortable while additionally permitting clinicians to give them extraordinary attention. As contacts with specialists have become simpler and more productive, this has likewise supported patient investment and fulfillment. Remote observation of a patient’s wellbeing helps shorten stays in the clinic and reduces re-admittance. The IoMT likewise brings down medical care expenses and improves the results of therapies. The IoMT is verifiably changing medical services by reforming the space of technologies and individuals’ collaboration in providing medical care [
1,
2].
In smart health care, the IoMT has several applications that benefit patients, families, doctors, emergency clinics, and insurance agencies. Sustainable smart healthcare applications are those in which health services are provided to remotely located patients through the Internet without placing extra burden on environmental resources [
3]. They should be operated with minimum power consumption using biodegradable, recyclable, and environmentally friendly healthcare equipment and products. In an Internet of Medical Things (IoMT)-enabled sustainable smart healthcare environment, all the health services are capable of producing informative data whenever some raw information is provided as the input or are capable of performing work on their own with less intervention from humans. Likewise, whenever we deploy any sensing device in an environment, it takes the input from the corresponding entity and provides results to the respective authority. Similarly, in the current scenario, not only sensing devices, but various technologies are being used in smart environments. The idea of smart medical services has logically acquired greater status as data innovation advances. Smart medical care takes advantage of this age of data advances, such as the IoMT, big data, cloud computing, and artificial intelligence, to totally reform the current clinical framework, making it more effective, simpler, and more robust [
4,
5,
6].
The motivation behind the proposed scheme in this paper is as follows. The current era is moving toward sustainable computing. Sustainable smart healthcare applications provide an enormous number of advantages over the traditional system. However, as sustainable smart healthcare devices and tools are operated through the Internet, it is possible that they could be attacked by various hackers. Various types of attacks are possible, such as the “replay, man-in-the-middle, impersonation and privileged-insider” attacks [
1,
4]. This demands the deployment of a robust security scheme that can not only protect the data of the sustainable healthcare system, but it also must be efficient in terms of communication and computation. To deal with this, an authentication or access control mechanism should be designed that can facilitate session key establishment dynamically among the communicating entities for secure data communication.
The main contributions of this paper are given as follows.
We propose a new access control and key establishment scheme for the sustainable smart healthcare applications (ACM-SH). The proposed ACM-SH provides secure access control among the smart healthcare devices, as well as between the smart healthcare device and the healthcare server. Through mutual authentication among the entities, they establish session keys that can be utilized for secure data aggregation at the healthcare server;
We suggest system models containing the network and threat models. The defined threat model describes the capabilities of a passive or an active adversary to mount various types of attacks;
A detailed security analysis with the help of the defined threat model shows that the proposed ACM-SH is robust against a variety of attacks including replay, man-in-the-middle, impersonation, ephemeral secret leakage (ESL) under the Canetti and Krawczyk’s adversary model [
7,
8], physical smart healthcare device stolen and stolen verifier attacks. In addition, ACM-SH is lightweight in nature, because it requires less computation and communication costs as compared to the existing competing schemes. Furthermore, ACM-SH provides high security and offers extra functionality features as compared to the existing competing schemes;
A demonstration of ACM-SH is then provided through simulation study in order to show its impact on the key performance indicators, such as accuracy in detecting the illnesses of the patients in IoMT environment.
The rest of the paper is organized as follows. In
Section 2, a discussion on several existing state of art relevant schemes is provided. The network model along with threat model of ACM-SH are given in
Section 3.
Section 4 contains the details of various phases associated with the proposed scheme (ACM-SH). The security analysis of ACM-SH is then given in
Section 5.
Section 6 contains a detailed comparative study of ACM-SH with other existing competing schemes.
Section 7 also deals with the practical implementation of ACM-SH. Finally,
Section 8 concludes the paper.
2. Related Work
Access control in smart devices is an important security service, and it is also a trending technology to safeguard an insecure access to the devices and their associated data. Therefore, various studies have proposed different ideas and surveys in the field of access control. Rana et al. [
9] presented an access control mechanism. They proposed a model in which the shrewd well-being clinical framework was projected to significantly work on the nature of medical care administrations. These frameworks keep up with the patient-related records and convey administrations over an unstable public channel, which might raise information security and protection issues in a shrewd well-being framework.
Alabdulatif et al. [
10] presented a computing platform for secure and smart healthcare surveillance services based on the Edge of Things (EoT). They have used “fully homomorphic encryption” to preserve the privacy of sensitive healthcare data, which is stored and processed under their proposed EoT framework. Lu et al. [
11] presented a user-centric privacy access control scheme. It was based on an attribute-based access control and a new privacy-preserving scalar product computation (PPSPC) mechanism. Their system allows the selected medical users to help with processing through opportunistic computing.
Saini et al. [
12] proposed four different forms of smart contracts to make their uses in relevant processes, such as “user verification”, “access authorization”, “misbehavior detection” and “access revocation”. In their scheme, the electronic medical records (EMRs) are stored in cloud servers after being encrypted using cryptographic encryption an signature, such as “elliptic curve cryptography (ECC)” and “Edwards-curve digital signature algorithm (EdDSA)” by taking into account the block size of the ledger and the large amount of patient data. To improve the security properties, computation and communication costs of wireless medical sensor networks deployed for e-healthcare, Ever proposed [
13] an anonymous-based user authentication approach. Their scheme is based on elliptic curve cryptography (ECC), and it is also protected against password guessing and smart card theft attacks.
Pal et al. [
14] proposed a security scheme, which is based on symmetric key cryptography for the use of authentication of a user. With the minimal burden and low cost, they developed a secured scheme. Roy et al. [
15] provided the idea of multi-cloud server access control, in which their scheme was a maiden fine grained data access control scheme. For heterogeneous wireless sensor networks (WSNs), Turkanovic et al. [
16] developed a “user authentication and key establishment technique”. However, their approach was later proven to be vulnerable to various attacks, such as “offline password guessing”, “offline identity guessing”, “smart card theft”, “sensor node impersonation” and “user impersonation” attacks. Furthermore, one of the most important qualities, known as “mutual authentication”, was not also supported in their approach [
17].
For heterogeneous WSNs, Farash et al. [
18] provided a strategy for user authentication and key establishment in order to provide secure IoT communication. Later, Amin et al. [
19] performed a security analysis on Farash et al.’s scheme [
18] and discovered that it was vulnerable to offline password guessing attack, session-specific temporary information leakage attack, and user impersonation attack. Later, an ECC-based user authentication protocol for IoT applications was proposed by Challa et al. [
20]. However, Jia et al. [
21], on the other hand, discovered that Challa et al.’s scheme [
20] does not prevent impersonation attack and it also does not preserve untraceability property.
Sharma and Kalra [
22] developed a lightweight user authentication technique that might be utilized in a cloud-based IoT healthcare application. However, during the registration of medical professionals, their mechanism is not safe against a privileged-insider attack. Furthermore, it does not provide the sensor node anonymity and session key security under the Canetti and Krawczyk (CK) adversary model. Zhou et al. [
23] developed a method of authentication that combines the IoT-based systems and cloud servers. Martinez-Pelaez et al. [
24] later discovered that Zhou et al.’s scheme [
23] was vulnerable to a number of attacks, including user impersonation attack, replay attack, privileged-insider attack, and man-in-the-middle attack.
Finally, a summary regarding various techniques and security flaws or limitations among the competing existing schemes is provided in
Table 1.
4. The Proposed Scheme: ACM-SH
In this section, we explain different phases of the proposed scheme (ACM-SH). ACM-SH is divided into the following phases: (a) “registration phase”, (b) “access control and key establishment phase” and (c) “dynamic device addition phase”. The brief description of each phase is explained below.
The “registration phase” is required to perform the registration of various entities, such as health servers and smart healthcare devices. In this phase, the trusted of the network performs the registration of these entities. After that, the entities need to be deployed in the network.
The “access control and key establishment phase” allows the legitimate entities, such as smart healthcare devices and health servers execute the steps of access control mechanism. When these steps are executed successfully, the entities establish the session keys for their secure communication after mutual authentication.
There is a possibility that some smart healthcare devices stop their working or may be physically stolen by an adversary. In that situation, it is preferable to deploy new smart healthcare devices in the network to perform the intended activities of the system. To perform this task, we can use the “dynamic device addition phase”.
A list of notations and their respective meanings is provided in
Table 2 that are used for describing and analyzing the proposed ACM-SH. The details of various phases are explained in the following subsections.
4.1. Registration Phase
The registration of various entities (i.e., smart healthcare devices and health server) is performed by the trusted registration authority in offline mode.
4.1.1. Registration of Smart Healthcare Device
This phase allows the smart healthcare devices to be registered by the using the following steps:
RHD1: starts the process and generates its own secret key and secret key of each smart healthcare device as and , respectively. Then, the selects a unique identity for each smart healthcare device as and calculates its corresponding pseudo-identity as .
RHD2: The calculates the temporal credential of each as , where is the registration timestamp value of . also generates a temporary identity for each as . further stores in the memory of each . Finally, the registered devices can be deployed for the required healthcare services.
4.1.2. Registration of Health Server
In this phase, the health servers are registered by the using the following steps:
RHS1: The starts the process and generates the secret key of health server as . The then selects a unique identity for the health server as and calculates its pseudo-identity as .
RHS2: The calculates the ’s temporal credentials as , where is the registration timestamp value of . then stores the registration information {} in the secured region of the database of , where are the total number of smart healthcare devices in the network. Here, it is important to mention that after the registration of and , the secret values like , , , , , , , and are deleted from the database of in order to thwart the attempts to launch stolen verifier, privileged insider, credential guessing and session key computation attacks by the adversary.
4.2. Access Control and Key Establishment Phase
This phase is necessary for implementing a safe access control among smart healthcare devices and , and also between a smart healthcare device and its associated health server .
4.2.1. Access Control in between Smart Devices and
This phase gives a safe access control and key arrangement between two smart healthcare devices and . Both devices must mutually authenticate each other before establishing a session key for secure their communication. After successful authentication, both devices can communicate securely. The various steps involved this process are as follows.
ACDD1: Note that stores , which help us to provide the “secure access control and key establishment”. begins the access control by creating a new timestamp and a random secret value . Then, computes and . to send the message to by means of an open channel.
ACDD2: validates the timeliness of the received timestamp value through the condition when arrives, where is the time when is received and is the maximum transmission delay that can be used to prevent a replay attack. If this condition holds, the computes and , and checks the validity of the condition: . If both conditions are valid, the is authenticated with . After that, generates another random secret and a fresh timestamp value to compute . It further computes the session key shared with as . The also computes . After these computations, sends the message to via an open channel.
ACDD3: validates the timeliness of the received timestamp value through the condition: when arrives. If this holds, the computes and the session key shared with as . Next, computes and checks if holds or not. If it matches, the computed session key by is considered as a correct one and is authenticated with . After that, generates another timestamp value and computes session key verifier as to send the message to via a public channel.
ACDD4: Upon the arrival of , checks the validity of timestamp value as per the condition discussed above. If it holds, the computes and checks the condition: . If it matches, the assumes that the session key computed by is also correct. Finally, both and establish the common session key for their secure transmission of data.
The overall access control process between the smart healthcare devices
and
is briefed in
Figure 2.
4.2.2. Access Control in between Smart Device and Health Server
The secure access control and key establishment between the deployed smart healthcare devices and their associated health server is provided in this phase. Both entities must mutually authenticate each other to establish the session keys for secure exchange of data. The healthcare data of the patients can be stored over the health server in a secure way. The steps involved in this process are given below.
ACDS1: starts the process, and generates a fresh timestamp value and a random secret value to compute and . The then sends the message to via an open channel.
ACDS2: Upon the arrival of , checks the validity of timestamp using the condition: , where is the time when is received and is the maximum transmission delay. If it holds, the fetches , corresponding to the received . The computes and , and checks if holds or not. If it holds, the is authenticated with the . Now, generates another timestamp value and a random secret value for calculating the parameters . Furthermore, computes the session key shared with as . In addition, generates a new temporary identity of as and computes and . Then, sends the message to via a public channel.
ACDS3: Upon the arrival of , checks the timeliness of . If it holds, the computes and the session key shared with as . The computes and checks if holds or not. If it holds, the is authenticated with the and the computed session key is considered to be correct. also computes its new temporary identity as and updates with in its memory. After that, generates another timestamp value and computes to send the message to via an open medium.
ACDS4: Upon the arrival of , checks the timeliness of and if it holds, the computes to check the condition: . If the condition is satisfied, the session key computed by is treated as correct and it is assumed that has successfully updated its temporary identity. After that, both and share the common session key for their secure transmission of data.
The overall access control process in between a smart device
and its corresponding health server
is briefed in
Figure 3.
4.3. Dynamic Smart Healthcare Device Addition Phase
It is sometimes required to provide the possibility of the addition of the new smart healthcare devices in the network. The addition of new smart healthcare devices can be done using the following steps.
DHD1: The starts the process by generating the secret key of a new smart healthcare device as and then selecting an identity for the new smart healthcare device as for calculating its pseudo-identity as .
DHD2: The also calculates its temporal credential as , where is the registration timestamp value of . In addition, the generates a temporary identity for as .
DHD3: The stores in the memory of and then the device needs to be deployed for the required healthcare services. Furthermore, the sends the registration information related to to in a secure way, i.e., encryption of information through a pre-shared master secret key between and .
5. Security Analysis
In this section, we provide a detailed security analysis of the proposed scheme (ACM-SH) using the threat model defined in this paper. Through the security analysis, we show that the proposed ACM-SH is robust against various potential attacks including the replay attack, man-in-the-middle (MiTM) attack, impersonation attack, ephemeral secret leakage (ESL) attack, privileged insider attack, physical smart healthcare device stolen attack and stolen verifier attack, which are provided in Propositions 1–6.
Proposition 1. ACM-SH is secure against replay attack.
Proof. In the proposed ACM-SH, we use different freshly generated timestamp values, such as , and in the transmitted messages , and , and , and in the messages , and , respectively. Suppose these messages are intercepted by an adversary and then these are re-sent to the receivers after some time. However, the timestamp values attached in the transmitted messages are verified at the receiver’s end through the condition: or . If these conditions hold, the messages are accepted by the receivers; otherwise, the receivers discard the messages. As a result, acceptance of the messages necessarily implies that the messages are fresh and they are not replayed one. In this way, ACM-SH is able to defend the replay attack against the adversary . □
Proposition 2. ACM-SH is secure against man-in-the-middle (MiTM) and impersonation attacks.
Proof. In ACM-SH, we have used different “timestamp values, random secret values, pseudo identities, and secret keys”. The secret identities and secret key values are only known to the concerned parties, such as and . If an adversary intercepts the communicated messages and later on, he/she tries to modify them, and under the deployed mechanism it is very difficult for to update the messages as he/she does not know various secret values. Therefore, cannot modify the messages , , and , and . In a similar way, cannot construct the messages , , and , and as valid messages, and send them on behalf of the sender. Hence, under these conditions, it is not possible for to launch the MiTM attacks as well as impersonation attacks on the proposed ACM-SH. □
Proposition 3. ACM-SH is secure against ephemeral secret leakage (ESL) attack.
Proof. In ACM-SH, the session keys and are established between and and and , respectively. The short term secret values (i.e., random secret values) and long term secret values are used to generate session keys in the proposed ACM-SH. However, we get different session keys in different sessions by using these secret values as random secrets, and current timestamps are applied. Furthermore, an attacker is unaware of the secret credentials. Thus, is unable to calculate the session keys. As a result, under the CK-adversary model, ACM-SH protects against the ephemeral secret leaking (ESL) attack. □
Proposition 4. ACM-SH is secure against privileged insider attack.
Proof. In ACM-SH, the deletes all sensitive information from its database once the successful registration of the entities, such as and , performed successfully. Therefore, a privileged insider user of the does not have any knowledge of secret credentials (i.e., , , , , , ) associated with the entities. Hence, the privileged insider user of the can not launch various attacks, like session key computation and credentials guessing attacks on the proposed ACM-SH. As a result, ACM-SH has ability to defend the privileged insider attack. □
Proposition 5. ACM-SH is resilient against physical smart healthcare device stolen attack.
Proof. In ACM-SH, the smart healthcare device
stores stores
in its memory. Moreover, the session keys are computed between
and
, and
and
as
and
, respectively. Each session generates and establishes a new session key. The parameters, like
,
,
,
and
are different and unique for different entities. This helps in producing different session keys for the different entities in various sessions. Now, assume an attacker physically steals a smart healthcare device and then uses the advanced power analysis attack [
26] to obtain the secret credentials from its memory. However, this malicious task only causes revealing of this particular session key, but not the session keys of other future sessions or the session keys of other devices. Hence, the remaining part of the communication is still safe. This means that ACM-SH has ability to defend the physical smart healthcare device stolen attack. □
Proposition 6. ACM-SH is resilient against stolen verifier attack.
Proof. In ACM-SH, stores information {} in the secured region of its database. These values are not known to an adversary . Therefore, cannot extract the secret values from the database of . Thus, other linked attacks, such as “session key computation” and “credential guessing” attacks on ACM-SH are not possible. As a result, ACM-SH can protect against the stolen verifier attack. □
8. Conclusions and Future Work
Sustainable smart healthcare system provides an enormous number of advantages over a traditional system. To overcome the security problems, a scheme for secure access control and key establishment for a long-term sustainable smart healthcare system (in short, ACM-SH) has been presented. The results of the security analysis show that ACM-SH is secured against a variety of attacks that are possible in an IoMT-enabled sustainable smart healthcare system. The proposed ACM-SH offers superior security and additional functionality capabilities as compared to those for other competing schemes. Furthermore, a simulation study shows that ACM-SH can determine its impact on the key performance indicators. Since ACM-SH is lightweight in nature and requires less computation, communication and storage resources, it seems to be practical for the real-time sustainable smart healthcare applications and usage.
In the future, we would like to add more functionality features, such as device revocation phase and key revocation phase in the presented scheme while keeping the same level of security as offered currently.