See discussions, stats, and author profiles for this publication at: [Link]

net/publication/323576672

Security in Smart Healthcare System: A Comprehensive Survey

Article in International Journal of Advanced Research in Computer Science and Software Engineering · October 2017
DOI: 10.23956/ijarcsse.v7i10.423

CITATIONS READS

2 155

4 authors, including:

Juliet Ebenezer
Vellore Institute of Technology University
22 PUBLICATIONS 67 CITATIONS

SEE PROFILE

All content following this page was uploaded by Juliet Ebenezer on 06 October 2023.

The user has requested enhancement of the downloaded file.

 International Journals of Advanced Research in
Computer Science and Software Engineering Research Article October
ISSN: 2277-128X (Volume-7, Issue-10)a 2017

Security in Smart Healthcare System: A Comprehensive

Survey
P. Jeyadurga Dr. S. Ebenezer Juliet I. Joshua Selwyn P. Sivanisha
(PG Scholar/CSE) (Associate Professor/CSE) (UG Scholar/CSE) (PG Scholar/CSE)
VV College of Engineering, VV College of Engineering, VV College of Engineering, VV College of Engineering,
Tamil Nadu, India Tamil Nadu, India Tamil Nadu, India Tamil Nadu, India

Abstract—The Internet of things (IoT) is one of the emerging technologies that brought revolution in many
application domains such as smart cities, smart retails, healthcare monitoring and so on. As the physical objects are
connected via internet, security risk may arise. This paper analyses the existing technologies and protocols that are
designed by different authors to ensure the secure communication over internet. It additionally focuses on the
advancement in healthcare systems while deploying IoT services.

Keywords: Internet of Things (IoT), Body sensor network (BSN), healthcare, security, privacy.

I. INTRODUCTION
The Internet of Things (IoT) is a concept of reflecting a conglomeration of devices that are connected to the
internet. It is a next generation technology which will impact the whole world. Introducing automation allows people to
live a sophisticated life style. IoT plays an important role in wide range of applications such as smart cities, structural
health, emergency services, smart healthcare etc. In the last few years, this field has drawn huge attention from
researchers to address the potential of the IoT in the healthcare field by considering various practical challenges. Wireless
Sensor Network technology has its potential usage in wide range of applications. This technology is integrated with IoT
to achieve huge changes to the future society. Health care is one of the most attractive applications of IoT which helps
elder people to live independently. Apart from the advantages of IoT, there are several security and privacy issues to be
considered when automating the healthcare system. This paper surveys about several security scheme that exist in health
care and other applications of IoT.
In this paper, we conduct a comprehensive survey on various approaches in securing the healthcare system. The
section II of this paper briefly describes the introduction of IoT and WBSN to give the right background for
understanding the system. In this paper, section III lists out several security requirements that are required to resist
various attacks to the healthcare system. Section IV describes various attacks that are more challenging to the healthcare
environment. Section V presents the survey of various healthcare models and the comparison table in terms of protocol
and the security services they provide. Finally, conclusion of the review paper is given in section VI.

II. OVERVIEW AND BACKGROUND

A. Internet of Things
Before investigating the IoTs in depth, it is worthy to look at the evolution of the Internet. The communication
between two computers was made possible in the year of 1960. The Internet picked up ubiquity after the introduction of
World Wide Web (WWW) in 1991. The Internet connectivity became more popular in many applications during 2000’s
and today it is expected to be a part of many industries and enterprises to provide access to information. However, these
devices require more human interaction and monitoring via applications and interfaces. Till now, the world has deployed
around 5 billion “smart” connected things. Prediction says that there will be around 50 billion connected devices by 2020
[1]. IoT technology aims at transforming the world smart.

B. Wireless Body Sensor Network

The health care industry gained improvements in 21st century [2] due to the utilization of Wireless Body Sensor
Network (WBSN) or Wireless Body Area Network (WBAN). It comprises of collection of sensor nodes that are capable
of sampling, processing and communicating information. Due the evolution of m-Health, a large number of biomedical
sensors which are capable of processing the physiological signs will be implanted on human body or worn by an
individual in the future for the diagnosis, monitoring, and treatment of diseases.

© [Link], All Rights Reserved Page | 39

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
III. SECURITY REQUIREMENTS IN HEALTHCARE SYSTEM
A. Mutual authentication
It refers to a two-way authentication scheme which guarantees that only an authorized user could access services.
This is one of the most fundamental requirements for IoT based health care system for enabling secure communication. It
improves the overall security of the system and eliminates mimicking and spoofing attacks.

B. Data Integrity
Data Integrity ensures that the data transmitted via network is not tampered, delayed or replayed by an adversary
for malicious activity. Ensuring data integrity is essential to resist against modification, repudiation and replaying attacks.
Data integrity maintains the correctness and consistency of the data during the entire life cycle of the data.

C. User anonymity
To protect the user’s privacy, the protocol must be able to provide user anonymity. This requirement guarantees
that the attacker could never access the information of a legal party. This keeps the identity of the patient secretive. The
anonymity preservation is a very important requirement to be considered in maintaining the security of the system.

D. Availability
This requirement ensures that the server must be continuously available to the user to access information or send
commands when required. Sensory data and wearable medical services must be available at all times. More significantly,
data should be correct always and should be able to dynamically adapt to event, time and location and the data.

E. Non-traceability
An authentication protocol should be able to provide non-traceability; i.e., the adversary should not be able to
trace the action of the valid user. The patient’s location information is transmitted via communication channel. As this
information is highly confidential, this must be done in a secured way so that an attacker can never trace out the exact
position of the patient.

F. Session key establishment

The session key agreement is an essential property for entity authentication and secure communication. A
session key shared between two communicating parties is needed to ensure confidentiality and integrity of data.
Therefore, an authentication protocol should support the session key establishment.

G. Data confidentiality
This requirement ensures that the information is transmitted securely during all communications between the
communicating parties. Since the medical data are highly sensitive, it must be encrypted both at storage and during
transmission, so that users without the correct keys cannot access the data. Therefore, the privacy of the wireless
communication channels must be considered to prevent the data from eavesdropping.

H. Access control
The security mechanism must be able to properly enforce different access rights for different users. The access
control mechanism must be resilient to attacks from colluding adversaries and from cloned devices. The system should
be able to verify the user and give permission to access service. For each access request, the system must verify the
validity of the user. If the user is invalid, user request will not be proceed and he will not be allowed to access the
services. On successful verification, the access is granted to the requester.

IV. ATTACK MODEL

From the security strength point of view, assumptions of the existence of a stronger adversary will result in
stronger security guarantee, which is a prerequisite for certain critical applications, such as smart grids, smart health care
system etc. In this section, few types of possible attacks in the advanced health care system are presented.

A. Eavesdropping attack
It refers to the process of listening to an on-going communication, which is an initial step for launching other
attacks. Such attacks are easier to perform on unprotected wireless channels, because the communication takes place in
an open insecure wireless channel. To prevent this attack, the data transmission between two parties is protected using

© [Link], All Rights Reserved Page | 40

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
the agreed session key which is unknown to an eavesdropping adversary, who is able to eavesdrop and record all the data
transmission between communicating parties during the authentication phase.

B. Impersonation attack
This attack occurs when an illegal user pretends to be a legal entity by replaying a genuine message intercepted
from a previous successful communication. An adversary may attempt to launch an impersonation attack by replaying
the intercepted messages or modifying the intercepted message parameters

C. Replay attack
In replay attack, an attacker usually traps and transmits the prior executed messages to the recipient entities to
prove that the message has been sent from the legal sender entity .i.e., an adversary would like to cheat the protocol
entities by replaying previous used messages. The random number and timestamps are two mainly used mechanisms to
resist replay attack. Using these two parameter verification, the replay message will be rejected.

D. Man-in-the-middle attack
This attack occurs when the adversary silently listens to the communication of two legal parties with the intent
to delay, alter or delete messages exchanged during communication. When a patient is in urgent need of medication, an
attacker in extreme conditions may prescribe worst kind of medication procedures which may lead to the loss of valuable
life. Resistance to man-in-the-middle attack is one of the most important security considerations after authentication. An
efficient solution for resisting man-in-the-middle attacks is to embed the identities of all communicating entities into the
protocol message for entity authentication.

E. Session Key Attack

The session key attack is a serious threat to all session key establishing scheme. Session hijacking is the
exploitation of a valid session to gain unauthorized access to the information in a computer system. A simple
authentication and login activity without session key generation is not enough to guarantee any kind of security. The
protocol must agree upon a common secret session key by which both parties exchange their information securely. The
session key must be refreshed after every session in a way that does not allow the adversary to deduce any other session
key and it should also be secured under one way hash function.

F. Mobile Device Stolen Attack/Stolen smart device attack

The user’s smart device is a tamper-resistant device. If the smart device of a user is lost or stolen, an attacker
can retrieve all the sensitive information stored in the stolen smart device’s memory. Then, using this retrieved
information, the attacker can retrieve other secret information of the communicating parties. So, mobile device stolen
attack must be restricted.

G. Spoofing attack
Spoofing or Masquerading is a type of attack that causes threat to data integrity. In this attack scenario, a false
user pretends to be a doctor or the medical database of a recognized hospital to give false medication to a genuine patient.
Therefore, it is important to protect the system against spoofing attack.

H. Denial of service attack

It is an attempt to make a resource unavailable despite being ready for service. An attacker sends superfluous
messages to a mobile station or an authentication server to make the resource inaccessible to valid users. DoS attack
causes severe damage to the availability of resources. The server would be overburdened with too many fake requests to
function it properly.

V. SECURITY IN ADVANCED HEALTHCARE PROJECTS

Due to the growth in population, declining birth rate, rural urbanization, population aging and unbalanced
resource usage, some of the social problems have become more apparent in the healthcare field which includes the
inability of responding to emergency, inadequate disease prevention and early detection capability. These issues can be
addressed by developing a Remote Monitoring and Management Platform which monitors, prevents and detects the
diseases in human body as earlier as possible. The progress in internet technology have made patient monitoring more
beneficial. This paper describes some of the most popular and recently developed IoT based health care projects. Fig. 1
shows the structure of the Smart HealthCare System.

© [Link], All Rights Reserved Page | 41

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48

Fig.1 Smart HealthCare System

In 2006, Wood A [Link] [3] developed ALARM-NET, an Assisted-Living And Residential Monitoring NETwork
that combines different devices in a simple architecture, connecting wearable body networks, wireless sensors, and IP-
network elements. Real-time data queries are a significant process in ALARM-NET. It permits users to interact with the
running system and allows automatic data collection. Queries are determined by <source, ID> tuples, and request a
certain type of sensor data about a subject. If the subject is a user, the AlarmGate translates it to a particular sensor, by
consulting static sensor configuration or the current location of the subject. Authorization policies are used to control the
access to the sensor data. For each and every query, the sensor samples the requested data and completes the transaction
by returning a single report to the originator. Periodic queries are distributed with a given sample period and the reports
are streamed back to the requester until a stop command is received. The reissue command can be used to restart the
query [Link] crucial part of ALARM-NET is to secure the medical records and data. To protect the data against
unauthorized disclosure, access to an AlarmGate is restricted by authentication process using Secure Remote Password
(SRP) Protocol. After successful authentication, the session key is used with AES (Advanced Encryption Standard)
modes for encryption. Messages sent and received from/to the client by the AlarmGate are encrypted when needed. The
communication between the WSN and the AlarmGate should also be secured using Message Authentication Codes
(MACs) and encryption. The power consumption and overhead is reduced by the Lightweight protocols with hardware
accelerated cryptography.
Next in 2009, Huang Y.M [Link] [4] presented a study that focuses on developing a healthcare monitoring
architecture, structured by three network tiers that provide pervasive and secure access to wearable sensor systems. The
security services for an appropriate and constant healthcare monitoring are promoted by combining various wireless
techniques and adaptive encryption cryptography. The Wireless Sensor Motes (WSM) design includes Bluetooth chip and
a fabric belt. This belt combines two types of sensors to monitor the healthcare and the chip is built with enhanced
security schemes to provide secure transmission and low-power consumption. The Wearable Sensor System (WSS)
enhances the Bluetooth security authentication and encryption with AES-based encryption schemes. The point-to-point
communication between two WSM is secured using a polynomial-based encryption scheme. The symmetrical key
cryptosystem is used in securing data transmission.
Finger is an efficient policy system developed by Yanmin [Link] [5] in 2009. It runs on sensors and supports
interpretation and enforcement of obligation policies. The obligation policies includes both event-condition-action and
authorization policies. The event-condition-action rules carry out an action in response to an event and the authorization
policies define the access control imposed on subject to access the resources and services. Each sensor manages its own
policies and implements both Policy Decision Point (PDP) which makes policy decisions and a Policy Enforcement Point
(PEP) to invoke the action specified by the policy. Diffie-Hellman (DH) key agreement protocol is used for an efficient

© [Link], All Rights Reserved Page | 42

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
authentication process. Both public key and symmetric cryptography are employed. The DH key agreement is employed
in encrypting wireless data transmission between the nodes. Finger satisfies all the necessary security requirements to
protect the system against possible attacks.
Medical Emergency Detection in Sensor Networks (MEDiSN) is a wireless sensor network developed by Ko.J
[Link] [6] for observing patients in hospitals. MEDiSN encompasses Physiological Monitors (PMs) and patient-worn motes.
PMs are custom-built and the motes encrypt the physiological data and Relay Points (RPs) that carries the collected data.
Collection Tree Protocol (CTP) is the key routing infrastructure used for transmitting PM measurements to the gateway.
CTP is enhanced to deliver commands from the gateway to individual PMs. Hop-by-hop re-transmissions is used for
protecting the data flowing in both directions.
Yu S [Link] [7] presented a Fine-grained Distributed data Access Control (FDAC) scheme in 2011. This scheme is
resilient against strong attacks like sensor compromise and user colluding. It also imposes fine-grained access control
over sensor data. This scheme exploits a new cryptographic primitive named Attribute-Based Encryption (ABE), to
secure WSNs and to improve performance. Employment of distributed data storage and network access gives energy
efficiency and can avoid weaknesses such as performance bottleneck, single point of failure, which are unavoidable in
the centralized system. Instead of sending the data immediately to a centralized site, the distributed approach stores the
data locally or at some selected nodes within the network. Due to its security advantages, fine-grained data access control
can be used in healthcare system in order to prevent illegal access to the sensitive data.
Later, in 2012, a novel key agreement scheme is presented by Zhaoyang Zhang [Link] [8] that allows the nodes in
Body Area Networks (BANs) to share a key in an energy efficient manner. The key generated by the ElectroCardioGram
(ECG) signal is used in hash-based message authentication and data encryption. The Improved Jules Sudan (IJS)
algorithm is proposed in order to construct the key that focuses on message authentication between the sensor nodes. The
ECG-IJS key agreement scheme ensures secure data communications over BANs in a plug-n-play manner without any
overheads. This approach focuses on the data confidentiality, security and data authenticity.
Fuzzy Attribute-Based SignCryption (FABSC) is a novel security mechanism designed by Hu C [Link] [9] to
make appropriate tradeoff between security and elasticity. FABSC leverages fuzzy attribute-based encryption to facilitate
digital signature, data encryption and access control to a patient’s medical data. The rapid development of WSNs and
biomedical engineering practices enables Body Area Networking. A typical BAN comprises of a number of BAN devices
and a BAN controller. The devices include implanted sensors and wearable sensors. BANs are designed to monitor the
human body parameters and to assist them by providing life support. A number of privacy and security issue arises while
storing and processing the personal health information. The FABSC proposed in this paper, provides both security and
authentication for BANs. FABSC has two desired properties:
 Sincryption (signature and encryption).
 Error-tolerance.

A novel Radio Frequency Identification (RFID) authentication protocol using Elliptic Curve Cryptosystem
(ECC) is developed by Chunhua Jin [Link] [10]. To guarantee secure communication in RFID based healthcare systems,
various security protocols have been suggested for different applications. The RFID authentication protocol is the one of
the most important protocol among them. Through this protocol, the tag and the reader can authenticate each other. This
protocol involves two phases. Phase I is termed as setup phase where the key is generated for both the server and the tag.
In phase II, the server and the tag authenticate each other using random number generation. So this phase is represented
as authentication phase.
In 2015, Gope P [Link] [11] proposed a distributed IoT system architecture. This system uses an anonymous
authentication scheme which ensures notable security properties like cloning attacks, resistance to replay attacks, sensor
anonymity etc. The authentication scheme consists of three phases. Phase I is called registration phase where a Home IoT
Server (HIoTS) issues security credentials to a sensor node over a secure channel. Phase II is designed for inter cluster
movement of the sensor node, where a sensor node may move from one cluster to another by preserving strong
anonymity. In Phase III, the anonymous authentication environment for inter-network movement of the sensor node is
presented. So this phase can be represented as inter-network movement phase. This authentication scheme can be used in
many applications such as radio-frequency identification-based IoT system, Biosensor-based IoT healthcare system etc.
In 2015, Lightweight Anonymous Authentication Protocol Using k-pseudonym Set is proposed by Xinghua Li
[Link] [12] to overcome the problem of serious resource consumption. This anonymous authentication protocol is used
based on a shared secret key in wireless networks. In the authentication scheme, the user sends the k-pseudonym set
which contains the actual identity of the user and other k − 1 pseudonyms. The authentication server completes the
authentication process once it finds the real user. The real user can be determined only after it traversals the shared keys
of maximum k users in the set. The k-pseudonym set is constructed using enhanced Dolev-Yao model which allows the

© [Link], All Rights Reserved Page | 43

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
users to adaptively adjust the value of k according to their own privacy requirements, which improves the flexibility of
the system. The value of k can be set bigger for advanced privacy requirements which lead to a higher success rate. This
method can also be applied to mobile communication, Wi-Fi, RFID, etc., due its higher efficiency. In addition to that, it
can be used in Wireless Body Sensor Network to prevent privacy of patient.
Amin [Link] [13] presented a health monitoring system architecture that secures the medical data transmitted over
wireless networks and also reduces the energy consumption of the sensor nodes. Hash function-based mutual
authentication and session key negotiation protocol is used that provides user anonymity for medical professional. The
proposed authentication protocol includes five phases namely 1) Setup 2) Medical professional registration 3) Patient
registration 4) Login and authentication, and 5) Password change phase. AVISPA tool is used to measure security
strength of the protocol. The protocol withstands all the attacks.
In 2016, Light weight anonymous authentication protocol is proposed by Prosanta Gope et al.[14] in order to
provide secure communication between Local Processing Unit (LPU) and BSN-Care Server. The protocol consists of two
phases: Phase I is called registration phase where the patient data is registered securely in the BSN care server and Phase
II is the anonymous authentication phase where the communication among the two entities is secured using one way hash
function and Exclusive OR operation. In addition to this, Offset CodeBook (OCB) based encryption scheme is used to
provide data security.
In 2016, Yeh [Link] [15] developed a Secure IoT-based healthcare system which operates through BSN
architecture. The system consists of two phases: the system initialization phase and the authentication phases. In the
system initialization phase, all of the security parameters will be agreed upon and shared among the communication
entities via a secure channel. The communication entities here refer to the wearable bio-sensors, the LPU and the BSN
server. In authentication phase, all the communication and data exchanges among the communication entities are secured.
Lightweight crypto-modules, such as a one-way hash function, bitwise exclusive-OR operations and random number
generation function are implemented to achieve security robustness and system efficiency. In order to reveal the
practicability and possibility of the presented mechanisms, the healthcare system is implemented with the Raspberry PI
platform.
The mutual authentication and key agreement (MAKA) scheme proposed in [16] used low-cost cryptographic
primitives, such as EXCLUSIVE-OR operation and one-way hash functions. The presented scheme can preserve the user
anonymity for roaming services in GLOMONET. This scheme includes three phases namely, registration phase, MAKA
phase and password renewal phase. The proposed scheme for global mobility networking (GLOMONET) can resist
various security attacks and also reduces overhead. This developed protocol can also be used in securing the data
transmission in healthcare sectors.
To increase the quality of medical services, Li X [Link] [17] employed the Wireless Body Area Networks (WBAN)
in healthcare monitoring. Since the sensitive information of the patients’ collected by WBAN is transmitted via wireless
channel, an improved light-weight single-round authentication protocol [13] is developed by the author. The protocol
contains initialization, registration and authentication phases. The security analysis shows that the protocol increases the
security of the system.

Table I Comparative analysis on different Cryptographic Solutions, Security Services, Strength and limitations
Scheme Cryptographic Security Services Strengths Limitations
Solutions
 Query  Protection of data against  Reduces radio  Susceptible to
Protocol. unauthorized disclosure. traffic and saves adversarial
Wood A [Link]  It provides IP network energy. confidentiality
[3], 2006. security and WSN  Non-critical system attacks, which can
security. queries have low leak resident’s
 End to End secure priority. location.
communication.  It does not consider
the properties like
anonymity and
secure localization.
Huang Y.M  AES  Bluetooth authentication.  Low overhead.  It does not detect
[Link] [4], algorithm.  Prevent replay attacks,  This system is the location of
2009.  SAFER+ impersonation attacks, flexible and chronic patients.

© [Link], All Rights Reserved Page | 44

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
encryption spoofed routing and reliable.
algorithm. routing alteration.
 Ensure non-repudiation
and quickest-path
discovery.
 Finger policy  Enforces authentication,  This policy system  Finger does not
system. encryption and time is feasible for the support dynamic
Yanmin Zhu stamping to guard against majority of code modification.
[Link] [5], attacks. available sensor  The policy
2009.  Guarantee data integrity. platforms. language is not a
 Higher ability to general purpose
recover from errors programming
and better flexibility language.
to change the
behaviour at
execution time.
 Delta  End to end encryption,  Physiological data  Less scalable.
compression Authentication of PM is sent with an end-  It does not reveal
Ko.J [Link] [6], algorithm. data. to-end latency of much about
2010.  Collection less than five security
Tree Protocol. seconds. implementation.
 Alerts from patient
are delivered with
higher probability.
 SHA-1  Data confidentiality  It resists sensor  Data security
Yu S [Link] [7], (one way hash and integrity. compromise and becomes a serious
2011. function).  Resilience to user user colluding concern due to
 Advanced colluding and sensor attacks. distributed storage
Encryption compromising attacks. of sensor data.
Standard.  Backward Secrecy.
 Fine-grained Data
Access Control.
 Improved  Data confidentiality.  Low overhead.  It can be vulnerable
Zhaoyang Z Jules  Data authenticity and  It is a lightweight to Wormhole
[Link] [8], Sudan (IJS) integrity. and energy efficient attack, sinkhole
2012. algorithm. security solution. attack, and Sybil
 Key agreement attack.
protocol  No optimal vault
size and difference
tolerances.
 Signcryption  Authentication  It combines  The
Hu C [Link] [9], algorithm.  Access Control encryption and communication
2013.  Attribute-  Unforgeability digital signatures to cost is high.
based  Collusion Attack offer confidentiality,  Access control
cryptosystem. Resistance. collusion Resistance structure is not
and authenticity. implemented.
 RFID  Mutual authentication,  RFID authentication  The
Chunhua Jin authentication anonymity, availability protocol is more communicational
[Link] [10], protocol. and forward security. suitable for and computation
2015.  Withstand replay attack, healthcare cost is not reduced.
impersonation attack, environment.

© [Link], All Rights Reserved Page | 45

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
server spoofing attack,  This protocol can
DoS attack, location endure numerous
tracking attack and security attacks.
cloning attack.
 Anonymous  Mutual Authentication.  Less computational  Some of the attack
Gope P [Link] authentication  Sensor Anonymity and overhead. resistance property
[11], 2015. protocol. Untraceability.  This scheme suits is not considered.
 Resistance to Replay for resource-
Attacks and cloning constrained WSN
attacks. based IoT system.
Xinghua Li  Anonymous  Anonymous Success  Delay is reduced.  Participation of
[Link] [12], authentication Rate.  Easy to implement. server in the
2015. protocol.  Untraceability. construction of k-
pseudonym set
increases its
burden.
 Inappropriate
construct, will lead
to significant
overhead for the
networks.
 Hash function-  Offers Authentication,  The protocol can  The protocol is
Amin [Link] based mutual anonymity, data integrity ensure various not implemented
[13], 2016. authentication and confidentiality security in Internet-of-
and session services. requirements and Things and cloud
key  Resists mobile device can withstand environments.
negotiation stolen attack, several attacks.
protocol. untraceability attack, off-
line password guessing
attack, impersonation
attack.
Prosanta  Light weight  Data Privacy  It satisfies several  Communication
Gope [Link] anonymous  Data Integrity security overhead is
[14], 2016 authentication  Data Freshness requirements of IoT high.
protocol.  Authentication based health care
 OCB based  Anonymity system.
data  Secure Localization
encryption.

Yeh [Link] [15],  SHA-3  Data Integrity,  It achieves system  The computation
2016. Authentication, efficiency and cost can be reduced
Anonymity,etc. robustness. further.
 Practicability of
IoT-based
healthcare system is
guaranteed.
Gope P [Link]  Lightweight  Mutual Authentication  It satisfies several  The system is not
[16], 2016. mutual and Fair Key Agreement. security tested against
authentication  Privacy Against requirements and several other
protocol. Eavesdropper (PAE) with resists known possible security
 SHA-256. User Anonymity and attacks. attacks.
Untraceability.

© [Link], All Rights Reserved Page | 46

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
 Resistance to Forgery
Attack, Insider Attack.
 Security against Known
Session Key Attack and
Security Assurance in
Case of Lost Smart Card.
Li X [Link]  Single-round  The system can resist  It satisfies almost  The protocol fails
[17], 2017. authentication forgery attack, session all the basic security to include GPS
protocol. key guessing attack, properties needed to information which
 SHA-1. Denial-of-Service attack, preserve the is important to
replay attack, session- patient’s medical detect chronic
specific temporary record. patient location.
information attack,
insider attack, Key-
Compromise
Impersonation attack
(KCI).
 It achieves Mutual
authentication, user
anonymity and
untraceability property.

The various cryptographic protocols used in different papers and the security services that are relevant to the
systems are summarized in table 1. The table gives a better understanding of security measures and protocols available in
the existing systems, along with a brief analysis of each security scheme's strength and weaknesses.

VI. CONCLUSION
The IoT technology brought huge attention in everybody's life. This paper presents various aspects of IoT based
healthcare technologies. Since data protection and privacy of users are considered as the major challenges, researchers
across the world has provided various technological solutions to enhance privacy and security mechanisms in healthcare
applications. This paper surveys on well-planned security mechanisms in IoT based healthcare system. The basic security
requirements such as health data protection, data confidentiality, data integrity, authentication etc., are addressed by the
authors. In addition to these requirements, the protocols with light weight solution must also be considered to facilitate
the researchers to come up with the more robust security mechanisms.

REFERENCES
[1] The evolution of internet of thing, TEXAS INSTRUMENTS, September 2013.
[2] Kumar P, Lee HJ, "Security issues in healthcare applications using wireless medical sensor networks: A
survey," Sensors, Vol. 12, No. 1, pp. 55-91, Dec 2011.
[3] Wood A, G. Virone, T. Doan, Q. Cao, L. Selavo, Y. Wu, L. Fang, [Link], S. Lin, J. Stankovic, “ALARM-NET:
Wireless Sensor Networks for Assisted-Living and Residential Monitoring,” Department of Computer Science,
University of Virginia; Charlottesville, VA, USA:2006. Technical Report CS-2006-01.
[4] Huang Y.M, M. Y. Hsieh, H. C. Chao, S. H. Hung, and J. H. Park, “Pervasive, Secure Access to a Hierarchical
Sensor-Based Healthcare Monitoring Architecture in Wireless Heterogeneous Networks,” IEEE Journal on
Selected Areas in Communications, Vol. 27, No. 4, pp.400-411,May 2009.
[5] Yanmin Zhu, Sye Loong Keoh, Morris Sloman, and Emil C. Lupu, “A Lightweight Policy System for Body
Sensor Networks,” IEEE Transactions on Network and Service Management, Vol. 6, No. 3, pp.137-148,
September 2009.
[6] Ko.J, J. H. Lim, Y. Chen, R. Musaloiu-E, A. Terzis, G. M. Masson, “MEDiSN: Medical Emergency Detection
in Sensor Networks,” ACM Trans. Embed. Comput. Syst. Vol. 10, No. 1, pp. 1–29, 2010.
[7] Yu S, K. Ren, and W. Lou, “FDAC: Toward fine-grained distributed data access control in wireless sensor
networks,” IEEE Trans. Parallel Distrib. Syst., Vol. 22, No. 4, pp. 673–686, 2011.
[8] Zhaoyang Zhang, Honggang Wang, Athanasios V. Vasilakos, and Hua Fang, “ECG-Cryptography and
Authentication in Body Area Networks,” IEEE Transactions on Information Technology in Biomedicine, Vol.
16, No. 6, pp.1070-1078, November 2012.

© [Link], All Rights Reserved Page | 47

 Jeyadurga et al., International Journal of Advanced Research in Computer Science and Software Engineering7(10)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 39-48
[9] Hu C, N. Zhang, H. Li, X. Cheng, and X. Liao, “Body Area network security: A fuzzy attribute-based
signcryption scheme,” IEEE J. Select. Areas Commun. (JSAC), Vol. 31, No. 9, pp. 37–46, 2013.
[10] Chunhua Jin, Chunxiang Xu, Xiaojun Zhang, Jining Zhao,“A Secure RFID Authentication Protocol for
Healthcare Environments Using Elliptic Curve Cryptosystem,” Journal of Medical Systems, Vol. 39, No. 3,
pp.1-8, March 2015.
[11] Gope P, T. Hwang, “Untraceable Sensor Movement in Distributed IoT Infrastructure,” IEEE Sensors Journal,
Vol. 15, No. 9, pp. 5340 – 5348, 2015.
[12] Xinghua Li,Hai Liu,Fushan Wei,Weidong Yang,“A Lightweight Anonymous Authentication Protocol Using k-
pseudonym Set in Wireless Networks,” IEEE Global Communications Conference (GLOBECOM), pp. 1-6,
December 2015.
[13] Amin, Ruhul, SK Hafizul Islam, G. P. Biswas, Muhammad Khurram Khan, and Neeraj Kumar, "A robust and
anonymous patient monitoring system using wireless medical sensor networks," Future Generation Computer
Systems, 2016.
[14] Prosanta Gope, Tzonelih Hwang, “BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body
Sensor Network,” IEEE Sensors Journal, Vol. 16, No. 5, pp.1368-1376, 2016.
[15] Yeh, Kuo-Hui, "A Secure IoT-based Healthcare System with Body Sensor Networks," IEEE Access, 2016.
[16] Gope P, T. Hwang, “Lightweight and energy-efficient mutual authentication and key agreement scheme with
user anonymity for secure communication in global mobility network,” IEEE Systems Journal, Vol. 10, No. 4,
pp.1370-1379, Dec 2016.
[17] Li, X., Peng, J., Kumari, S., Wu, F., Karuppiah, M. and Choo, K.K.R., “An enhanced 1-round authentication
protocol for wireless body area networks with user anonymity,” Computers & Electrical Engineering, 2017.

© [Link], All Rights Reserved Page | 48

View publication stats