A lightweight security framework for electronic healthcare system

Abstract

Electronic healthcare systems (EHS) are the most emerging field of today’s digital world which is used for remote health monitoring, evidence-based treatment, disease prediction, modeling, etc. Many internet of things (IoT) devices and body sensors are involved in such systems for data collection. Every time a cloud-based solution is adopted to collect and preserve collected personal health information. Secure data transmission is a big challenge in such an environment as the devices are memory and power-constrained. This research focuses on a lightweight ciphering mechanism that can be used to secure an electronic healthcare system. Traditional cryptographic solutions are not suitable due to the operational complexity. Some popular lightweight block ciphers which includes SIMON, HEIGHT, LEA, etc. are used in IoT device to increase the speed. Hence, in this paper, we have proposed a lightweight security framework with a flexible key structure to protect the data in the electronic healthcare system. The proposed scheme increases the speed by minimum 4$\%$ with compared to existing literature. Our experimental analysis shows that the proposed technique also have a low computational and communicational load. The brief security analysis using automated validation of internet security protocols and applications (AVISPA) tool shows that the proposed scheme can withstand all network attacks.

Introduction

Today IoT-based healthcare architecture is used in different places like smart cities, smart agriculture, smart health projects etc. Among these projects, one of the essential fields is smart healthcare which has a bigger scope of development in its many intelligent services. These services include user health monitoring, routine health checkup, emergency healthcare, diagnosis etc. It provides easy and fast processing of medical facilities, reducing the time and cost of treatment. Realtime health monitoring can be performed using the internet through a wireless sensor network (WSN) [1]. Wireless body sensor-based healthcare applications are used in the health sector for remote health monitoring. This may reduce huge hospitalization costs also. This type of monitoring system is a part of IoT-based healthcare which can be used for remote health services. IoT-based systems are made up of three layers: perception, network, and application. The perception layer is responsible for data collection from different sources. The network layer is for communication between the perceptions layer and the application layer. The application layer is responsible for different user applications in this scenario. The Internet of Things may connect with diverse devices, and networks in the field of healthcare for different services. There are many security attacks such as Impersonation attack, Replay attacks, Man-in-middle attack etc makes the system vulnerable to remote health monitoring service. Hence security and privacy threats are big challenges in this network. Trusted cryptography, such as a public key or symmetric key cryptography, as well as RSA or ECC-based cryptography, is a common solution for such challenges. However, problems such as limited processing resources, increased implementation time, and high computational cost were discovered. Some lightweight cryptographic algorithms such as SIMON [2], SPECK [3] and HEIGHT [4] etc are available in this area.The structure of these ciphers depends upon blocksize, keysize, round number and S Box construction. With the help of these techniques, the sensitive data can be securely stored in the medical server so that the user can access the data after authentication. Some works [5–9] have been found which focused on secure framework for remote monitoring in COVID 19 situations. Also some work in elliptic curve cryptography(ECC) based techniques have been found which uses a smaller key size to provide the equivalent security [10]. Another ECC-based public key approach for the generation of the certificate [11] is also found. Major issue in such framework is a complex key generation and encryption process which degrades the device performance. As the devices used in such a network have less memory and power, so the complex algorithm is not suitable in such a scenario. Kumari et al. [12] discussed a biometric-based security framework for authentication in IoT systems. Another certificate-less authentication scheme [13] based on ECC has been found. These frameworks may resist some network attacks but the computational and communication cost increases. Hence to reduce the cost we have used a new lightweight block cipher technique that is suitable for IoT devices. In this framework, the encrypted data will be stored in the server and the user will access the data from the server, after strong authentication.

The major contributions in this paper are as follows:

• The proposed lightweight security framework is constructed based on a three factor based authentication technique to resist different network attacks.

• A new lightweight cipher technique (LWC) is proposed for data security of IoT devices This technique is used to encrypt data while transfer from sensor node to cloud server.

• The Proposed LWC has flexible key structure to enable adaptive security in IoT devices.

• The proposed framework uses public key encryption algorithm for data protection during data access from cloud.

• The performance comparison shows that the cipher is efficient with high through put and low computational load.

The rest of the paper is organized as follows: Sect. 2 presents Related Works, Sect. 3 provides Describes the proposed framework Sect. 4 presents Performance of the proposed scheme; Sect. 5 discusses Security Analysis; finally, concluded in Sect. 6.

Related works

Several approaches were found to solve the security problems in IoT-based e-healthcare systems. The main focus of IoT based e- healthcare system is to collect health information from different users and shared it among them to provide various healthcare-related services. As different types of users are participating in this system, there must be robust authentication techniques to control users’ access. Alaba et al. [14] proposed internet of things security framework which has four types of IoT security taxonomy such as application, architecture, communication and data. Innovative healthcare suffers threats and attacks such as data misuse, loss of data etc. The most commonly used security techniques that are considered with the use cases in this application domain are authentication, authorization exhaustion of resources and trust establishment. Zouka et al. [15] introduced IoT-based E-healthcare using fuzzy logic. In this paper, they proposed healthcare architecture which has basically two parts: Firstly, computer hardware is defined and secondly, artificial neural network technology defines under fuzzy logic. Security framework have three phases registration phase, login phase and authentication phase. Dhananjay et al. [16] Introduced IoT-based healthcare in wireless body sensor networks where challenges, issues of Wireless Body Area Network (WBAN) are discussed. Pasha et al. [17] introduced framework for E-health system in IoT-Based Environments using CoAP(constraint application protocol) which has a built-in-service mechanism. CoAP is established between IoT devices and IoT gateway in an internet environment. Islam et al. [18] proposed e-healthcare system using processors and sensors. Here the healthcare monitor system has three-stage architecture features such as a sensor- module, data -processing module and web user interface. Tamilsevi et al. [19] introduced health monitor IoT-based e-healthcare using Arduino Uno device. The system can use a temperature sensor, spo2 sensor, heartbeat sensor and eye blink sensor and Arduino Uno as a processing device. Acharya et al. [20] introduced IoT based electronic healthcare monitor using raspberry pi 3 model B as a health monitoring kit on the internet of Things environment. Here the IoT-based e-healthcare system is used to monitored some parameters of human health like heart rate, body temperature and respiration etc. Li et al. [21] talked about how to secure the bootstrap phase of a wireless body sensor network by using group pairing. A received signal strength-based authentication system has been proposed by Zeng et al. [22]. Lower/physical layer features are discussed in this study as a possible security option. EKG-based key agreement system is proposed by Ali et al. [1]. Key sharing by making the shared key with discrete wavelet transform (DWT), is discussed in [10]. ECC-based cryptography was used to create the IoT-based EHS. A certificate handshake has been proposed between sensors and end-users in this concept. All discussed works are summarized in Table 1. In all the above-discussed authentication schemes, authentication is mainly performed between the user (patient) and the medical server. Also, it has been observed from the above discussion that

• Most of the authentication schemes are password-based with symmetric encryption strategies, which are susceptible to brute force attacks.

• Some of the schemes are based on asymmetric techniques, which are more robust than symmetric schemes with high computational loads.

To solve the above problems, we have proposed a lightweight cryptographic scheme (LWC), which is mainly based on S Boxes to produce the required confusion and diffusion in the cipher. Proposed LWC has a flexible key structure (128 bit to 256 bit). Due to this changing key structure, proposed LWC can have adaptable implementations to enable adaptive security in IoT devices.

Table 1.

Related works with advantages and disadvantages

S.no	Refrences	Year	Description	Advantages	Disadvantages
1	Xue et al. [23]	2012	This paper discussed key management in authentication protocol for E-healthcare system	Introduced WSN key management using temporal credential and mutual authentication among the nodes	Communicational cost is very high
2	Turkanovic et al. [24]	2014	Introduced user authentication for heterogeneous ad hoc WSN.	An user can have a session key with the desired sensor node	Key strorage can easily compromised
3	Das et al. [25]	2015	Authentication scheme using smart card	Supports the easy password change and efficient authentication.	Many network attacks can be performed
4	He et al. [26]	2015	Introduced IoT based e-healthcare using RFID	ECC based Radio Frequency design(RFID) authentication scheme using health function operation	It increases power consumption and cost gate area
5	Yeh et al. [27]	2016	Internet of things based healthcare systems with a body sensor network	Body Sensor Network (BSN) communicates with double authentication using the IoT environment	Cost increases due to double authentication
6	Alaba et al. [14]	2017	A survey has been performed with IoT security	The taxonomy of the current security threats in contexts of application, architecture is presented	Only explore the threats, provide no security solution
7	Elhoseny et al. [28]	2018	This model use steganography technique with hybrid encryption scheme	Hide the confidential userdata into a transmitted cover image	Introduce more complexity
8	Moosavi et al. [29]	2018	A state of art service having used the data communication process in IoT-EHS	Present dtls scheme	Limited resources
9	Banerjee et al. [30]	2018	A biometric-based smart card authentication scheme using the perfect id in multiserver environment	Seven major attacks can be resistaned by the authentication scheme	communicational cost is high
10	Dhanvijay et al. [16]	2020	Present a detailed analysis of recent state-of-the-art IoT healthcare methods with objectives, metrics and classification, strength	Explain Iot based e-healthcare Service, application, technology, changellage	Challenges are provided. But existing solutions arenot discussed
11	Islam et al. [18]	2020	Smart healthcare monitoring system using IoT with different condition	Real time patient data analysis for different conditions	Suffers with data redundancy and network congestion
12	Tamilsevi et al. [19]	2020	IoT based healthcare system testing with Arduino uno	Measure heart rate, Blood pressure, eye movement and oxygen level using sensors	The test cases are very limited
13	Archarya et al. [20]	2020	IoT- EHS environment with Raspberri Pi, Heart rate sensor, ECG sensor,Raspiration and B.p Sensor	Real time health monitoring	Increase with high response time

Proposed frame work

In this section the proposed framework is discussed. Before explaining the scheme, encryption technique and the system network model is discussed first (Fig. 1).

Fig. 1.

Proposed LWC technique

Proposed structure of LWC

The proposed structure of LWC is shown in Fig. 2. The proposed encryption process has the following steps:

1. The First 128 bit of plaintext is divided into four message sub-block of 32 bits each.

2. Next, each sub-block is passed through an expansion D Box which will produce 64-bit pro blocks

3. The next two pro blocks B1 and B2 are XORed to get output M12 and M34 which will be XORed with keys K1 and K2 each having 64 bits to produce an intermediate cipher.

A total of 32 rounds are performed to get the highest avalanche effect. The proposed algorithm is shown below

Fig. 2.

Flexible key structure

Key update in the LWC

For key update, following steps are followed:

$$\begin{array}{cc}& K_{i+1}[128:123]=S_b(K^i[128:123])\hfill \\ \hfill & K_{i+1}[122:85]||K_i[41:0]=S_b(K^i[122:85]||K_i[41:0])\hfill \\ \hfill & K_{i+1}[81:42]=S_b(K^i[81:42])\oplus RC\hfill \\ \hfill & K_{i+1}[256:225]=S_b(K^i[128:123])\hfill \\ \hfill & K_{i+1}[224:193]=S_b(K^i[122:85])\hfill \\ \hfill & K_{i+1}[224:193]||K_i[66:60]=S_b(K^i[81:42])\hfill \\ \hfill & K_{i+1}[88:82]=S_b(K^i[88:82])\hfill \end{array}$$

The proposed structure of the lightweight block cipher support key sizes 128 bit to 256 bit key sizes. The flexible key structure is shown in Fig. 2. In the starting point, start signal will be ‘1’ and 128 bit plaintext applied in the Cryptosystem. The round function is operated with key schedule. The control signal is used to set the key. Key can be 128 bit or 256 bit accordingly control signal will set the circuit. If the c signal is ‘0’ the 128 bit key is selected and if ‘1’ is selected, then 256 bit is selected. The registers used in the circuit are Reg1 and Reg2 to store intermediary results. 80 bit left cyclic shift is considered for flexible structure while implementing both keys. The width of the circuit is 256 bit for supporting both keys. If sig-128–256 = ‘0’, then the cyclic shift is configured on the 128 bit key with zero padding. To design low cost structure, 8 s boxes with 16 bit is considered. This S block equation are given below. The input of the S boxes are $x_1,x_2,x_3,x_4,x_5,x_6,x_7,x_8$ and the output of the S boxes are $y_1,y_2,y_3,y_4,y_5,y_6,y_7,y_8$ respectively. Here S Box equations are $X_1,X_2,X_3,X_4$ is termed as S Box shown in Fig. 3. The S box equation are given below.

$$\begin{array}{cc}& T_1=x_1.x_2\oplus x_2.x_3,T_2=x_3.x_4\oplus x_4.x_5,\hfill \\ \hfill & T_3=x_5.x_6\oplus x_6.x_7,T_4=x_1.x_7\oplus x_7.x_3\hfill \\ \hfill & S{b}_0\to Y_1=T_2\oplus T_3,S{b}_1\to Y_2=Y_1\oplus T_3,S{b}_2\to Y_3=T_1\oplus T_3,\hfill \\ \hfill & S{b}_3\to Y_4=Y_3\oplus T_3\hfill \\ \hfill & S{b}_0^{{}^{\prime }}\to Y_5=Y_6\oplus T_2,S{b}_1^{{}^{\prime }}\to Y_6=T_3\oplus T_4,\hfill \\ \hfill & S{b}_2^{{}^{\prime }}\to Y_7=Y_2\oplus T_4,S{b}_3^{{}^{\prime }}\to Y_8=x_4\oplus T_4\hfill \end{array}$$

The logical structure of S Box is shown in Fig. 3 where 8 AND gates and 12 XOR gates are present.

Fig. 3.

Low cost structure of 32 bit S Box

System network model

The proposed encryption technique is applied in IoT environment where each IoT device and user node(mobile node) is registered first. After registration when the user node want to access the server data, the authentication took place. Here the user node is the mobile device where the data is gathered. In large scale IoT devices implanted in a network for healthcare faces many challenges. One major challenge is authentication of the devices which are accessing the server for patient data. Hence the system network design not only addressed the data confidentiality problem, but also authentication issue is also handled. Figure 4 is mainly addressed the authentication between the user nodes and medical server. In Fig. 4, the user node is the mobile device which is responsible to transfer the data to the medical server. The authentication process is explained below. There are symbols used notation Table 2

Fig. 4.

Network model of proposed system

Table 2.

Notations used in this protocol

Symbol	Description
$SI{D}_y$	Server identity
$MI{D}_y$	Mobile device’s identity
$PI{D}_y$	Patient biometric identity
$BPI{D}_y$	Patient password
$P{S}_P$	Patient password
$K_S$	Private key of server
$K_P$	Private key of patient
$\beta ,V$	Server’s randoms
$N_1,N_2,N_3,N_4,N_5$	Patient randoms number
$P{U}_P,P{U}_S$	public key of patient and server
$E^C$	Eliptic curve
P	Base point of elliptic curve
$En{c}_k(.)/Dec(.)$	Symmetric-key encryption/decryption using k
h(.)	hash operation
$S{K}_j$	Shared session key
$\oplus$	Xor operation
$\Vert$	Concatenation
$V_1$, $V_2$	Verifiers
$S{K}_i$	Session key
$C_0^{\mathit{SN}}$	Challenge series

User registration phase

In user registration phase,following steps are involved:

• Step1: The patient first generate a digital identity $PI{D}_y$, a biometric identity $BPI{D}_y$, an identity for the mobile device $MI{D}_y$ and a password $P{S}_p$. Then, he/she generates five random numbers $N_1,N_2,N_3,N_4,N_5$ and computes $P{X}_1=h(PI{D}_y\oplus MI{D}_Y)\Vert N_1)$ and $P{X}_2=h(BPI{D}_y\Vert N_1)$. In addition, the user computes two pseudorandom identity $RPI{D}_y=h(P{X}_1\Vert P{X}_2\Vert P{S}_p\Vert N_2)$ and $SPI{D}_y=h(PSp\Vert N_1\Vert N_2)$. It also generates the public key where p is the base point zero P of the eliptic curve. Afterthat, he/she sends parameters $\{RPI{D}_y,SPI{D}_y,P{U}_p,N_2,N_3$ } via a secure medium to the medical server.

• Step 2: Once receiving the user parameters for registration the server computes $Y_1=h(SI{D}_y||N_3||K_s)$, using its own identity SIDy. Then computes $Y_2=RPI{D}_y\oplus Y_1$, its public key $P{U}_s=Kp.P$and $Y_3=h(RPI{D}_y||Y_1||P{U}_s||N_3)$. Next Server, the server generates a random number $\beta$ and select secret key $\alpha$ to be used in the challenge - response protocol. In order to create the first challenge $C{h}_1$, the server computes ${(En{c}_{(}\alpha )}^{(}{N}_2^{(}\beta )$ ). Finally, it sends to the patient the message {$Y_2\Vert Y_3\Vert P{u}_s\Vert C{h}_1$ } via a reliable channel.

• Step 3: The patient stores the parameters {$N_1,N_2,N_3,N_4,Y_2,Y_3,C{h}_1$ } in his/her mobile device and then terminates the registration phases. All messages transfered in this phase is shown in Table 3.

Table 3.

Message flow in registration phase

Steps	Flow	Message	Description
1	UN $\to$ $S_j$	$Re{g}_{Ms{g}_1}$	$\{RPI{D}_y\Vert SPI{D}_y\Vert P{U}_p||N_2||N_3$ }
2	$S_j$ $\to$ UN	$Re{g}_{Ms{g}_2}$	{$Y_2\Vert Y_3\Vert P{u}_s\Vert C{h}_1$ }

Login and authentication phase

Once the registration process is successfully completed the user is able to use his/her mobile device to communicate at any time with the medical server. Figure 5 shows all steps of login and authentication phase.

• Step 1: To login, the patient enters his/her identity $PI{D}_y$, a biometric identity $BPI{D}_y$, and a password $P{S}_p$. while verifying that the current mobile device belongs to the legitimate user, we proceed as follows. First stored randoms $N_1,N_2,N_4$ are retrieved from the memory of the mobile device in order to compute $P{X}_1^{\ast }=h(PI{D}_y^{\ast }\oplus MI{D}_y^{\ast })\Vert N_1)$, $P{X}_2^{\ast }=h(BPI{D}_y^{\ast }\Vert N_1)$ and $RPI{D}_y=h(P{X}_1\Vert P{X}_2\Vert P{S}_p\Vert N_2)$

  Further more, the parameters {$Y_2,Y_3,N_5,P{U}_s$ } are also retrieved from the memory to calculate $Y_1^{\ast }=Y_2\oplus RPI{D}_y^{\ast }$ $P{U}_s=y_1.p$, $SPI{D}_y^{\ast }=h_0(P{S}_p\Vert N_1\Vert N_2).P$, $Y_3^{\ast }=h(RPI{D}_y^{\ast }||Y_1^{\ast }\Vert P{U}_s\Vert N_3)\oplus SPI{D}_y^{\ast }$. At that moment, the parameter $Y_3^{\ast }$ being computed is compared to $Y_3$ stored in the mobile device. If both are equal, then we can trust that the mobile device is possessed by legal user. Subsequently, the user generates a random number $N_5.P$ and calculates the point $n_5=N_5.P$ on the elliptic curve. Using the public key of the server PUs, the patient computes another point on the elliptic curve as an supplement key $Pk=n_5.P{U}_s=n1.Y_1.P=Yi.N_x$.

  Now he calculates $Y_4=h(N_3\Vert N_4\Vert N_5).P$. the P encrypts ($Y_4\Vert SPI{D}_y^{\ast }\Vert N_2$ ) with the supplement key produced previously(PK), then computes a verifier $V1=En{c}_{y_1}(En{c}_{\mathit{PK}}(Y_4\Vert SPI{D}_y^{\ast }\Vert N_2)||N_5)$ an encrypted value using $Y_1^{\ast }$. Next the user captures the current time stamp Tp and computes a second verifier using the patient password $V_2=h(Y_1^{\ast }\Vert SPI{D}_y\Vert Y_4)$. At the end, he/she sends { $V_1\Vert V_2\Vert N_3\Vert K_s$ } through in unsecured channel to the medical server.

• Step 2: At the reception of the message from patient, the server first checks the freshness of the timestamp $T_x$, If it holds, using its own identity $SI{D}_y$, its private key $K_s$, and the random $N_3$ received in the previous step, the server computes its own version $Y_1^{\ast \ast }=h(SI{D}_y||N_3||K_s)$ and uses it to decrypt the received massage i.e $De{c}_{Y1}(V1)=(En{C}_K(Y_4||SPI{D}_y^{\ast }||N_2)||N_5^{\ast }$, Now, in the possession of $n_6^{\ast }$, the server is able to get the value of the supplement key, such as $K^{\ast }=N_6.n_6\ast$, which can be then used to decrypt $De{c}_{Y1}^{(}V1)(En{c}_K^{(}{Y}_4||{\mathit{SPIDy}}^{\ast }||N_2)=(Y4||SPIDy\ast ||N_2)$ and get the estimated values Y4* and N2*. Subsequently, the server computes X7* and compares the obtained value with Vp Received from the patient. If not identical, the server rejects the session and teminates the communication. Otherwise, if both equal, then the server can trust the authenticity of the patient and the received message. There after, the server generates a random number ‘m’ and uses it to calculate $K^{\ast }=N_6.n_6\ast$ Next, to create the second challenge Y6 the server computes (N2j), and encrypts it using K* i.e $Y_5=En{c}_K^{\ast }(N_2^{\beta })$. At third challenge is also computed as the encrypted value of the secret commitment key ‘Ks’ using $(N_2^{\mathit{PSp}})$ calculated in the registration phases, i.e $Y_6=En{c}_{(}{N}_2{)}^{(}{K}_3)$ At this stage, a session key is computes as SK along with an authentication verifier $Y_8$ Finally, the server sends the message $\{Y_5,Y_6,SK,A{u}_1\}$ to the patient.

• Step 3: After receiving the message from the server, the user first decrypt $Y_5$ using key and gets $(N_2^{P{S}_p})$ and check freshness of message. Then, he/she computes $(N_2^{P{S}_p})$ uses it to decrypt $Dec(N_2^{P{S}_p})(N_7)=K_B$. and obtain the secret commitment key K. With the possession ofsecret key, the patient is now able to decrypt the first challange sent in the registration phase $Y_6$, and Obtain (N2). At this moment, the patient verifies $N_2$, If they match then the server is legitimate and can be trusted.

  There after, the user proceeds to the computation of the session key as $SK=h(P{U}_x\Vert Y_1^{\ast }\Vert n_5\Vert N_2\Vert m_6\Vert T_x)$, and authentication verifier $A{u}_2=h(V_2^{\mathit{pc}}\Vert V_1||SK)$, using its own parameters and the received Y5. Then, he/she compares the received Au1 with its own Au2 previously calculated. If equal, then the server is authenticated and both parties are now agreed on a common session key. All messages transfered in this phase is shown in Table 4.

Fig. 5.

Proposed authentication protocol

Table 4.

Message flow in login and authentication phase

Steps	Flow	Message	Description
1	UN $\to$ $S_j$	$Login\_Msg1$	{ $V_1\Vert V_2\Vert N_3\Vert K_s$ }
2	$S_j$ $\to$ UN	$Login\_Msg2$	$\{Y_5\Vert Y_6\Vert SK\Vert A{u}_1\}$
3	UN $\to$ UN	$Login\_Msg3$	$SK=h(P{U}_x\Vert Y_1^{\ast }\Vert n_5\Vert N_2\Vert m_6\Vert T_x)$, and authentication verifier $A{u}_2=h(V_2^{\mathit{pc}}\Vert V_1||SK)$

Performance analysis

The proposed LWC technique is implemented in Arduino Uno (8-bit microcontroller) with 32 kb flash and 2 kb SRAM. The encryption and decryption time with clock cycles are shown in Table 5. Now, the performance measurement of the proposed scheme is done by measuring operational cost. Operational cost is the total of communicational cost and computational cost. Here the communication cost is calculated in two-part. During the registration process, the communication cost is 2520 bits and in the login process is 4260 bits. Computational cost depends on the number of hashing. The performance comparison is given in Table 6. which shows that the number of hashing in the authentication process is less so that the proposed authentication protocol will be lightweight. Also, Table 7 shows that most network attacks are resisted by this authentication protocol.

Table 5.

Speed and memory usage comparison of LWC

Algorithm	Speed (clockcycle/ bytes)	Memory usage (bytes)	Encryption time (ms)	Decryption time (ms)	Rounds (bytes)
LEA [31]	24,621	1601	550	106	24/28/32
HEIGHT [4]	26,401	1506	569	208	32
SIMON [3]	38,026	681	625	280	32/36, 36/42, 44/52, 54/68, 69, 72
LWC(This Scheme)	23,595	1194.3	636	130	32

Table 6.

Performance analysis of our proposed model with other model

Authentication phase	Registration phase	Login phase	Authentication phase	Total
This scheme	4 $T_h$	4 $T_h$	4 $T_h$	12 $T_h$
Kalra et [32]	8 $T_h$	6$T_h$	8$T_h$	22$T_h$
Xue [23]	7$T_h$	6 $T_h$	13 $T_h$	26 $T_h$
Turkanović [24]	7$T_h$	5 $T_h$	7 $T_h$	19$T_h$

Table 7.

Performance analysis of our proposed model with other model

Functionalities attack	Kalra et al. [32]	Xue et al. [23]	Turkanovic et al. [24]	LWC(This Scheme)
Man-in- middle	$✓$	X	$✓$	$✓$
Impersonation	$✓$	$✓$	X	$✓$
Mutual authentication	$✓$	$✓$	$✓$	$✓$
Replay	$✓$	$✓$	$✓$	$✓$
Perfect forward	X	X	X	$✓$
Insertion	X	X	X	$✓$
Server spoofing	X	X	$✓$	$✓$
Password guessing	X	X	$✓$	$✓$

Detail security analysis

In this section the formal security analysis is explained.

The formal proof of the proposed protocol is done by using Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. AVISPA shows simulation results after verification process. AVISPA is widely accepted verification tool which uses on-the-fly-model (OFMC), CL-based Attack searcher (CL-At), SAT based model checker (SATMC), and Tree-Automata-based protocol Analyser (TA4SP). The first back end is on-the-fly-model (OFMC) checker. CL-based Attack searcher (CL-ATSE) is the second section. It provides transmission if any security threats occurred. SAT based model checker (SATMC) makes the proposed formula and solves SAT (state-of-the-art formula). Tree-Automata-based protocol Analyser (TA4SP) is the last backend. It performs tree automation include intruder. Avispa tool analyzes protocol using high-level protocol specification language(HLPSL language). There are basic role, composite role. The fundamental role represents each participant’s role. The roles for the session, and the goal and environment of the proposed scheme are specified the simulation result in proposed OFMC. Then after it gives the simulation result in proposed ATSE trace of attack. The output of OFMC’s proposed authentication is shown in Fig. 8. OFMC is a market-based methodology. It is a symbolic way for expressing state-space. OFMC is limited in the number of session protocols it can use. There is also a performance speed, as the execution time is really short. The Dolev-Yao Model is used to check for replay attacks. In regular sessions with man-in-the-middle assaults, this model is used.

Fig. 8.

Result of the proposed protocol

The word SUMMARY is used in the next section. Its simulation procedures are available. It was determined to be safe, dangerous, and inconclusive. Avispa code is shown in Figs. 6 and 7. The DETAILS section ensures the safety of the proposed work. Result is utilised in the next section. Attacks were discovered. It creates SAFETY. Simulation result in proposed ATSE is shown in Fig. 8.

Fig. 6.

Avispa code in Hlpsl user role

Fig. 7.

Avispa code in Hlpsl server role

Conclusion and futurescope

One of the challenges in the IoT systems is data confidentiality which is focused in this paper. In this paper a lightweight block cipher technique is proposed which has a flexible structure. This helps to design a flexible cryptosystem for a wide range of hardware implementation on IoT devices. This framework is mainly designed for a health monitoring systems which are a part of electronic healthcare. In this monitoring system the captured data is encrypted using LWC and the data user can access it after proper authentication. The performance of the system is also measured and the formal proof is done for high-level security. The LWC ciphering technique used mainly 128-bit to 256-bit keys. The computational cost of the proposed framework is low(12 Th) in comparison with another existing scheme. Thus it is suitable for IoT devices that have low power and memory. The major limitation of our work is the comparatively high encryption time of the proposed LWC. Thus the speed enhancement for software implementation of proposed LWC is one of the future work. Also to give optimized performance by balancing between memory usage and speed, in future an enhanced model can be produced.