A Secure and Efficient Information Authentication Scheme for E-Healthcare System

Naveed Khan ,Jianbiao Zhang,? ,Ghulam Ali Mallah and Shehzad Ashraf Chaudhry

1Faculty of Information Technology,Beijing University of Technology,Beijing,100124,China

2Department of Computer Science,Shah Abdul Latif University,Khairpur,66111,Pakistan

3Department of Computer Engineering,Faculty of Engineering Architecture,Nisantasi University,Istanbul,34398,Turkey

ABSTRACT The mobile cellular network provides internet connectivity for heterogeneous Internet of Things (IoT) devices.The cellular network consists of several towers installed at appropriate locations within a smart city.These cellular towers can be utilized for various tasks,such as e-healthcare systems,smart city surveillance,traffic monitoring,infrastructure surveillance,or sidewalk checking.Security is a primary concern in data broadcasting,particularly authentication,because the strength of a cellular network’s signal is much higher frequency than the associated one,and their frequencies can sometimes be aligned,posing a significant challenge.As a result,that requires attention,and without information authentication,such a barrier cannot be removed.So,we design a secure and efficient information authentication scheme for IoT-enabled devices to mitigate the flaws in the e-healthcare system.The proposed protocol security shall check formally using the Real-or-Random (ROR) model,simulated using ProVerif2.03,and informally using pragmatic discussion.In comparison,the performance phenomenon shall tackle by the already result available in the MIRACL cryptographic lab.

KEYWORDS IoT-enable device;e-healthcare;authentication;edge computing

1 Introduction

The IoT-enabled devices can be found in various domains,such as the healthcare system,cities,factories,homes,the Internet of Drones (IoD),and many more [1,2].By 2025,IoT devices usages will have increased,and about 75 billion devices will be connected to the internet [3].As a result,the e-healthcare market will expand by 16 percent between 2020 to 2027,while the current volume is 143.6 billion USD [4].In an e-healthcare system,medical signals are used to monitor patients’health activities.These signals are one-dimensional(1D)and two-dimensional(2D)signals,such as blood pressure,electrocardiograms,electromyograms,electroglottograph,body temperature,and electroencephalograms.Although,traditional hospital management monitors patient activities manually.Therefore,it is inefficient and can lead to medication errors.The medication error can be fatal and lead to patient harm.Furthermore,according to World Health Organization (WHO),medication error costs humans around 42 billion USD annually[5].

In contrast,edge computing plays a crucial role in medical emergencies and communication delays.Therefore,edge computing benefits the e-healthcare system in terms of real-time data collection,processing,and analyzation.Moreover,the edge architecture provides reliability and low latency in distributive applications such as IoT-enable sensors in e-healthcare.Although,the initial goal of edge computing was to reduce bandwidth costs.However,with the advancement of wireless networks such as 5G and even researchers working on 6G networks,edge computing will be able to support real-time applications such as self-driving cars,robotics,video processing,and medical enable IoT devices,to name a few.Edge computing is a distributed computing topology in which data storage and computation are located close to the devices in order to reduce latency.Latency is critical in the ehealthcare system because high latency can harm a patient’s life.In contrast,low latency can sometimes save their lives[6].

Furthermore,IoT-enabled devices facilitate communication between doctors and patients.Doctors place these IoT-enabled devices on patients’bodies to monitor their health activities.However,IoT-enabled devices improve doctor-patient interaction but generate massive amounts of data that must be carefully stored and processed at edge computing.Therefore,using IoT-enabled devices in the medical field is advantageous because it eliminates the need for medical personnel to manually manage patient data.Although,these IoT-enabled devices are vulnerable to security threats due to their resource and energy limitations.Because of this,it is impossible to eliminate these vulnerabilities without strong authentication.Therefore,several different e-healthcare authentications and key agreement schemes have been implemented.However,these schemes[7–9]suffer from eavesdropping and forgery attacks.Furthermore,we identified security flaws in the scheme[10]and found out that the scheme suffers from different attacks such as spoofing,masquerading,and impersonation.

1.1 Motivation and Contribution

For academics,e-healthcare is a sensitive research area.Furthermore,any flaws in the protocol could result in the patients’fatal accidents.As a result,we take advantage of the opportunity to propose a secure and efficient authentication scheme for e-healthcare that reduces complexity while improving security over existing schemes.Our protocol is efficient and lightweight for IoTenabled devices because we only use the XOR and hash functions.Recently author [10] proposed an authentication scheme for the healthcare system.According to [10],the scheme achieves mutual authentication,untraceability,forward secrecy,and resistance to replay and desynchronization attacks.However,careful examination reveals that the scheme is vulnerable to spoofing,masquerading,and impersonation attacks.In the scheme[10],when the attacker copiesM4={X,An}and transmits it again later,the adversary (A) can easily spoof the reader’s radio frequency identification (RFID) because for each session,the same message is transmitted over the public network channel.Furthermore,an attacker may also modify it to masquerade as a legitimate peer.Similarly,forM5={Y,AR1,X,An},the attacker can easily impersonate the server for a wrong decision due to its static nature.Therefore,the scheme suffers from spoofing,impersonation,and masquerading attacks.The following is our primary contribution:

? We identified security vulnerabilities in [10] and rectified them using our proposed scheme,which is lightweight and efficient because it utilizes only XOR and a hash function.

? Despite achieving some security objectives,the protocol [10] came at a high cost in terms of communication and computation.Since communication and computation costs are rising,we proposed a low-cost solution to address this issue.

? The security of our proposed protocol is formally analyzed through the ROR model [11]and ProVerif2.03 [12].Using ProVerif and ROR model,we demonstrated that our proposed scheme is secure against replay and man in the middle attacks while securely providing mutual authentication and session key security.

? In the informal security analysis section,our proposed scheme demonstrates that our protocol is secure against various attacks.

? Our proposed protocol outperforms existing state-of-the-art schemes regarding communication,computation costs,and security.Among many other applications,the scheme can realize a smart city environment.

1.2 Threat Model

We extended the famous threat model developed by Dolev and Yao (DY),also called the DY model [13].We are adopting a solid adversaryA.According to the DY model,any danger to the system must be examined and analyzed before operationalizing it in real-world environments.We also consider the adversary model of Cannetti and Knawezk(CK)model[14]and utilized[15]for a more solid adversary.The CK model is the most used in authentication and key exchange protocols.In the DY model,theAdelivers the message,while in the CK model,theAcan also compromise the session key and secret key.

Furthermore,IoT-enabled devices or sensor nodes can be accessed by theAphysically.Thus,theAwill try to extract secret information from it.Further,the communication between IoT-enable devices or sensor nodes and edge computing can be intercepted by theA.Sensor nodes are connected to the edge node using a wireless network;therefore,theAcan access open channel data and modify,delete,or insert it.TheAcan monitor the data between the IoT-enable sensor node and the user.TheAcan pretend to be a legal user to the edge server and launch Man-In-The-Middle(MITM)to masquerade and impersonate attacks.

1.3 System Model

Our system model consists of patients with IoT-enable sensor nodes,medical staff,edge server,and registration server,as shown in Fig.1.First,the IoT-enable sensor nodes and users need to register themself with the registration server.After that,medical staff can monitor patients’activities in realtime using these IoT-enabled devices,whereas the edge server reduces latency.The registration server and edge server are the trusted authorities in our proposed scheme.The registration server is in charge of registering users and IoT-enabled devices.Finally,our system model detailed explanation is given in the proposed scheme.

1.4 Paper Organization

The rest of the article is structured as follows: Section 2 describes the literature review in detail.Additionally,Section 3 contains the proposed scenario.Then,in Section 4,we examine the proposed framework’s security,Section 5 discusses informal security analysis,and Section 6 conducts a performance analysis.Finally,Section 7 concludes the paper.

Figure 1:System model

2 Related Work

There are numerous advantages to having an e-healthcare system.Despite the benefits,there are multiple concerns,the most noteworthy of which is outsourcing data storage.As a result,it creates the possibility of unlawful physical access.However,encryption is the most effective method for preventing unauthorized access to outsourced data.Encrypting and storing data in the cloud can prevent malicious users or cloud service providers from accessing it[16].These encryption techniques,however,could be improved.If an attacker obtains access to a secret key,the data must be protected from unauthorized access.

However,IoT-enabled devices have resource and energy limitations.As a result,these devices are susceptible to a wide range of security risks.In addition,traditional cryptographic protocols do not perform well on IoT-enabled devices due to resource and energy constraints.These devices are vulnerable to both passive and active security threats,and the attacks can be launched from inside or outside the network.These security breaches impede communication.As a result,Denialof-Service(DoS)and Sybil attacks are potentially more dangerous because they deplete the device’s resources and network bandwidth.Many researchers attempt to create security protocols that address authentication,confidentiality,and integrity.Authentication is one of the most visible aspects that ensures user identity and verifies it in order to protect data from malicious users.This section provides a brief overview and analysis of the existing schemes in e-healthcare systems.

The authors [7] proposed an authentication scheme for RFID-based IoT devices to prevent replay and data disclosure attacks.Their scheme also provides anonymity.However,their scheme has security flaws,such as the scheme cannot be resilient to impersonation,eavesdropping,and forgery attacks.Further,the authors [17] proposed an authentication scheme based on Chaotic-Map and Chebyshev.However,it provides better anonymity but suffers from offline password guessing,password disclosure,and impersonation attacks.Finally,in 2018,the authors[18]proposed a lightweight privacy preservation scheme using Physically Unclonable Functions(PUFs).However,their scheme also has security flaws such as perfect forward secrecy and heave storage and computation cost.Moreover,the schemes[8,9]cannot resist DoS,eavesdropping,and forgery attacks.

The authors [19] proposed an Elliptic Curve Cryptography (ECC) authentication protocol for the healthcare system.Nevertheless,their scheme suffers from password guessing and impersonation attacks.However,An authentication scheme based on Hash-based RFID was proposed[20].Unfortunately,the scheme cannot resist forgery,privileged insiders,and Denial of Service (DoS) attacks.Furthermore,the scheme[21]cannot provide resistance against insider,MITM,session key security,and session-specific temporary information attacks.While the scheme[22]also cannot resist insider,offline password guessing,stolen smartcard,and session key security attacks.Furthermore,The scheme[23]cannot provide anonymity,insider,replay,and MITM attacks.The paper[24]proposed a high optimal path channel triggering scheme that offers data preservation and privacy with minimal network resources.

Elliptic Curve Cryptography (ECC) and integrated with a biometric authentication scheme were proposed by [25].However,the scheme is vulnerable to machine learning [26] attacks and cannot provide perfect forward secrecy and perfect backward secrecy.The authors [27] proposed a certificateless authentication protocol,but their scheme cannot resist modification and impersonation attacks [28].Another scheme was proposed in [29],which does not provide message integrity and physical security.An Intrusion Detection System (IDS) scheme was proposed in [30–32] to detect Botnet,DoS,distributed denial of service(DDoS),Wireless Body Area Networks(WBAN),and many more attacks,but these methods consume time and the accuracy rate is also low.The scheme[33]failed to resist insider attacks and could not provide session key security and untraceability.

On the other hand,the approach[34]did not provide traceability or mutual authentication,as the name suggests.As a result,researchers[23,35]presented a three-factor authentication technique based on ECC to ensure perfect forward secrecy.However,these systems do not guarantee absolute forward secrecy,user anonymity,or the ability to withstand replay attacks.Over the cost of computation,the protocol [36] provides a security feature that is advantageous.The authors proposed a lightweight authentication technique in [37],but the key generation time was highly elongated.As a result,it is in conflict with the characteristic of a lightweight scenario.Blockchain technology has recently garnered the interest of healthcare researchers.However,the blockchain has issues with accessing medical records[38].

Furthermore,a scheme [39] was proposed using symmetric en/decryption,hash function,and chaotic maps that provide authentication and key agreements for multi-server environments.However,according to[40],the scheme is prone to offline password guessing attacks and biometric and smart card leaks.Moreover,the scheme [41] is vulnerable to DoS attacks.Furthermore,it cannot provide perfect forward secrecy and provision of smartcard revocation.In contrast,the scheme cannot resist anonymity,user impersonation,mutual authentication,and server impersonation attacks.Therefore,we propose a secure and efficient authentication protocol for e-healthcare in edge computing to improve the security vulnerabilities of the existing scheme and especially the protocol proposed in[10].

3 Proposed Scheme

We proposed a secure and efficient information authentication protocol for an IoT-enable device in an e-healthcare system to improve the flaws in the protocol[10].Our proposed approach is divided into four phases: setup,registration,login and authentication,and password changing.Detailed notation and their description are shown in Table 1.

Table 1:Notations and description

3.1 Setup Phase

The registration server generates the secret key SKrs in our proposed protocol.The edge server and IoT-enable sensor node both have their own unique identities,IDeand IDw,and a secret user key,PKu.

3.2 Registration Phase

Our proposed scheme registration phase comprises of two-part.In the first portion,we will register the IoT-enable sensor node with the registration server,while in the second phase,we will register the user with the registration server.The process is under:

3.2.1 IoT-Enable Sensor Node Registration Phase

i.In this step,the IoT-enable sensor node selects identity IDuand generates a random number rwto calculate Xw=h(IDu||rw).The IoT-enable sensor node sends RM1={Xw,rw}toward the registration server.

ii.Upon receiving RM1={Xw,rw}from IoT-enable sensor node,the registration server generates random number rrsto computes V=h(Xw||rrs||SKrs) and store {Xw,V,rrs} in edge server database.After that the registration server send RM2={V} to IoT-enable sensor node over secure channel.

iii.The IoT-enable sensor node further calculates S1=h(IDw||SKw) ⊕ rw,S2=h(rw||SKw) ⊕ V and Store{Xw,S1,S2}in memory and the procedure as shown in Table 2.

Table 2:IoT-enable sensor node registration

3.2.2 User Registration Phase

In this section,the user registers with the registration server in our proposed protocol.

i.The user selects identity IDu,generates a random number ruand computes Xu=h(IDu||ru),and sends RM3={Xu}toward the registration server over a secure channel.

ii.After receiving RM3={Xw}from user,the registration server calculates V1=h(Xu||SKrs||rrs),XIDu=h (Xu||V1) and store {Xu,XIDu,V1} in edge server database.After computation the registration server send RM4={V1,XIDu}to user over secure channel.

iii.The user chooses a password PWuand computes HPWu=h(PWu||ru),B1=h(IDu||PWu) ⊕ru,B2=h(IDu||PWu||ru||HPWu),B3=h(HPWu||ru) ⊕ XIDu,B4=h(HPWu||XIDu) ⊕ V1and Store{Xu,B1,B2,B3,B4}and the procedure is illustrated in Table 2.

3.3 Login and Authentication Phase

i.The user input identity IDuand password PWuand computes,ru=h(IDu||PWu)⊕B1,HPWu=h(PWu||ru),B2?=h(IDu||PWu||ru||HPWu).The user check B2??=B2and if it corrects then proceed further otherwise terminate connection.The user generates random number ru1and calculates XIDu=h(HPWu||ru) ⊕B3,V1=h(HPWu||XIDu) ⊕B4,N=h(Xu||XIDu||V1) ⊕(Xu||ru1),D=h(IDu||ru) ⊕ h(V1||ru1),Fu=h(Xu||XIDu||ru1||Xw||V1).After calculations the user sends M1={N,D,Fe,Xu}towards edge server.

ii.The edge server extracts XIDuand V1as per the Xuand calculates(Xw?||ru1?)=h(Xu||XIDu||V1),Fu?=h(Xu||XIDu||ru1?||Xw?||V1)and Check Fu??=Fu,if edge authenticate user then proceed further otherwise terminate connection.The edge server selects random number reand further calculates N2=h(re||ru1),N3=h(Xw||V||rw) ⊕ N2,h(IDu||ru1)=E1⊕h(V1||ru1),E2=(h(IDu||ru1)||h(IDe||re)) ⊕h(V||rw),and Fe=h(Xu||N2||V).After computation the edge server send M2={Xw,N1,E2?Fe}to IoT-enable sensor node.

iii.The IoT-enable sensor node calculates rw=h(IDw||PKw),V=h(rw||PKw) ⊕S2,N2?=h(Xw||V||rw) ⊕ N3,Fe?=h(Xu||N2?||V).The IoT-enable sensor node authenticates edge server through Fe??=Fe,if correct then proceed further otherwise terminate connection.The IoTenable sensor node generates random number ru1and computes(h(IDu||ru1)||h(IDe||re))=E2⊕h(V||rw),SK=h(h(IDu||ru1)||h(IDe||re)||h(IDw||re),N4=h(Xw||V||rw)⊕h(IDw||rw1),Fw=h(Xu||Xw||N2?||h(IDw||rw1)||V)and send M3={Fw,N4}to edge server back.

iv.The edge server calculates h(IDw||rw1)=h(Xw||V||rw)⊕N4,Fw?=h(Xu||Xw||N2||h(IDw||rw1||V)and check Fw??=Fw.If it corrects the proceed further otherwise terminate connection.The edge server further calculates SK=h(h(IDu||ru1)||h(IDe||re)||h(IDw||rw1),Xunew=h(Xu||ru1),XIDunew=h (Xunew||V),N5=h (XIDu||ru1) ⊕(h(IDe||re)||h(IDw||rw1)||Xunew,and Fec=h(Xu||ru1)||h(IDe||re)||h(IDw||rw1)||Xunew||V).The edge server store{Xunew,XIDunew}and send M4={Fec,N5}towards user.

v.The user calculates Xunew=h(Xu||ru1),(h(IDe||re)||h(IDw||rw1)||Xunew=h(XIDu||ru1)⊕N5,and Fec?=h (Xu ||ru1)||h(IDe||re) ||h(IDw||rw1)||Xunew||V).The user Check Fec??=Fecand if it is correct then proceed further otherwise terminate connection.The user further calculates SK=h(h(IDu||ru)||h(IDe||re)||h(IDw||rw1),XIDunew=h(Xunew||V),B3new=h(XIDunew||HPWu) ⊕XIDunew,and B4new=h (XIDunew||HPWu) ⊕ V1.The user update {B3new,B4new,Xunew} and compute N6=h(SK||Xunew).The user sends M5={N6}towards edge server.

vi.The edge server N6?=h(SK||Xunew) and check N6??=N6.After calculations,the edge server deletes{XIDu,Xu}Table 3.Further details are given in Table 4.

Table 3:User registration

3.4 Password Change Phase

i.The user enters their identity IDuand password PWu.

ii.After input IDuand PWu,the device computes HPWu=h(PWu||ru),B1=h(IDu||PWu) ⊕ru,B2=h(IDu||PWu||ru||HPWu),B3=h(HPWu||ru)⊕ XIDu,B4=h(HPWu||XIDu)⊕ V1,ru=h(IDu||PWu) ⊕ B1,and B2?=h(IDu||PWu||ru||HPWu).Then check B2??=B2and proceed further if correct otherwise terminate connection.

iii.The user inputs a new password PWunew.

iv.After input new password then update the values of HPWu?=h(PWunew||ru),B1?=h (IDu||PWunew) ⊕ ru,B2??=h(IDu||PWunew||ru||HPWu?),B3?=h(HPWu?||ru) ⊕ XIDu,B4?=h(HPWu?||XIDu)⊕ V1,ru?=h(IDu||PWunew)⊕ B1?,B2???=h(IDu||PWunew||ru||HPWu?)and update{HPWu?,B1?,B2??,B3?,B4?B2???}.

4 Security Analysis

This section analyzed and critiqued the proposed scheme’s security using two distinct methodologies.Firstly,we utilized Real-or-Random(ROR)model to determine the security of our session key SK.Furthermore,we used the ProVerif simulation toolkit to demonstrate that the session secret is secure.Finally,further details are given below.

4.1 Formal Security Analysis Using Real-or-Random(ROR)Model

We used the ROR model[11]to demonstrate our proposed scheme’s session key securitySK.In our proposed scheme login and authentication phase,we have three participantsPt,userPtu,edge serverPte,and IoT-enable sensor nodePtw.TheAhas the ability to intercept,manipulate,and eavesdrop on data delivered across an unsecured connection.TheAmay attack actively or passively by executing various queries outlined in the ROR model,including CorruptedMD,Executive,Send,Reveal,and Test queries.The exact instructions for these queries are included below:

? CorruptedMD(Ptu):TheAcan obtain secret information stored on the user side.

? Executive(Ptu,Pte,Ptw):TheAcan capture transmitted data over an insecure channel among users,edge servers,and IoT-enable sensor nodes.

? Send(Pt,m):TheAsends message m toPt,andPtreplies toAaccording to the rule.

? Reveal(Pt):TheAreveals the session keySKbetweenPtuandPtw.If theAunable to revealSK,then it means that the session key is secure.

? Test (Pt): TheAtossed a coin,and the result was only known toA.TheAuses the result to decide on the Test query and ifSKis fresh,then return1or0.Otherwise,return null.

Theorem 1:TheAcan access the session key security of our proposed scheme.The proof of Theorem 1 is similarly presented in[42].The polynomial-time ofAasAdv A.

q2hdenoted the number of hash queries,qsendis the number of send queries,and|Hash|is the range of hash functionh(.)while c is a parameter from Zipf’s law[43].

Proof:We prove the session key security in four-game“Gamei”wherei∈[0,3].TheAuseSA,ito win theGameiby guessing the random bit fc correctly.Pr[SA,Gamei]shows the advantage ofAto winGamei.The games are described below:

i.Game0:In this game,we allow theAto launch an actual attack on our proposed scheme.TheAselect random bitfcat the start of the Game0.

ii.Game1:TheAexecute the Executive(Ptu,Pte,Ptw)queries and eavesdrops transmitted message{N,D,Fu,Xu},{Xu,N3,E2,Fe},{Fw,N4}and{Fec,N5}.TheArun Reveal and Test queries to check whether the derived session key is real or not.Our proposed scheme session key is constructed asSK=h(h(IDu||ru1)||h(IDe||re)||h(IDw||rw)).TheAneeds random numbers and identities of a user,edge server,and IoT-enable sensor node.Therefore,the probability forAis non to win the Game0and Game1.As a result of the paradox[44],we get the following result:

iii.Game2:TheAsend and perform Hash to obtain the SK.TheAmodify exchanged messages.However,our proposed scheme of exchange messages is constructed using a random number and secret keys and protected byh(.),a one-way hash function.Therefore,we get the following result:

iv.Game3:In the last Game3,theAtries to use the CorruptedMD query in order to obtainSK.Using the CorruptedMD query,theAcan get {B1,B2,B3,B4} stored on the user side.These values are expressed asB1=h(IDu||PWu)⊕ru,B2=h(IDu||PWu||ru||HPWu),B3=h(HPWu||ru)⊕XIDuandB4=h(HPWu||XIDu)⊕V1.TheAcannot extractIDu,PWu,ru,andV1values.Therefore,we obtain

By running these games,theAmust guess the bit in order to win the game.Thus,we obtain

From Eqs.(1)and(2),we get

By using Eqs.(5)and(6).

With Eqs.(4),(5),and(7)and using triangular inequality,we obtain

By multiplying both sides of Eq.(8)by 2,we get

As we obtain in Eq.(9),we proved Theorem 1.

4.2 Formal Security Analysis Using ProVerif

ProVerif2.03 verification software toolkit[12]is used to determine if the session secret is secure if it is computed confidentially,if it is exchanged securely among peers,and if an attacker may acquire it during a starting session.It is a popular simulation verification toolkit.Fig.2 depicts ProVerif’s results.

Figure 2:ProVerif result

5 Informal Security Analysis

This section shows how our proposed scheme defends against various threats and incorporates security features such as mutual authentication and perfect forward secrecy to protect users’data.

5.1 Offline Password Guessing Attack

In our proposed scheme theAcannot getB1=h(IDu||PWu)⊕ru,B2=h(IDu||PWu||ru||HPWu),B3=h(HPWu||ru)⊕XIDu,B4=h(HPWu||XIDu)⊕V1,Xu=h(IDu||ru).The values of B1,B2,B3,B4,and Xuwere constructed using IDu,PWu,and random number ru.Therefore,theAcannot construct B1,B2,B3,B4,and Xu.Thus,our proposed scheme resists offline password guessing attacks.

5.2 Mutual Authentication

The user,edge server,and IoT-enable sensor node check the message’s validity in the login and authentication phase.The user,edge server,and IoT-enable node checksFu?=Fu,Fe?=Fe,Fw?=Fw,Fec?=Fec,andN6?=N6.If these values are correct,then the entities authenticate each other.Therefore,our proposed scheme provides mutual authentication property.

5.3 Insider Attack

In registration phase,theAmight obtain Xu=h(IDu||ru).TheAtry to construct{B1,B2,B3,B4,Xu} store on the user side.However,theAcannot obtain actual IDu,PWu,and ru.Therefore,theAcannot construct SK.Thus,our proposed scheme resists insider attacks.

5.4 Desynchronization

TheAtrying to modify and block the transmitted messages to the user,edge server,and IoTenable sensor node cannot authenticate each other.However,theAcannot do it because,according to our protocol,theAcannot obtain IDu,PWu,ru,and Sk.Thus,user and edge servers always have synchronized values.Therefore,in our proposed scheme,a desynchronization attack is not possible.

5.5 Anonymity

TheAcannot obtain the actual identities ofIDu,PWu,IDe,IDw,to constructXu=h(IDu||ru),Xw=h(IDw||rw).Therefore,our proposed scheme provides anonymity.

5.6 Untraceability

In our proposed protocol for every session,the edge server and user updateXunew=h(Xu||ru1).Therefore,our protocol provides untraceability.

5.7 Perfect Forward Secrecy

TheAobtains secret key SKrsand tries to create a session key SK.Although,theAneeds a random number{ru,ru1,re,rw,rw1}because the SKis composed of a random number for every session.Therefore,our proposed protocol;provides perfect forward secrecy.

5.8 Known Session Attack

TheAattempts to obtain random numbers and construct the session key in accordance with the CK-adversary model.However,theAneeds the identities of a user,edge server,and IoT-enable sensor node.Because in our proposed scheme,the session key was constructed using the identities of the user,edge server,and IoT-enable sensor node.Thus,our proposed scheme resists known session attacks.

5.9 MITM Attack

Let us suppose theAgets a previous authentication request between the user and edge server.Further,theAtries to send it again to the edge server.However,the edge server checks the freshness of the random number and rejects the request ofA.Thus,our scheme resists the MITM attack.

5.10 Session Key Leakage Attack

TheAmight get {B1,B2,B3,B4,Xu} and {S1,S1,Xu} of the user and IoT-enable sensor node to calculate the SK.However,theAneed actual identities(IDu,IDw,IDe}and random numbers{ru,ru1,re,rw,rw1}.The identities and random numbers cannot obtain from transmitted messages because these values are encrypted.Thus,our proposed scheme resists session key leakage attacks.

5.11 Replay Attack

Let us suppose theAtries to modify the authentication request and pretend to be a user or edge server.However,theAcannot change{N,E1,Fu}and{Fec,N6}without the knowledge ofIDu,PWu,ru,IDe IDw.Therefore,the proposed scheme resists replay attacks.

5.12 User Impersonation Attack

Let us suppose theAextract secret values {Xu,B1,B2,B3,B4}.TheAtries to impersonate the user using these values.However,theAcannot send authentication messages towards the edge server because theAneeds IDu,PWu,ru,and HPWuto construct {N,D,Fu,Xu}.Therefore,our proposed scheme resists user impersonation attacks.

5.13 IoT-Enable Sensor Node Impersonation Attack

TheAfound a lost IoT-enable sensor node to impersonate the IoT-enable sensor node.However,theAcannot construct{Fu,ru}because theAneedsIDw,rw,and rw1to construct{Fw,N4}.Therefore,our proposed scheme resists IoT-enable sensor node impersonation attacks.

5.14 Stolen IoT-Enable Sensor Node Attack

Let suppose theAget stolen IoT-enable sensor node and obtain secret{S1,S2,Xw}stored in the memory of IoT-enable sensor node.However,theAcannot get IDw,rw,and rw1.Thus,our proposed scheme resists stolen IoT-enable sensor node attacks.

6 Performance and Security Analysis

This section compared our proposed scheme to similar protocols in terms of security characteristics,communication,and computation cost comparisons,among other things.

6.1 Security Features

In this section,we compare our protocol with [10,21–23,33,45–47] in terms of security features.Table 5 shows that our scheme achieved all security features and provided mutual authentication,anonymity,and untraceability.

6.2 Communication Cost

In this section,we first calculate our proposed scheme communication cost and then compare it with recent related protocols [10,21–23,33,45–48] in Table 6.The value of a hash function is (160 bits),the ECC point of multiplication is (320 bits),the symmetric key is (256 bits) timestamp is (32 bits),while the random number is(128 bits),and identities are(160 bits)[49].Our proposed scheme exchange messages are{N,D,Fu,Xu}is{640 bits},{Xu,N3,E2,Fe}is{640 bits},{Fw,N4}is{320 bits},{Fec,N5} is {320 bits} and {N6} is {160}.As a result,our suggested scheme’s overall communication cost is equivalent to 2080 bits.The scheme[45]has a lower communication cost,but the computation cost is high,and the scheme is vulnerable to offline password guessing attacks and unable to provide perfect forward secrecy.

6.3 Computation Cost

We compared our proposed scheme computation cost with other related schemes[10,21–23,33,45–48].First,we calculated our proposed scheme computation cost.According to[50],the ECC point of multiplication TMis(7.3529 ms),hash function This(0.0004 ms),symmetric key TSis(0.1303 ms),and fuzzy extractor TRis (7.3529 ms).Therefore,our scheme total computation cost is 66This equal to 0.264 ms.Detail comparison of our proposed scheme computation and communication cost is shown in Fig.3.The scheme [22] has a lower computation cost.However,the communication cost of the scheme[22]is very high.In contrast,Table 5 shows that the scheme is vulnerable to offline password guessing attacks,insider attacks,and known session attacks.

Figure 3:Computation cost comparison

6.4 Storage Cost

In this portion of our research article,we consider the work [49].The hash function is 160,multiplication point is 320,identity is 160,symmetric key 256,timestamp is 32,and random numbers are 128 bits.Keep view this in mind,our proposed scheme storage cost calculation is Xw=160,S1=160+128,S2=160+160,Xu=160,B1=160+128,B2=160,B3=160+160,B4=160+160.Hence total storage cost is 2016 bits.Table 7 shows the comparison with other state-of-the-art schemes.

Table 7:Storage cost

7 Conclusion

In this research article,we proposed a secure and efficient authentication scheme.Our proposed scheme guarantees secure and efficient communication among the IoT-enable device,user,and edge server.E-healthcare is a prominent research area for researchers because any flaw in the protocol can lead to fatal damage to the patient.Therefore,we cryptanalysis the scheme of Zhu and find out that their scheme suffers from spoofing,impersonation,and masquerading attacks.To overcome the flaws of Zhu’s scheme,we proposed a secure and efficient information authentication scheme for IoTenabled devices in an e-healthcare system.

We choose edge computing to reduce latency for e-healthcare systems because latency is an essential factor.We performed the ROR model and ProVerif to demonstrate that our protocol provided session key security and resisted MITM.In the end,our proposed protocol achieved security features and lower computation costs than recent existing schemes.Therefore,we concluded that our scheme provides lower computation costs and better security.

Acknowledgement:The authors are thankful to the Natural Science Foundation of Beijing Municipality and Beijing University of Technology for funding this work under Grant M21039.

Funding Statement:This work was supported by the Natural Science Foundation of Beijing Municipality under Grant M21039.

Author Contributions:The authors confirm contribution to the paper as follows: study conception and design:Naveed Khan,Shehzad Ashraf Chaudhry and Jianbiao Zhang;security analysis:Naveed Khan;performance analysis: Naveed Khan,Ghulam Ali Mallah,and Shehzad Ashraf Chaudhry;draft manuscript preparation: Naveed Khan,and Shehzad Ashraf Chaudhry.All authors reviewed the results and approved the final version of the manuscript.

Availability of Data and Materials:The first author will provide the supporting data for this work upon reasonable request.

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study.