Skip to main content
SpringerLink
Log in

End-to-end privacy preserving scheme for IoT-based healthcare systems

  • Original Paper
  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Preserving patients’ privacy is one of the most important challenges in IoT-based healthcare systems. Although patient privacy has been widely addressed in previous work, there is a lack of a comprehensive end-to-end approach that simultaneously preserves the location and data privacy of patients assuming that system entities are untrusted. Most of the past researches assume that parts of this end-to-end system are trustworthy while privacy may be threatened by insider attacks. In this paper, we propose an end-to-end privacy preserving scheme for the patients assuming that all main entities of the healthcare system (including sensors, gateways, and application providers) are untrusted. The proposed scheme preserves end-to-end privacy against insider threats as well as external attacks concerning the resource restrictions of the sensors. This scheme provides mutual authentication between main entities while preserves patients’ anonymity. Only the allowed users can access the real identity of patients alongside their locations and their healthcare information. Informal security analysis and formal security verification of the proposed protocol in AVISPA show that it is secure against impersonation, replay, modification, and man-in-the-middle attacks. Moreover, performance assessments show that the proposed protocol provides more security services without considerable growth in the computation overhead of the sensors. Also, it is shown that the proposed protocol diminishes the signaling overhead of the sensors and so their energy consumption compared to the literature at the expense of adding a little more signaling overhead to the gateways.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Zhao, Z. (2014). An efficient anonymous authentication scheme for wireless body area networks using elliptic curve cryptosystem. Journal of medical systems, 38(2), 13.

    Google Scholar 

  2. Gope, P., & Hwang, T. (2015). Untraceable sensor movement in distributed IoT infrastructure. IEEE Sensors Journal, 15(9), 5340–5348.

    Google Scholar 

  3. Yeh, K.-H. (2016). BSNCare+: A Robust IoT-Oriented Healthcare System with Non-Repudiation Transactions. Applied Sciences, 6(12), 418.

    Google Scholar 

  4. Liu, J., Zhang, Z., Chen, X., & Kwak, K. S. (2014). Certificateless remote anonymous authentication schemes for wirelessbody area networks. IEEE Transactions on Parallel and Distributed Systems, 25(2), 332–342.

    Google Scholar 

  5. V. Kolesnikov and T. Schneider, "Improved garbled circuit: Free XOR gates and applications," in International Colloquium on Automata, Languages, and Programming, 2008, pp. 486–498.

  6. Y. Huang, D. Evans, and J. Katz, "Private set intersection: Are garbled circuits better than custom protocols?," in NDSS, 2012.

  7. Tso, R., Alelaiwi, A., Rahman, S. M. M., Wu, M.-E., & Hossain, M. S. (2017). Privacy-preserving data communication through secure multi-party computation in healthcare sensor cloud. Journal of Signal Processing Systems, 89(1), 51–59.

    Google Scholar 

  8. Sajid, A., & Abbas, H. (2016). Data privacy in cloud-assisted healthcare systems: state of the art and future challenges. Journal of medical systems, 40(6), 155.

    Google Scholar 

  9. P. M. Corcoran, "A privacy framework for the Internet of Things," in Internet of Things (WF-IoT), IEEE 3rd World Forum on, 2016, pp. 13–18.

  10. N. Aleisa and K. Renaud, "Privacy of the internet of things: a systematic literature review," in Hawaii International Conference on System Sciences, 2017, pp. 5947–5956.

  11. Gope, P., Lee, J., & Quek, T. Q. (2016). Resilience of DoS attacks in designing anonymous user authentication protocol for wireless sensor networks. IEEE Sensors Journal, 17(2), 498–503.

    Google Scholar 

  12. Gope, P., & Hwang, T. (2016). BSN-Care: A secure IoT-based modern healthcare system using body sensor network. IEEE Sensors Journal, 16(5), 1368–1376.

    Google Scholar 

  13. Yeh, K.-H. (2016). A Secure IoT-Based Healthcare System With Body Sensor Networks. IEEE Access, 4, 10288–10299.

    Google Scholar 

  14. Li, C.-T., Weng, C.-Y., & Lee, C.-C. (2015). A secure RFID tag authentication protocol with privacy preserving in telecare medicine information system. Journal of medical systems, 39(8), 77.

    Google Scholar 

  15. He, D., Zeadally, S., Kumar, N., & Lee, J.-H. (2016). Anonymous authentication for wireless body area networks with provable security. IEEE Systems Journal, 11(4), 2590–2601.

    Google Scholar 

  16. Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of medical systems, 38(12), 136.

    Google Scholar 

  17. Kumari, S., Karuppiah, M., Das, A. K., Li, X., Wu, F., & Kumar, N. (2018). A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers. The Journal of Supercomputing, 74(12), 6428–6453.

    Google Scholar 

  18. He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., & Yeo, S.-S. (2015). Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.

    Google Scholar 

  19. Shuai, M., Liu, B., Yu, N., Xiong, L., & Wang, C. (2020). Efficient and privacy-preserving authentication scheme for wireless body area networks. Journal of Information Security and Applications, 52, 102499.

    Google Scholar 

  20. B. O. Soufiene, A. A. Bahattab, A. Trad, and H. Youssef, "RESDA: Robust and Efficient Secure Data Aggregation Scheme in Healthcare using the IoT," in 2019 International Conference on Internet of Things, Embedded Systems and Communications (IINTEC), 2019, pp. 209–213.

  21. Sharavanan, P., Sridharan, D., & Kumar, R. (2018). A privacy preservation secure cross layer protocol design for IoT based wireless body area networks using ECDSA framework. Journal of Medical Systems, 42, 10.

    Google Scholar 

  22. Saha, R., Kumar, G., Rai, M. K., Thomas, R., & Lim, S.-J. (2019). Privacy ensured e-healthcare for Fog-enhanced IoT based applications. IEEE Access, 7, 44536–44543.

    Google Scholar 

  23. Baek, S., Seo, S.-H., & Kim, S. (2016). Preserving patient’s anonymity for mobile healthcare system in IoT environment. International Journal of Distributed Sensor Networks, 12(7), 2171642.

    Google Scholar 

  24. C. Wachsmann, L. Chen, K. Dietrich, H. Löhr, A.-R. Sadeghi, and J. Winter, "Lightweight anonymous authentication with TLS and DAA for embedded mobile devices," in International Conference on Information Security, 2010, pp. 84–98.

  25. Li, H., Guo, F., Zhang, W., Wang, J., & Xing, J. (2018). (a, k)-Anonymous scheme for privacy-preserving data collection in iot-based healthcare services systems. Journal of Medical Systems, 42(3), 56.

    Google Scholar 

  26. Wazid, M., Das, A. K., Kumar, N., Conti, M., & Vasilakos, A. V. (2017). A novel authentication and key agreement scheme for implantable medical devices deployment. IEEE Journal of Biomedical and Health Informatics, 22(4), 1299–1309.

    Google Scholar 

  27. Deng, H., Qin, Z., Sha, L., & Yin, H. (2020). A flexible privacy-preserving data sharing scheme in cloud-assisted IoT. IEEE Internet of Things Journal, 7(12), 11601–11611.

    Google Scholar 

  28. Jagadeesh Kandanuru, V. N. R. (2020). Privacy preserving mechanism for IoT based mobile healthcare emergency services. International Journal of Recent Technology and Engineering, 8(5), 3286–3291.

    Google Scholar 

  29. M. WITTI and D. KONSTANTAS, "Secure and Privacy-aware Data Collection Architecture Approach in Fog Node Based Distributed IoT Environment," Available: https://www.researchgate.net/profile/Moussa_Witti/publication/337981430

  30. N. Domadiya and U. P. Rao, "Improving healthcare services using source anonymous scheme with privacy preserving distributed healthcare data collection and mining," Computing, pp. 1–23, 2020.

  31. Luo, E., Bhuiyan, M. Z. A., Wang, G., Rahman, M. A., Wu, J., & Atiquzzaman, M. (2018). Privacyprotector: privacy-protected patient data collection in IoT-based healthcare systems. IEEE Communications Magazine, 56(2), 163–168.

    Google Scholar 

  32. M. Chen and S. Chen, "An efficient anonymous authentication protocol for RFID systems using dynamic tokens," in IEEE 35th International Conference on Distributed Computing Systems, 2015, pp. 756–757.

  33. Chen, M., Chen, S., & Fang, Y. (2017). Lightweight anonymous authentication protocols for RFID systems. IEEE/ACM Transactions on Networking, 25(3), 1475–1488.

    MathSciNet  Google Scholar 

  34. Das, A. K., Wazid, M., Kumar, N., Khan, M. K., Choo, K.-K.R., & Park, Y. (2017). Design of secure and lightweight authentication protocol for wearable devices environment. IEEE Journal of Biomedical and Health Informatics, 22(4), 1310–1322.

    Google Scholar 

  35. Ara, A., Al-Rodhaan, M., Tian, Y., & Al-Dhelaan, A. (2017). A secure privacy-preserving data aggregation scheme based on bilinear ElGamal cryptosystem for remote health monitoring systems. IEEE Access, 5, 12601–12617.

    Google Scholar 

  36. Deebak, B. D., Al-Turjman, F., Aloqaily, M., & Alfandi, O. (2019). An authentic-based privacy preservation protocol for smart e-healthcare systems in IoT. IEEE Access, 7, 135632–135649.

    Google Scholar 

  37. Babu, M. S. S., & Balasubadra, K. (2018). Chronic privacy protection from source to sink in sensor network routing. International Journal of Applied Engineering Research, 13(5), 2798–2808.

    Google Scholar 

  38. Tang, W., Ren, J., Deng, K., & Zhang, Y. (2019). Secure data aggregation of lightweight e-healthcare iot devices with fair incentives. IEEE Internet of Things Journal, 6(5), 8714–8726.

    Google Scholar 

  39. Jain, S. K., & Kesswani, N. (2020). IoTP an efficient privacy preserving scheme for internet of things environment. International Journal of Information Security and Privacy (IJISP), 14(2), 116–142.

    Google Scholar 

  40. S. Rachid, Y. Challal, and B. Nadjia, "Internet of things context-aware privacy architecture," in Computer Systems and Applications (AICCSA), IEEE/ACS 12th International Conference of, 2015, pp. 1–2.

  41. Moosavi, S. R., et al. (2016). End-to-end security scheme for mobility enabled healthcare Internet of Things. Future Generation Computer Systems, 64, 108–124.

    Google Scholar 

  42. S. R. Moosavi et al., "Session resumption-based end-to-end security for healthcare internet-of-things," in Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), IEEE International Conference on, 2015, pp. 581–588.

  43. Moosavi, S. R., Nigussie, E., Levorato, M., Virtanen, S., & Isoaho, J. (2018). Performance analysis of end-to-end security schemes in healthcare IoT. Procedia Computer Science, 130, 432–439.

    Google Scholar 

  44. Santos, J., Rodrigues, J. J., Silva, B. M., Casal, J., Saleem, K., & Denisov, V. (2016). An IoT-based mobile gateway for intelligent personal assistants on mobile health environments. Journal of Network and Computer Applications, 71, 194–204.

    Google Scholar 

  45. Amin, R., & Biswas, G. (2016). A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Networks, 36, 58–80.

    Google Scholar 

  46. M. A. Iqbal and M. Bayoumi, "Secure End-to-End key establishment protocol for resource-constrained healthcare sensors in the context of IoT," in International Conference on High Performance Computing & Simulation (HPCS), 2016, pp. 523–530.

  47. Srinivas, J., Mukhopadhyay, S., & Mishra, D. (2017). Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Networks, 54, 147–169.

    Google Scholar 

  48. Wu, F., et al. (2017). An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. Journal of Network and Computer Applications, 89, 72–85.

    Google Scholar 

  49. Das, A. K., Sutrala, A. K., Kumari, S., Odelu, V., Wazid, M., & Li, X. (2016). An efficient multi-gateway-based three-factor user authentication and key agreement scheme in hierarchical wireless sensor networks. Security and Communication Networks, 9(13), 2070–2092.

    Google Scholar 

  50. Hathaliya, J. J., & Tanwar, S. (2020). An exhaustive survey on security and privacy issues in healthcare 4.0. Computer Communications, 153, 311–335.

    Google Scholar 

  51. Yang, Y., Zheng, X., Guo, W., Liu, X., & Chang, V. (2019). Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system. Information Sciences, 479, 567–592.

    Google Scholar 

  52. Hamza, R., Yan, Z., Muhammad, K., Bellavista, P., & Titouna, F. (2019). A privacy-preserving cryptosystem for IoT E-healthcare. Information Sciences, 527, 493–510.

    MathSciNet  MATH  Google Scholar 

  53. Yang, Y., Zheng, X., Guo, W., Liu, X., & Chang, V. (2018). Privacy-preserving fusion of IoT and big data for e-health. Future Generation Computer Systems, 86, 1437–1455.

    Google Scholar 

  54. G. Bhutra, A. Rasheed, and R. Mahapatra, "Privacy-Preserving ECG based Active Authentication (PPEA2) for IoT Devices," in 37th International Performance Computing and Communications Conference (IPCCC), 2018, pp. 1–7.

  55. Dwivedi, A. D., Srivastava, G., Dhar, S., & Singh, R. (2019). A decentralized privacy-preserving healthcare blockchain for iot. Sensors, 19(2), 326.

    Google Scholar 

  56. Ji, Y., Zhang, J., Ma, J., Yang, C., & Yao, X. (2018). BMPLS: Blockchain-based multi-level privacy-preserving location sharing scheme for telecare medical information systems. Journal of Medical Systems, 42(8), 147.

    Google Scholar 

  57. Uddin, M. A., Stranieri, A., Gondal, I., & Balasubramanian, V. (2018). Continuous patient monitoring with a patient centric agent: A block architecture. IEEE Access, 6, 32700–32726.

    Google Scholar 

  58. Griggs, K. N., Ossipova, O., Kohlios, C. P., Baccarini, A. N., Howson, E. A., & Hayajneh, T. (2018). Healthcare blockchain system using smart contracts for secure automated remote patient monitoring. Journal of medical systems, 42(7), 130.

    Google Scholar 

  59. C. C. Agbo, Q. H. Mahmoud, and J. M. Eklund, "Blockchain Technology in Healthcare: A Systematic Review," in Healthcare, 2019, vol. 7, no. 2, p. 56: Multidisciplinary Digital Publishing Institute.

  60. Tomaz, A. E. B., Do Nascimento, J. C., Hafid, A. S., & De Souza, J. N. (2020). Preserving privacy in mobile health systems using non-interactive zero-knowledge proof and blockchain. IEEE Access, 8, 204441–204458.

    Google Scholar 

  61. Fu, J., Wang, N., & Cai, Y. (2020). Privacy-preserving in healthcare blockchain systems based on lightweight message sharing. Sensors, 20(7), 1898.

    Google Scholar 

  62. Gordon, W. J., & Catalini, C. (2018). Blockchain technology for healthcare: facilitating the transition to patient-driven interoperability. Computational and Structural Biotechnology Journal, 16, 224–230.

    Google Scholar 

  63. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, "Lsb: A lightweight scalable blockchain for iot security and privacy," arXiv preprint https://arxiv.org/abs/1712.02969, 2017.

  64. S. Rana, D. Mishra, and R. Arora, "Privacy-Preserving Key Agreement Protocol for Fog Computing Supported Internet of Things Environment," Wireless Personal Communications, pp. 1–21, 2021.

  65. Li, S., Zhao, S., Min, G., Qi, L., & Liu, G. (2021). Lightweight privacy-preserving scheme using homomorphic encryption in industrial internet of things. IEEE Internet of Things Journal. https://doi.org/10.1109/JIOT.2021.3066427

    Article  Google Scholar 

  66. Viganò, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.

    Google Scholar 

  67. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on information theory, 29(2), 198–208.

    MathSciNet  MATH  Google Scholar 

  68. Mao, W. (2005). A structured operational semantic modelling of the Dolev-Yao threat environment and its composition with cryptographic protocols. Computer Standards & Interfaces, 27(5), 479–488.

    Google Scholar 

  69. Abbasinezhad-Mood, D., & Nikooghadam, M. (2018). Efficient design of a novel ECC-based public key scheme for medical data protection by utilization of NanoPi fire. IEEE Transactions on Reliability, 67(3), 1328–1339.

    Google Scholar 

  70. Hamza, R., Yan, Z., Muhammad, K., Bellavista, P., & Titouna, F. (2020). A privacy-preserving cryptosystem for IoT E-healthcare. Information Sciences, 527, 493–510.

    MathSciNet  MATH  Google Scholar 

  71. Le, X. H., et al. (2009). An energy-efficient access control scheme for wireless sensor networks based on elliptic curve cryptography. Journal of Communications and Networks, 11(6), 599–606.

    Google Scholar 

  72. Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013). Identity authentication and capability based access control (iacac) for the internet of things. Journal of Cyber Security and Mobility, 1(4), 309–348.

    Google Scholar 

  73. Lai, D. T. H., Palaniswami, M., & Begg, R. (2011). Healthcare sensor networks: challenges toward practical implementation. Newyork: CRC Press.

    Google Scholar 

  74. Chatterjee, S., & Das, A. K. (2015). An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks. Security and Communication Networks, 8(9), 1752–1771.

    Google Scholar 

  75. A. S. Wander, N. Gura, and H. Eberle, "Energy Analysis of Public--key Cryptography on Small Wireless Devices [C]," in Proceedings of the 3rd Intl Conference on Pervasive Computing and Communications. California, 2005, pp. 324–328.

  76. G. Wang, S. Lin, M. Mullen-Fortino, O. Sokolsky, and I. Lee, "Transmission delay performance in telemedicine: A case study," in 39th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), 2017, pp. 3723–3727.

  77. M. J. Lum et al., "Teleoperation in surgical robotics–network latency effects on surgical performance," in Annual International Conference of the IEEE Engineering in Medicine and Biology Society, 2009, pp. 6860–6863.

  78. Shukla, S., Hassan, M. F., Khan, M. K., Jung, L. T., & Awang, A. (2019). An analytical model to minimize the latency in healthcare internet-of-things in fog computing environment. PLoS ONE, 14(11), e0224934.

    Google Scholar 

  79. M. Calle and J. Kabara, "Measuring energy consumption in wireless sensor networks using GSP," in IEEE 17th International Symposium on Personal, Indoor and Mobile Radio Communications, 2006, pp. 1–5.

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran

    Maryam Nasr Esfahani, Behrouz Shahgholi Ghahfarokhi & Shahram Etemadi Borujeni

Authors
  1. Maryam Nasr Esfahani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Behrouz Shahgholi Ghahfarokhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shahram Etemadi Borujeni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Behrouz Shahgholi Ghahfarokhi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nasr Esfahani, M., Shahgholi Ghahfarokhi, B. & Etemadi Borujeni, S. End-to-end privacy preserving scheme for IoT-based healthcare systems. Wireless Netw 27, 4009–4037 (2021). https://doi.org/10.1007/s11276-021-02652-9

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-021-02652-9

Keywords

Search

Navigation