A Secure NDN Framework for Internet of Things Enabled Healthcare

: Healthcare is a binding domain for the Internet of Things (IoT) to automate healthcare services for sharing and accumulation patient records at anytime from anywhere through the Internet. The current IP-based Internet architecture suffers from latency, mobility, location dependency, and security. The Named Data Networking (NDN) has been projected as a future internet architecture to cope with the limitations of IP-based Internet. However, the NDN infrastructure does not have a secure framework for IoT healthcare information. In this paper, we proposed a secure NDN framework for IoT-enabled Healthcare (IoTEH). In the proposed work, we adopt the services of Identity-Based Signcryption (IBS) cryptography under the security hardness Hyperelliptic Curve Cryptosystem (HCC) to secure the IoTEH information in NDN. The HCC provides the corresponding level of security using minimal computational and communicational resources as compared to bilinear pairing and Elliptic Curve Cryptosystem (ECC). For the efficiency of the proposed scheme, we simulated the security of the proposed solution using Automated Validation of Internet Security Protocols and Applications (AVISPA). Besides, we deployed the proposed scheme on the IoTEH in NDN infrastructure and compared it with the recent IBS schemes in terms of computation and communication overheads. The simulation results showed the superiority and improvement of the proposed framework against contemporary related works.

Throughout wireless technology has been applied widely to integrate monitoring devices, including front-end network manager [4]. The system connects patients with all healthcare resources available in the community such as hospitals, physicians, rehabilitation centers, nurses, paramedics, and ambulances. All the content is networked together to the Internet, supported by programs based on Radio-Frequency Identification (RFID) technology [5,6]. Automated resource allocation has been developed to identify rehabilitation solutions to meet the specific needs of individual patients. However, IoTEH exchanges data/information over IP-based Internet with the risks related to security, privacy and mobility.
To overcome the aforementioned limitations of the IP-based Internet paradigm, a new Internet paradigm called Named Data Networking (NDN) has been introduced [7]. NDN aimed to offer in-network caching, built-in mobility support, and named-based routing that can provide scalable connectivity to the IoT devices with efficient information access to the end-users [8,9]. By keeping the positive aspects of NDN, a few schemes have been suggested for NDN based healthcare [10][11][12].
However, until now, there is no concrete security plan suggested that can protect the NDN based healthcare information. As the IoTEH in NDN requires the essential properties of authentication and confidentiality, which can easily be achieved by implementing a secure digital signature and encryption (sign-then-encrypt) scheme [13,14]. Unfortunately, the trivial combination of sign-then-encrypt is costly and subject to some subtle attacks [15]. For this purpose, in 1997, Zheng [16], tossed the concept of a new cryptographic primitive toned as Signcryption, which provides the services of confidentiality and authenticity at a reasonable cost than the traditional sign-then-encrypt approach. Since then plenty of practical and innovative signcryption schemes have been suggested in recent years [17][18][19][20]. However, the idea Zheng was primarily based on the old concept of Public Key Infrastructure (PKI) and therefore suffers from the certificate-related overheads.
In 1984, in a seminar, Shamir coined the concept of Identity-Based Cryptography (IBC), which is aimed to provide a viable alternative to traditional PKI in terms of convenience and efficiency [21]. An interesting feature of this type of cryptosystem is that any binary string that identifies the user, such as an email address, can be the public key of the users. Using identities as a public key eliminates the need for public-key certificates [22]. The first identitybased signature was mentioned in the Shamir proposal; however, the Identity-Based Encryption (IDBE) scheme was not established until 2001, when a practical IDBE scheme was proposed from bilinear pairing [23]. Since then, IBC and its applications have been the talk of the town for the past decade.
To provide efficient and robust security with minimal computation overheads, the common approaches used are Bilinear Pairing (BRPG), RSA, ECC, and HCC [24][25][26][27][28][29]. However, HCC provides the same level of security in contrast with ECC, RSA, and BRPG [30][31][32] using small key sizes. Therefore, HCC is considered as the most compact and efficient cryptographic mechanism that provides better performance than ECC, BRPG, and RSA with high efficiency and lower-key length [15]. The HCC uses 80-bit keys with strong security that will better suit the IoTEH in NDN infrastructure.

NDN Overview
NDN is a new data-centric architecture that defines three different roles, such as Routers, Clients/Customer, and Providers with two types of packets (i.e., Interest Packet and Data Packet). Moreover, each router maintains three kinds of data structures, such as Pending Interest Table  (PIT), Forwarding Information Base (FIB), and Content Store (CS) [33]. The data attainment process begins by sending an Interest with a particular name from the client's side. The routers rely on FIBs for transferring the interest to a potential provider and generate a PIT entry list on each router to establish an opposite path. Based on the opposite path, the provider of any interest returns the data to the client with the target data. The CS then stores the targeted data that pass through it for future use [34].
Suppose Client A begins the data attainment process by sending an Interest with a particular name, as shown in Fig. 1. Initially, the Interest of Client A will be transferred using the services of FIB to the potential provider of the content/data. The feedback to that particular interest will be stored inside the CS of Router 4, Router 3, and Router 1 for future reuse. Later on, if another Client B needs the same content/data, then the interest will be satisfied locally from the CS of Router 3, instead of transferring the Interest of Client B to the original provider of the content/data [35].

Contributions
Inspired by the above-mentioned discussion, we propose an IBS scheme for IoTEH in NDN networks. The proposed scheme is based on the concept of HCC, which provides the same level of security in contrast with ECC, RSA, and BRPG using small key sizes. The key research finding is mentioned below: • We proposed a secure NDN framework for Internet of Things Enabled Healthcare (IoTEH) using Identity-Based Signacryption (IBS) cryptography. • We used a lightweight Hyperelliptic Curve Cryptosystem (HCC) for the efficiency in terms of computation and communication overheads. • We also validate our scheme using the simulation tool "AVISPA." • We deployed the newly proposed scheme on IoT enabled healthcare in NDN networks.
• To conclude, we also compared our proposed scheme with relevant existing IBS schemes and the results show that the given scheme is more efficient in terms of computation and communication overheads than the previous.

Paper Organization
In Section 2, we discuss the related work about NDN based healthcare and IBS schemes. Section 3 comprises the preliminaries, threat model, and syntax of the proposed scheme. Section 4 includes the proposed network model and the proposed algorithm. Section 5 describes the security analysis for the proposed scheme. Section 6 includes a comparative analysis. In Section 7, we deployed our scheme on IoTBH in NDN networks, and Section 8 concludes our research.

Related Work
In this section, we divide the given literature into two portions, such as NDN based schemes for healthcare and IBS schemes.

NDN Based Schemes for Healthcare
In 2015, Saxena et al. [10] proposed an NDN based solution for healthcare. The proposed scheme can locate a network-based healthcare service. Later in 2017, Saxena et al. [11] tossed another NDN based scheme for emergency healthcare services. The author's aims to verify the authenticity of emergency messages in NDN based healthcare. However, in both the schemes [10,11], the authors did not provide a concrete security plan for the proposed scheme.
Recently, Wang et al. [12] proposed a monitoring framework to secure NDN-based healthcare infrastructure using the services of edge cloud. The authors, for the first time, introduce a security framework for NDN-based healthcare. In the given framework, the author exploits the advantages of NDN to enhance the efficiency of medical data. Unfortunately, the author used heavy attributebased encryption using bilinear pairing.

Identity-Based Signcryption (IBS) Schemes
Signcryption and IBC [36] is an exciting research topic to develop a secure and effective IBS scheme. In 2002, Malone-Lee [23] provided the first IBS scheme using BRPG. Later in 2006, Duan et al. [37], proposed a multi-receiver IBS scheme for multiple receivers. However, the given scheme is subject to massive pairing operation due to BRPG. In 2008, Li et al. [38] coined an identity-based broadcast signcryption scheme for application to transmit a message securely and authentically. However, the given scheme is subject to massive pairing operation due to BRPG.
Later in 2013, Libert et al. [39] showed that the scheme of Malone-Lee's did not provide the semantic security because the signature of the signed message appears in the ultimate ciphertext. The authors also proposed three new IBS schemes, but they did not provide the essential security properties of public verifiability and forward secrecy. Similarly, the concept of IBS was further expanded to cater to further applications. In 2017, Nayak [40] constructed a new IBS scheme based on ECC. Unlike the previous schemes, the given approach reduces the computational and communicational resources. Besides, the given scheme provides the security assets of authentication, integrity, confidentiality, and unforgeability. However, there is still a need for improvement in the communication and computation cost because the cost of the scalar point multiplication on the elliptic curve is still not affordable for the resource-constrained environment. Later, in the same year, Reddi et al. [41] presented an IBS that is used to authenticate and verify both parties involved in the communication. In the proposed work, the author incorporated the idea of IBS into the Key Agreement Protocol. However, the given scheme is subject to massive pairing operation due to BRPG. Later, in 2017, Karati et al. [42] proposed an IBS scheme for the Industrial Internet of Things (IIoT).
Conversely, the proposed scheme suffers from a massive pairing operation due to the use of BRPG. Later in 2017, Swapna et al. [43] presented an IBS scheme to secure the communication between end-users and smart homes. The given scheme can provide the security assets of integrity, authentication, and confidentiality to protect the communication between end-users and smart homes from different types of possible security attacks. Unfortunately, the given scheme was constructed on bilinear pairing.
In 2020, Dharminder et al. [44] presented an IBS scheme for IIoT crowdsourcing under the standard model. In the proposed framework, the user adds a pairing free computation signing, making it efficient for the user. According to the authors, the proposed scheme is efficient in terms of computational and communicational costs. However, the given scheme suffers from high bandwidth usage and heavy computation costs due to the utilization of BRPG.

Complexity Assumptions
For conducting the security analysis, we performed the following complexity assumptions: • The f q is a finite field with the order q, where (q) ≈ 2 160 .
• D is the divisor of the hyperelliptic curve (hec), which is the finite sum of the points;

Hyperelliptic Curve Discrete Logarithm Problem (HDLP)
The following supposition has been made for HDLP.

Hyperelliptic Curve Computational Diffie-Hellman (HCDH)
We also make the subsequent suppositions for HCDH.
• Probability computation of Ω and R from Υ = Ω · R · D is negligible.

Threat Model
In our scheme, we examine and consider the Doley-Yao [45,46] threat model. According to Doley-Yao, communication between two or more entities are not trusted and secure, as attackers have full command to expose the contents of the ciphertext and inject false encryption/signature text into the network. As NDN-based healthcare is posed to various types of security threats, this means that the user's sensitive information can be easily forged or delete by any adversaries. To maintain the security and authentication of IoTEH in NDN networks, authentication and secure communication between entities are required.

Syntax of the Proposed Scheme
The syntax of our newly proposed scheme consists of the following phases: • Setup Phase: In this phase, the Private Key Generation (PKG) produces its master secret key (ν) and computes the master public key (λ) and the security parameter set ρ. • Key Extraction Phase: In this phase, PKG makes a public key and private key for the consumer (ς c , ϱ c ) and producer (ς p , ϱ p ) on behalf of both consumer and producer identities (ID c , ID p ). The PKG then send the keys to the consumer and producer by using a secure channel. • Signcryption Phase: In this phase, the producer generates signcrypted message ( ) by taking the consumer and its own identities (ID c , ID p ), consumer public key (ς c, ), its private key (ϱ p ) as an input. Then send signcrypted message ( ) to the consumer.
• Unsigncryption Phase: In this phase, the consumer unsigncrypt the signcrypted message ( ). For this purpose, the consumer takes its private key (ϱ c ), the public key of producer (ς p ) its own and producer identity (ID c , ID p ) and signcrypted message ( ) as an input.

Proposed Network Model
In Fig. 2, we have shown the secure network modal for IoTEH in NDN networks. The proposed modal consists of the participants, such as consumer, producer, NDN routers, and PKG. The role of each participant is explained below: •  In our proposed scheme, before starting a secure communication, the consumer and producer send their identities to PKG. After receiving the identities of both the consumer and producer, the PKG generates the private and public keys for both of them and delivers it using a secure connection.
Suppose a consumer sends an interest for healthcare-related information, the NDN routers will transfer that interest to the producer. The producer will signcrypt the information based on the interest of the consumer. The signcrypted information is then forwarded to the consumer through the NDN routers. The NDN router, after receiving the information from the producer, it will forward the information using the services of FIB by assigning a PIT interface without caching. The process of forwarding without caching will continue until the information is reached to the original consumer. Obviously, the caching of this information will not facilitate any consumer later because the information can only be designcrypted using the private key of the requested consumer.

Proposed Algorithm
The proposed algorithm consists of the following 4 phases, such as setup phase, key extraction phase, signcryption phase and unsigncryption phase [40].
The notation used in our algorithms is mentioned in Tab. 1.

Setup:
This algorithm is running by the PKG.

Key Extraction:
This algorithm is executed by the PKG that takes the identities of users (ID u ) and compute the public and private keys for the users using the ID u as: • Compute provider private key (ϱ p ): ϱ p = ν · 0 (ID p )mod .
After that, it sends the public and private key (ϱ u , ς u ) by using a secure network.

Signcryption:
This algorithm is run by the producer. It takes the message (m), fresh nonce (Λ), ID c , ID p , D, ϱ p , ς c as input and then perform the following computations.

Security Analysis
In this section, we discuss the proposed scheme to maintain the basic security assets, including confidentiality, authentication, unforgeability, integrity and Non-Repudiation. Each of the mentioned features is briefly analyzed in the following sections.

Confidentiality
An IBS scheme is supposed to succeed in the property of confidentiality if no adversary can compromise the encryption key of the sender.

Proof:
The proposed plan ensures the property of confidentiality. If an intruder wants to steal the original content or secret key of the message, he/she must have information about the key in advance as J = ID c · · ς c . To determine J, the intruder needs to compute from = · D, which infeasible due to the properties of HDLP.

Authentication
An IBS is considered to achieve the security asset of authentication if the consumer can verify the source of the message.
Proof: The consumer can use his public key ς c and signature ∇ to verify the authenticity of the producer. As the message is signed with the private key ϱ p of the producer. In our scheme, the consumer can authenticate the identity of the producer.

Integrity
An IBS scheme is likely to achieve the security asset of integrity if no adversary can generate the same hash value for two different sizes/nature messages.

Proof:
The provider takes the "hash value" "Z = 1 (m||Λ| ID p |ID c ||ς c )" of the message before sending the message. If the attacker changes the ciphertext of the message, then the consumer can perform the following operation for verification of the ciphertext. The consumer take m ′ = d J (w) and compute the Z ′ = 1 (m||Λ| ID p |ID c ||ς c ). After that, the consumer compares the Z = Z ′ if they are equal, then the integrity of the message holds; otherwise, the message has been altered.

Unforgeability
An IBS scheme is considered to achieve the security assets of unforgeability if there exists no intruder which can compromise the private key of the producer.
Proof: In our scheme, if an intruder tries to generate a valid signature, he/she must need to calculate ∇ from (ID c · − ID p · Z · ϱ p · ) and to do so, the attacker needs to find from the = · D. Further, the attacker also needs to find ϱ p from ς p = ϱ p · D. So, it is computationally infeasible for the attacker to solve a two-time HDLP.

Non-Repudiation
An IBS scheme is supposed to succeed in the security service of non-repudiation if a sender cannot repudiate his signcrypted text.
Proof: As the message is signed with the private key ϱ p of the producer. In our scheme, the consumer can authenticate the provider identity ID p . So, the provider later can't deny from his signature.

Cost Analysis
In this section, we will analyze the performance of our newly proposed scheme in relation to computation cost and communication cost. First, we compared our scheme with four related schemes of Yosef et al. [43], Nayak [40], Karate et al. [42] and Dharminder et al. [44], to show the computational and communicational efficiency. The computational efficiency is determined by the computational cost of the algorithm, and the communication efficiency is determined by the length of the ciphertext. The symbol (P) indicates the pairing operation, the symbol (Σ) represents an exponential operation, and the symbol (PBM) indicates a pairing based point multiplication operation, the symbol (SBPM) represent scalar point multiplication of elliptic curve and the symbol (HEDM) represent the hyperelliptic curve divisor multiplication. Here, we ignore the cost of other operations like hashing, addition, and subtraction because they take a much shorter time than the other operations mentioned above.
According to [27], the operation cost and their timing are listed in Tab. 3 below. The hardware and software specifications used for the simulation results are Intel Core i74510UCPU, Processor 2.0 and 8 GB RAM, Operating system of Windows 7, and C Library (MIRACL) [32]. Similarly, the HEDM will consume 0.48 ms [15,47].
The symbols represent the length of the element. For example, |G| = 1024 bits denote the length of the element in the group, |m| = 512 bits represent the length of the message space. Similarly, | | = 160 bits and | | = 80 bits represent the length of elements in the elliptic curve and hyperelliptic curve cryptosystem, as shown in Tab. 2. Our scheme has a lower communication overhead cost as compared to Yosef et al. [43], Nayak [40], Karate et al. [42], and Dharminder et al. [44].  In accordance, Tabs. 4 and 6 show a comparative illustration of our proposed work with Yosef et al. [43], Nayak [40], Karate et al. [42], and Dharminder et al. [44], in term of computation and communication overheads. According to our comparative analysis, our scheme shows efficiency in terms of computation and communication overheads, as shown in Figs. 3 and 4. Furthermore, an exact computation and communication cost reduction are shown in Tabs. 5 and 7.

Deployment of Proposed Scheme
In this section, we deployed our scheme on IoTEH in the NDN network. We consider several IoT devices that can sense and share healthcare-related information among the hospital, patient, doctor, and IoT devices through the NDN router. The information can be shared from the city to the city as well as from country to country. Moreover, the devices in healthcare are connected based on the NDN policy.
Here, every NDN router maintains three kinds of data structures, such as Pending Interest Table (PIT), Forwarding Information Base (FIB), and Content Store (CS) [33]. The data attainment process begins by sending an Interest with a particular name from the client's side. The routers rely on FIBs for transferring the interest to a potential provider and generate a PIT entry list on each router to establish an opposite path. Based on the opposite path, the provider of any interest returns the data to the client with the target data. The CS stores the targeted data are passing through it for future use [48].
Assume consumers require healthcare-related information from the producer, and the communication includes the participants such as client, private key generator (PKG), NDN routers, and provider. The consumers are those who need the information. The providers are those who distribute the information to the consumers, and the PKG is a trusted authority that is responsible for establishing secure communication between the consumer and producer. Communication among consumers and producers is discussed below.

Registration Phase:
In this stage, the consumer and producer registered themselves with the PKG by providing their Identities (ID c , ID p ) to PKG. The PKG gets their Identities (I⌈ u ), and generate consumer private key (ϱ c ) : ϱ c = ν · 0 (ID c ) mod , consumer public key (ς c ): ς c = ϱ c · D, private producer key (ϱ p ): ϱ p = ν · 0 (ID p ) mod and producer public key (ς p ): ς p = ϱ p · D by using their identity (ID c , ID p ) Then the PKG sends the (ϱ c ,ς c , ϱ p , ς p ) to consumer and producer, as shown in Fig. 5.

Conclusion
In this paper, we proposed a secure NDN framework for the Internet of Things Enabled Healthcare (IoTEH) using a lightweight Identity-Based Signcryption (IBS) cryptography to secure the information of IoT enabled healthcare in NDN infrastructure. To minimize the cost consumption, we used a Hyperelliptic Curve Cryptosystem (HCC) which provides the corresponding level of security as compared to bilinear pairing and Elliptic Curve Cryptosystem (ECC). To show the efficiency of our newly proposed scheme we compared the proposed scheme with recently presented identity-based signcryption schemes in terms of computation and communication overheads. The final results show the superiority of our scheme in terms of computation and communication costs. For further security, we simulate the security of our scheme using Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, we deployed our proposed scheme on NDN enabled healthcare.