Session Resumption-Based End-to-End Security for Healthcare Internet-of-Things

In this paper, a session resumption-based end-to-end security scheme for healthcare Internet of things (IoT) is pro-posed. The proposed scheme is realized by employing certificate-based DTLS handshake between end-users and smart gateways as well as utilizing DTLS session resumption technique. Smart gateways enable the sensors to no longer need to authenticate and authorize remote end-users by handing over the necessary security context. Session resumption technique enables end-users and medical sensors to directly communicate without the need for establishing the communication from the initial handshake. Session resumption technique has an abbreviated form of DTLS handshake and neither requires certificate-related nor public-key funtionalities. This alleviates some burden of medical sensors tono longer need to perform expensive operations. The energy-performance evaluations of the proposed scheme are evaluated by developing a remote patient monitoring prototype based on healthcare IoT. The energy-performance evaluation results show that our scheme is about 97% and 10% faster than certificate-based and symmetric key-based DTLS, respectively. Also, the certificate-based DTLS consumes about 2.2X more RAM and 2.9X more ROM resources required by our scheme. While, our scheme and symmetric key-based DTLS have almost similar RAM and ROM requirements. The security analysis reveals that the proposed scheme fulfills the requirements of end-to-end security and provides higher security level than related approaches found in the literature. Thus, the presented scheme is a well-suited solution to provide end-to-end security for healthcare IoT.

[1]  Jorge Sá Silva,et al.  End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication , 2013, 2013 IFIP Networking Conference.

[2]  Vincent Rijmen,et al.  Specification of Rijndael , 2020, Information Security and Cryptography.

[3]  Namhi Kang,et al.  ESSE: Efficient Secure Session Establishment for Internet-Integrated Wireless Sensor Networks , 2015, Int. J. Distributed Sens. Networks.

[4]  JeongGil Ko,et al.  MEDiSN: Medical emergency detection in sensor networks , 2010, TECS.

[5]  Klaus Wehrle,et al.  Delegation-based authentication and authorization for the IP-based Internet of Things , 2014, 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[6]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[7]  Tingting Zhang,et al.  Smart Border Routers for eHealthCare Wireless Sensor Networks , 2011, 2011 7th International Conference on Wireless Communications, Networking and Mobile Computing.

[8]  Vipul Gupta,et al.  Sizzle: a standards-based end-to-end security architecture for the embedded Internet , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[9]  Rene Hummen,et al.  Extended DTLS Session Resumption for Constrained Network Environments , 2013 .

[10]  Georgios Kambourakis,et al.  Securing Medical Sensor Environments: The CodeBlue Framework Case , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[11]  Rajiv Chakravorty,et al.  A programmable service architecture for mobile medical care , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[12]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[13]  Alex Waibel,et al.  Readings in speech recognition , 1990 .

[14]  Gustavo Alonso,et al.  Demo: A Generic Platform for Sensor Network Applications , 2007, 2007 IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems.