Smart Mutual Authentication Protocol for Cloud Based Medical Healthcare Systems Using Internet of Medical Things

Technological development expands the computation process of smart devices that adopt the telecare medical information system (TMIS) to fulfill the demands of the healthcare organization. It provides better medical identification to claim the features namely trustworthy, efficient, and resourceful. Moreover, the telecare services automate the remote healthcare monitoring process to ease professional workloads. Importantly, it is conceived to be more timesaving, economical, and easy healthcare access. Cloud-Based Medical Healthcare (CBMH) system is a standard platform that gives its support to the patients for emergency treatment from the medical experts over Internet communication. Since the medical records are very sensitive, security protection is much necessitated. In addition, patient anonymity should be well preserved. In 2016, Chiou et al. proposed a mutual authentication protocol for the Telecare Medical Information System (TMIS) using Cloud Environment (CE). They claim that their protocol satisfies patient anonymity. However, this paper proves that the Chiou et al. scheme is not only completely insecure against the patient anonymity, health-report revelation, health-report forgery, report confidentiality, and non-repudiation but also fails to validate the service access against verifiability, undeniability and unforgeability. In order to provide better mutual authenticity, this paper suggests the framework of smart service authentication to cross-examine the common secret session key among the communication entities. In order to examine the security properties, formal and informal verification was carried out. Lastly, to prove the security and performance efficiency of a system, the proposed SSA framework was implemented using FPGA and Moteiv TMote Sky-Mote. A proposed smart service authentication (SSA) framework is presented to ensure better data security between the patients and the physicians. The formal and informal security analysis proves the significance of the SSA framework model to withstand the security attacks such as health-report forgery, health-report revelation, server-spoofing etc. As a result, it is claimed that it can be well suited for TMIS.

[1]  Chin-Ling Chen,et al.  A Secure Medical Data Exchange Protocol Based on Cloud Environment , 2014, Journal of Medical Systems.

[2]  Rui Guo,et al.  Confidentiality-Preserving Personal Health Records in Tele-Healthcare System Using Authenticated Certificateless Encryption , 2017, Int. J. Netw. Secur..

[3]  Howard M. Heys,et al.  FPGA Implementation and Energy Cost Analysis of Two Light-Weight Involutional Block Ciphers Targeted to Wireless Sensor Networks , 2013, Mob. Networks Appl..

[4]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[5]  Miodrag Potkonjak,et al.  mHealthMon: Toward Energy-Efficient and Distributed Mobile Health Monitoring Using Parallel Offloading , 2013, 2013 35th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC).

[6]  Fadi Al-Turjman,et al.  Seamless Key Agreement Framework for Mobile-Sink in IoT Based Cloud-Centric Secured Public Safety Sensor Networks , 2017, IEEE Access.

[7]  Muhammad Sher,et al.  Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems , 2015, Journal of Medical Systems.

[8]  Shehzad Khalid,et al.  Security and privacy based access control model for internet of connected vehicles , 2019, Future Gener. Comput. Syst..

[9]  Muhammad Khurram Khan,et al.  A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System , 2017, Journal of Medical Systems.

[10]  Ruhul Amin,et al.  Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment , 2015, Wirel. Pers. Commun..

[11]  Robert Simon Sherratt,et al.  Efficient biometric and password based mutual authentication for consumer USB mass storage devices , 2015, IEEE Transactions on Consumer Electronics.

[12]  Chin-Chen Chang,et al.  A Biometric-Based Authenticated Key Agreement Protocol for User-to-User Communications in Mobile Satellite Networks , 2019, Wirel. Pers. Commun..

[13]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[14]  Arup Kumar Pal,et al.  An efficient three factor-based authentication scheme in multiserver environment using ECC , 2018, Int. J. Commun. Syst..

[15]  Xiao Zhang,et al.  Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme , 2016, PloS one.

[16]  Saru Kumari,et al.  Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems , 2016, Comput. Methods Programs Biomed..

[17]  Manas Ranjan Patra,et al.  Design and Implementation of a Cloud based Rural Healthcare Information System Model , 2012 .

[18]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[19]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[20]  Jian Shen,et al.  Secure Data Access and Sharing Scheme for Cloud Storage , 2017, Wirel. Pers. Commun..

[21]  Athanasios V. Vasilakos,et al.  Public-Key Authentication for Cloud-based WBANs , 2014, BODYNETS.

[22]  Athanasios V. Vasilakos,et al.  Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment , 2019, IEEE Internet of Things Journal.

[23]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.

[24]  Cheng-Chi Lee,et al.  Design Flaws in a Secure Medical Data Exchange Protocol Based on Cloud Environments , 2015, ICA3PP.

[25]  Chun-Ta Li,et al.  Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems. , 2018, Computer methods and programs in biomedicine.

[26]  Chun-Ta Li,et al.  On the Security of a Privacy Authentication Scheme Based on Cloud for Medical Environment , 2017, ICISA.

[27]  Kim-Kwang Raymond Choo,et al.  Design of a provably secure biometrics-based multi-cloud-server authentication scheme , 2017, Future Gener. Comput. Syst..

[28]  Ruhul Amin,et al.  A lightweight two-gateway based payment protocol ensuring accountability and unlinkable anonymity with dynamic identity , 2017, Comput. Electr. Eng..

[29]  Jeng-Shyang Pan,et al.  A Provable Secure Private Data Delegation Scheme for Mountaineering Events in Emergency System , 2017, IEEE Access.

[30]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[31]  Mohammad Shojafar,et al.  LACO: Lightweight Three-Factor Authentication, Access Control and Ownership Transfer Scheme for E-Health Systems in IoT , 2019, Future Gener. Comput. Syst..

[32]  Xiong Li,et al.  Security Analysis and Improvement of ‘a More Secure Anonymous User Authentication Scheme for the Integrated EPR Information System’ , 2015, PloS one.

[33]  Jongho Moon,et al.  Robust Biometric-based Anonymous User Authenticated Key Agreement Scheme for Telecare Medicine Information Systems , 2017, KSII Trans. Internet Inf. Syst..

[34]  Peris-LopezPedro,et al.  Security and privacy issues in implantable medical devices , 2015 .

[35]  Junqiang Liu,et al.  Improvement of a Privacy Authentication Scheme Based on Cloud for Medical Environment , 2016, Journal of Medical Systems.

[36]  Vicki Almstrum,et al.  Low-cost remote patient monitoring system based on reduced platform computer technology. , 2011, Telemedicine journal and e-health : the official journal of the American Telemedicine Association.

[37]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[38]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[39]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[40]  Li Yang,et al.  Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments , 2018, PloS one.

[41]  Hari Om,et al.  Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment , 2017, Trans. Emerg. Telecommun. Technol..

[42]  Mohammad S. Obaidat,et al.  Design and Analysis of an Enhanced Patient-Server Mutual Authentication Protocol for Telecare Medical Information System , 2015, Journal of Medical Systems.

[43]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[44]  Moayad Aloqaily,et al.  An Authentic-Based Privacy Preservation Protocol for Smart e-Healthcare Systems in IoT , 2019, IEEE Access.

[45]  Samiran Chattopadhyay,et al.  On the Design of Fine Grained Access Control With User Authentication Scheme for Telecare Medicine Information Systems , 2017, IEEE Access.