An IoT Based Secure Patient Health Monitoring System

: Internet of things ( IoT) field has emerged due to the rapid growth of artificial intelligence and communication technologies. The use of IoT technology in modern healthcare environments is convenient for doctors and patients as it can be used in real-time monitoring of patients, proper admin-istration of patient information, and healthcare management. However, the usage of IoT in the healthcare domain will become a nightmare if patient information is not securely maintained while transferring over an insecure network or storing at the administrator end. In this manuscript, the authors have developed a secure IoT healthcare monitoring system using the Blockchain-based XOR Elliptic Curve Cryptography (BC-XORECC) technique to avoid various vulnerable attacks. Initially,the work has established an authentication process for patient details by generating tokens, keys, and tags using Length Ceaser Cipher-based Pearson Hashing Algorithm (LCC-PHA), Elliptic Curve Cryptography (ECC), and Fishers Yates Shuffled Based Adelson-Velskii and Landis (FYS-AVL) tree. The authentications prevent unauthorized users from accessing or misuse the data. After that, a secure data transfer is performed using BC-XORECC, which acts faster by maintaining high data privacy and blocking the path for the attackers. Finally, the Linear Spline Kernel-Based Recurrent Neural Network (LSK-RNN) classification monitors the patient’s health status. The whole developed framework brings out a secure data transfer without data loss or data breaches and remains efficient for health care monitoringvia IoT. Experimentalanalysis shows that the proposed framework achieves a faster encryption and decryption time, classifies the patient’s health status with an accuracy of 89%,and remains robust compared with the existing state-of-the-art method.


Introduction
An emerging trend for every future generation technology is deemed to be IoT [1]. It is the interconnection of exclusively detected smart objects along with devices. For tracking data, IoT is surrounded by disparate sensors that are linked to many objects, which are invisibly attached all over the surroundings [2]. The highest ordinary research application in wearable electronics is Health Monitoring (HM). The union of smart computing and remote HM with IoT is called Smart HM [3].
Through HM, monitoring and caring for patients can be done outside of the traditional clinical boundary (i.e., house, for instance). A particularly designed monitoring device for monitoring and transmitting health data to smart contracts, a smartphone with internet connectivity, along with an HM application, is the main component of an HM system [4]. Wearable devices and IoT play a crucial part in HM and the current push for developing smart cities [5]. Wearable devices gather patient health data, transmitting it to hospitals or medical institutions for facilitating HM, disease diagnosis, and treatment. Thus, a Big Data situation is developed as every patient's data is examined and transmitted [6]. Furthermore, secure data sharing is demanded by such infrastructure for handling patient data with other institutions [7].
One of the most crucial aspects of any system is security. Concerning security, disparate perception is possessed by people, and thus, it is defined in multiple ways [8,9]. Generally, a notion similar to the system's safety as a whole is security. Nowadays, the communication in IoT-centered HM is mainly wireless, which might cause different security threats to these systems [10,11]. Serious issues could be posed by these security problems to the wireless sensor devices [12,13]. Hence, a vital necessity for safe and secure medical and health data management is the execution of data security methods, namely lightweight block encryption techniques for medical IoT resources [14].
Data mining are extensively utilized in medical monitoring, including classification as well as clustering methods [15], neural networks [16], together with other approaches centered on disparate machine learning methods for attaining diagnostic information to envisage the patient's abnormal health changes from the IoT data [17,18]. For offering a safe data transfer and a precise patient monitoring system, a safe patient HM system utilizing BC-XORECC and a patient monitoring system utilizing LSK-RNN is formed by the work that benefits from clouds and IoT technologies. In this, the patient could remotely be monitored via the medical squads for the early diagnosis of their crucial conditions. This paper is categorized as: Section 2 analyzes the associated studies, Section 3 surveys the proposed work, Section 4 demonstrates the results along with discussion for the proposed method; in addition, Section 5 offers the conclusion with future scope.

Literature Review
This section contains the details of security mechanisms proposed by different researchers for IoT-based healthcare systems.
Gope et al. [19] have addressed the limitations in the present IoT-enabled healthcare system. Authors have utilized an authentication technique that is based on a physical unclonable function. In addition, to further strengthen security, the proposed decision-making scheme is fault-tolerant.
Seong-Kyu et al. [20] formed Artificial Intelligence (AI)-centered BlockChain (BC) algorithms for ensuring safe corroboration of data (medical). The approach rendered an information security BC-AI framework; it verified BC systems aimed at accurate extraction, storage, together with verification of data. Additionally, disparate verification and performance assessment indicators were set to acquire the Translations Per Second (TPS) of data (medical) and for the standardization work execution. As a result, the BC confidentiality, together with the AI sensitivity, was maximized. However, it was susceptible to internal attacks.
Akhbarifar et al. [21] ascertained the patient's health status through envisaging critical situations via data mining. It analyzed all through their data (biological ones) sensed using smart medical IoT devices. For ensuring the security of patients' private data, lightweight, safe block encryption was employed. Next, centered on the K-Star classification, the patient's health status was classified. The K-star classification attainted the best outcomes amongst disparate classifiers; it got 95% accuracy. Thus, the work attained an excellent accuracy; however, the approach lagged to Security Level (SL).
Sarmah et al. [22] recommended a method, which encompassed '3' steps: a) Authentication, b) Encryption c) Classification. Initially, SHA-512 was employed as an authentication method. Next, the wearable IoT device transferred the sensor data concurrently to the cloud. These devices were installed on the patient's body. Centered upon Patient and Doctor Id, along with Hospital Id-Advanced Encryptions Standard (PDH-AES), the sensor data was encrypted as well as transmitted securely to the cloud. Next, the encrypted data was decrypted, and also Deep Learning Modified Neural Network performed the classification. The PDH-AES brought about 95.87% securities; however, it encompassed computational intricacy for generating keys.
Mohame et al. [23] posited Deep-Q-Networks that lessened malware attacks when transmitting medical data. As per the Q-learning conception, the technique scrutinized the medical details in disparate layers that minimized intermediary attacks with lesser intricacy. The system's efficiency was assessed concerning experimental outcomes as well as discussions. As a result, the Deep-Q-Network lessened the intermediary attacks; however, the data loss was higher.
Ramesh et al. [24] ameliorated a Role-centered Access Control with a '2' fish algorithm for protecting IoT health data on HC systems as a public cloud storage perception. It significantly helped in the effectual storage of data (medical) on IoT applications and rendered safe storage of data (medical) on the cloud on account of the role-centered access policies. Additionally, to diminish the waiting time for retrieving pertinent medical data, a clustering scheme was implemented. However, the access process was complicated to utilize.
Kesavan et al. [25] posited a method that utilized '4' disparate phases for transmitting the data. Those are Data Acquisition (DA), Fog to Cloud (FC), Decision-Making (DM), together with execution. The DA encompassed data storage as well as collection. Together with the cloud layer, the fog layer is the '2' disparate layers of the FC; it also described the safe integration of FC. The DM involved feature extraction along with classification. For attaining the best optimum solution, Adaptive Deep Convolution Neural Networks with the Levy Flight centered Grey Wolf Optimization was utilized in the classification. Unfortunately, the developed technique had lagged because of data breaches.
Khan et al. [26] have proposed a two-step security mechanism for IoT-based healthcare systems. The first level of security is achieved through a combination of user names and passwords with biometric credentials. The integrity of the authentication system is ensured by SHA-512 algorithm. At the second level, improved elliptical curve algorithm and substitution Ceaser cipher algorithms are used to ensure the confidentiality of messages during transmission. Though different researchers have proposed different methodologies to make a secure IoTbased healthcare system, limitations in the existing system have motivated authors to propose a new security framework to make an IoT-based secure health monitoring system.

Proposed IoT Based Secure Patient Health Monitoring System
IoT-based patient monitoring system helps patients enjoy healthcare-related services sitting at a remote location in their homes. Patient's privacy, safety, and security, in this case, are very much essential. Therefore, a secured IoT-based health monitoring system is a crucial scheme to provide all kinds of shields against possible vulnerabilities. Various healthcare secure data monitoring has been developed. However, still, the method fails to protect the data which is vulnerable to some of the attacks, such as the denial-of-service attack, replay attack, man-in-the-middle attack, offline password guessing attack, a smart card is stolen attack, forward secrecy attack, user anonymity attack, mutual authentication attack, etc. The work has developed a secure Blockchain-based healthcare monitoring system in IoT by addressing the vulnerability attacks, as illustrated in

Authentication
Authentication provides to get authenticated by its own identity before transferring data. The authentication is provided to access the records or patients' data to those permitted as authenticated users. It conquers the internal attacks as well as the attacks during transit. The authentication phase comprises three subphases:

Registration Phase
The registration phase provides with collecting the patient's details, which consists of the patient's name, patient's ID (P ID ), username UN N i , password generation PW N i , etc., that are enrolled into the records of the hospitals. This phase is necessary to provide the patient with hospital services and to monitor the various services that each patient receives. But storing patient details may get attacked if it is stored without any security. Hence, to provide proper data security, the work has been enhanced with token, key, and tag generation with its respective centers. Details of the three processes are given below:

Token Generation Centre
Token generation center allows the user to verify their identity, and in return, they receive a token to access the data. The user retains access as long as the token remains valid. Once the user logs out or quits an app, the token is invalidated.
In a token generation, initially, the Server (S N i ) ask for access of the user to the protected data by providing the username and password Z n i = UN N i + PW N i details obtained during registration as shown in (Eq. (1)).
The center verifies the username and password i.e., S N i Checks −→ Z n i = P ID and generates the token after verification as shown in (Eq. (2)).
Finally, the token, username, and password are stored using the Length Ceaser cipher Pearson hashing algorithm to secure the details confidentially and stored within the user browser while the work continues. Initially, the Length Ceaser Cipher first transfers the letters into numbers. Encryption of a letter can be described mathematically as shown in (Eqs. (3)- (5)): where, E CP denotes the encryption of attributes U N I is the input attributes n is the shifting value, which depends upon the length of each attribute, D CP is the decryption of attribute.
The L-Caesar Cipher algorithm encryption helps us secure the data by varying the shifting value based on the length of the attribute. Now, the converted ciphertext (CP N i ) is converted into hash code using the Pearson hashing algorithm. The PHA provides an output in which a single byte of data is strongly dependent on every byte of the input. The algorithm computes the hash code (λ) for the (CP N i ). Initially, the hash variable is initialized that is (λ : = 0), now, based on the length of the ciphertext, the loop is continued until the ciphertext ends as given in (Eqs. (6)-(8)): [i] = 255 − i (8) Finally, the hash value is obtained for the converted ciphertext, and any small changes in the value make the developed algorithm generate a different hash algorithm.

Key Generation Centre
Key generation is an essential factor that generates the key, i.e., both the public and the private keys that are used to encrypt and decrypt IoT sensing data. ECC is an asymmetric public key-based encryption algorithm that provides high security even with small-length keys [27]. It is based on the elliptic curves. For developing the key, the work has adopted an ECC algorithm that allows the key size to remain shorter but provides a higher security level. Initially, the ECC generates the ciphertext private key CP PRI randomly using (Eq. (9)); after that, calculate the ciphertext public key CP PUB using (Eq. (10)). Finally, the shared secret key ( s )is calculated using (Eq. (11)).
G is the random number ranging between (1 to n− 1), K PUK denotes the public key, and K PRI is the private key.

Tag Generation Centre
Tag is generated for the patient details to make it more secure. The tag generation is performed using the Fisher-Yates shuffled AVL-Tree algorithm. The developed tag generation provides the self-balancing binary tree for the patient details. For each node of the tree, the height difference of its sub-trees is at most 1; therefore, it is also height-balanced. The tree formation is based upon the shuffling provided by the fisher Yates. The fisher Yates provides the shuffling of the entire data of individual patients until it gets finished. The AVL tag generation is illustrated in Fig. 2. Fig. 2 states the AVL tree generation for the details such as Patient ID (P001), Hospital ID (H001), Patient Name (Alex), Hospital Name (Miot), Age (39), and Sex (male). According to the developed Fisher-Yates shuffled AVL-Tree algorithm, the details are initially shuffled, such as "mioth00139p001malealex", and based on each character, the tree is constructed. Then, based on the tree formation, the tag is generated.

Login
The user is logged in by inputting there U ID i Pw v i and T N i to R i . After entering the details, and checks if L * i equals U i . If the information entered by the user is right, this request is preceded.

Verification
This phase checks whether the login user is registered or not, and after that, communicates with the cloud environment, i.e., initially, the validity of the L * i is verified, and if the verification output (V Θ = 1) is then the process continues by communicating with the cloud, or else change of password is suggested for the user. Hence, all the authentication phase information is stored in a blockchain (BC n i ) to provide a secure data transfer.

Secure Data Transfer
Secure data transfer is the most crucial task, which provides the hackers with a comfort zone to steal the data. Therefore, the data transfer has to be more robust to avoid malicious attacks. The work has used a Blockchain mechanism to transfer the data, but it comprises data storage (i.e.,) issue, storing big IoT data over the blockchain is not possible. Therefore, we use cloud servers to store encrypted data blocks, which is performed by XORECC algorithm.
Initially, the blockchains perform various steps to process the patient health care details from IoT. First, the user requests for a transaction in the blockchain as shown in (Eq. (12)): (12) After that, the new transactions (U i ) are passed over to the individual peer network, including the PC nodes. After the individual's verification, a hash code is generated using SHA256. The algorithm generates a unique hash code as shown in (Eqs. (13)) and ( (14)): where BC n i denotes the blockchain of i users that consists of n details of the individual users. Now, the hash code is generated by the SHA 256, which undergoes a message block schedule and compression function. Initially, the N-Bit user details get looped until it satisfies the (Eq. (15)): where k, denotes the number of zero bit that is to get added up. The user details are converted into 64 bits binary values and further added with 448-bit to obtain the 512-bit message block. The block is further divided into sixteen 32-bit blocks, which are processed by compression to finally form the hash values as shown in (Eq. (16)).
Every generated hash code is linked with the previous hash code in the block, which makes the blockchain mechanism an unbreakable network for transferring data. If someone tries to attach a transaction, the network node or a smart agreement will validate it. Therefore, this unchanging ledger cannot be modified. This process creates a decentralized system with secure and reliable data transfer. Finally, it checks if the user is genuine with an algorithm. After verifying a transaction, a new block in the network is added to the ledger. The block has an index structure, timestamp, data, previous hash block, and current hash block. A new block is then added to the blockchain, which remains to be unchanged and secure.
To avoid storage issues, each block is again encrypted using the developed XORECC cryptographic algorithm, which uses the key generated by KGC to encrypt and decrypt the block and performs the XOR of the hash code with the encryption and decryption key generated in TGC. Thus, the encryption and decryption of the blocks are computed as:

(a) Encryption
The encryption of the (BC n i ) is carried out by randomly selecting from [1 to n− 1]. The encryption is performed under two ciphertexts, 1 and 2 is shown in (Eq. (17)) and (Eq. (18)): where,λ is the hash code generated by KGC. Thereafter, 1 and 2 will be sent further for decryption.

(b) Decryption
We have to get back the message that was sent to us. Its formula is shown in (Eq. (19)): Thus, BC n i is the original message decrypted using the distributed key. Thus, the secure data transfer outline is illustrated in the form of pseudo-code stated in Fig. 3.

Patient Monitoring System
The secured data is now processed under health care monitoring to get the status of patient health. However, before getting the patient's health status, the collected IoT secure data is preprocessed to improve the data quality.

Preprocessing
Preprocessing provides healthier data to avoid the chance of error. Preprocessing helps the model to obtain better accuracy.

(b) Transformation
Transformation (H T P ) provides converting of the characters into numeric values. It helps to make the data more understandable and improve the precision of monitoring the patient's status. It is given in (Eq. (21)):

(c) Normalization
Normalization (H nor ) contributes towards scaling the data between 0 and 1. Normalization provides the same units and helps to reduce the upcoming errors. Normalization is given by (Eq. (22)): Thus, overall it obtains a clean text which is then preceded into the training process. The preprocessed text is given by (Eq. (23)):

Classification
Classification provides the health status of the patient based on the preprocessed IoT Data. Classification gets trained over the data. Let's consider the liver dataset of the patients. Based on the dataset, the classification gets trained, and the testing is done to analyze the patient's health status. The work has developed a linear spine kernel-based recurrent neural network (LSK-RNN), which addresses vanishing gradient problems and the computational complexity during the training of the data. The LSK-RNN is performed on the input data H Pre = [λ 1 , λ 2 , λ 3 , λ 4 , . . . , λ t ] that consists of a hidden vector sequence ℵ hidden = [ℵ 1 , ℵ 2 , ℵ 3 , ℵ 4 , . . . , ℵ t ] and output vector sequence Θ = [Θ 1 , Θ 2 , Θ 3 , Θ 4 , . . . , Θ n ]) by iterating the following sequence from t = 1 to T is given by (Eqs. (24)-(26)): where the w i terms denote weight matrices (e.g., w λℵ is the input-hidden weight matrix), the b terms denote bias vectors and Φ act is the hidden layer activation function, which is computed using line spine kernel function computed as (Eq. (27)): For output layer sigmoid activation (σ ) function is used, which is computed as given in (Eq. (28)): Hence, based on the predicted output, loss value is evaluated as shown in (Eq. (29)): where, λ andλ denotes the actual value and predicted value for the liver dataset. Now, if L=0 then the model gives the exact true value, but if L = 0 , then backpropagation is performed by updating the weights. Thus, the proposed framework provides a secure data transmission by avoiding data loss and data breaches and able to classify the patient's health status based on the IoT data.

Result & Discussion
In this section, the proposed secured IoT-based health care monitoring framework is assessed with various performance metrics and compared with the existing methodologies to analyze or observe the proposed work efficiency. The results are evaluated based on the number of data ranging from 100 to 500. The system is implemented in the working platform of JAVA with the system configuration be Intel Core i7 processor, 3.20 GHz CPU speed, and 4GB RAM. The work was carried out on publically available datasets.

Performance Analysis
This section analyses the performance of the proposed method with existing methods. The proposed LCC-PHA, BC-XORECC, and LSK-RNN for Hash code generation, secure data transfer, and patient status classification are compared with the existing techniques regarding some performance metrics.

Performance Evaluation of Proposed LCC-PHA for Hash Code Generation Based on Hash
Generation Time Here, the analysis of time taken for generating the hash code for the data by the proposed LCC-PHA method is contrasted with the existing RIPEMD, MD5, Spooky Hash, FNV method and is illustrated in Tab. 1. Tab. 1 indicates the Hash code generation time for the existing and proposed system. The table illustrates that the proposed method tends to achieve a hash code generation time ranging between 2.789-6.667 s for the data ranging from 100-500. But the existing methodologies achieve a hash generation time varying between 9.879-19.661 s, which is relatively high compared to the proposed method. Therefore, for a hashing algorithm to be robust, it must constrain a low hash generation time and increased security. Nevertheless, the proposed method remains faster and highly secured due to the improvisation done using the Length Ceaser cipher in the Pearson hashing algorithm that leads the existing methodologies. Fig. 4 shows the Hash code generation time for the existing and proposed system. The graphical analysis states that the proposed method performs a faster generation of hash code than the current methodologies and avoids attacks by performing a highly secured hash code.

Performance Evaluation of Proposed BC-XORECC For Secure Data Transfer Based on Encryption Time, Decryption Time, and Security Level
Here, the analysis of the time taken for the encryption and decryption of the data by the proposed BC-XORECC method is contrasted with the existing Blowfish, DES, RC4, and AES. The evaluation of the metrics is illustrated in Tab. 2.
Tab. 2 illustrates the evaluation of the encryption time and decryption time for the proposed method along with the existing methods. To differentiate one encryption algorithm from another, it should have the ability to secure the data against attackers and its speed and efficiency in doing so. According to that, the proposed BC-XORECC can secure the data and maintain the speed by performing faster encryption and decryption. The proposed method tends to achieve a low encryption time ranging between 1.203-3.784 s for the data ranging from 100-500 and at the same time maintaining a faster decryption time ranging between 1.201-4.124 s. But the existing methods tend to achieve an encryption time ranging between 3.456-14.897 s and decryption time ranging between 2.489-16.457 s for the data ranging from 100-500. Thus, the proposed method remains to be efficient in securing the data and the speed of the execution. The graphical analysis of the proposed method is illustrated in Fig. 5.  In Figs. 5a & 5b, the time taken for encrypting and decrypting the varied data sizes is shown. Thus, it shows that encryption and decryption of any large size of files will only take significantly less time for the proposed system when compared with the existing Blowfish, DES, RC4, and AES methods and provides a high level of security. Security level elaborates the strength of the cryptographic primitives, such as cipher or hash function. Based on the security level, the proposed method is analyzed graphically in Fig. 6. The security level is the most important metric that illustrates the framework's efficiency by bringing the users' trust. Therefore, a high percentage of security level indicates a better framework for transferring data. The proposed method tends to achieve a security level of 93.56%, as shown in Fig. 6. In contrast, the existing Blowfish, DES, RC4, and AES methods tend to achieve a security level of 87.96%, 91.54%, 90.89%, and 91.84%, respectively comparatively lower than the proposed method. Thus, the proposed BC-XORECC tends to be more secure for transferring user details or medical details by avoiding malicious attacks.

Performance Evaluation of Proposed LSK-RNN for Patient Monitoring System Based on Metrics
The proposed LSK-RNN patient monitoring system is analyzed based on the liver dataset, which is publically available. The proposed method is evaluated based on the metrics, such as Accuracy, Specificity, False positive rate (FPR), and False negative rate (FNR), along with the existing methodologies, such as Deep neural network (DNN), Ensemble method, Support vector machine (SVM), and Recurrent neural network (RNN).  7 illustrates the IoT data-based patient health monitoring system. The performance evaluation helps to know the efficiency of the proposed techniques. From the tabulation, it is known that the proposed LSK-RNN achieves an accuracy of 89.96% and specificity of 89.99%. In contrast, the existing methods achieve the metric value ranging between 75.68%-83.54%, which is relatively low compared to the proposed technique. In addition to that, the proposed method avoids misclassification by achieving lower FPR and FNR values of 14.52% and 12.53%, respectively. Nevertheless, it remains to be robust as compared to the existing methodologies.

Conclusion & Future Scope
Secure data transmission is a vital task in the IoT environment. As there is a lot of chances to steal the data within the IoT platform because IoT devices are generally accessed through an untrusted network, so there is a need to protect the privacy of healthcare data while it travels over an untrusted network. In this paper, the authors have developed a BC-XORECC based Secure IoT healthcare monitoring system to avoid various vulnerable attacks. First, the work allows the authorized user to access the data by implementing a strong authentication process using LCC-PHA, ECC, and FYS-AVL tree. The authentications prevent internal attacks. Secondly, the data is transferred securely by maintaining the confidentiality, integrity, and availability of the data by avoiding the interference of the attackers using BC-XORECC. Finally, secured data is trained under LSK-RNN classification to monitor the patient's health status. Experimental analysis has shown that the proposed framework has achieved a Hash code generation time of an average of 4.8056 s with a faster encryption time of 3.784 s and decryption time of 4.124 s. It has also classified the patient's health status with an accuracy of 89.96% and remains to be robust compared with the existing state-of-the-art method.
In the future, authors have planned to enhance this work by integrating the work with an android based app so that the proposed model can also be used on mobile. It can be implemented by the use of some lighter deep learning models.