A Lightweight Authentication and Authorization Framework for Blockchain-Enabled Iot Network in Health-Informatics

A Lightweight Authentication and Authorization Framework for Blockchain-Enabled Iot Network in Health-Informatics

sustainability Article A Lightweight Authentication and Authorization Framework for Blockchain-Enabled IoT Network in Health-Informatics Muhammad Tahir 1 , Muhammad Sardaraz 1,*, Shakoor Muhammad 2 and Muhammad Saud Khan 1 1 Department of Computer Science, COMSATS University Islamabad, Attock Campus, Punjab 43600, Pakistan; [email protected] (M.T.); [email protected] (M.S.K.) 2 Department of Mathematics, Abdulwali Khan University, Mardan, Khyber Pakhtunkhwa 23200, Pakistan; [email protected] * Correspondence: [email protected]; Tel.: +92-57-9049311 Received: 22 July 2020; Accepted: 17 August 2020; Published: 26 August 2020 Abstract: Blockchain and IoT are being deployed at a large scale in various fields including healthcare for applications such as secure storage, transactions, and process automation. IoT devices are resource-constrained, have no capability of security and self-protection, and can easily be hacked or compromised. Furthermore, Blockchain is an emerging technology with immutability features which provide secure management, authentication, and guaranteed access control to IoT devices. IoT is a cloud-based internet service in which processing and collection of user’s data are accomplished remotely. Smart healthcare also requires the facility to provide the diagnosis of patients located remotely. The smart health framework faces critical issues such as data security, costs, memory, scalability, trust, and transparency between different platforms. Therefore, it is important to handle data integrity and privacy as the user’s authenticity is in question due to an open internet environment. Several techniques are available that primarily focus on resolving security issues i.e., forgery, timing, denial of service and stolen smartcard attacks, etc. Blockchain technology follows the rules of absolute privacy to identify the users associated with transactions. The motivation behind the use of Blockchain in health informatics is the removal of the centralized third party, immutability, improved data sharing, enhanced security, and reduced overhead costs in distributed applications. Healthcare informatics has some specific requirements associated with the security and privacy along with the additional legal requirements. This paper presents a novel authentication and authorization framework for Blockchain-enabled IoT networks using a probabilistic model. The proposed framework makes use of random numbers in the authentication process which is further connected through joint conditional probability. Hence, it establishes a secure connection among IoT devices for further data acquisition. The proposed model is validated and evaluated through extensive simulations using the AVISPA tool and the Cooja simulator, respectively. Experimental results analyses show that the proposed framework provides robust mutual authenticity, enhanced access control, and lowers both the communication and computational overhead cost as compared to others. Keywords: healthcare; authentication; Blockchain; information; IoT; security 1. Introduction The Blockchain is a decentralized and distributed database system i.e., computing machines are geographically distributed [1]. Blockchain-based IoT applications (BIoT) are deployed in many areas including education, transportation, logistics, law enforcement, and health-informatics, etc. [2]. Blockchain gives the free and autonomous system, suggesting that each hub on the Blockchain structure Sustainability 2020, 12, 6960; doi:10.3390/su12176960 www.mdpi.com/journal/sustainability Sustainability 2020, 12, x FOR PEER REVIEW 2 of 23 Sustainability 2020, 12, 6960 2 of 23 Blockchain gives the free and autonomous system, suggesting that each hub on the Blockchain structure allows the data to be transferred, stored, and updated securely. Blockchain has demonstratedallows the data its to capacity be transferred, to change stored, the conventional and updated way securely. of using Blockchain applications has to demonstratedshare biomedical its andcapacity e-Health to change data [3,4]. the conventional Blockchain is way a creative of using design applications for digitizing to share clinical biomedical history, and where e-Health it is difficultdata [3,4 ].to Blockchaindeal with the is a issues creative of design records for an digitizingd decentralized clinical data history, prot whereection. it Figure is diffi cult1 shows to deal a withsystematic the issues view of of records the Blockchain and decentralized network [5]. data Data protection. privacy Figureand security1 shows in a healthcare systematic applications view of the haveBlockchain drawn-in network attention [5]. Datafrom privacyboth industry and security and academia. in healthcare There applications is much literature have drawn-in available attention on the traditionalfrom both industry security and designs academia. used There as knowledge is much literature in healthcare available applications. on the traditional In any security case, designs these frameworksused as knowledge are not inappropriate healthcare to applications. enable their Inprompt any case, applications these frameworks while giving are security not appropriate in practice to forenable smart their healthcare. prompt applications Although, while researchers giving security have inbroadly practice used for smartpublic-key healthcare. cryptographic Although, mechanisms,researchers have elliptic broadly curve used cryptography public-key cryptographic(ECC), bi-linear mechanisms, Diffie–Hellman elliptic (BDH), curve homomorphic cryptography encryption(ECC), bi-linear (HE), Di blockffie–Hellman cipher (BC) (BDH), and homomorphic ElGamal (EG) encryption frameworks (HE), [6–11], block etc. cipher However, (BC) and in all ElGamal cases, there(EG) frameworks are various [ 6concerns–11], etc. However,related to inthese all cases, techni thereques are i.e., various public-key concerns cryptography related to these such techniques as RSA dependsi.e., public-key on large cryptography integer factorization such as RSAand dependstherefore onhas large slow integer processing factorization speed. The and ECC’s therefore security has isslow based processing on a discrete speed. logarithm The ECC’s and security uses finite is based fields on with a discrete smaller logarithm groups; andhowever, uses finite it requires fields high with computationalsmaller groups; cost. however, The EG it requiresalgorithm high is based computational on a cyclic cost. group, The and EG its algorithm security issolely based depends on a cyclic on thegroup, discrete and itslogarithms security solelyand their depends complexities. on the discrete logarithms and their complexities. Figure 1. A comprehensive view of the Blockchain process. It is a distributed database, shared and Figure 1. A comprehensive view of the Blockchain process. It is a distributed database, shared and integrated among all contenders. It ensures the integrity by encrypting, validating, and permanently integrated among all contenders. It ensures the integrity by encrypting, validating, and permanently recording transactions [5]. recording transactions [5]. Since the introduction of the internet, it was said that it is a technology of connecting computers worldwide.Since the But introduction later, it has of widelythe internet, been usedit was for said many that it purposes is a technology like web of browsing,connecting file computers sharing, worldwide.e-commerce, But online later, banking, it has widely etc. [12 ,been13]. Theused computer for many scientists purposes predict like web and browsing, believe that file the sharing, IoT holds e- commerce,an awesome online guarantee banking, for someetc. [12,13]. lifestyle-enhancing The computer applications scientists predict [14]. The and stages believe of that such the applications IoT holds anand awesome operational guarantee archetypes for some are presented lifestyle-enhancing in Figure2[ applications15], some other [14]. interesting The stages architectures of such applications are also andavailable operational from [ 16archetypes–18]. Recently, are presented with the adventin Figure and 2 [15], emergence some other of smart interesting technologies, architectures the idea are of alsoubiquitous available computing from [16–18]. came Recently, into existence with the i.e., adve IoTnt [18 and,19]. emergence IoT has made of smart progress technologies, in four fields, the idea i.e., ofMachine-to-Machine ubiquitous computing (M2M), came Internet into existence of Vehicles i.e., (IoV),IoT [18,19]. Internet IoT of has Energy made (IoE), progress and thein four Internet fields, of i.e.,Sensors Machine-to-Machine (IoS). M2M is a vital (M2M), revolution Internet for of the Vehicles realization (IoV), of Internet IoT [16]. of IoT Energy is said (IoE), to be and the futurethe Internet of the ofinternet; Sensors a (IoS). world M2M of connected is a vital objects,revolution therefore, for the it realization is important of IoT to use [16]. new IoT technologies is said to be tothe support future ofM2M the communicationinternet; a world [20 of]. connected Although theobjects, deployment therefore, of it IoT is hasimportant many influencesto use new on technologies the smartness to supportof human M2M life i.e.,communication smart intelligence, [20]. Although smart communities, the deployment and smart of IoT homes has thatmany would influences be connected on the smartnessthrough IoT of [human21]. Measurements life i.e., smart of intelligence, daily living activitysmart communities, help

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    22 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us