Content uploaded by Mahender Kumar
Author content
All content in this area was uploaded by Mahender Kumar on Apr 09, 2021
Content may be subject to copyright.
10650 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 10, OCTOBER 2020
A Secure and Efficient Cloud-Centric Internet-
of-Medical-Things-Enabled Smart Healthcare
System With Public Verifiability
Mahender Kumar and Satish Chand
Abstract—The potential of the Internet-of-Medical-
Things (IoMT) technology for interconnecting the biomedical
sensors in e-health has ameliorated the people’s living standards.
Another technology recognized in the recent e-healthcare is
outsourcing the medical data to the cloud. There are, however,
several stipulations for adopting these two technologies. The
most difficult is the privacy of medical data and the challenge
resulting from the resource constraint environment of sensor
devices. In this article, we present the state-of-the-art secure and
efficient cloud-centric IoMT-enabled smart healthcare system
with public verifiability. The system novelty implements an
escrow-free identity-based aggregate signcryption (EF-IDASC)
scheme to secure data transmission, which is also proposed in
this article. The proposed smart healthcare system fetches the
medical data from multiple sensors implanted on the patient’s
body, signcrypts and aggregates them under the proposed
EF-IDASC scheme, and outsources the data on the medical
cloud server via smartphone. The system does not reveal any
information about the identity and medical data of the patient.
We further analyze the performance of the proposed smart
healthcare system in terms of energy consumption. Moreover,
we compare the performance of the proposed EF-IDASC scheme
with other related schemes.
Index Terms—Aggregate signcryption, cloud computing,
Identity-based cryptosystem, Internet of Medical Things (IoMT),
key escrow, provable security, public verifiable.
I. INTRODUCTION
INDUSTRIAL Internet of Things (IIoT) is the promi-
nent fast-growing technology having several smart
interconnected devices, which senses, processes, and shares
data using sensors embedded everywhere [1]. The IIoT-
connected medical monitoring devices [e.g., wireless body
area network (WBAN)] have recently become accessible for
real-time monitoring of a patient’s health remotely. WBAN
is the network of various tiny sensors, typically have lim-
ited storage, power, and computing capabilities. The sensor
is implanted on or inside the patient’s body that collects the
patient’s personal health information (PHI) and transmits it to
Manuscript received January 26, 2020; revised May 13, 2020 and June
7, 2020; accepted June 29, 2020. Date of publication July 2, 2020; date of
current version October 9, 2020. (Corresponding author: Mahender Kumar.)
The authors are with the School of Computer and Systems Sciences,
Jawaharlal Nehru University, New Delhi 110067, India (e-mail:
mahendjnu1989@gmail.com).
This article has supplementary downloadable material available at
http://ieeexplore.ieee.org, provided by the authors.
Digital Object Identifier 10.1109/JIOT.2020.3006523
the medical professional (data consumer) via a wireless (cel-
lular) network. Any attack on a sensor or unauthorized access
to a patient’s PHI may lead to a life-threatening risk to the
patients [2]. Thus, the security and privacy of a patient’s
PHI over the public network are the major unsolved prob-
lems with the challenge arising from the resource constraints
behavior [3].
Recently, mobile technology has benefitted the smart health-
care, but day-to-day increasing data transmission overburden
the cellular network [4]. One of the compelling solutions is the
device-to-device (D2D) communication that may be operated
at the same time/frequency resources over short distances.
Recently, cloud-enabled IoT has potentially served the stor-
age and computation capability for massive IoT data [5].
However, the advantages that cloud leverages to IoT come
with the cost of other security risks that have never been
noticed in the conventional IoT system [6]. In practice, a cloud
is an honest-but-curious entity that follows a correct way to
compute and store the massive collected data but curious to
access the data inappropriately for an adversarial advantage.
The cloud provides a user-delegated facility but handles the
security of user data became a challenge. The advantage of
having these technologies in the e-health monitoring system is
to build a convenient platform that enables an authorized medi-
cal entity to diagnose a patient’s disease remotely [1]. Besides,
another essential problem associated with the cloud-enabled
medical system is to validate the integrity of the stored data on
the cloud. However, public auditing can provide an effective
solution to verify the integrity of stored data remotely [7].
Since many privacy-preserving schemes [8]–[10] have been
discussed, but providing a secure data transmission scheme
for cloud-centric Internet-of-Medical-Things (IoMT)-enabled
healthcare is still a challenge. Signature and encryption
are two fundamental cryptographic primitives for achieving
authenticity and privacy of data, respectively, in a public-
key environment. These two essential building-blocks may be
composed in several ways, such as sign-then-encrypt, encrypt-
then-sign, digital signature with message recovery, and sign-
cryption (authenticated encryption) to ensure the authenticity
and privacy of data simultaneously. The sign-then-encrypt and
encrypt-then-sign schemes have a simple structure, which pro-
vides data authentication and privacy with a cost equivalent to
the combined cost of signature and encryption schemes. In the
signature with message recovery scheme, anyone can extract
the embedded message without knowing secret information.
2327-4662 c
2020 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
KUMAR AND CHAND: SECURE AND EFFICIENT CLOUD-CENTRIC INTERNET-OF-MEDICAL-THINGS-ENABLED SMART HEALTHCARE SYSTEM 10651
Recently, a more efficient solution, signcryption has emerged
to design a system that simultaneously achieves privacy and
authenticity with a cost significantly smaller than the sign-
then-encrypt and encrypt-then-sign schemes. Besides, it allows
a designated recipient to unsigncrypt and access the message
using his secret key.
A. Literature Survey
Here, we will discuss the existing schemes that address the
security in the following parameters: securing sensor within
BAN, securing communication within and outside the BAN,
and privacy-preserving of data in the cloud-assisted environ-
ment. Akinyele et al. [11] designed a self-protecting electronic
medical record (EMR) using attribute-based encryption on
mobile devices and provided EMR while offline. Recently,
Hu et al. [12] addressed the secure communication between
a BAN and its data consumer (end user) using attribute-
based encryption. Chandrasekaran et al. [13] reported that the
system [12] is inefficient for multiple data transmission and
presented a new system for secure data communications in
WBAN for multiple data transmission.
Li et al. [14] presented an identity-based signcryption for
low-power devices (sensors) in an online/offline setting that
simultaneously fulfills the authentication and confidentiality
without authenticating a recipient’s public key separately.
Omala et al. [15] proposed a lightweight certificateless sign-
cryption (CLSC) scheme for secure data transmission for the
WBAN system. Yin and Liang [16] gave an efficient hybrid
signcryption scheme in a certificateless setting for secure
communication for WSNs. Unlike scheme [14], schemes [15]
and [16] are resistant to key escrow attack. Zhang et al. [17]
discussed a data communication scheme for the e-health
system using certificateless generalized signcryption (CLGSC)
scheme. Zhou [18] pointed out that Zhang et al.’s scheme [17]
is susceptible to an insider attack. Thus, the scheme [17]
is insecure and vulnerable in terms of data confidentiality.
Recently, Zhou [19] has presented an improvised CLGSC
scheme for the mobile healthcare system.
In order to reduce the costs of transmission and overhead
of verification, Selvi et al. [20] discussed three aggregated
signcryption schemes in the identity-based setting, which
achieve public verifiability. Wang et al. [21] proposed a first
identity-based aggregated signcryption scheme using multi-
linear mapping in the standard model. Kar [22] proposed
a new identity-based aggregated signcryption scheme for
low-processor devices. However, schemes [20]–[22] are sus-
ceptible to the key escrow problem, which is addressed
by Eslami and Pakniat [23], followed by presenting an
aggregate-signcryption scheme in the certificateless setting.
Niu et al. [24] proposed a secure transmission scheme for
heterogeneous devices, which transmits kmessages from k
senders in certificateless settings to mrecipients in the IBC
setting. Kumar and Chand [25] proposed an identity-based
signcryption scheme for secure peer-to-peer video on demand
protocol.
Recently, Aujla et al. [26] proposed an SDN-based archi-
tecture for edge-cloud interplay in a secure healthcare setting
using a lattice-based cryptosystem. Liu et al. [27] proposed
a secure fine-grained access control scheme under the standard
model and decisional parallel bilinear Diffie–Hellman (BDH)
exponent problem. Yang and Ma [28] proposed searchable
encryption to realize the timing enabled and designated
revocation for privacy-preserving medical data in a cloud
setting. Zhang et al. [29] proposed a privacy-aware smart-
health (PASH) access control system using ciphertext-policy
attribute-based encryption, in which attribute values of access
policies are hidden in encrypted form and only attribute
names are revealed. Yang et al. [30] proposed a distributed
secure data management with an efficient keyword search
system for health IoT. Elhoseny et al. [31] presented a hybrid
encryption approach that is built using Rivest, Shamir, and
Adleman (RSA), and advance encryption standard (AES) algo-
rithms for preserving the diagnostic text data in medical images.
From the above discussion, we observed that it is challenged to
implement a secure and efficient cloud-centric IoMT-enabled
smart healthcare system that achieves public verifiability.
B. Motivation and Contribution
In the literature, numerous IDASC schemes and other
cryptographic primitives based on bilinear and multilin-
ear pairing have been discussed in the secure healthcare
system. On comparing with IDSC, CLSC schemes address
the key escrow problem but could not achieve the identity-
based nature. It is well known that due to the adoption
of cloud-enabled IoT with the e-healthcare system, many
issues come into the picture, in which lightweight security
of patient’s medical data and integrity of stored data on
the cloud are the main research problems. One of the over-
looked issues in the healthcare system is privacy against
the trusted authority. The earlier existing schemes are inef-
ficient and inadequate in real-time practices. This motivates
us to implement a secure cloud-centric IoMT-enabled smart
healthcare system secured against the untrusted authority that
achieves public verifiability in the least computation, stor-
age, and communication overhead. The scheme is designed
with the least pairing operations for a resource-limited
device. In summary, the proposed work has the following
contributions.
1) We propose an escrow-free identity-based aggregated
signcryption (EF-IDASC) scheme, which addresses the
key escrow problem based on the idea given in [32].
2) We prove that the proposed EF-IDASC scheme is
existentially unforgeable under the chosen message
attack (EUF-CMA) and adaptively indistinguishable
under the chosen-ciphertext attack (IND-CCA) in the
random oracle model (ROM) and well-known BDH
problem (BDHP).
3) We compare the proposed EF-IDASC scheme with other
related signcryption schemes, in which we show that the
proposed scheme consumes the least energy as compared
to related schemes.
4) Then, we propose a secure D2D aggregated-data com-
munication protocol in the cloud-centric IoMT environ-
ment for smart healthcare, whose security is based on
the proposed EF-IDASC scheme.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
10652 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 10, OCTOBER 2020
5) Furthermore, we evaluate the energy consumption
cost (in mJ) in terms of computation, storage, and
communication.
6) The proposed secure healthcare system achieves the
patient’s anonymity, pubic auditing of the integrity of
stored data on the cloud, and mutual authenticity of
patient’s data with public verifiability.
C. Paper Organization
We organize this article in the following way. Section II
briefly discusses the preliminaries and network architecture. In
Section III, the construction of a provable secure D2D-assist
data transmission scheme for WBAN using the EF-IDASC
scheme is given. Section IV provides the security objectives
of the proposed WBAN system. The performance evaluation
and comparison are given in Section V. In Section VI, we
conclude this article.
II. PRELIMINARIES
A. Bilinear Diffie–Hellman Problem
Suppose an additive group G1and a multiplicative group G2
of same order q, where qis very large prime number and let P
denotes the generator of group G1of length q-bit and e:G1×
G1G2be a bilinear map. Given a tuple T=<P,xP,yP,zP>∈
G1, it is computationally hard for any probabilistic polynomial
time (PPT) algorithm Ato compute Z=xyzP ∈G1, without
the information x,y,z∈Zq. The advantage of an algorithm
Ain finding solution is given as
PrA=e(P,P)xyz
P,xP,yP,zP ∈G1,x,y,z∈Zq
≥ε.
B. Network Architecture
Fig. 1 gives the network architecture, in which the system
uses the EF-IDASC scheme for secure data transmission
between the biomedical sensor (BMS) and server device (SD).
The design goal of the proposed system is to achieve the
privacy-preserving access control model with public auditing
in the cloud-centric IoMT-based environment. The proposed
system achieves secure communication in the following
phases: securing sensor devices within BAN, securing commu-
nication within BAN, and outside the BAN. The cloud-assisted
IoMT-based healthcare system consists of six entities.
Network Manager (NM): The NM is a semitrusted authority
that initializes the system and computes its master and public
key. It authenticates an entity and issues a partial private key
to it.
Key Protection Servers (KPSs): KPSs protect the private key
of an entity using their secret keys and issue a protected private
key share to it. They perform computations on the cloud to
mitigate the computation overhead.
BMS: It is a tiny sensor that has limited storage space,
battery life, and computation power. It is installed either
on/outside the patient’s body (wearable sensors) or deployed
in the patient’s tissues (implanted sensors).
Personal-Assisted Device (PAD): It is a data sink with
sufficient computation and storage but not trustworthy as
Fig. 1. Detailed architecture of the proposed secure aggregated signcryption
system for the cloud-centric IoMT-based healthcare system.
TAB LE I
NOTATIONS AND ABBREVIATIONS
it is effortless for an attacker to retrieve the patient’s sen-
sitive data by physically stealing the phone or statistically
attacking it.
Medical Cloud Server (MCS): It is a semitrusted cloud
server, which stores the patient’s PHI. It also validates the
PHI and provides the accessibility of PHI to SD.
SD: A device on the medical institution’s side can access
the patient’s PHI on MCS and diagnose the patient’s diseases
based on their resulting PHI.
C. Definition of the Proposed EF-IDASC Scheme
We first give the notations and abbreviations that will be
used throughout this article, defined in Table I. The proposed
EF-IDASC scheme includes the following five PPT algorithms.
Setup: NM and KPSs compute the system parameter pp
and secret keys <s0,s1,s2···sn>, where master key s0and
<s1,s2···sn>are kept secret and pp is published.
KeyGen: On a given entity’s identity IDE, NM and KPSs
compute the private key using their master key s0and secret
keys <s1,s2···sn>.
1) ParPriKey: Entity obtains a partial private key D0
from NM.
2) SecPriKey: Entity obtains a protected private key shares
Difrom KPSs
3) KeyExt: Now, entity computes its private key dE.
Signcrypt: On a given pp and message M, signer signcrypts
Musing his private key dSand recipient IDRand outputs the
signcryptext CT.
Aggregation: On a given signcryptext CT from different
senders, it outputs the aggregated signcryptext CTagg.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
KUMAR AND CHAND: SECURE AND EFFICIENT CLOUD-CENTRIC INTERNET-OF-MEDICAL-THINGS-ENABLED SMART HEALTHCARE SYSTEM 10653
Unsigncrypt: On given pp, and aggregated signcryptext
CTagg, the recipient decrypts it using his private key dR
to obtain the messages and sender’s IDSand validates the
messages M.
D. Security Goals
According to security goals defined in [33], we consider the
following security attacks for the proposed systems.
1) Eavesdropping: An unauthorized party could not listen
sensitive data in the WBAN communication.
2) Data Modification: It ensures that data could not be
altered or modified by any adversary.
3) Nontraceability: It ensures that an adversary cannot trace
the patient’s identity and any action on given encrypted
data.
4) Mutual Authentication: The BMS and SD are authenti-
cated to each other, which ensures that the PHI is coming
from the intended BMS and arriving at the SD.
5) Contextual Privacy: Any entity in the system is unable
to link the source and destination of the PHI if they do
not collude.
6) Resilient to Key Escrow: The NM in the system could
not compute the BMS’s signcrypted key.
7) Public Auditing: Anyone in the network can check the
integrity of data stored on the cloud without download-
ing and knowing the actual content of the data.
E. Security Threat
Similar to [32], we suppose two types of adversaries: 1)
type-I and 2) type-II. An active adversary that can access
NM’s master key or acts as a malicious NM is known as the
type-I adversary, denoted as AI. Another adversary is the type-
II adversary denoted as AII. It can access KPS’s secret key or
behave as a malicious KPS. The formal security threat of the
proposed EF-IDASC scheme consists of indistinguishability
under the adaptively chosen ciphertext attack against adver-
saries AI(IND-CCA-I) and AII (IND-CCA-II), and existential
unforgeability under the adaptively chosen message attack
against forgers FI(EUF-CMA-I) and FII (EUF-CMA-II),
defined as follows.
IND-CCA-I: It is defined by the game played between
a challenger Cand an adversary AI.
Setup: On given security parameter k, challenger Coutputs
the public parameters pp and master key s0.Csends pp to AI.
Phase1: AIcomputes the partial private key D0on given
identity ID using s0and runs the following queries.
1) KeyGen Query: Given D0,Coutputs the private key
share Di←SecPriKey(D0,pp)and dE←KeyExt(Di)
to AI.
2) Signcrypt Query: Given public parameter pp,
its private key dS,IDR, and M,Coutputs
CT ←Signcrypt(M,IDR,dS,pp)to AI, where
dS←KeyGen(pp,s0,si,IDS).
3) Unsigncrypt Query: On a given signcryptext CT, iden-
tity IDS, challenger Cextracts the private key dRand out-
puts Mto the AI, where dR←KeyGen(pp,s0,si,IDR).
4) Aggregate Unsigncrypt Query: On a given aggregate
signcryptext coming from IDi,Coutputs all correspond-
ing messages Miif aggregate signcryptext is valid on
(Mi,IDi).
Challenger Phase: AIgives the two equal size messages M0
and M1, and challenged identities IDch
Sand IDch
Rto C, where
a KeyGen query is not allowed for IDch
R.Cpicks a random bit
b∈{0,1}and outputs CTch ←Signcrypt(Mb,IDch
R,dch
S,pp)
to AI, where dch
S←KeyGen(pp,s0,si,IDch
S).
Phase 2: Similar to phase 1, AIadaptively runs more queries
such that no KeyGen query is allowed on IDRand unsigncrypt
cannot queried on CTch under IDch
Sand IDch
R.
Guess: At the end, AIguesses b∈{0,1}.Ifb=b,
adversary AIwins the game with negligible advantage ε
Adv(AI)=
Prb=b−1/2
.
IND-CCA-II: It is defined by the game played between
a challenger Cand an adversary AII.
Setup: On given k, challenger Coutputs the public param-
eters pp and secret keys <s1,s2···sn>.Csends pp to AII.
Phase1: AII can get the private key using KPS’s secret key
so private key protection queries are not required.
1) KeyGen Query: Given ID,Ccomputes the partials pri-
vate key D0←ParPriKey(ID,pp), protected private key
Diusing siand computes dE←KeyGen(Di)to AII.
2) Signcrypt Query: Identical to the IND-CCA-I game.
3) Unsigncrypt Query: Identical to the IND-CCA-I game.
4) Aggregate Unsigncrypt Query: Identical to the IND-
CCA-I game.
Challenger Phase: Identical to the IND-CCA-I game.
Phase 2: Identical to the IND-CCA-I game.
Guess: At the end, AII guesses b∈{0,1}.Ifb=b,
adversary AIwins the game with negligible advantage
Adv(AI)=
Prb=b−1/2
.
Definition 1 (IND-CCA): The proposed EF-IDASC scheme
is indistinguishability secured against IND-CCA-I and IND-
CCA-II if no polynomially bounded adversaries AIand AII
have a nonnegligible advantage εin the above games.
EUF-CMA-I: It is defined by the game played between
a challenger Cand a forger FI.
Setup: Identical to the setup query of the IND-CCA-I game.
Phase1: FIruns the queries as identical to the IND-CCA-I
game.
Forgery: FIresponds the forgery <CTch,IDch
S,IDch
R>and
wins the game if:
1) IDch
Shas not queried for KeyGen previously;
2) during signcryption, CTch has not responded for
<IDch
S,IDch
R>;
3) unsigncrypt queries for <CTch,pp,dch
S,IDch
S,IDch
R>
responds the valid output.
EUF-CMA-II: It is defined by the game played between
a challenger Cand a forger FII.
Setup: FII runs this query as identical to the setup query of
the IND-CCA-II game.
Phase1: FII runs this query as identical to the IND-CCA-II
game.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
10654 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 10, OCTOBER 2020
Algorithm 1 System Setup
1. Given a security parameter k, the NM picks an element
q, a k-bit large prime number. Let an additive group G1,
multiplicative group G2of order of q, P be the generator of
G1and a pairing function e:G1×G1→G2.
2. Suppose five one-way cryptographic hash functions as follows.
H1:{0,1}l→G1,H2:{0,1}∗→{0,1}m+l+t×G1,
H3:G2×{0,1}n→Z∗
q,H4:Gm
1→Z∗
q,andH5:Gn
1→
Z∗
q,wherem,l and t denote the size message, identity and
timestamp (in bits).
3. NM chooses an element s0∈Z∗
qand sets pubic key P0=s0P,
and sends P0to KPSi.
4. KPSichooses an element si∈Z∗
qand sets Pi=siP0and
responses Piback to the NM.
5. NM combines all received parameters and computes the system
public key Y=i=n
i=1Pi=s0(s1+s2+···sn)P
6. NM keeps s0secret and published the public parameter =
<q,e,P,P0,G1,G2,H1,H2,H3,H4,H5,Y,P1,P2,...Pn>.
Forgery: FII runs this query as identical FIruns forgery
query in the EUF-CMA-I game.
Definition 2 (EUF-CMA): The proposed EF-IDASC scheme
is secured against EUF-CMA-I and EUF-CMA-II, if no poly-
nomially bounded forgers FIand FII have a nonnegligible
advantage εin the above games.
III. CLOUD-CENTRIC SECURE IOMT-ENABLED SMART
HEALTHCARE SYSTEM
In this section, we give the implementation of the proposed
smart healthcare system, which is accomplished in the follow-
ing four phases.
A. System Initialization
This section discusses the system setup and the entity’s reg-
istration. In Algorithm 1, NM and KPSs set up the proposed
system, in which they generate the secret keys and system
parameters. The secret keys are secret to them, and public
parameters are broadcasted in the network. Algorithm 2 reg-
isters the new entity that wishes to add in the network. The
NM authenticates the entity against its identity ID and issues
a partial private key to it. The multiple KPSs protect the partial
private key and forward the protected private key shares to the
entity. Entity combines the shares and extracts its escrow-free
private key. Since BMS has limited computation power, so
the expensive computation can be outsourced on the powerful
system.
B. Secure Data Communication From BMS to PAD
This section discusses secure data communication from the
BMS to PAD. Suppose a WBAN architecture consists of n
BMSs connected with a PAD. Let Mi,jdenotes the PHI col-
lected by the jth BMS at time Ti,j, where 1 ≤i≤mand
1≤j≤n. The secure data transmission from the jth BMS
to the PAD is defined in Algorithm 3, where, the jth BMS
collects Mi,j, signcrypts it via its private key dj
BMS to output
signcryptext Ci,j, and sends it to the PAD. In order to fur-
ther improve the computation cost, the jth BMS aggregates
each collected signcryptext Ci,jon different timestamps, signs
Algorithm 2 Entity’s Authentication and Registration
1. Entity E ∈{BMS, PAD, SD} with identity IDE,picksan
element xE∈Z∗
q,set XE=xEP,DE=xEQE,where
QE=H1(IDE)and sends <XE,IDE,DE>to NM.
2. The NM validates the parameters using e(QE,XE)?=
e(DE,P)compute the partial private key as DE0=
s0DE,XE0=s0XE, and responds DE0back to E
3. E aborts the process if e(DE,P0)=e(DE0,P)does not hold.
4. Otherwise, E accepts it and requests to KPSifor key protection.
5. KPSiaborts the process if above equation e(QE,XE0)=
e(DE0,P)does not hold
6. Otherwise, sends DEi =siDE0to E.
7. Entity E checks DEi if equation e(DE,Pi)=e(DEi,P)holds.
8. E unblinds it and retrieves the private key dE=
x−1
Ei=n
i=1DEi =s0(s1+s2+···sn)QE.
9. Otherwise, abort the process.
Algorithm 3 PHI Aggregate Signcryption
1. jth BMS chooses an element aj∈Z∗
qand computes Aj=
ajQj
BMS,andBj=ajPwhere Qj
BMS =H1(IDj
BMS).
2. jth BMS sets Kj=e(ajdj
BMS,QSD ),whereQSD =
H1(IDSD)and computes signcryption key as Sk
j=
H2(IDSD,Aj,Kj,Sk−1
j). Here, Sk−1
jis the previous key.
3. On given time-stamp Ti,j∈{0,1}tand PHI Mi,j∈{0,1}m,
jth BMS computes hi,j=H3(Mi,j,Aj,Ti,j)and Ci,j=(aj+
hi,j)dj
BMS
4. Sets Di,j=Mi,jCi,jIDj
BMSTi,j⊕Sk
j,where1≤i≤mand
1≤j≤n.
5. Aggregates the signcypted PHI as Caggr,j=
H4(C1,j,C2,j,...Cm,j)and Ej=Caggr,jdj
BMS
6. Stores CTj={Aj,Bj,Caggr,j,iDi,j,Ej}in PAD.
it with its private key dj
BMS, and stores it in the PAD. On
receiving the PHI in an encrypted form from the jth BMS, the
PAD first verifies the authenticity of data, using (1) defined in
Algorithm 5 without accessing the original PHI and accepts
the parameters. Otherwise, rejects it.
C. Secure Data Communication From PAD to MCS
This section discusses the secure data communication from
the PAD to SD/MCS and the integrity of data on the
MCS. After verifying the authenticity of data, PAD com-
bines the aggregated signcryptexts received from multiple
BMS into a single compact reaggregated signcryptext, as given
in Algorithm 4. In our proposed model, PAD has sufficient
memory and computational power, so we could not bother
about computation on PAD. It is to note that PAD is only
allowed to check the authenticity of aggregated signcryptext
and reaggregated signcryptext without knowing the actual PHI
data. Now, PAD offloads the reaggregated data to the MCS.
Algorithm 5 defines the public verifiability; wherein anyone
can verify the integrity of PHI without downloading the actual
data from the MCS. Whenever the doctor needs the patient’s
current health status, he fetches the encryption data from MCS.
In Algorithm 6, SD decrypts the signcrypted data using an
aggregate unsigncryption scheme to access the original PHI
data. It can access the original PHI if the received parameters
are successfully verified.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
KUMAR AND CHAND: SECURE AND EFFICIENT CLOUD-CENTRIC INTERNET-OF-MEDICAL-THINGS-ENABLED SMART HEALTHCARE SYSTEM 10655
Algorithm 4 PHI Reaggregation
1. Now, PAD collects signcrypted data CTj=
{Aj,Bj,Caggr,j,iDi,j,Ej}from jth BMS with IDj
BMS,
where 1 ≤j≤n. PAD reaggregates them as
2. CPAD =H5(Caggr,1,Caggr,2,...,Caggr,n)
3. Computes the F=CPAD dPA D
4. Reaggregated signcryptext is CTPAD =
{Aj,Bj,CPAD ,Caggr,j,iDi,j,Ej,F}and stores it on
the MCS.
Algorithm 5 Public Verifiability
1. On stored encrypted data CTPA D =
{Aj,Bj,CPAD ,Caggr,j,iDi,j,Ej,F}on the MCS, any-
one in the network can verify the integrity of data as
follows.
2. Checks the equality
e(F,P)=e(QPAD ,Y)CPA D (1)
3. If yes, checks the equality
eEj,Bj=eAj,YCaggr,j(2)
- Accepts it.
4. Otherwise, Abort it.
Algorithm 6 Aggregate Unsigncryption
1. On given signcryptext CTPAD =
{Aj,Bj,CPAD ,Caggr,j,iDi,j,Ej,F}fromMCS,SD
performs
-SetsKj=e(dSD ,Aj)and Sk
j=H2(IDSD,Aj,Kj,Sk−1
j).
- Decrypt PHI as Mi,jCi,jIDj
BMSTi,j=Di,j⊕Sk
j
- Compute hi,j=H3(Mi,j,Aj,Ti,j)
2. Accept the PHI Mi,jif the following conditions holds:
e⎛
⎝
m
i=1
n
j=1
Ci,j,P⎞
⎠=e⎛
⎝
m
i=1
n
j=1Aj+hi,jQj
BMS,Y⎞
⎠(3)
The consistency of (3) is verified as
e⎛
⎝
m
i=1
n
j=1
Ci,j,P⎞
⎠=e⎛
⎝
m
i=1
n
j=1
(aj+hi,j)dj
BMS,P⎞
⎠
=e⎛
⎝
m
i=1
n
j=1aj+hi,jQj
BMS,s0
(s1+s1+··· +sn)P⎞
⎠
=e⎛
⎝
m
i=1
n
j=1Aj+hi,jQj
BMS,Y⎞
⎠.
Also
K=e(dSD,A)=e(s0(s1+s1+···+sn)QSD ,aQBMS)
=e(QSD,as0(s1+s1+···+sn)QBMS )
=e(QSD,adBMS)=K.
D. Data Communication From SD to BMS
After accessing the patient PHI from MCS, SD diagnoses
the patient by sending the prescription Pto the BMS in
a secure way. Due to the resource-constrained behavior of
a BMS, we will leverage the PAD again, where SD sign-
crypts the prescription Pusing Algorithm 3 and sends it
to MCS. On a particular time T, PAD fetches it and sends
the signcrypted prescription to the target BMS. BMS runs
Algorithm 6 to unsigncrypt the signcrypted prescription to
obtain prescription P.
IV. SECURITY ANALYSIS
Here, we illustrate that the proposed system achieves the
following security goals.
1) Eavesdropping: In the proposed scheme, BMS sign-
crypts the data using its private key, which could be
decrypted using the private key of SD and identity
of BMS. In order to intercept the original data from
signcrypted data, an attacker needs the private key of
SD/BMS whose production is based on the NM’s mas-
ter key and KPSs secret keys. The master key generation
is equivalent to solve the BDH problem. Therefore,
any unauthorized entity cannot intercept the original
message.
2) Data Modification: Any forgery or modification in the
signcrypted data will be caught by the SD during unsign-
cryption. Assuming the BDH problem is hard to solve,
any malicious attacker cannot modify the original data.
3) Mutual Authentication: During registration, in the
proposed scheme, each entity is authenticated and reg-
istered by NM followed by it obtains a private key. Two
entities in the proposed WBAN system can communi-
cate with each other if they were registered with NM
previously.
4) Contextual Privacy: The identity of the intended
sender is encapsulated in the signcryptext D=
MCIDBMST⊕Ssk and is transmitted to the SD/MCS
via PAD. On a given signcryptext D, the attacker can-
not intercept the identities of the intended sender and
receiver. Even PAD has no information about the PHI,
while it knows the destination to transmit the ciphertext.
5) Unlinkability: In the proposed system, the source iden-
tity IDj
BMS is encapsulated by session key Ssk whose
production depends on the private keys of source and
destination and session key of previous communication
as D=MCIDBMST⊕Ssk . The decryption is done
by the private key of the SD.
6) Patient Anonymity: The unlinkability property also
ensures the patient’s anonymity.
7) Resilient to key Escrow: Similar to
scheme [32, Ths. 1 and 2], the proposed system is
resilient to the key escrow problem.
8) Entity Revocation: We will address the revocation
problem by adding a timestamp with identity for its pub-
lic key. For example, instead of using the ID of a revoked
entity, we use “IDtime” as the public key. The KGC
and multiple KPSs compute the corresponding private
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
10656 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 10, OCTOBER 2020
key for the IDtime to the entity. In this way, the entity
should refresh its private key accordingly.
9) Nonrepudiation: The data are signed via biomedical sen-
sor’s private key dBMS, it cannot deny the authenticity
of their signature.
10) Forward Secrecy: The random element ajincluded in
session key Sk
jat kinstance, ensures the secrecy of the
session key if the private key of BMS and the session
key Sk−1
jat k−1 instance is compromised.
11) Public Auditability: The proposed system achieves
the public verifiability, given in (1) and (2) of
Algorithm 5. On given received parameters CTPAD =
{Aj,Bj,CPAD ,Caggr,j,Di,j,Ej,F}, the consistency of
encrypted PHI can be verified as follows. Since, F=
Caggr,PAD dPA D , the consistency of (1) is verified as
e(F,P)=e(CPAD dPA D ,P)
=e(CPAD s0(s1+s1+ ···+sn)QPAD ,P)
=e(CPAD QPA D ,Y)=e(QPA D ,Y)CPAD
and since Ej=Caggr,jdj
BMS, and Bj=bP, the consistency of
(2) is verified as
eEj,Bj=eCaggr,jdj
BMS,ajP
=eCaggr,js0(s1+s1+···+sn)Qj
BMS,ajP
=eajCaggr,jQj
BMS,Y=eAj,YCagg,j.
V. PERFORMANCE ANALYSIS
A. Performance Evaluation
This section evaluates the performance of the proposed
smart healthcare system in terms of computational cost and
communication cost. Our primary focus is to compute the
energy consumption employed on the BMS side during
data communication and computation since it is a resource-
constrained device as compared to the machine on medical
institutions.
Experimental Result: We perform the experiment on
Acer E5-573-5108 laptop with Intel Core i5-5200U
CPU@2.20 GHz and 8-GB RAM on Windows 10 along
with the smartphone having Android operating system of
64-b 4core CPU processor and 3-GB RAM. We simulate
the operations perform by NM, SD, MCS, and KPSs, which
require relatively large computations. On another side, the
user’s terminal has low processing capability and battery
capacity. So, we utilize a smartphone to simulate the oper-
ations performed by BMS and PAD. With an 80-b security
level, all computations are estimated on a supersingular curve
y2+y=x3+xhaving embedding degree 4 and used the
eta pairing, η:E(F2271 )×E(F2271 )→E(F24.271 ). In order to
scrutinize the performance, we assume the following opera-
tions: elliptic curve (EC)-based point scalar multiplication,
EC-based point addition, the pairing of two points on an EC,
exponentiation on pairing, map-to-point hash function, mod-
ular inversion, and modular-multiplication operations. The
execution time of such cryptographic operations is obtained
by taking the average of five succeeding runs with different
TAB LE I I
NOTATIONS AND COMPUTATION COST (IN MS)OF DIFFERENT
CRYPTOGRAPHIC OPERATIONS
Fig. 2. Total energy consumption between BMS and PAD of our scheme.
inputs using the PBC library. It is also observed in [34] that
1TP≈3TSM ≈87TM,TE≈21TM,TH≈23TM,TI≈11.6TM,
and TA≈0.12TM. From [35] and [36], we have seen that the
electrical requirement for the MICA2 sensor is as follows: the
required voltage in active mode is 3.0 V, the current drawn in
active mode, transmitting, and receiving modes are 8.0, 27.0,
and 10.0 mA, respectively and data rate is 12.4 kb/s. As per
the calculation, given in [37], we consider that the energy
consumption for operations is calculated as W=V∗I∗T.
Table II summarizes the notations, computation cost (in ms),
and energy consumption (in mJ) of various cryptographic
operations. As per [37], a sensor needs 0.0522 and 0.0193-mJ
energy for transmitting and receiving a 1 B message.
Message Size: Here, we study the aggregated-message size
overhead in one transmission and mtransmission. For commu-
nication overhead, we consider |T|=|M|=4 B and |ID|=1
B. For 1024-b RSA level of security, |G1|must be 64-B prime
if G2is a q-order of subgroup of multiplicative group of finite
field Fp2. According to [12], we assume |G1|=42.5Bforthe
finite field Fp3and |G1|=20 B for the finite field Fp6.The
required aggregated-message size for storing mdata collected
from a BMS in single transmission and mtransmission are
4|G1|+m∗(|G1|+9)and m∗(2|G1|+9)B, respectively.
We also compute the storage cost of the reaggregated mes-
sage size of n∗mPHI data collected from nBMS to MCS
via PAD in one transmission and n∗min n∗mtransmission,
respectively. Thus, the required message size for storing n∗m
data collected from nBMS in one transmission in single trans-
mission and n∗mtransmission are (n+3)|G1|+n∗m∗(|G1|+9)
and m∗n∗(2|G1|+9)B, respectively. It is obvious that PAD
is a storage-rich device so it will not bother storing the large
message. The required message size for storing a prescription
at SD is |G1|+9B.
Communication Overhead: We consider the size of sign-
crypted PHI, in order to evaluate the communication overhead.
The proposed system stores the signcrypted PHI in the PAD
and transmits it to the SD via MCS. For communicating m
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
KUMAR AND CHAND: SECURE AND EFFICIENT CLOUD-CENTRIC INTERNET-OF-MEDICAL-THINGS-ENABLED SMART HEALTHCARE SYSTEM 10657
TABLE III
STORAGE COST COMPARISON OF THE PROPOSED EF-IDASC SCHEME WITH EXISTING SCHEMES
TAB LE I V
SECURITY COMPARISON OF PROPOSED EF-IDASC SCHEME WITH OTHER RELATED SCHEMES,WHERE, CDHP: COMPUTATIONAL DIFFIE–HELLMAN
PROBLEM, GDHP: GAP DIFFIE –HELLMAN PROBLEM, DBDHP: DECISIONAL BILINEAR DIFFIE–HELLMAN PROBLEM, MBDHP: MODIFIED BILINEAR
DIFFIE–HELLMAN PROBLEM,CLC:CERTIFICATELESS CRYPTOGRAPHY
Fig. 3. Total energy consumption between PAD and SD/MCS of our scheme.
Fig. 4. Total energy consumption between SD and BMS of our scheme.
messages to PAD, BMS requires 4|G1|+m∗(|G1|+9)and
m∗(2|G1|+9)B of overhead in one transmission and m
transmissions, respectively. For communicating n∗mmes-
sages to MCS, PAD needs (n+3)|G1|+n∗m∗(|G1|+9)
and m∗n∗(2|G1|+9)B of overhead transmissions, and min
m∗ntransmissions, respectively. SD requires (|G1|+9)Bof
overhead for transmitting a prescription to BMS.
Energy Consumption on Communication: In our proposed
system, BMS consumes (0.0715(4+m)|G1|+0.643m)and
m∗(0.143|G1|+0.643)mJ of energy communicating m
aggregated messages collected from a BMS to PAD in one
transmission and mtransmissions, respectively. Fig. 2 shows
the energy consumption for communication between BMS and
PAD on various security parameters. From PAD to SD/MCS,
the proposed scheme consumes ((0.214 +0.0715 ∗n∗(m+
1))|G1|+m∗n∗0.643)and m∗n∗(0.143|G1|+0.643)mJ
Fig. 5. Total energy consumption comparison of the proposed system with
other systems.
of energy for transmitting m∗nreaggregated messages in one
transmission and mtransmissions, respectively. Fig. 3 shows
the energy consumption for communication between SD and
PAD on various security parameters. Similarly, for transmit-
ting a prescription from SD to BMS, the proposed systems
consumes (0.0715|G1|+0.643)mJ of energy, as shown in
Fig. 4.
B. Performance Comparison
Here, we compare our proposed EF-IDASC scheme with
Selvi et al.’ scheme-I [20], scheme-II [20], scheme-III [20],
Eslami and Pakniat scheme [23], Kar scheme [22], and
Niu et al. scheme [24], in terms of computation (in ms), com-
munication (in B), energy consumption (in mJ), and security
attack.
Computation Cost: Due to the resource-constraint behav-
ior of BMS, we only consider the computation cost on
patient side. In our proposed EF-IDASC scheme, aggregate-
signcryption needs (n+3)TS+1TP=0.304n+3.28 ms
to signcrypt and combine nmessages, while aggregate-
unsigncryption needs nTS+3TP=0.304n+7.12 ms to
unsigncrypt and verify the aggregated signcryptext, which
is the least cost as compared to schemes [20]-I, [20]-II,
[20]-III, [22], [23], and [24], shown in Table III.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
10658 IEEE INTERNET OF THINGS JOURNAL, VOL. 7, NO. 10, OCTOBER 2020
Communication Cost: To evaluate the communication cost,
we consider |M|=4B,|T|=4 B, and |ID|=1 B. For super-
singular curve over the binary field F2271 with the order of
G1is 252-b prime and using compression technique [35], we
assume |G1|=34 B. The proposed EF-IDASC scheme outputs
4|G1|+n∗(|G1|+9)=(136 +43n)B of aggregated sign-
cryptext of nmessages, which has least communication cost as
compared to [20]-I, [20]-II, [20]-III, and [22]–[24] schemes.
Total Energy Consumption: This section evaluates the total
energy consumption for aggregate-signcrypting nmessages
and communicating (transmission and receiving) them from
sender (BMS) to receiver (SD). The proposed system con-
sumes (7.3n+86.1)mJ to aggregate-signcrypt and 3.07n+
9.7 mJ to communicate n messages from the sender (BMS) to
receiver (SD). Thus, it consumes (10.4n+95.7)mJ of total
energy, which has the least energy consumption as compared
to related schemes, such as [20]-I, [20]-II, [20]-III, [22], [23],
and scheme [24] for signcrypting and communicating n mes-
sage. Table III compares the total energy consumption of our
scheme with other related schemes. Fig. 5. shows the total
energy consumption comparison of our scheme with other
schemes.
Security Comparison: Table IV shows the comparison of
our proposed EF-IDASC scheme with related schemes, such
as [20]-I, [20]-II, [20]-III, [22], [23], and [24], in terms of
cryptographic primitives used, mathematical assumptions, and
level of security achieved. Here, we use the following nota-
tions, S1: mutual authenticity, S2: data confidentiality, S3:
data integrity, S4: Unlinkability S5: contextual privacy, S6:
resilient to key escrow, S7: entity revocation, S8: patient
anonymity, S9: nonrepudiation, S10: forward secrecy, and S11:
public auditing. Table IV illustrates that the proposed EF-
IDASC scheme has better security on comparing with related
schemes.
VI. CONCLUSION
In this article, we have proposed an EF-IDASC scheme,
which is secured against the existential forgery attack under
the chosen message attack (EUF-CMA) and indistinguishable
under the chosen-ciphertext attack (IND-CCA2). On compar-
ing with other schemes, it has the least energy consumption
in terms of communication and computation. Based on the
proposed EF-IDASC, we have implemented a cloud-centric
IoMT-enabled smart healthcare system. The healthcare system
has achieved secure patients PHI within BAN, and outside the
BAN, and public integrity of PHI stored on the cloud with-
out revealing information to any third entity. Furthermore, we
have scrutinized the performance of the proposed cloud-centric
IoMT-based healthcare system in terms of computation energy
and communication energy consumption.
REFERENCES
[1] Y. Zhang, R. Deng, D. Zheng, J. Li, P. Wu, and J. Cao, “Efficient
and robust certificateless signature for data crowdsensing in cloud-
assisted industrial IoT,” IEEE Trans. Ind. Informat., vol. 15, no. 9,
pp. 5099–5108, Sep. 2019.
[2] M. Kumar and S. Chand, “A lightweight cloud-assisted identity-based
anonymous authentication and key agreement protocol for secure wire-
less body area network,” IEEE Syst. J., early access, May 22, 2020,
doi: 10.1109/JSYST.2020.2990749.
[3] W. Sun, Z. Cai, Y. Li, F. Liu, S. Fang, and G. Wang, “Security and
privacy in the medical Internet of Things: A review,” Security Commun.
Netw., vol. 2018, Jan. 2018, Art. no. 5978636.
[4] A. Zhang, J. Chen, R. Q. Hu, and Y. Qian, “SeDS: Secure data shar-
ing strategy for D2D communication in LTE-advanced networks,” IEEE
Trans. Veh. Technol., vol. 65, no. 4, pp. 2659–2672, Apr. 2016.
[5] Z. Li, Z. Yang, and S. Xie, “Computing resource trading for edge-cloud-
assisted Internet of Things,” IEEE Trans. Ind. Informat., vol. 15, no. 6,
pp. 3661–3669, Jun. 2019.
[6] W. Wang, P. Xu, and L. T. Yang, “Secure data collection, storage
and access in cloud-assisted IoT,” IEEE Cloud Comput., vol. 5, no. 4,
pp. 77–88, Jul./Aug. 2018.
[7] D. He, S. Zeadally, and L. Wu, “Certificateless public auditing scheme
for cloud-assisted wireless body area networks,” IEEE Syst. J., vol. 12,
no. 1, pp. 64–73, Mar. 2018.
[8] V. Sureshkumar, R. Amin, V. R. Vijaykumar, and S. Rajasekar, “Robust
secure communication protocol for smart healthcare system with FPGA
implementation,” Future Gener. Comput. Syst., vol. 100, pp. 938–951,
Nov. 2019.
[9] H. Xiong and Z. Qin, “Revocable and scalable certificateless
remote authentication protocol with anonymity for wireless body
area networks,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 7,
pp. 1442–1455, Jul. 2015.
[10] J. Shen, S. Chang, J. Shen, Q. Liu, and X. Sun, “A lightweight multi-
layer authentication protocol for wireless body area networks,” Future
Gener. Comput. Syst., vol. 78, pp. 956–963, Jan. 2018.
[11] J. A. Akinyele, M. W. Pagano, M. D. Green, C. U. Lehmann,
Z. N. J. Peterson, and A. D. Rubin, “Securing electronic medical
records using attribute-based encryption on mobile devices,” in Proc.
1st ACM Workshop Security Privacy Smartphones Mobile Devices, 2011,
pp. 75–86.
[12] C. Hu, H. Li, Y. Huo, T. Xiang, and X. Liao, “Secure and effi-
cient data communication protocol for wireless body area networks,”
IEEE Trans. Multi-Scale Comput. Syst., vol. 2, no. 2, pp. 94–107,
Apr.–Jun. 2016.
[13] B. Chandrasekaran, R. Balakrishnan, and Y. Nogami, “Secure data com-
munication using file hierarchy attribute based encryption in wireless
body area networks,” J. Commun. Softw. Syst., vol. 14, no. 1, pp. 75–81,
2018.
[14] F. Li, M. K. Khan, K. Alghathbar, and T. Takagi, “Identity-based
online/offline signcryption for low power devices,” J. Netw. Comput.
Appl., vol. 35, no. 1, pp. 340–347, 2012.
[15] A. A. Omala, N. Robert, and F. Li, “A provably-secure transmission
scheme for wireless body area networks,” J. Med. Syst., vol. 40, no. 11,
p. 247, 2016.
[16] A. Yin and H. Liang, “Certificateless hybrid signcryption scheme for
secure communication of wireless sensor networks,” Wireless Pers.
Commun., vol. 80, no. 3, pp. 1049–1062, 2015.
[17] A. Zhang, L. Wang, X. Ye, and X. Lin, “Light-weight and robust
security-aware D2D-assist data transmission protocol for mobile-
health systems,” IEEE Trans. Inf. Forensics Security, vol. 12, no. 3,
pp. 662–675, Mar. 2017.
[18] C. Zhou, “Comments on ‘light-weight and robust security-aware D2D-
assist data transmission protocol for mobile-health systems,”’ IEEE
Trans. Inf. Forensics Security, vol. 13, no. 7, pp. 1869–1870, Jul. 2018.
[19] C. Zhou, “An improved lightweight certificateless generalized signcryp-
tion scheme for mobile-health system,” Int. J. Distrib. Sens. Netw.,
vol. 15, no. 1, pp. 1–16, 2019.
[20] S. S. D. Selvi, S. S. Vivek, J. Shriram, S. Kalaivani, and C. P. Rangan,
“Identity based aggregate signcryption schemes,” in Proc. Int. Conf.
Cryptol. India, 2009, pp. 378–397.
[21] H. Wang, Z. Liu, Z. Liu, and D. S. Wong, “Identity-based aggregate
signcryption in the standard model from multilinear maps,” Frontiers
Comput. Sci., vol. 10, no. 4, pp. 741–754, 2016.
[22] J. Kar, “Provably secure identity-based aggregate signcryption scheme
in random oracles,” IACR Cryptol. ePrint Arch., vol. 2013, pp. 580–587,
Jan. 2013.
[23] Z. Eslami and N. Pakniat, “Certificateless aggregate signcryption:
Security model and a concrete construction secure in the random oracle
model,” J. King Saud Univ. Inf. Sci., vol. 26, no. 3, pp. 276–286, 2014.
[24] S. Niu, Z. Li, and C. Wang, “Privacy-preserving multi-party aggre-
gate signcryption for heterogeneous systems,” in Proc. Int. Conf. Cloud
Comput. Security, 2017, pp. 216–229.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
KUMAR AND CHAND: SECURE AND EFFICIENT CLOUD-CENTRIC INTERNET-OF-MEDICAL-THINGS-ENABLED SMART HEALTHCARE SYSTEM 10659
[25] M. Kumar and S. Chand, “SecP2PVoD: A secure peer-to-peer video-on-
demand system against pollution attack and untrusted service provider,”
Multimed. Tools Appl., vol. 79, pp. 6163–6190, Dec. 2019.
[26] G. S. Aujla, R. Chaudhary, K. Kaur, S. Garg, N. Kumar, and R. Ranjan,
“SAFE: SDN-assisted framework for edge–cloud interplay in secure
healthcare ecosystem,” IEEE Trans. Ind. Informat., vol. 15, no. 1,
pp. 469–480, Jan. 2018.
[27] Y. Liu, Y. Zhang, J. Ling, and Z. Liu, “Secure and fine-grained access
control on e-healthcare records in mobile cloud computing,” Future
Gener. Comput. Syst., vol. 78, pp. 1020–1026, Jan. 2018.
[28] Y. Yang and M. Ma, “Conjunctive keyword search with designated
tester and timing enabled proxy re-encryption function for e-health
clouds,” IEEE Trans. Inf. Forensics Security, vol. 11, no. 4, pp. 746–759,
Apr. 2016.
[29] Y. Zhang, D. Zheng, and R. H. Deng, “Security and privacy in smart
health: Efficient policy-hiding attribute-based access control,” IEEE
Internet Things J., vol. 5, no. 3, pp. 2130–2145, Jun. 2018.
[30] Y. Yang, X. Zheng, and C. Tang, “Lightweight distributed secure
data management system for health Internet of Things,” J. Netw. Comput.
Appl., vol. 89, pp. 26–37, Jul. 2017.
[31] M. Elhoseny, G. Ramírez-González, O. M. Abu-Elnasr, S. A. Shawkat,
N. Arunkumar, and A. Farouk, “Secure medical data transmis-
sion model for IoT-based healthcare systems,” IEEE Access,vol.6,
pp. 20596–20608, 2018.
[32] M. Kumar and S. Chand, “ESKI-IBE: Efficient and secure key issuing
identity-based encryption with cloud privacy centers,” Multimedia Tool
Appl., vol. 78, pp. 19753–19786, Feb. 2019.
[33] N. A. Pantazis, S. A. Nikolidakis, and D. D. Vergados, “Energy-efficient
routing protocols in wireless sensor networks: A survey,” IEEE Commun.
Surveys Tuts., vol. 15, no. 2, pp. 551–591, 2nd Quart., 2013.
[34] M. Kumar, C. P. Katti, and P. C. Saxena, “A secure anonymous e-voting
system using identity-based blind signature scheme,” in Proc. Int. Conf.
Inf. Syst. Security, 2017, pp. 29–49.
[35] K.-A. Shim, Y.-R. Lee, and C.-M. Park, “EIBAS: An efficient identity-
based broadcast authentication scheme in wireless sensor networks,” Ad
Hoc Netw., vol. 11, no. 1, pp. 182–189, 2013.
[36] X. Cao, W. Kou, L. Dang, and B. Zhao, “IMBAS: Identity-based multi-
user broadcast authentication in wireless sensor networks,” Comput.
Commun., vol. 31, no. 4, pp. 659–667, 2008.
[37] K.-A. Shim, “S2DRP: Secure implementations of distributed reprogram-
ming protocol for wireless sensor networks,” Ad Hoc Netw., vol. 19,
pp. 1–8, Aug. 2014.
Authorized licensed use limited to: JAWAHARLAL NEHRU UNIVERSITY. Downloaded on April 09,2021 at 14:54:06 UTC from IEEE Xplore. Restrictions apply.
