2019 IEEE 8th Global Conference on Consumer Electronics (GCCE)
An Authentication-Centric Multi-Layered Security
Model for Data Security in IoT-Enabled Biomedical
Applications
Vidyadhar Jinnappa Aski, Shashank Gupta*, Bharat Sarkar
Department of Computer Science and Information Systems
Birla Institute of Technology and Science Pilani, Plani, Rajasthan, India
shashank.gupta@pilani.bits-pilani.ac.in
Abstract— IoT-enabled technologies have been creating
phenomenal impacts in the field of biomedical applications ever
since the advancements in ubiquitous computing has begun.
Securing these biomedical applications has always been a key
concern due to the highly openness nature of Wireless
Computing Technologies (WCT) to the vulnerabilities. Access
control is an important factor in designing a security system for
such applications which involves seamless healthcare devices.
However, several existing approaches provide token-based
access control mechanisms that are still facing the challenges in
integrating the multilayered security architecture. In this
regard, the proposed model contributes towards in designing
two-way authentication centric and generic security framework
for healthcare applications under the protected resource
accessing environment. The model features its heterogeneous set
of users to interact with the token-based resource accessing
environment in healthcare scenario, preventing unauthorized
users accessing the personalized medical devices. The proposed
model produced the extensive better results in comparison with
conventional single layered security approaches in terms of
Human to Machine (H2M) interactions under the presumption
of distributed and context-aware approaches.
Keywords— Wireless Computing Technologies (WCT);
Healthcare devices; Security framework; Access control
mechanism; Resource Access Token (RAT); Authentication
I. INTRODUCTION
The Internet of Things (IoT) is a novel paradigm that is
rapidly attaining ground in the scenario of building modern
healthcare facilities. Technologies to support the IoT-enabled
healthcare designs are becoming more important as, the need
for better analysis of the chronicle diseases and make them
predicted well ahead of time increases. As a result, it is
predicted that intelligent devices and networks, such as
WSNs, WBANs, and Low Power Wireless Body Area
Network (LPWBAN) will not be isolated, but connected and
integrated, composing healthcare networks [1-8]. One of the
primary features offered by the IoT-enabled healthcare
devices is to provide real-time monitoring and world-wide
access services to its intended set of end users. This feature
enables the doctors and patients to gain better understandings
in the behavioral patterns of prolonged chronicle health issues
and helps in improving their quality of life.
However, healthcare applications and devices are
expected to exhibit the carriage of extremely private
information such as individual critical health data and
prescription [9]. In addition, such real-time accessing and
monitoring nature of IoT systems from World Wide Web
increases the vulnerability chances and such systems may
become a cyber-target. Therefore, such applications and
devices requires to employ a secured access mechanism to
avoid digital forgery and misuse of highly personal devices.
XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE
Authorized licensed use limited to: University of the West of England. Downloaded on December 14,2023 at 21:07:22 UTC from IEEE Xplore. Restrictions apply.
957
In this regard, this article proposes a two-way authentication
centric, token-based multilayered security model for
providing protected access to healthcare resources and
applications by preventing unauthorized usage. The
performance analysis was carried out on an implemented
prototype of healthcare device designed with raspberry pi
powered by RetroPie operating system. The observed results
were compared with single layered security model (only 2-
way authentication-based systems) in terms of algorithm
execution time and observed extensively optimized results.
II. RELATED WORK
Wu et al. [1] proposed a model of intelligent wireless body
area network that enables connected scenario in healthcare
applications. They have also discussed a methodological
approach to avoid space and power consumption related
issues by considering miniaturized and power harvesting
techniques. Oueida [2] evaluated an edge-based theoretical
framework for a smart healthcare network offering non-
consumable resource protection. This model also features the
optimized healthcare resource utilization ratio and patient wait
time. Hamidi [3] discussed an approach to design an efficient
healthcare IoT device powered by biometric feature-based
authentication technology. Lee et al. [4] presented a cluster-
oriented approach that predominantly offers the namelessness,
uniqueness and delay limitations on data transfer, therefore it
increases the stringency on security breaches. This was
achieved by following a practice of constant naming of data
transfer via versatile cluster. Chaudhary et al. [5] proposed a
novel approach in designing lattice-based secure
cryptosystem for smart healthcare (LSCSH) envisioned for
advanced smart city applications. In order to avoid data
duplication and eavesdropping at third party cloud storage
services, this model employs lattice enabled common
verification scheme that authenticates the end user requests
(doctor-patients) for accessing cloud services. However it was
not secured against the wearable devices/ mobile devices
(WD/MD) stolen attacks, privileged insider attacks and
impersonation attacks.
In an effort to mitigate the security vulnerabilities in high
performance cloud services in smart transportation
applications, a persistent approach for an intrusion detection
has been presented by Aloqaily et al. [6]. This approach is
resistive towards various attacks such as Denial of Service,
Probe, Remote to user etc. The intrusion classification was
carried out by ID3-based decision tree algorithm and deep
belief function for reduction of data dimensions was presented
as well. The system accuracy was acclaimed to be as high as
99.92%. However, system has a flaw of false negative rate as
1.53% which denotes approximately 3-4 intruder attempts
could break the privacy wall for every 200 user sessions.
978-1-7281-3575-5/19/$31.00 ©2019 IEEE
 III. PROPOSED MODEL
This section explains the operational principle of proposed
authentication centric multilayered security model. Fig. 1.
shows the framework of multilayered security centric
biomedical application-based IoT architecture. This security
model is implemented at cloud level that offers the secured
access to both device and cloud-based healthcare application
[11]. It executes in two phases: phase 1 and phase 2. In the
former phase, user generates a login request from a common
interface with allowed attributes (phone no, DoB) and
successful authentication of user will return to the consequent
session with the Session Key (SesKey). In the later phase, user
generates a resource access token with the issued SesKey. It
is evaluated to identify whether the user has already entered
into the revoked entity or not. Finally, user ID is generated and
context is embedded with the validated user ID (uID). Upon
successful validation of user, policy is generated with an
attribute (polID) and hence, permission is dispensed out along
with the user roles and responsibility (resID). Therefore, user
is issued a Resource Access Token (RAT). Fig. 2 illustrates
the detailed view of the entire process of RAT generation.
Fig. 1. Overall detailed design of multilayered security model
This model offers the users with heterogeneous
backgrounds that interact with the common environment and
determine their capabilities represented by policies. Policy
descriptor does not contain user profile-related information.
Indeed roles and responsibilities of individual users are
defined by policies. Hence, the policies of individual users
are stored in a separate database (policy descriptor) in
verification unit of authorization division. JSON is being
used in encoding the capability tickets. An access request is
made by user to medical device with an access token attached
with capability ticket. The biomedical entity checks verify the
requests and token then apply the background constraints
either to grant or to deny the access request.
The proposed authorization model invokes the capability
dependent context-aware access control mechanism, offering
multilayered protection for accessing healthcare resources
and IoT services. Policy descriptor assigns the capabilities to
each user according to their respective roles. For example, if
the user is a doctor then he/she is capable to view/monitor
their patient records, provide the list of suitable healthcare
assistive devices as per the patient’s diagnosis and needs etc.
In other words, if the user is a patient then he is able to view
Authorized licensed use limited to: University of the West of England. Downloaded on December 14,2023 at 21:07:22 UTC from IEEE Xplore. Restrictions apply.
958
his current health status and choose resources as per his
doctor’s recommendation. In addition, rules are defined by
the policy descriptor in such a way that user is designated to
issue commands (e.g., POST, GET, etc.) to IoT device and/or
resources in whichever the way he/she is entitled to do.
Protected Resource Access Key Generation-PRAcKeyGen
fun1 Outlayer_Authentication (UserPhone, DoB);
if (authorized!) in Outlayer_Authentication then
return Error "Not Registered User"
else
return SesKey
begin fun2 PRAcKeyGen(uID, DoB, SesKey)
Input:User Registration ID (uID), Birth Date(DoB)
Output: Authenticated Resource Access Token (RAT)
if uID in reovkedEntity then
return Error "Access Denied!"
else
RAT⟵new RATInstance();
RAT.add(uID,DoB);
Responsibility⟵getResponsibility(uID,DoB);
uPolicies⟵getuPolicy(responsibility)
for upolicy in upolicies do
for grant in upolicy do
//add grant to the user responsibility
// add grant to the biomedical sensor node
end
end
for res in RAT.resources do
BC⟵getBackgroundInfo(res);
RAT.add(BL);
end
return Auth(RAT,Key);
end
end
Fig. 2. Algorithmic representation of proposed model
The expansion of Internet in the current information age
has been termed as the largest engineered creature ever. In
this regard, the International Telecommunication Union
described that there are rapidly growing concerns related to
user data security and privacy [3], it also specifies that
tracking of user’s activity in any cloud enabled services is
equally essential. Therefore, it is highly critical to track user
activity. The proposed system provides cloud monitoring of
user activities. In general, user gets access rights to IoT
services according to the steps specified in Fig. 3 through
authentication and verification [10]. User activities are
recorded in the cloud server for further analysis of the system
and provide better user experience. The cloud server also has
a repository encompassing the user subscription information.
Fig. 3. General framework of Authentication and RAT Generation
Registration: The service user need to first create the security
credentials using the interactive user application as shown in
fig. 4. User registration and password allocation will be taken
care by registration management system (RMS). The RMS
works on dual mode, user mode and admin mode. In user
mode, service user must provide his/her personal information
such as name, social security information, credit card details
etc. Initial password is generated for the first use. This
password has the further significance in RAT generation. In
admin mode RMS allows its administrators to access the
application using the OTP using which they could control/
moniter the resource allocation and user access logs.
Fig. 4. Generic security components of a multilayered architecture
Authentication: The authentication management unit
(AMU) offers the login services to its heterogeneous set of
users. The user’s authenticity is determined by the context
store as shown in the fig. 1. The AMU is responsible for
verifying the user’s identity and issue the authenticated users
with an access grant for generation of RAT.
Authorization and IoT services: The authorization unit
(AU) is responsible for ensuring the protected access to the
IoT-enabled healthcare devices and subscribed medical
services. The authorization unit issues the RAT to an
authenticated user. Every IoT service has dual facets: cloud
integrated IoT devices and embedded medical device. Cloud
integrated medical services facilitates the real-time data flow
from the device level to the cloud and therefore to the doctor
site. Whereas embedded medical device users can choose to
upload the data in periodical manner.
Storage and computing services: Cloud infrastructure is
one of the key components in any IoT enabled services [13].
Cloud computing offers storage services as a core activity. It
is responsible for many computing and controlling tasks for
invoked application. The data aggregated from device level
will be conveyed to the health cloud for storage. The data
from the cloud shall be further employed in analytics and
decision making events. The control server acts as a primary
hub for the IoT healthcare application. It monitors and notify
the users about their current health status and suggests
prescription accordingly. The proposed multilayered security
architecture is deployed in a healthcare application powered
by IBM Bluemix cloud services. A model that describes the
ability and harness the power of cloud computing is
illustrated in Fig. 5.
The task scheduling unit is responsible for assigning
essential resources to at task in an invoked application for
Authorized licensed use limited to: University of the West of England. Downloaded on December 14,2023 at 21:07:22 UTC from IEEE Xplore. Restrictions apply.
959
execution based on numerous parameters as specified by user
of the application [14]. Depending on the overall
computational requirements of individual sensor application
[15], it is possible for resource provisioning unit for
originating and dismissing specified number of computation,
storage and network resources while maintaining queued
events to be scheduled. Resource failures are handled
effectively by reallocating the resources based on notifying
priority of the applications. Each of the events are recorded
by Bluemix event monitoring unit.
Fig. 5. Cloud centric IoT architecture for healthcare services
RAT verification: The verification of resource access ticket
(RAT) involved distribution based tactic in the proposed
model. The methodology utilizes a gateway device positioned
along with the personalized local network for performing
RAT authorization. The smart gateway exhibits highly
richness of carrying resources as compared to other healthcare
devices in terms of network related activities. The gateway
authorizes incoming service request in two steps. The RAT
integrated access request is validated by gateway in the first
step. The access requests are then forwarded to requested
medical devices subsequently based on the validation status.
IV. EXPERIMENTAL SETUP AND RESULTS
The proposed model was implemented and tested on
JAVA ME EMBEDDED application supported by Netbeans
IDE. Biomedical IoT device was designed by a Raspberry-Pi
model 3B+ with 1GB LPDDR2 SDRAM powered by
RetroPie operating system. A BMP108 (Bosch) temperature
sensor was interfaced with Raspberry Pi [12] to create a
simple biomedical application for monitoring the body
temperature. The cloud platform IBM Bluemix was chosen for
cloud services (CAAS). An android application was also
designed on a typical android device [16] of LG smartphone
with 1.7GHZ Dual core CPU, 4GB RAM and 32GB storage
disc enabled by wireless computing modules such as WiFi and
BLE interface.
In order to imply the simplicity in application design, we
incorporated pre-distributed key based authentication process
[17]. However, multiple public key-based methodologies are
free to use for authentication purpose. RAT generation time
and algorithm execution time of conventional authentication
based security models were compared as shown in Fig. 6. in
order to analyze the better runtime of both the systems and
hence, observed the optimized results in multilayered [7] Yeh, Kuo-Hui. "A secure IoT-based healthcare system with body
approach. Therefore, it has been observed that time sensor networks." IEEE Access 4 (2016): 10288-10299.
complexity will be nearly similar even when the multilayered [8] Keoh, Sye Loong, Sandeep S. Kumar, and Hannes Tschofenig.
"Securing the internet of things: A standardization perspective." IEEE
security architecture is considered as the no. of resources Internet of things Journal 1, no. 3 (2014): 265-275.
usually increases. Thus proposed model suffices the need of [9] Zhang, Liping, Yixin Zhang, Shanyu Tang, and He Luo. "Privacy
reduced complexity and improved security. protection for e-health systems by means of dynamic authentication
and three-factor key agreement." IEEE Transactions on Industrial
Electronics 65, no. 3 (2017): 2795-2805.
[10] Kim, Joongheon. "Energy-efficient dynamic packet downloading for
medical IoT platforms." IEEE Transactions on Industrial Informatics
11, no. 6 (2015): 1653-1659.
[11] Abawajy, Jemal H., and Mohammad Mehedi Hassan. "Federated
internet of things and cloud computing pervasive patient health
monitoring system." IEEE Communications Magazine 55, no. 1
(2017): 48-53.
[12] Kumar, Pardeep, and Hoon-Jae Lee. "Security issues in healthcare
applications using wireless medical sensor networks: A survey."
sensors 12, no. 1 (2012): 55-91.
[13] Sajid, Anam, Haider Abbas, and Kashif Saleem. "Cloud-assisted IoT-
based SCADA systems security: A review of the state of the art and
Fig. 6. Observed results of multi-layered security model future challenges." IEEE Access 4 (2016): 1375-1384.
[14] Barcelo, Marc, Alejandro Correa, Jaime Llorca, Antonia M. Tulino,
V. CONCLUSION Jose Lopez Vicario, and Antoni Morell. "IoT-cloud service
optimization in next generation smart environments." IEEE Journal on
This article presented a multi-layered security approach Selected Areas in Communications 34, no. 12 (2016): 4077-4090.
for implementation of a protected resource accessing
[15] Lee, Huang-Chen, and Kai-Hsiang Ke. "Monitoring of large-area IoT
mechanism for IoT-enabled healthcare devices and sensors using a LoRa wireless mesh network system: Design and
applications. Deeper insights allow readers to understand how evaluation." IEEE Transactions on Instrumentation and Measurement
security breaches can be filled out with a proper authentication 67, no. 9 (2018): 2177-2187.
and verification model. This article also depicts how 2-way [16] Zhang, Zhi-Kai, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei
authentication centric multilayered security architecture can Hsu, Chong-Kuan Chen, and Shiuhpyng Shieh. "IoT security: ongoing
be performed using authentication and key generation phase. challenges and research opportunities." In 2014 IEEE 7th international
conference on service-oriented computing and applications, pp. 230-
The RAT generation and verification process is validated with 234. IEEE, 2014.
the help of implemented prototype. Paper also demonstrates [17] Yahalom, Raphael, Birgit Klein, and Thomas Beth. "Trust
context-aware capability based controlled access mechanism relationships in secure systems-a distributed authentication
can be employed in securing medical devices in an energy perspective." In Proceedings 1993 IEEE Computer Society
efficient way. Hence, proposed architecture of multilayered Symposium on Research in Security and Privacy, pp. 150-164. IEEE,
security model is anticipated to be beneficial to the research 1993.
and development fellows working in IoT healthcare domain.
VI. ACKNOWLEDGEMENT
The work presented in this article was supported by Research
Initiation Grant (RIG) and financially supported by Birla
Institute of Technology and Science, Pilani, India. The authors
would also like to thank all the reviewers and related co-
authors who were actively involved in providing the valuable
feedback and comments related to this article.
REFERENCES
[1] Wu, Taiyang, Fan Wu, Jean-Michel Redouté, and Mehmet Rasit Yuce.
"An autonomous wireless body area network implementation towards
IoT connected healthcare applications." Ieee Access 5 (2017): 11413-
11422.
[2] Oueida, Soraia, Yehia Kotb, Moayad Aloqaily, Yaser Jararweh, and
Thar Baker. "An edge computing based smart healthcare framework
for resource management." Sensors 18, no. 12 (2018): 4307.
[3] Hamidi, Hodjat. "An approach to develop the smart health using
Internet of Things and authentication based on biometric technology."
Future generation computer systems 91 (2019): 434-449.
[4] Lee, In, and Kyoochun Lee. "The Internet of Things (IoT):
Applications, investments, and challenges for enterprises." Business
Horizons 58, no. 4 (2015): 431-440.
[5] Chaudhary, Rajat, Anish Jindal, Gagangeet Singh Aujla, Neeraj
Kumar, Ashok Kumar Das, and Neetesh Saxena. "Lscsh: Lattice-based
secure cryptosystem for smart healthcare in smart cities environment."
IEEE Communications Magazine 56, no. 4 (2018): 24-32.
[6] Aloqaily, Moayad, Safa Otoum, Ismaeel Al Ridhawi, and Yaser
Jararweh. "An intrusion detection system for connected vehicles in
smart cities." Ad Hoc Networks 90 (2019): 101842.

Authorized licensed use limited to: University of the West of England. Downloaded on December 14,2023 at 21:07:22 UTC from IEEE Xplore. Restrictions apply.
960