Software-driven secure framework for mobile healthcare applications in IoMT

Abstract

The traditional healthcare systems require more data storage and not a quick responsive mode. The new era of intelligent healthcare systems uses advanced frameworks and devices to work with Internet of things (IoT), Cloud Computing, edge computing devices, and the Internet of Medical Things (IoMT). These technology adoptions may drastically increase healthcare systems performance and are available anytime and anywhere to replace traditional medical methods – the organizations in the network exchange the patient data that has been gathered. The healthcare systems are therefore susceptible to a variety of threats. The attacker may exploit many attacks during the transmission. This paper introduces a novel mechanism of A Secure Robust Privacy-Preserving Authentication and Key Agreement Framework for Mobile Healthcare Applications. The proposed framework collects the patient’s data using wearable devices called sensors, and the collected data is shared with various entities using a secure mechanism. The proposed framework uses Elliptic Curve Cryptography (ECC). Digital sign is created and validated through the Elliptic Curve Digital Signature Algorithm (ECDSA). Security properties of the proposed framework are analyzed through standard model checking tool Automated Validation of Internet Security Protocols (AVISPA). The suggested protocol is simple to develop and can withstand network-related threats.

Keywords

Privacy-preserving key agreement ECC ECDSA ECIES AVISPA

1. Introduction

Things like electronics, automobiles, buildings, and even hospitals are all being integrated over the internet of things. Emerging innovations are being created to improve healthcare’s current structure as the internet and computer devices evolve. Coordination of data and audiovisual resources and the processing of medical records are all part of the healthcare service method. It is challenging to incorporate IoT into health monitoring systems because of the enormous volumes of data collected and the need for security to protect patients’ sensitive information from hackers. IoT devices have made it possible for patients to be tracked around the clock in this day and age. These gadgets are small, yet they can monitor the patients who use them over the IoMT architecture. The patient may be observed for emergencies, and any essential actions conducted remotely. For example, these gadgets are always linked to the internet and may simultaneously identify issues and provide immediate assistance.

Figure 1.

A typical layers in smart healthcare system.

The Internet of Things has completely altered the healthcare environment. Many wearable gadgets have been developed and utilized in healthcare to check patients’ conditions in real-time. Sensors produce data in quantity in the healthcare arena. This material is challenging to manage since it demands secrecy, integrity, and validity. Although these gadgets offer health monitoring, the data sensed and sent to the cloud must be protected and secure. This era’s priority is ensuring the privacy and security of the data being monitored and exchanged over the internet. Everything, from residential privacy to personal health, need security and protection. It is an essential element of our life. People are becoming increasingly concerned about personal data privacy, whether it is related to money, transportation, or health. The fundamental needs of data security are confidentiality, integrity, and availability. Confidentiality guarantees that only the authorized entity may access the computer or network. In contrast, integrity assures that only the authorized and authorized user may edit the data. Furthermore, the availability criterion implies that the data must be accessible to the legal entity at all times, without interruptions or constraints.

Life-care is a Hospital that has implemented the Hospital Record Management System to maintain its records of most aspects carried out in the hospital, such as appointments, emergency facilities, ambulance service, subscription service, and many more. These traditional systems may consume a lot of time for the Patient. The E-health web application framework and responsive web design. Recent web-based technologies support creating new possibilities in medical information systems. “Smart health applications” can perform several tasks such as booking appointments, providing ambulance services, and email subscription services for clients/patients [1]. Patients can easily locate qualified physicians in their neighbourhood with a doctor’s profile. For instance, a doctor’s page may include details on their expertise, medical facilities, and current avail-abilities. And for the doctors and hospital management to maintain a separate authentication portal. It requires two authentications, one for the doctor to check the daily appointments and the emergency cases and another for management/admins to manage and supervise the hospital records by up-dating, adding new doctors, and deleting the unwanted records [2, 3]. This is used to provide remote health care, which improves patient quality of life by reducing the frequency and duration of hospital stays, fosters patient empowerment, and fosters better interaction between health care providers and patients. Apart from these, the security of smart health applications is more critical because the patient and doctor sensitive data may not compromise by anyone.To ensure the security of cloud services against DoS assaults, Swapna [4] developed a blueprint for an Artificial Immune System (AIS) algorithm that uses threshold-based mitigation strategies. Their approach may be used on cloud computing infrastructure to stop unauthorized users from squandering resources by making requests that aren’t legitimate.

On the other hand, patients’ prescriptions and hospital data are also kept secure. Most of the existing smart healthcare applications may fail to protect the data. Typical layered architecture using a smart health system is shown in Fig. 1. These layers are drawn from the left to write, such as the device, communication, platform, and application layer [5].

•

Device layer: Using the controllers, sensors, and actuators that have been set up, this layer is in charge of collecting patient data.

•

Communication layer: It connects the various IoT devices and sensors using communication technologies such as Bluetooth, Near Field Communication (NFC), mobile data networks, etc.

•

Platform layer: This layer offers cloud computing, middleware, service support, and information development.

•

Application layer: It is responsible for predicting, analyzing, monitoring, detecting, tracking, and recording patient data.

This paper introduces a novel mechanism for a Secure Robust Privacy-Preserving Authentication and Key Agreement Framework for Mobile Healthcare Applications. Many existing approaches use the RSA algorithm for developing secure applications; this may consume time for encryption and decryption, and it is not fit for lightweight applications. Hence in this article, we have used the Elliptic curve cryptography. The proposed digital sign generation and verification framework use the ECDSA technique. For encryption process, the message uses the ECIES for integrated encryption. For the security properties analysis purpose, we are using the AVISPA tool. The first stage in AVISPA is to draught the suggested framework protocol like High-Level Protocol Specification Language (HLPSL) the AVISPA backend servers will carry out. The next step is to test our procedure test our procedure for any and all Dolev-Yao Intruder traces [6].

The remaining content of the current study is organized in the following manner: Section 2 discusses the related work in software-driven security framework for mobile application in healthcare. Section 3 describes the proposed protocol. Section 4 elaborates on adversary models for the proposed work. Section 5 presents security analysis of the proposed framework. We conduct a comparative study of existing approaches in Section 6. Finally, Section 7 concludes the research findings and future scope of the study.

2. Related work

Ammenwerth et al. [7] review the mobile information, and also we have the communication assistant. The authors highly focus on the real-time process of getting the facility information access; the system eliminates the double documentation and covers the process of increasing the long-term effectiveness of patient treatment as it was part of the daily activity of the hospital. The authors’ proposed framework covers all the features and is also implemented systematically, i.e., protocol aims, design, methods, and finally, the results. Finally, the implemented protocol is vulnerable to attacks. Boulos et al. [8] aim at the central part of health and mainly focus on the health care applications. The developed framework highlights various scenarios while creating the app in both the sectors of healthcare professionals and inpatients – for example, the lifestyle of the education and application management and mainly in fitness and health. The authors have given a complete description of how to learn the Mobile Platform of eCAALY. For this mobile platform, the information between the wearable devices’ sensors and the server will give a notification message to elderly persons, patients, and health professionals. These signals will pass the information through sensor measurements, and it will notify their patients and corresponding doctors using a GPS connection through the smartphone. But the developed framework is not secure between the patients and doctors. Buabbas et al. [9] evaluated the value of smartphones in surgical practice during the COVID-19 epidemic.

The authors address some concerns, and we know that it will take the main focus and majority and also the consideration part we can say, using the smartphones because their practice is essential. From this, we get more benefits from the patient to doctor doctor-doctor communication. Crotty et al. [10] review how we can design online health services for patients. People know way days how online platforms are helpful for daily life. And its usage is increasing rapidly; coming to health purposes, people are using the platform online for their health issues and for their family members and loved ones to help them with their health issues. These days, health care platforms provide online services quickly for patients. They are giving online services through their portals and providing access for patients to place their sessions, peruse their medical data, and communicate with medical professionals. And there are providing online health facilities directly to patients, like taking care of their health, fitness, and lab processes, if any, GPS tracking, and keeping Records for their medical sheets. Many health-based companies follow these things. The paper fails to explain the various attacks between the entities. Zargar et al. [11] outlined a method of dealing with distributed denial of service attacks by describing an intrusion detection and prevention system.The framework for the early detection of DoS was implemented by Badotra et al. [12] with the assistance of a tool called the SNORT intrusion detection system. SDN controllers are provided service in the early identification of DoS assaults by the tool.To identify the DoS, the authors tested five distinct network configurations.To detect and mitigate DoS assaults, many machine learning classifiers were used. In one of these methodologies, they worked with the entropy-based, three collectors, and classification sections. At each point, data is gathered for newly emerging threats, and the amount of time before an assault is detected is supplied. The issues posed by DoS assaults [13] and debates on DoS flooding attack prevention and solutions take up the majority of the attention in this study. In the system, Sindhura et al. [14] developed and implemented, the quantity of bandwidths allotted to the user depends on whether the user is lawful. Sterne et al. [15] used pre-existing statistical monitoring, which monitors and records increases in traffic volume to a particular system.

Fayezah et al. [16] developed an online health care system approach. This system creates a communication mechanism in the fast process between the doctors and the patients.Coming to security, it maintains a better option and makes a safe procedure for users. Next, the development part uses the Php framework and the Codeigniter one. And for database connectivity, it was designed using MySQL, and the server used for the system was xampp as the server. Defences against distributed denial of service (DoS) assaults in conventional and software-defined networks have been approached from various angles. This study handles security assaults using lightweight and protocol-independent techniques, which results in an effective defence architecture for SDN. When it is necessary to validate a client’s request in a time-efficient manner Sindhura et al. [14] recommend using Medium Access Control (MAC) filters in conjunction with cryptography-based authentication. In the system, we see that we have access to doctors to view the patient’s data and issue documents and prescriptions. The system allows registered professional doctors to enlist in the hospital. The doctors can give the patients free medical advice if they can. And can provide the necessary guidance and medications to the patients when they request an appointment. Next to users, they can register and log in as patients to store and secure the medical data in the database section of the system. The application fails to run in a secure environment.

Ventola et al. [17] aim to assess the smart phones and Applications for Healthcare Executives. These smartphones have been taking a good place. In health care, things mean their settings, taking good status and making their status grow by increasing their platforms in the medical software applications. The framework will be helpful to the health care professionals who use mobile applications and devices for many things. The developed framework has some specific rules and implementing in five parts or sections. Firstly it was communications to create more interaction between doctors and patients. Next is consulting patient health records, administration for clarifications of doubts, references and gathering different kinds of health information, and medical education.An IP spoofing system that identifies and discards malicious traffic using an IP-hop count database was proposed by Mopari et al. [18]. A non-intrusive IP traceback technique that maintains valid source addresses while traveling over the network has been developed by Thing et al. [19]. Finding out which routers were utilized as illegal source addresses to create the attack graph is the first step in identifying the network traffic flow that is taking place.

In the system, Sindhura et al. [14] developed and implemented, the quantity of bandwidths allotted to the user depends on whether the user is lawful. Sterne et al. [15] used pre-existing statistical monitoring, which monitors and records increases in traffic volume to a particular system. The framework for the early detection of DoS was implemented by Badotra et al. [12] with the assistance of a tool called the SNORT intrusion detection system. SDN controllers are provided service in the early identification of DoS assaults by the tool. To identify the DoS, the authors tested five distinct network configurations. To detect and mitigate DoS assaults, many machine learning classifiers were used. In one of these methodologies, they worked with the entropy-based, three collectors, and classification sections. At each point, data is gathered for newly emerging threats, and the amount of time before an assault is detected is supplied.

Table 1
DoS assaults on three tiers of SDN

Variety of DoS attacks	Targets	Example
DoS targeted at SDN setup level	Network devises Ex: Routers, Network Switches, etc.	The DDoS attacker tries to target the victim by transmitting a large number of fake packets to the switch that is enabled for SDN.
DoS targeted at SDN control level	SDN controller Ex: Databases	The DDoS attacker will transmit a fresh packet created by the malicious traffic to devalue resources and deplete the bandwidth of the controllers.
DoS targeted at SDN application level	IP Applications	The DDOS attackers target all of the victims who were actively involved in the SDN application layer as they attempt to send them malicious packets.

Table 2

Notations used in the current study

Notation	Description
$\mathcal{U}$ , $\mathcal{S}$	$i^{\text{th}}$ patient of $U_{i}$ , Wireless Body Area Network/Wearable devices/Sensor
$\mathcal{HD}$ , $\mathcal{HS}$ , $\mathcal{GN}$ , $\mathcal{TA}$	Health Device, Health Server, Gateway Node, and Doctor
$\mathcal{A}$	Attacker/Adversary/Intruder
$N_{X}$	Nonce generated by the communication node $X$ .
$\textit{ID}_{X}$	Identification of communication node $X\in\{S,U,\textit{HS},D\}$
$K_{X}^{+}$	Public_key of the communication node $X\in\{S,U,\textit{HS},D\}$
${K}_{X}^{-}$	Private_key of the communication node $X\in\{S,U,\textit{HS},D\}$
$\textit{Cert}_{X}$	Certification of communication node $X$ digitally signed by the secret_key of a TA
$\textit{SK}_{X}$	Secret key used by entity $X$
$\textit{SIGN}_{Y}^{X}(M)$	Sign generated by the entity $Y$ and verified by the entity $X$ on message
$\textit{hash}(K,M)$	Hash associated with key and message
SMS	SMS notification
$\textit{SK}_{XY}$	Session key utilized by entities $X$ and $Y$
$\textit{TS}_{X}$	Time stamp generated by the communication node $X\in\{U,S,\textit{HD},\textit{HS},\textit{TA}\}$
$M$	Message
MAC	Message authentication code
$X\\|Y$	Concatenation Information of entities $X$ and $Y$

Attacks on Software-Defined Networks That Are Distributed Over the Denial of Service The adversary causes damage to legitimate servers and clients by transmitting several packets that cannot be identified across the network. General requests and requests from notional customers are the two categories of requests that might cause a denial of service attack from the adversary. DoS attackers take control of the numerous devices that have been hijacked and then utilize this request to deliver enormous amounts of packets to the target-1. The adversary began the distributed denial of service assault with the First Request: To initiate a Distributed Denial of Service assault, the attacker must first maintain and manage many devices capable of sending DoS packets to the target. These compromised computer networks are often referred to as botnets or zombie computers. DoS detection is the initial step, during which an attempt is made to determine the level of vulnerability present in connected devices, including WiFi routers, personal computers, mobile phones, and closed-circuit video cameras.In this phase, the attacker may use any scanning technique, such as local subnet scanning, permutation scanning, random scanning, hitlist scanning, and so on, to discover vulnerable devices before beginning a DoS attack. Other scanning methods include scanning random IP addresses and hitlist scanning.

The attacker may use a range of attack strategies with a high degree of pertinence to hijack vulnerable devices and successfully get accurate scanning results. The adversary may now determine which botnets are in the network, send the required number of control messages to take command of the compromised devices, and then send malicious requests to the target to launch a distributed denial of service attack. 2. The adversary started a distributed denial of service assault with the Second Request: The second kind of request is one that is entirely made up. The attacker could make fake requests from legitimate users or copy and paste existing ones before sending them to victims. On the other hand, the victim is the one who gets a large number of false requests, which results in the server being brought down, network bandwidth being depleted, or computer resources being used up. DoS assaults on three tiers of SDN setup are presented in Table 1.

Figure 2.

Proposed framework in healthcare applications.

To address the above issues for security concerns, we have developed a mechanism for a Secure Robust Privacy-Preserving Authentication and Key Agreement Framework for Mobile Healthcare Applications. Many existing approaches use the RSA algorithm for developing secure applications; this may consume time for encryption and decryption, and it is not fit for lightweight applications. Hence in the current study, the authors have used the ECC technique. The proposed digital sign generation and verification framework use the ECDSA. For encryption and decryption, the message uses the ECIES technique.

2.1 Motivation

The motive behind the projected framework in this study is as follows. People are moving toward sustainable computing rather than traditional systems in innovative health apps and intelligent IoT devices. These applications and devices are operated via the Internet; various attackers may exploit the vulnerabilities with the three levels of security. Such as communication level, application level, and device-level security are needed. Otherwise, many applications are vulnerable to attackers. The attacker may exploit various attacks, such as ”Man-in-the-Middle (MitM), Reply, privileged-insider, and impersonation attacks. Apart from these, some healthcare applications don’t provide end-to-end security mechanisms. The patient’s privacy is comprised. From the above discussion, we have observed that current security solutions at various levels are not adequate for smart health apps. It demands the deployment of a secure, robust framework for developing the applications so that it will protect the security threats from attackers.

2.2 Contributions

Figure 3.

Proposed framework steps between the entities.

In this study, the following are the contributions:

•

Authors have developed a novel secure, robust framework for smart healthcare applications used between the entities of a user (patient/doctor), sensor node, and a hospital server node. The proposed architecture uses ECC to enable secure end-to-end transmission between entities.

•

The proposed model is validated using the Automated Validation of Internet Security Protocols standard model checking tool.

•

The suggested framework is resilient and has security features, and the calculation cost of a protocol is lower than that of current methods.

3. Proposed method

The projected protocol for the mobile healthcare application systems uses the “Elliptic Curve Integrated Encryption Scheme (ECIES)” for encryption process and the ECDSA technique” [20][21] for signature generation and verification. The notations used for this projected protocol method are listed in Fig. 2. The projected framework steps are shown in Fig. 3.

The following steps are used for the proposed framework, and these steps are also shown in Fig. 2.

•
Step 1. The Body Area Sensor Network (BSN) sends collective information about the patient, and the data is regularly sent to the Smart Healthcare application using wearable devices connected through Blue-Tooth. The data transmitted to the device is encrypted with the asymmetric key using ECC called M1.

$\textit{SHA}\leftarrow\textit{BASn}:\{M1,\textit{SIGN}_{\textit{BASn}}^{% \textit{SHA}}(M1),\}K_{U}^{+}$ Where $M1=\{\textit{ID}_{P},\textit{BASn}_{\textit{ID}},N_{\textit{BASn}},\textit{TS}% _{\textit{BASn}},\textit{PI}\}$
•
Step 2. After receiving a message1, the user verifies the data integrity and authentication of the BSNs, and the user constructs a new message to the hospital with a hashed message.

$\textit{HS}\leftarrow\textit{SHA}:\{\textit{MAC}0,M2\}\textit{SK}_{\textit{UH}}$ Where $\textit{MAC}0=\{\textit{SK}_{\textit{UH}},M2\}$ , where $M2=\{\textit{ID}_{P}\|\textit{BASn}_{\textit{ID}}\|N_{\textit{BASn}}\|\textit{% TS}_{\textit{BASn}}\|\textit{SK}_{\textit{UH}}\|\textit{PI}\}$
•
Step 3. The hospital server (HS) decrypts the message with the session key and obtains the m2. The HS validates all received data from the user because user authentication is necessary.

$D\leftarrow\textit{HS}:\{M3,\textit{SIGN}_{\textit{HS}}^{D}(M3),\}K_{D}^{+}$ Where $M3=\{\textit{ID}_{P},\textit{BASn}_{\textit{ID}},N_{\textit{HS}},\textit{TS}_{% \textit{HS}},\textit{PI}\}$ The hospital server updates the database; if any deviation is observed in the patient report, it will transfer the message to the doctor (D) and inform the patient’s family members via an alert notification.
•
Step 4. Now, the doctor decrypts the message from the hospital server with his private key and verifies the data integrity and authentication; once all verifications are successful, any variation in the report or case of emergency directly informs the patient’s family members.

$P/U\leftarrow D:\{M4,\textit{SIGN}_{D}^{U}(M4),\}K_{U}^{+}$ Where $M4=\{\textit{ID}_{P},\textit{BASn}_{\textit{ID}},\textit{PI},\textit{LOC}_{P},% \textit{ID}_{D},N_{D}\}$
•
Step 5. Now that message four from the doctor has been authenticated, and the data integrity has been established, the user can decrypt the message using his private key and confirm the patient’s current condition. If an emergency arises, the hospital (H) will call an ambulance patient’s place and notify the patient’s family.

4. Adversary $\mathcal{A}$ model

This section discusses security and privacy attacks in health care applications, which evolved from [22]. Our proposed framework is defined over the guidelines of 2 universally accepted threat models Dolev-Yao(DY) [6] and Canetti and Krawczyk’s [23] enmity model. Because healthcare units lack a centralized administrator or controller, the devices can transmit valuable data regarding several essential factors, including personal information, patient’s or doctor data, type of drug usage, and altered notifications. However, malicious or misbehaving nodes may disrupt the transmission of this information or disclose it to untrusted parties. These attacks vary in severity level. Likewise, the unprotected IoT environment presents numerous vulnerabilities that hackers or malicious organizations may exploit. White hats and black hats are the two main categories that may be used to describe hackers. Whereas white hat attacks are intended to alert companies and consumers to security vulnerabilities, black hat attacks are carried out with malicious intent, such as ransom demands, theft, selling of private data, or simply causing damage. As connections become increasingly prevalent, black hat hackers may exploit any vulnerability to access and sell personal data, steal, disrupt services, and more. Therefore, any protocols running under IoT or healthcare units require the centralized trusted authorities (TA) to maintain privacy between all entities via public key infrastructure. Our protocol addresses and resolves most attacks by employing the advanced and lightweight cryptography techniques of ECDSA for signature creation and validation. Similarly, we employed ECIES for asymmetric and an AES algorithm for symmetric encryption and decryption. Our proposed model was tested and verified using formal security analyses. The objectives of this research are as follows:

•
Design secure authentication and key management protocols using lightweight cryptography to provide less communication overhead and computation cost.
•
To analyze the existing works for designing secure protocols for healthcare applications and provide better security and performance solutions.
•
To verify the proposed secure protocols using advanced model-checking of Scyther tool.
•
To understand the research gaps that should be addressed and to indicate future research directions in this area.

5. Security analysis of the proposed framework

Designing security protocols is a challenging real-time task because many Security issues were involved during the developing phase. On the Internet, the adversary always establishes the connection to tamper with or modify the message between the parties. Even though the messages were encrypted, the adversary tried to identify the loopholes without breaking cryptography by exploiting the protocols’ weaknesses. The typical examples of such attacks are MitM, reply, masquerade, session hijacking, etc. This section describes our scheme using a formal verification approach using AVISPA tool simulation. AVISPA is a push-button tool for the “Automated Validation of Internet Security-sensitive Protocols and Applications (AVISPA)” [24, 25, 26], which systematically stands to this challenge. AVISPA addresses two challenges; firstly, it provides an expressive formal language and primary modular for describing the security properties of protocols. Secondly, it combines the features of different backends for automatic analysis, from input protocol assault detection through protocol falsification across a continuous and discrete number of sessions. The following subsection continues with the HLPLS specification of our proposed framework.

5.1 HLPSL specification and simulation results with the AVISPA

AVISPA assists a programming language like HLPSL [27]. It assist in dealing with the expressive formal language and primary modular for describing the security properties of protocols to establish network security protocols that use many cutting-edge automated security analysis methods. To analyze security properties used in the proposed framework with the AVISPA tool [28] in an open environment with the adversary in the network. The proposed framework of the HLPSL specification is given below. The specification of HLPSL uses the following participants: Sensor (S), User (U), Hospital server (HS), and Doctor (D).

role Sensor (S, U: agent,pre-shared key between Sensor and UserSkb1: symmetric_key,S_id, U_ph, U_pin, U_id, U_name, LOC_P, PIHash: hash_meth,SENDER_S, RECEIVER_U: channel(dy)),played_by local_State: nat,NS1, NU1, NS2, NU2, Message1, Message2, Message3, Ts1, Ts2, Tsu1: text,KU, KS: public_keyconst sensor, user, ns1, ns2, sku,sensor_user_ns1, sensor_user_skb1: protocol_identifierinitialise State $:=$ 0transition1. State $=$ 0 $\wedge$ RECEIVER_S(start) $=\mid>$ State’ $:=$ 2 $\wedge$ NS1’ $:=$ new() $\wedge$ Ts1’ $:=$ new() $\wedge$ Ts2’ $:=$ new() $\wedge$ NS2’ $:=$ new() $\wedge$ S_id’ $:=$ (U_ph,U_pin) $\wedge$ Patient_info’ $:=$ (LOC_P) $\wedge$ PI’ $:=$ (S_id,U_ph,Patient_info’,Ts2’,NS2’) $\wedge$ Message1’ $:=$ Hash(S_id’,NS1’,Ts1’) $\wedge$ SND_Ib(Message1’.S_id’.NS1’.Ts1’_KU) $\wedge$ secret(NS1’,ns1,S,U) $\wedge$ secret(Ts1’,S,U) $\wedge$ witness(S,U,sensor_user_ns1,NS1)end role

role User (S, U, HS: agent,Skbp1, Skb1: symmetric_key,S_id, U_ph, U_pin, U_id, U_name, LOC_P, PIHash: hash_meth,Sender_S, Reciever_U, Reciever_S, Sender_HS: channel(dy))played_by U def $=$ local State: nat,NS1, NU1, NS2, NU2, Message1, Message2, Message3, Ts1, Ts2, Tsu1: text,KU, KS: public_keyconst sensor, user, ns1, ns2, sku,sensor_user_ns1, sensor_user_skb1: protocol_idinit State $:=$ 1transition2. State $=$ 1 $\wedge$ Rcv_U(start) $=\mid>$ State’ $:=$ 3 $\wedge$ NU1’ $:=$ new() $\wedge$ Tsu1’ $:=$ new() $\wedge$ S_id’ $:=$ (U_ph,U_pin) $\wedge$ Message2’ $:=$ Hash(Skuh,NU1’,TsU1,S_id’) $\wedge$ Snd_HS(Message2’.Skuh.NU1’.Tsu1. S_id’_SKuh) $\wedge$ secret(NU1’,nu1,U,HS) $\wedge$ witness(U,HS,user_hospital_nu1,NU1)3. State $=$ 3 $\wedge$ Rcv_U(Message1’.S_id’.NS1’. Ts1’_KU) $=\mid>$ State’ $:=$ 5 $\wedge$ NU2’ $:=$ new() $\wedge$ secret(NS1’,ns1,S,U) $\wedge$ secret(Ts1’,S,U) $\wedge$ witness(S,U,sensor_user_ns1,NS1)end role

role HS (U,D: agent, Skbp1, Skb1: symmetric_key,S_id, U_ph, U_pin, U_id, U_name, LOC_P, PIHash: hash_func,Snd_S, Rcv_U, Rcv_S, Snd_HS: channel(dy))played_by U def $=$ local State: nat,NS1, NU1, NS2, NU2, Message1,Message2, Message3, Ts1, Ts2, Tsu1: text,KU, KS: public_keyconst sensor, user, ns1, ns2, sku, sensor_user_ns1, sensor_user_skb1: protocol_idinit State $:=$ 1 transition 4. State $=$ 1 $\wedge$ Rcv_HS(start) $=\mid>$ State’ $:=$ 3 $\wedge$ Ts2’ $:=$ new() $\wedge$ NU2’ $:=$ new() $\wedge$ Snd_D(Message3’.Skuh.NU1’. Tsu1.S_id’_SKuh) $\wedge$ secret(NU1’,nu1,U,HS) $\wedge$ witness(U,HS,user_hospital_nu1,NU1)5. State $=$ 3 $\wedge$ Rcv_HS(Message2’.Skuh.NU1’. Tsu1.S_id’_SKuh) $\wedge$ secret(NU1’,nu1,U,HS) $\wedge$ witness(U,HS,user_hospital_nu1,NU1)end role

role D(HS, D: agent, Skab1: symmetric_key,Skbp1, Skb1: symmetric_key,S_id, U_ph, U_pin, U_id, U_name, LOC_P, PIHash: hash_func,Snd_S, Rcv_U, Rcv_S, Snd_HS: channel(dy))played_by U def $=$ local State: nat,NS1, NU1, NS2, NU2, Message1,Message2, Message3, Ts1, Ts2, Tsu1: text,KU, KS: public_keyconst sensor, user, ns1, ns2, sku, sensor_user_ns1, sensor_user_skb1: protocol_idinit State $:=$ 1transition6. State $=$ 1 $\wedge$ Rcv_D(start) $=\mid>$ State’ $:=$ 3 $\wedge$ TsAP1’ $:=$ new() $\wedge$ NAP1’:=new() $\wedge$ Rcv_D(Message3’.Skuh.NU1’. Tsu1.S_id’_SKuh) $\wedge$ secret(NU1’,nu1,U,HS) $\wedge$ witness(U,HS,user_hospital_nu1,NU1)end role

goalsecrecy_of ns1, ns2, nu1, nhs1, skuhauthentication_on user_hospital_nu12, u_hs_skuhend goal

5.1.1 Analysis of results

The proposed framework is written HLPSL specification, and it automatically detects the various well-known attacks because AVISPA works in the environment of an active attacker present in the network. AVISPA has integrated with four backends; these rigorously work to analyze the security properties, detect the attacks before mentioned, and obtain the validation results. The following is shown the output for the proposed protocol with four backends.

1.
“SUMMARY” describes whether a protocol is tested and executed under a safe state, insecure, or Whether the security study is lacking.
2.
“DETAILS” highlights the limitations under which the examined protocol is represented as safe and the circumstances utilized to detect an attack.
3.
“PROTOCOL” specifies the name of the protocol that is being tested.
4.
The Goal, “BACKEND, and COMMENTS” are the goal of the protocol, the name of the AVISPA backend used, and comments regarding the test of the protocol, respectively.
5.
Finally, “STATISTICS” presents the complete analysis as the statistical report of the verified protocol.

Our proposed framework runs within all backends of AVISPA. For an execution test, the protocol analysis is successful. There are still no identified attacks, and the security objectives were met. As a result, our suggested system is secure and resistant to threats. Individual tool results are illustrated in Fig. 4a and 4b, respectively.

Figure 4.
(a) AVISPA-OFMC; (b) AVISPA-SATMC.

•
1) “On-the-fly Model-Checker (OFMC)” discloses the projected framework in a safe state.
•
2) “CL-based Attack Searcher (CL-AtSe)” discloses the projected framework in a safe state.
•
3) “SAT-based Model-Checker (SATMC)” discloses the projected framework in a safe state.
•
4) “Tree Automata-based Protocol Analyser (TA4SP)” disclose the Some protocol rules may not be fired; therefore, the verification is not performed.

No disclosed threats were there, and the security objectives were attained.

Table 3
Overview of resilience to the attacks

Schemes/attack [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] Proposed scheme

Resistance to Reply attack $\surd$ $\times$ $\surd$ $\surd$ $\surd$ $\surd$ $\times$ $\surd$ $\surd$ $\surd$ $\surd$

System supports the session key in the presence of the CK-attacker model $\surd$ $\surd$ $\surd$ $\surd$ $\times$ $\times$ $\times$ $\surd$ $\times$ $\surd$ $\surd$

Secure against MitM $\surd$ $\times$ $\surd$ $\surd$ $\times$ $\times$ $\surd$ $\surd$ $\times$ $\times$ $\surd$

Supports anonymity and identity privacy-preserving $\surd$ $\times$ $\times$ $\surd$ $\times$ $\times$ $\surd$ $\surd$ $\surd$ $\times$ $\surd$

Resistant to password guessing attack $\surd$ $\times$ $\surd$ $\surd$ $\times$ $\surd$ $\times$ $\times$ $\surd$ $\surd$ $\surd$

Protect from impersonation $\surd$ $\times$ $\surd$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\surd$

Untraceability $\surd$ $\times$ $\surd$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\surd$ $\surd$ $\surd$

Resistance to Insider attack $\times$ $\surd$ $\times$ $\times$ $\surd$ $\times$ $\surd$ $\surd$ $\surd$ $\surd$ $\times$

DoS attack protection $\times$ $\times$ $\surd$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\surd$

Prevents node capture attack $\times$ $\surd$ $\surd$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\times$ $\surd$ $\surd$

Formal Verification by AVISPA $\times$ $\times$ $\times$ $\times$ $\times$ $\times$ $\times$ $\times$ $\times$ $\times$ $\surd$

Table 4
Performance comparison

Scheme BSNs/wearable device/sensor User/smart phone application Health device/health server

Zhou et al. [33] 7 $T_{h}$ 10 $T_{h}$ 19 $T_{h}$

Sharma and Karla [31] 5 $T_{h}$ 11 $T_{h}$ NA

Shashidhara et al. [41] 4 $T_{h}$ 6 $T_{h}$ NA

Farash et al. [29] 7 $T_{h}$ 11 $T_{h}$ NA

Garg et al. [34] 2 $T_{\textit{ecm}}$ $+$ 1 $T_{\textit{eca}}$ $+$ 3 $T_{h}$ $+$ 1 $T_{v}$ 2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 4 $T_{h}$ $+$ 2 $T_{v}$ 2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 5 $T_{h}$ $+$ 1 $T_{v}$

Challa at al. [30] 4 $T_{\textit{ecm}}$ $+$ 3 $T_{h}$ 5 $T_{\textit{ecm}}$ $+$ 5 $T_{h}$ NA

Proposed 2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 1 $T_{h}$ $+$ 1 $T_{g}$ $+$ 1 $T_{v}$ 2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 1 $T_{g}$ $+$ 1 $T_{v}$ $+$ 1 $T_{se}$ $+$ 1 $T_{h}$ $+$ 1 $T_{sd}$ 2 $T_{h}$ $+$ 1 $T_{se}$ $+$ 1 $T_{sd}$

6. Comparative study

Schemes/attack	[29]	[30]	[31]	[32]	[33]	[34]	[35]	[36]	[37]	[38]	Proposed scheme
Resistance to Reply attack	$\surd$	$\times$	$\surd$	$\surd$	$\surd$	$\surd$	$\times$	$\surd$	$\surd$	$\surd$	$\surd$
System supports the session key in the presence of the CK-attacker model	$\surd$	$\surd$	$\surd$	$\surd$	$\times$	$\times$	$\times$	$\surd$	$\times$	$\surd$	$\surd$
Secure against MitM	$\surd$	$\times$	$\surd$	$\surd$	$\times$	$\times$	$\surd$	$\surd$	$\times$	$\times$	$\surd$
Supports anonymity and identity privacy-preserving	$\surd$	$\times$	$\times$	$\surd$	$\times$	$\times$	$\surd$	$\surd$	$\surd$	$\times$	$\surd$
Resistant to password guessing attack	$\surd$	$\times$	$\surd$	$\surd$	$\times$	$\surd$	$\times$	$\times$	$\surd$	$\surd$	$\surd$
Protect from impersonation	$\surd$	$\times$	$\surd$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\surd$
Untraceability	$\surd$	$\times$	$\surd$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\surd$	$\surd$	$\surd$
Resistance to Insider attack	$\times$	$\surd$	$\times$	$\times$	$\surd$	$\times$	$\surd$	$\surd$	$\surd$	$\surd$	$\times$
DoS attack protection	$\times$	$\times$	$\surd$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\surd$
Prevents node capture attack	$\times$	$\surd$	$\surd$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\times$	$\surd$	$\surd$
Formal Verification by AVISPA	$\times$	$\times$	$\times$	$\times$	$\times$	$\times$	$\times$	$\times$	$\times$	$\times$	$\surd$

Scheme	BSNs/wearable device/sensor	User/smart phone application	Health device/health server
Zhou et al. [33]	7 $T_{h}$	10 $T_{h}$	19 $T_{h}$
Sharma and Karla [31]	5 $T_{h}$	11 $T_{h}$	NA
Shashidhara et al. [41]	4 $T_{h}$	6 $T_{h}$	NA
Farash et al. [29]	7 $T_{h}$	11 $T_{h}$	NA
Garg et al. [34]	2 $T_{\textit{ecm}}$ $+$ 1 $T_{\textit{eca}}$ $+$ 3 $T_{h}$ $+$ 1 $T_{v}$	2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 4 $T_{h}$ $+$ 2 $T_{v}$	2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 5 $T_{h}$ $+$ 1 $T_{v}$
Challa at al. [30]	4 $T_{\textit{ecm}}$ $+$ 3 $T_{h}$	5 $T_{\textit{ecm}}$ $+$ 5 $T_{h}$	NA
Proposed	2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 1 $T_{h}$ $+$ 1 $T_{g}$ $+$ 1 $T_{v}$	2 $T_{\textit{ecm}}$ $+$ 2 $T_{\textit{eca}}$ $+$ 1 $T_{g}$ $+$ 1 $T_{v}$ $+$ 1 $T_{se}$ $+$ 1 $T_{h}$ $+$ 1 $T_{sd}$	2 $T_{h}$ $+$ 1 $T_{se}$ $+$ 1 $T_{sd}$

This section deals with analyzing the projected work concerning computational cost, security attacks, functionalities, and transmission cost. The projected work’s performance analysis is compared with current approaches, such as [29, 30, 31, 39, 33, 34].

6.1 Security features analysed with state-of-art methods

In this part, the Authors contrast the projected scheme’s security properties with those of comparable systems. A detailed analysis of the security and design characteristics offered by the proposed system and other applicable frameworks for protection against phishing and farming assaults is shown in Table 3. Some of the schemes just detect phishing and pharming assaults; they do not, however, provide defenses against them. The suggested method may be able to recognize and prevent serious MITM attacks, replay, important privacy insiders, support anonymity, etc. Apart from these, it is verified with formal verification of a model checking tool called AVISPA.

a) MitM attack: Man-in-the-Middle (MitM) attack is one of the associate attacks because the adversary once implements MitM so that the attacker can exploit various other attacks easily [40]. In the proposed model, we have used a Dolev-Yao [6] concept model means that the adversary is present in the network. Still, they can’t do any illegal operations over the encrypted and signed messages. In this paper, our proposed scheme is secure against MitM attacks. E.g., a user and a server can be initiated from the same client’s mobile using fake addresses. During verification of authentication by the server, the proposed method considers both the request made by the user. Then the server proves whether the user gets connected to a legitimate or bogus site and whether the user integrity verifies both ends after receiving the message.

b) Replay attack: Even though the opponent may attack the sensor node with a reply, the adversary under our suggested approach can’t collect the messages during authentication, user, and the hospital server. The proposed framework uses nonce messages to protect the data from replay attack. These nonces are new messages. When any entity receives the nonce from the constructed signature message or a hashed message, it contains a timestamp and other details. From these, we can quickly identify the genuine or fake, and the entity also verifies the integrity of the message. Once all verifications are successful, that message is correct and not already used by someone. Hence our method secures against the replay attack.

c) Key privacy insider attack: Our framework is based on public-key-infrastructure (PKI), the genuine user only knows the private key, whereas the other known entities are the public keys involved in communication. If any adversary is trying to access packets in between the nodes, it is difficult for him to decrypt, and he cannot have access to the secret key of the user and bank servers.

d) Node capture: Node capture is one of the passive attacks. The attacker can analyze or monitor the network. This paper used the “Secure Socket Layer/Transport Layer Security (SSL/TLS)” framework because all messages are transferred via a secure network. A poor SSL/TLS setup leads to insufficient transport layer protection [42].

e) Session prediction: In this attack, the attacker attempts to learn or anticipate the pattern of certain temporary tokens coming from a central Hub, which need not be for an exact client. Once learning is complete, an attacker may establish any session token and engage in various unapproved actions on the system. In this scheme, the adversary cannot predict the session tokens because we provide a secure environment for communication. Ad session tokens are hashed with messages, so the attacker cannot expect those session tokens for communication. [43].

f) Impersonation: Impersonation: Suppose an adversary can perform a social-engineering attack, brute-force, or even an offline dictionary attack and obtains the user’s PIN. The PIN is the only one of the values used at the time of signature construction of a registered user or doctor with the hospital.

6.2 Comparison of computation costs

The computation cost of a cryptography operation refers to the time it takes the computer to conduct a single round of calculations. The computer’s time depends on the mathematical complexity of the cryptographic operation involved. The proposed scheme works with the hash function and ECC operation, which are lightweight operations. We use the following symbols to denote the cryptographic operations to compare computational costs. $T_{\textit{eca}}\simeq$ 0.0044 s: elliptic curve point addition, $T_{\textit{ecm}}\simeq$ 0.0171 s: elliptic curve point multiplication, $T_{h}\simeq$ 0.00032 s: hash function, $T_{\textit{se}}$ : symmetric encryption, $T_{\textit{sd}}$ symmetric decryption; for both of the symmetric encryption and decryption operation using AES-256 is $\simeq$ 0.87 s. Sign generation using ECDSA of (EC P-224) $T_{g}\simeq$ 0.34 s, Sign verification using ECDSA of (EC P-224) $T_{v}\simeq$ 0.51 s. The operation XOR has been omitted in this calculation because of its negligible overhead. The operations used for this comparison, along with its notation and their computation costs mentioned in the existing works of [44, 45].

In Table 4, Authors have analysed the computation costs of projected protocol over the other state-of-art authentication frameworks proposed by [33, 31, 46, 29, 34, 30]. However, the schemes of Zhou et al. [33] total cost $36T_{h}\simeq$ 11.52 ms have minimal computation costs. Still, they lack security and operational features and have high transmission costs. The computation cost associated with various entities of our proposed work requires: 4 $T_{\textit{ecm}}$ $+$ 4 $T_{\textit{eca}}$ $+$ 2 $T_{h}$ $+$ 3 $T_{\textit{se}+\textit{sd}}$ $+$ 1 $T_{g}$ $+$ 1 $T_{v}$ $\approx$ (4 $*$ 0.0171) $+$ (4 $*$ 0.0044) $+$ (2 $*$ 0.00032) $+$ (3 $*$ 0.87) $+$ (1 $*$ 0.34) $+$ (1 $*$ 0.51) $\approx$ 3.5466 seconds. The total execution for all the steps is $\approx$ 3.5466 seconds.

7. Conclusion

Developing a secure authentication and critical exchange model in the healthcare system is necessary, especially during the COVID-19 pandemic. Many of the state-of-art approaches are limited to satisfying real-time situations. Authors have developed a secure authentication and key exchange protocol between the various entities. Before initiating the message exchange, the entity will be verified with data integrity and authentication. The message is built on successful verification of the security credentials of the entity. The proposed framework is analyzed over the AVISPA. The tool determines whether all entities are in a safe state; no attacks are found or revealed. The proposed framework has a considerably lesser computation overhead than the existing works. The current model is limited to working effectively with limited size data blocks of 128kb, which has demanded to development of a model that would be robust in dealing with a larger block of messages. The other recent developments like the technology of the de-centralized ledger would assist better in recording the data exchanges and transactions in a more effective manner. In future work, along with the features mentioned above, the model that could work with variable key size encryption would assist in better encryption standards.

This work may be further developed in the future to integrate a congestion technique for first and second identities at all SDN tiers. It combines them more effectively at the IP layer to prevent false alarms and boost system efficiency. Implementing AVISPA at all SDN tiers demands enhanced safety and a credible environment.

References

Savaliya

Jhaveri

Xin

Alqithami

Ramani

Ahanger

. Securing industrial communication with software-defined networking. Mathematical Biosciences and Engineering. 2021; 18(6): 8298-314.

Ramani

Jhaveri

. SDN Framework for Mitigating Time-Based Delay Attack. Journal of Circuits, Systems and Computers. 2022; 2250264.

Naga Srinivasu

Panigrahi

Singh

Bhoi

. Probabilistic Buckshot-Driven Cluster Head Identification and Accumulative Data Encryption in WSN. Journal of Circuits, Systems and Computers. 2022; 2250303.

Swapna

Praveen

. An Exploration of Distributed Access Control Mechanism Using BlockChain. In: Smart Intelligent Computing and Applications. Springer; 2020, pp. 13-20.

Shreya

Chatterjee

Singh

. A smart secure healthcare monitoring system with Internet of Medical Things. Computers and Electrical Engineering. 2022; 101: 107969.

Dolev

Yao

. On the security of public key protocols. IEEE Transactions on Information Theory. 1983; 29(2): 198-208.

Ammenwerth

Buchauer

Bludau

Haux

. Mobile information and communication tools in the hospital. International Journal of Medical Informatics. 2000; 57(1): 21-40.

Boulos

MNK

Wheeler

Tavares

Jones

. How smartphones are changing the face of mobile and participatory healthcare: an overview, with example from eCAALYX. Biomedical Engineering Online. 2011; 10(1): 1-14.

Buabbas

Aldousari

Ayed

Safar

Alkandari

. Usefulness of smartphone use among surgeons in clinical practice during the pandemic of COVID-19: a cross-sectional study. BMC Medical Informatics and Decision Making. 2021; 21(1): 1-9.

10.

Crotty

Slack

. Designing online health services for patients. Israel journal of health policy research. 2016; 5(1): 1-3.

11.

Zargar

Joshi

Tipper

. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials. 2013; 15(4): 2046-69.

12.

Badotra

Panda

. SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking. Cluster Computing. 2021; 24(1): 501-13.

13.

Chhabra

Gupta

Almomani

. A novel solution to handle DDOS attack in MANET. 2013.

14.

Sindhura

Praveen

Syedbi

Pratap

Krishna

TBM

. An effective secure storage of data in cloud using ISSE encryption technique. Annals of the Romanian Society for Cell Biology. 2021; 5321-9.

15.

Sterne

Djahandari

Balupari

La Cholter

Babson

Wilson

, et al. Active network based DDoS defense. In: Proceedings DARPA Active Networks Conference and Exposition. IEEE; 2002, pp. 193-203.

16.

Anjum

Shoaib

ASM

Hossain

Khan

. Online health care. In: 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). IEEE; 2018, pp. 580-3.

17.

Ventola

. Mobile devices and apps for health care professionals: uses and benefits. Pharmacy and Therapeutics. 2014; 39(5): 356.

18.

Mopari

Pukale

Dhore

. Detection of DDoS attack and defense against IP spoofing. In: Proceedings of the International Conference on Advances in Computing, Communication and Control. 2009, pp. 489-93.

19.

Thing

Sloman

Dulay

. Non-intrusive IP traceback for DDoS attacks. In: Proceedings of the 2nd ACM symposium on Information, computer and communications security. 2007, pp. 371-3.

20.

Johnson

Menezes

Vanstone

. The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security. 2001; 1(1): 36-63.

21.

Jhaveri

Ramani

Srivastava

Gadekallu

Aggarwal

. Fault-resilience for bandwidth management in industrial software-defined networks. IEEE Transactions on Network Science and Engineering. 2021; 8(4): 3129-39.

22.

Sundaravadivel

Kougianos

Mohanty

Ganapathiraju

. Everything you wanted to know about smart health care: Evaluating the different technologies and components of the internet of things for better health. IEEE Consumer Electronics Magazine. 2017; 7(1): 18-28.

23.

Canetti

Krawczyk

. Universally composable notions of key exchange and secure channels. In: International Conference on the Theory and Applications of Cryptographic Techniques. Springer; 2002, pp. 337-51.

24.

Automated validation of internet security protocols. Accessed: 2016-08-02. Available from: http://www.avispa-project.org//web-interface/basic.php.

25.

Armando

Basin

Boichut

Chevalier

Compagna

Cuéllar

, et al. The AVISPA tool for the automated validation of internet security protocols and applications. In: International Conference on Computer Aided Verification. Springer; 2005, pp. 281-5.

26.

AVISPA Team. AVISPA v1.0 User Manual. 2006.

27.

HLSPL Tutorial. A Beginner’s Guide to Modelling and Analysing Internet Security Protocols. 2009. Available at [AH-03].

28.

Viganò

. Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science. 2006; 155: 61-86.

29.

Farash

Turkanović

Kumari

Hölbl

. An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Networks. 2016; 36: 152-76.

30.

Challa

Wazid

Das

Kumar

Reddy

Yoon

, et al. Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access. 2017; 5: 3028-43.

31.

Sharma

Kalra

. A lightweight user authentication scheme for cloud-IoT based healthcare services. Iranian Journal of Science and Technology, Transactions of Electrical Engineering. 2019; 43(1): 619-36.

32.

Gupta

Sharma

Gupta

Kumar

. A tree classifier based network intrusion detection model for Internet of Medical Things. Computers and Electrical Engineering. 2022; 102: 108158.

33.

Zhou

Yeh

Chiu

. Lightweight IoT-based authentication scheme in cloud computing circumstance. Future Generation Computer Systems. 2019;91:244-51.

34.

Garg

Obaidat

Wazid

Das

Singh

. SPCS-IoTEH: Secure Privacy-Preserving Communication Scheme for IoT-Enabled e-Health Applications. In: ICC 2021-IEEE International Conference on Communications. IEEE; 2021, pp. 1-6.

35.

Huang

Chen

. Using one-time passwords to prevent password phishing attacks. Journal of Network and Computer Applications. 2011; 34(4): 1292-301.

36.

Karlof

Shankar

Tygar

Wagner

. Dynamic pharming attacks and locked same-origin policies for web browsers. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM; 2007, pp. 58-71.

37.

Lim

Park

Lee

. Design of Security Training System for Individual Users. Wireless Personal Communications. 2016; 1-16.

38.

Moghimi

Varjani

. New rule-based phishing detection method. Expert systems with applications. 2016; 53: 231-42.

39.

Gupta

Thakur

Bansal

Chaudhary

Davaasambuu

Hua

. CNN-LSTM hybrid real-time IoT-based cognitive approaches for ISLR with WebRTC: auditory impaired assistive technology. Journal of Healthcare Engineering. 2022; 2022.

40.

Tanwar

Kumar

. An efficient and secure identity based multiple signatures scheme based on RSA. Journal of Discrete Mathematical Sciences and Cryptography. 2019; 22(6): 953-71.

41.

Karupusamy

Refonaa

Sankaran

Dahiya

Haq

Kumar

. Effective energy usage and data compression approach using data mining algorithms for IoT data. Expert Systems. 2022; e12997.

42.

Tanwar

Kumar

. A proposed scheme for remedy of man-in-the-middle attack on certificate authority. International Journal of Information Security and Privacy (IJISP). 2017; 11(3): 1-14.

43.

Khan

MAR

Shavkatovich

Nagpal

Kumar

Haq

Tharini

, et al. Optimizing Hybrid Metaheuristic Algorithm with Cluster Head to Improve Performance Metrics On The IOT. Theoretical Computer Science. 2022.

44.

Lee

Chen

. Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices. IET Computers & Digital Techniques. 2013; 7(1): 48-55.

45.

Zeadally

Huang

. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Transactions on Information Forensics and Security. 2015; 10(12): 2681-91.

46.

Gupta

Yadav

Tanwar

. Insider and flooding attack in cloud: A discussion. In: 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom). IEEE; 2016, pp. 530-5.

Software-driven secure framework for mobile healthcare applications in IoMT

Abstract

Keywords

1. Introduction

Table 1 DoS assaults on three tiers of SDN

2.2 Contributions

5.1 HLPSL specification and simulation results with the AVISPA

5.1.1 Analysis of results

6.1 Security features analysed with state-of-art methods

6.2 Comparison of computation costs

7. Conclusion

References

Table 1
DoS assaults on three tiers of SDN