|Computers, Materials & Continua |
A Secure and Efficient Signature Scheme for IoT in Healthcare
1Chitkara University Institute of Engineering and Technology, Chitkara University, Punjab, 140401, India
2AIIT, Amity University, Noida, 201313, India
3Chitkara School of Engineering & Technology, Chitkara University, HP, 174103, India
4Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, 37848, Saudi Arabia
5Lovely Professional University, Jalandhar, Punjab, 144411, India
6Universidad Europea Del Atlántico, C/ Isabel Torres 21, 39011, Santander, Spain
7Universidad Internacional Iberoamericana, Campeche, C.P., 24560, Mexico
*Corresponding Author: Nitin Goyal. Email: firstname.lastname@example.org
Received: 21 September 2021; Accepted: 25 October 2021
Abstract: To provide faster access to the treatment of patients, healthcare system can be integrated with Internet of Things to provide prior and timely health services to the patient. There is a huge limitation in the sensing layer as the IoT devices here have low computational power, limited storage and less battery life. So, this huge amount of data needs to be stored on the cloud. The information and the data sensed by these devices is made accessible on the internet from where medical staff, doctors, relatives and family members can access this information. This helps in improving the treatment as well as getting faster medical assistance, tracking of routine activities and health focus of elderly people on frequent basis. However, the data transmission from IoT devices to the cloud faces many security challenges and is vulnerable to different security and privacy threats during the transmission path. The purpose of this research is to design a Certificateless Secured Signature Scheme that will provide a magnificent amount of security during the transmission of data. Certificateless signature, that removes the intricate certificate management and key escrow problem, is one of the practical methods to provide data integrity and identity authentication for the IoT. Experimental result shows that the proposed scheme performs better than the existing certificateless signature schemes in terms of computational cost, encryption and decryption time. This scheme is the best combination of high security and cost efficiency and is further suitable for the resource constrained IoT environment.
Keywords: CSSS; digital signature; ECC; IoT; security; signcryption; smart healthcare system
The Internet has given birth to a new technology named Internet of things (IoT). IoT is the collection of smart devices that are connected to each other that are able to collect and share the data among each other. These smart devices have the capability of sensing, storing and processing the data and there is no need for any human interaction for doing this task . The base idea about IoT is to automatically sense, collect, compile and complete the tasks that are being utilized by people in their day to day lives. It is basically used for collecting and processing the data for human assistance and without human intervention [2,3]. However, IoT devices have limited storage capacities, limited computational power and minimized battery life. Hence the tremendous data fetched from IoT devices needs some good storage medium where data can be kept securely. Cloud proves to be a secure medium for data storage and processing [4–6]. This mapping of the real world and virtual world is necessary for storing and maintaining a large capacity of data . The data transferred to cloud for further storage, security and processing of data is then used to design various applications of IoT that includes smart home, smart city, smart grid, smart healthcare, smart transportation etc. [8–11]. The data generated by these smart applications are sensitive and thus this data needs to be protected and safeguard from any kind of illegal attacks and tempering. The sensed data from IoT devices is vulnerable to various attacks such as routing attacks, DoS attacks, cloning attacks, Man in the Middle attacks, eavesdropping attacks .
To sustain the legitimacy and integrity of the data from the sensor devices, a secured medium needs to be established between sensors and cloud storage . Security and privacy of sensed data are imperative concerns in the development of IoT [14,15]. Therefore, the proposed study aims to design a secured scheme in this IoT-Cloud environment that provides an efficient authentication procedure for secure communication. The proposed work will be focusing on the data of healthcare application of IoT . Large amounts of patient data accessed from the sensor devices known as wireless body area network is collected and implanted on the security mechanism in this research. A smart healthcare system without the security parameter will give attackers a privilege to access the data and thus hamper the integrity, confidentiality and authenticity of data [17,18].
Healthcare is one the smart application of IoT where IoT enhances the quality of services and provides cost-effective solutions. The wearable medical sensors are embedded with the health-related equipment that is used for patients’ health monitoring. Different health parameters are monitored by these healthcare sensors that can be body temperature, blood pressure, sugar level etc. [19,20]. Patient body activities and various health parameters are analyzed and collected from the Wireless Body Area Network (WBNs) [21,22]. The information and the data sensed by these devices is made accessible on the internet from where medical staff, doctors, relatives and family members can access this information. This helps in improving the treatment as well as getting faster medical assistance, tracking of routine activities and health focus of elderly people on a frequent basis [23–27]. As patients do not have to wait for doctors to reach their place or vice versa, patients can be treated without a delay [28–30]. High quality healthcare is provided by constant monitoring and speedup response for chronically ill people.
The data from these smart healthcare devices is sensitive and has the requirement of being protected from any unauthorized access, tempering and various types of security attacks. Fig. 1 explains a general scenario where sensors are able to continuously monitor the complete health related information about the patient and this information is stored in the cloud server. From the cloud only authentic users like doctor, family members can access their medical reports for diagnosis and treatment.
The authors are motivated by above-mentioned limitations and thus proposed a novel Certificateless Secured Signature Scheme (CSSS) that does not undergo problems of extra consumption of bandwidth and the issues of secret key distribution. The salient features specifying the research contributions are:
1. Authors proposed a novel CSSS that performs combined digital signature and encryption with efficient key generation technique for IoT in Healthcare.
2. A comparative analysis of computation cost is performed with the existing schemes and the experimental results show that the proposed scheme is more efficient than the existing state of art.
3. By using the proposed scheme, various security parameters such as confidentiality, authentication, integrity, unforgeability, forward secrecy and non-repudiation are achieved.
An overview of IoT, its applications and the various challenges encountered in different fields were discussed [1–3]. IoT technology and the security problems that arise when IoT devices are connected to the internet were widened by the researcher . The researcher focuses on the integration of two foremost technologies i.e., IoT and cloud and also discusses advantages and disadvantages of their integration [5,6]. The authors also focused the attention on the security issues that arise as a result of their amalgamation. IoT works on different types of architectures and security issues arises in various layers of these architectures. Security and privacy issues in different layers were discussed . A survey was made on cloud computing in which its various main concepts were discussed. The motive of the paper was to focus research areas based on different design challenges of cloud computing . Issues and difficulties arise when IoT is used with cloud services. Challenges and benefits of amalgamation of these two techniques were focused upon. The paper defines that cloud computing improves the overall functionality of IoT [9,10]. The author focuses on the hardware's that are utilized in IoT layers such as sensors, cloud, processors etc. Also, various applications of IoT were described here . A distributed algorithm was implemented on the IoT devices that perform resources allocation . The author focuses on the concepts of cyber-physical systems and Industry 4.0.
A framework was designed that focuses on analysis that can compute Industrial IoT (IIoT) devices and the various security threats . Various security attacks on IoT were analyzed, classified and their impact was examined . A heterogeneous ring signcryption scheme was proposed that was capable of providing a trusted and authentic IoT to server communication. The proposed scheme achieves various security parameters . Existing threats and vulnerabilities in IoT were focused and the preventive measures were analyzed . A risk based security model was proposed that can withstand various threats and vulnerabilities and is capable of evaluating various layers of IoT against various security risks . A multi-valued and ambiguous scheme is designed that works in wireless body area network in cloud based environment. The scheme achieved confidentiality . A scheme was proposed that is capable of transmitting the data from sensor effectively . Patient privacy and data security was focused in sensor to cloud environment . IoT and its research challenges were described in [22–24]. Wireless body area network (WBAN) has witnessed significant attentions in the healthcare domain using biomedical sensor-based monitoring of heterogeneous nature of vital signs of a patient's body [25–27]. WBAN are used in healthcare applications of IoT where real time monitoring of health related data of patients like their body temperature, Sugar level, Blood pressure is done. This information is directly sent to doctors and thus helps in the early diagnosis . A novel architecture was designed that was based on cloud and implemented for WSN for providing security in medical data fetched using WSN . An ISA based scheme was proposed in the healthcare domain and data was stored onto the cloud .
A novel architecture was proposed that can accumulate and admit huge amounts of medical sensor network data [31,32]. An intelligent system based on IoT was designed that was capable of detecting allergies and effects of drugs on the human body [33,34]. An approach was introduced where patients and doctors can connect globally and thus helps in early diagnosis . A framework was implemented that was based on a signature scheme where there is no need of managing the certificates and have no key escrow issues. This scheme is known as certificateless signature scheme . A certificateless signature based scheme was implemented that worked efficiently than the existing schemes . A certificateless public key signature scheme was proposed and implemented that provides high level security as it could withstand various attacks . Certificateless signature scheme in the IoT environment was implemented that provides efficiency and less computational overheads [39,40]. ECC and RSA were compared on the basis of various parameters like key size, energy consumption etc. The result showed that ECC outperforms RSA [41,42]. The time taken in generating keys in RSA is much slower than that in ECC [43,44]. The ECC point multiplication has advantage over RSA modular exponentiation as the key size increases and the processor word reduces . The encryption time and the decryption time of ECC and RSA were analyzed by performing experimental analysis . Certificateless signature schemes were proposed and implemented to provide data security. The time taken for signature generation and verification were computed in certificateless signature scheme [47–51].
3 Proposed Design and Security Architecture
3.1 General Signcryption Algorithm
In this section, a formal model of Certificateless Signature Scheme (CLSC) is defined. These algorithms carry steps for key generation, key management, to signcrypt and to unsigncrypt [37–40]. Algorithm 1 defines the basic steps of CLSC. Fig. 2 defines the phases involved in the signcryption algorithm.
The entire process of using signcryption and unsigncryption algorithm has been defined with the help of data flow diagram in Fig. 3. The procedure starts when the user input the data after the pre-processing phase that includes initial parameter setup. After this a master secret key is generated using complex conjugates. Then the random partial private key is generated with the help of key generation center. Thereafter, user keys are generated that generates partial private key using complex mathematical calculations. Then signature generation phase is completed that provides a valid cypher text.
Now this generated signature is verified by decrypting the cyphertext with a valid private key. This process is known as unsigncryption. This completes the entire procedure of data encryption and decryption.
Al-Riyami and Paterson in 2003, proposed a new scheme for public key encryption that removes the disadvantages of both public key encryption and IBE keeping in mind the end goal to determine the key escrow issue. The new scheme is known as Certificateless Signcryption (CLSC). This algorithm successfully resolves the problem of certificate management that was in traditional PKI and key escrow problem in IBSC. From IBSC it takes over the solution to certificate management issues and also eradicates the requirement of trusted authority in between. In Identity based signcryption encryption, private key is generated by trusted private key generator (PKG). But it is likely that PKG can misuse its powers (Key escrow problem) so to overcome this CLSC was developed. KGC is used to provide partial private key and thus does not have access to sender's private keys. This partial private key is computed from the sender's identity and a master key. Today IoT gadgets having constrained computational resources and communication bandwidth discover Certificateless public key cryptography extremely appealing and imperative to reduce stack on the system. It also achieves the basic security requirements such as message secrecy and non-repudiation [35–38]. Certificateless cryptography is a public key scheme that gives security without the validation of public key. In this section, an efficient Certificateless Secured Signature Scheme (CSSS) based on ECC is proposed.
The framework is designed to provide security to the healthcare data sensed from IoT devices (Fig. 4). Sender will be present in the IoT environment and the data sensed from the sensor will be transmitted through the gateway node towards cloud servers. During the transmission path a CSSS algorithm will be implemented that is capable of performing encryption and signing in one logical step. The ECC algorithm will be used for generating strong private and public keys. Simultaneously data hashing function will be applied on the transmitted data. Advanced Encryption Standard (AES) is an encryption algorithm that is capable of providing data security and also has high speed. NIST has recommended AES as fastest algorithm than existing algorithms in terms hardware and software implementation. AES is replaced by DES algorithm under the standards defined by NIST. In the proposed scheme, AES algorithm will be implemented for encryption and decryption. The encrypted data is stored in the cloud environment and is further used for processing and analyzing after implementation of the decryption algorithm. This CSSS is capable of providing security to the data being transmitted from the IoT device. In this research the data has been taken from the healthcare WBN sensor. The verification of the signature generated is shown in Fig. 5. This process takes cipher text that is then decrypted using unsigncryption algorithm. Simultaneously digital signature is verified to ensure the integrity of the data received. Here sender public key is used for verification.
Different algorithms that work under signcryption algorithm are defined in the points below. It includes setup, key generation, generate secret key, partial-private-key-Extract, generate private key and generate public key. Tab. 1 represents the basic notations used in above proposed scheme.
When message m request for the signature , then the user performs the following steps:
3.5 CSSS Signature Verification
The signature is generated upon the request of message m, is verified by the verifier AS by performing the following steps:
4 Performance Evaluation and Analysis
The effects of implementing Secured Signature Scheme (CSSS) are discussed. Their accuracy in generating the secret key, pre-processing, Encryption and Decryption, computational cost and graph generation were examined and compared with previous papers. The comparison shows that this scheme proves to be better than the previous schemes. All of our algorithms are implemented using Python, used the given hardware and software resources of AMD A6-9225 RADEON R4, 5 COMPUTE CORES 2C + 3G @ 2.60 GHZ processor Windows 10-bit machine with 4GB RAM. ECC is asymmetric public key cryptography that makes use of elliptic curves for the generation of secret keys. These keys are defined by cubical functions,
Here, a & b are constants.
It is very difficult to find these points on the curve thus higher security is provided using ECC. It provides equal security with smaller key size as compared to other asymmetric algorithms like RSA . Fig. 6 defines the key length of ECC based security framework and RSA based security framework. By reviewing the existing work and focusing on their implementation results it has been analyzed that the size of the keys generated by ECC is much lesser than that of RSA to provide an equivalent level of security. The proposed CSSS performs encryption and decryption of the data using Certificateless signcryption. This scheme is capable of providing security to the data in between the IoT devices. The various security parameters such as confidentiality, authentication, integrity, unforgeability and forward secrecy and non-repudiation are achieved with the proposed scheme.
In case of Confidentiality, the data transmitted from IoT to cloud need to be secured from any unauthorized access. In the proposed security model if an unauthorized person tries to access the original message from the encrypted text, then he should have access to private key , but it is not possible in the proposed algorithm as for deriving , the attacker requires that is secured random number that can be generated randomly and can be utilized only once. Through the proposed scheme it can be validated if the data received have not been altered in between transmission paths. If the attacker changes the message m to m’ then the message digest of the original data can be compared with the message digest of received data. Message digest will be different if the data has been altered. Thus, the proposed CSSS provides message integrity.
In case of Unforgeability if an attacker cannot generate valid ciphertext and thus message cannot be forged in proposed scheme because for that attacker requires the of the sender. Depending upon the condition if the message is forged then it has to satisfy that is not possible. Through the proposed scheme, authentication can be assured at both user level and data level. For user level authentication, the receiver utilizes the user Id and public key and thus digital signature is obtained that validates user identity. For data level authentication the message m received at the receiver side is validated using the signature σ received at the receiver side.
Forward secrecy is achieved because in CSSS even if an attacker gets the private key of the sender, then also he cannot get access to the actual message m from the encrypted text. For getting access to the message, the attacker requires secret key , the random value or through the secret key of the receiver. In CSSS scheme the receiver will be able to ensure that the message was sent by the original user because the digital signature algorithm is implemented under signcryption. Thus, sender signs the encrypted text and thus non-repudiation is achieved. Tab. 2 shows the time taken (in ms) for Signature-generation/Encryption, Signature verification/decryption and graph data plotting and is compared with the existing work.
By implementing the proposed CSSS, the pre-processing of the initial parameter setup and signature generation takes lesser time than previous paper  (Fig. 7). Also, the decryption time/Signature verification time taken on the transmitted data is significantly less in the proposed scheme (Fig. 8). In  the authors have not encrypted the health Id's of the patients.
Tab. 3 shows the comparison of efficiencies of the proposed scheme with previous scheme. The efficiencies of the proposed scheme are compared with the existing signcryption schemes compared in terms of signature generation, signature verification, computational cost and the size of the signature generated during the process.
As shown in Tab. 3, the efficiency of the proposed scheme is higher than that of the existing schemes. Proposed scheme is compared with relevant existing signcryption schemes such as Choi et al. , Chen et al. , Wang et al. , Yeh et al. , Karati et al.  and Du et al. . Efficiency is measured in terms of computational cost. CSSS scheme is the best combination of high security and efficiency so far and is more appropriate for the IoT environment. Computational cost is calculated in terms of processing time of signature generation and signature verification. Fig. 9 represents the comparison of proposed scheme with the corresponding state of art schemes in terms of Signature Generation. Signature generation represents the time taken to generate signature and encrypt the message to be transmitted from sender to receiver. Fig. 10 represents the comparison of proposed scheme with the corresponding state of art schemes in terms of Signature Verification. Signature verification represents the time taken to verify the signature by decrypting the cipher text received.
The proposed scheme provides better results as signcryption algorithm is used for the implementation along with ECC for key generation. Computational cost involved in the entire process is computed as total of time taken for signature generation and signature verification. Fig. 11 shows a clear computational cost comparison of the proposed scheme with existing signcryption schemes.
In this paper, a competent and protected joint Key generation, data encryption, digitally signing signcryption scheme for IoT based on healthcare data is presented. A certificateless signcryption algorithm will be implemented to provide a high level of security to data being transmitted from IoT to cloud. CLSC performs signing and encryption in one logical step making it more efficient and secure. The designed scheme is capable of achieving various security parameters such as confidentiality, authentication, integrity, unforgeability and forward secrecy and non-repudiation. Efficiency of the scheme is compared with other schemes in terms of signature generation, signature verification, computational cost and signature size. This scheme performs better than the existing CLS schemes and is more proper for the resource-constrained environment of the IoT. The proposed scheme improves computational cost and provides high level of security for the data being transmitted from low power IoT devices to cloud. Consequently, this CSSS scheme is better and efficient in terms of security and efficiency for an IoT environment. Future work can be done to further minimize the complexity of the proposed scheme and research can also be forwarded to improve energy efficiency parameter while transmission of data from IoT devices. It is expected that this proposed scheme will be enhanced and used as a means of providing security when the proposed research is implemented in real sensor environment. Also the research can be forwarded towards improving the signature size generated during the encryption phase. It is therefore; hope to extensively investigate these issues in the near future.
Funding Statement: This project was funded by the Deanship of Scientific Research (DSR), King Abdulaziz University, Jeddah, under Grant No. (D14-611-1443). The authors, therefore, gratefully acknowledge DSR technical and financial support.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
|This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.|