A Hybrid MCDM Approach of Selecting Lightweight Cryptographic Cipher Based on ISO and NIST Lightweight Cryptography Security Requirements for Internet of Health Things

The most serious challenges currently faced by healthcare environment is the decision making related to the installation of the most suitable and appropriate lightweight authentication cipher that could provide solutions towards the authentication issues prevailing in IoHT devices. This decision making becomes more troublesome and tricky due to the number of factors that are taken into account such as availability of many existing ciphers, complex and multiple numbers of requirements involved and frequent changing of these requirements from one platform to another. This decision making is also hampered by the nature of IoT devices operating in healthcare environment as they come up with limited functionality, processing, bandwidth and memory. In this regard, we present an evaluation framework focuses upon the selection of best light weight cryptographic ciphers by considering the most important parameters or requirements of criteria. The proposed framework considers the requirements like performance, physical and security as suggested by widely accepted standards such as National Institute of Standards and Technology (NIST) and International Standard Organization standard such as ISO/IEC 29192 for building evaluation criteria. This framework evaluates and selects the best lightweight cryptographic among the 10 ciphers i.e. PRESENT-80, Scalable Encryption Algorithm (SEA), HIGHT, Lightweight Encryption Algorithm (LEA) Advanced Encryption Standard (AES-128), mCrypton, NOEKEON, Klein, Camellia and Tiny Encryption Algorithm (TEA) for the purpose of evaluation in IoHT environment. This framework uses two decision making methods such as Criteria Importance Through Inter criteria (CRITIC) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS). CRITIC assigns weights to alternatives and TOPSIS is used for evaluating alternatives (ciphers) against the defined criteria of evaluation. The proposed work is novel due to number of reasons such as the newly defined criteria adopted in this framework is the first attempt to use the security requirements of International Standard Organization (ISO) and National Institute of Standards and Technology (NIST). Secondly, this is first time that CRITIC and TOPSIS methods have been applied for assessment and decision making in healthcare environment. Similarly, the selected lightweight authentication cryptographic ciphers are used for the first time for assessment in IoHT environment. This approach addresses both hardware and software characteristics for selecting the best security option for lightweight cryptographic security.


I. INTRODUCTION
Internet of Health Things (IoHT) is emerging as a new concept due to the integration of duo concepts such as IoT The associate editor coordinating the review of this manuscript and approving it for publication was Luis Javier Garcia Villalba . and healthcare system. It is also known as Internet of Medical things (IoMT). IoHT or IoMT is the connectivity of healthcare devices connected to the cloud for sending and receiving data related to the chronical diseases of patients [1]. The security of IoHT devices has always remained a challenging task due to vulnerabilities addressed by these VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ devices in the operating environment but still IoT devices are rapidly increasing due to their multi applications features. The number of IoT devices is predicated to reach 75. 44 billion by the end of 2025 [2]. This significant rise has led to security and privacy concerns because these devices are unable to defend themselves due to low processing and resource constrained nature [3]. IoT devices are vulnerable to many cyber-attacks such as Man In Middle, eavesdropping, replay attacks, phishing, Denial of Service (DoS), spoofing, phishing, privacy breach and many others [4], [5]. Similarly, these devices are operating in wireless network where, sensitive data is transmitted and collected by terminal node [6]. In order to protect sensitive data from falsification and eavesdropping, it is necessary to select that algorithm or protocol which fulfills the needs of lightweight security or cryptography in healthcare environment. Lightweight cryptography is opposed to conventional cryptography, where desktop, tablets or smart phones are involved but it is all about embedded systems, RFID and sensor networks [7]. Light weight cryptography is more suitable for constrained devices and lightweight algorithms can be implemented in RFID, FPGA and WSN [8]. Any lightweight protocol or primitive related to authentication is ought to be properly assessed against a certain criteria or set of requirements in IoHT environment. For this purpose, a hybrid multi criteria decision making approach has been proposed to select the best cryptographic protocol or primitive for lightweight security in Internet of healthcare things system. In this research work, any lightweight cryptographic protocol is opted for installation in IoHT devices after its checking against the some lightweight cryptography requirements or criteria. This criteria plays anchor role in selection of best lightweight authentication cipher. Therefore, cryptographic requirements for lightweight security are identified from International Standard Organization (ISO) standard such as ISO/IEC 29192 [9] and National Institute of Standards and Technology (NIST).

• Contribution of proposed work
Following are the major contributions presented by this proposed research work.
• In this proposed research work an evaluation framework is presented to address the issues related to decision making and selection of most appropriate and suitable lightweight cryptographic authentication cipher for healthcare environment. This first attempt of its kind that such type of evaluation framework in IoHT environment has been presented.
• NIST and ISO standards are used for the first time as benchmark for opting the best choice among the list of selected light weight authentication cryptographic ciphers. The literature has been thoroughly searched for validating the selected lightweight requirements or criteria. The parameters defined for criteria have never been used before as evaluation benchmark to the best of our knowledge.
• Earlier attempted works used only hardware or software based characteristics but this proposed work combines both hardware and software based characteristics such as performance, physical and security characteristics to address the lightweight authentication issues in IoHT environment.
• The selected list of lightweight authentication cryptographic ciphers has never been used before evaluation and decision making in IoHT based system.
• This is first time that hybrid multi criteria decision making methods like CRITIC and TOPSIS have been used for selection of lightweight cryptographic authentication cipher in medical care environment.
• The proposed framework provides features based or lightweight security requirements based cryptographic authentication for healthcare data by covering all the aspects for authentication such as memory requirements, size of code, power usage, latency, throughput, ROM size, key size and chip area.
The remaining section of this article is composed of seven (7) sections: section 2 describes motivation of this research, section 3 describes research gap and problem statement, in section 4 literature is discussed. In section 5, the need of MCDM approach for light weight cipher selection in IoHT is discussed. In section 6 research method to address the light weight security has been elaborated, section 7 discusses limitations and challenges faced by this research work and section 8 ends in conclusion.

II. MOTIVATION
Light weight security of IoHT is challenging task due to various number of criteria involved. Selection of light weight cryptographic primitive is always desirable to meet the authentication issues. This research work is motivated to achieve the following objectives.
• The major motivation of this work is to select the most appropriate lightweight cryptographic authentication ciphers against the security requirements or evaluation criteria defined based upon ISO standard and NIST security characteristics or requirements.
• Lightweight authentication of IoHT devices is a major issue as the landscape of these devices is moving rapidly, therefore, it is required to use a tailor-made lightweight authentication cipher which provides optimum security and performance for resource constrained devices such as RFID and sensor based devices.
• It is indispensable to use appropriate light weight authentication cipher for security of internet of health thing environment due to the structure of healthcare devices. IoT devices operating in medical care system come up with less memory, processing speed and bandwidth. A lightweight authentication cipher that addresses all the physical and performance characteristics of cipher is required.
• Hardware and software based performance of light weight cryptographic authentication algorithms are the key considerations but it is hard to select an cipher that holds both factors at the same time.
• Criteria for selection of most appropriate lightweight authentication algorithm has not been properly defined to due to involvement of many number of performance, physical and security properties related to lightweight cryptography.

III. PROBLEM STATEMENT
The research gaps related to light weight authentication of IoT in healthcare environment in current literature are identified and these are addressed in the proposed work. The main focus this work is to provide solution towards light weight security in healthcare environment by using hybrid MCDM approach. Hybrid MCDM approach as selective choice is used for the first time to address the light weight security of IoT system, although it has been used in health care for making decision for other different purposes such as mobile health care system, dementia care, IoT based enterprises and selection of contract and tender processes [10]- [13]. This research work is novel in nature due the existence of the following research gaps. The problem statement is composed of the following points.
• It is in dire need to select the most appropriate lightweight cipher due to the nature of data transmitted by IoHT devices. In healthcare environment, sensitive data related to the patients is transmitted from IoHT devices like smartphone, tablets, oximeter, glucometer, insulin pins, apple watch, smart contact lens etc. Light weight cryptography or security allows them to keep data secure and confidential. This can only be achieved by a proper lightweight cryptographic cipher that provides proper encryption, confidentiality, authentication and non-repudiation of data.
• From literature study, it has been observed that MCDM approach has never been used as decision making option for light weight security solution in IoT for healthcare system. In this research work, a hybrid MCDM approach is used to cope with selection problems of lightweight security in healthcare environment.
• There is significant rise in the light weight cryptography for IoT devices. A huge number of lightweight ciphers are available for IoT applications in healthcare environment. Selection of most appropriate and suitable cipher among the list of available ciphers becomes tricky due to many number of parameters involved. In healthcare environment, majority of the devices such as oximeter, glucometer and apple watch have limited capacities of power, memory and bandwidth.
• Similarly, the security properties or criteria for light weight security assessment are extracted from welldefined ISO security standard such as ISO/IEC 29192 [9] and NIST security requirements. This is first attempt of its kind to bring these security requirements for lightweight cryptographic security in IoHT system.
• Many existing works and approaches have identified security evaluation criteria or requirements from literature, which is not considered as standard, wellrecognized and reliable. Due to this reason some security attributes related to hardware, software or security implementation might have been skipped. Ultimately, this leads to the situation, where, the most suitable and appropriate light weight primitive providing a full pledged light weight security remains as ''unidentified'' in this area.
• Majority of previous works are focused upon hardware based implementations of lightweight ciphers, but this proposed work combines both the software and hardware based approaches for selection of most appropriate lightweight authenticaion cipher among the list of ciphers.

IV. RELATED WORK
Most of the IoT devices operating in healthcare environment are vulnerable to various cyber threats and attacks. As, data related to patients are stored in cloud server of hospital center and it is mandatory to keep the data secured [14]. The security has been the most challenging task in IoHT environment and selection of algorithm that answers all problems related to lightweight security is hard to identify. MCDM approach has been used for IoT in various fields such as crime prevention, road safety, resource management, supply chain, energy system and cluster head selection. The role of multi criteria decision making analysis in healthcare has been briefly discussed by Frazão, et al. [15]. Different MCDM methods have applied for the purpose of selection in IoHT, like Dimitriologou et al. [10] presented a multi criteria decision model for dementia care. Similarly, multi criteria decision making analysis can be used for decision making regarding contracts and tender process in healthcare environment [11] Liu, et al. [12] presented a hybrid MCDM model for mobile healthcare system. Nabeeh, et al. [13] used neutrosophic approach with the support of Analytical Hierarchy Processes (AHP) MCDM method for IoT-based enterprises. Detail of different approaches or technologies for security evaluation of lightweight ciphers is shown in Table 1.

V. NEED OF MCDM APPROACH FOR SELECTING LIGHTWEIGHT CIPHER IN IoHT
Decision making is a complex and tricky job in healthcare environment due to the nature of real-world problems and conflicting objectives. The development of such a models or approaches is prerequisite to provide solutions towards selection and decision making problems when multiple criteria are taken into account. There are variety applications of MCDM approaches in healthcare for different purposes like performance management [34], service quality evaluation [35], supplier selection problems [36] and healthcare waste treatment [37] and security evaluation [38] and web services  evaluation [39]. This proposed work also made an attempt to provide solution towards the selection of lightweight ciphers for security in IoHT. Authentication and encryption/decryption in IoHT have become an issue due to the number of IoMT applications involved. But, the major issues are concerned with authentication and data integrity [40]. Therefore, it is indispensable to have a proper and bestfit authentication or encryption/decryption block cipher for IoMT applications which could secure the sensitive data related to patients. In this regard, the number of lightweight block ciphers for authentication and encryption/decryption in healthcare have been evolved in recent years, significantly. These lightweight block ciphers offer a variety of unique combination of features. This is the reason that network administrators, network policy makers or other stakeholders find it hard to select the most appropriate cipher for lightweight security that could provide solution towards all the security issues in IoHT. Our approach selects lightweight ciphers for IoMT applications by considering the number of criteria such as chip area, throughput, power consumption, energy, latency, program code size, RAM size and security strength. Without MDCM approach, this selection is not easy to get the best cipher among the plethora of lightweight block ciphers. For example, some ciphers selected for implementation in IoHT must be energy efficient but on other hand they can be easily breached and they will suffer from software or hardware implementations issues. For instance, SEA cipher is easy to use, easily upgradable, simple, flexible and lowlatency but on other hand it is slow in software implementation, limited in privacy and slow for real time applications. Similarly, TEA is cipher is easy to implement and requires less code size but its power consumption is high and has high energy per bit. Implementing a cipher based on considering one dimension or two dimensions is not a rational approach but a lightweight block cipher that is to be implemented must be evaluated against the number of performance evaluation criteria. This work has defined a distinct and multifaceted criteria for selection of lightweight block cipher which is to be implemented for IoMT applications in healthcare environment. The need of hybrid MCDM approach is to select a cipher that is more viable in terms of energy, power, code size, RAM, latency, throughput, security and gate area. The scenario of applying MCDM approach in IoHT for selection of lightweight block cipher is given Fig 1.

VI. RESEARCH METHOD
Lightweight security of nodes or any IoT device is of paramount importance from security perspective especially in Internet of healthcare things (IoHT). This security can only be achieved by having a proper and well-featured security scheme or algorithm that answers all the questions related to lightweight cryptographic security. The main focus in this research is to select the best algorithm/protocol or any other mechanism employed for lightweight cryptographic security as alternative. For this purpose, lightweight cryptographic requirements/properties of lightweight security are identified from ISO standard known as ISO/IEC 29192. It is a multipart International Standard that defines lightweight to address key exchange, data confidentiality, authentication, identification, non-repudiation. This standard provides a standardized mechanisms for lightweight cryptographic applications such as radiofrequency identification (RFID) tags, smart cards, secure batteries, health-care systems and networking composed of sensors. These features/properties are used as metric for selection best algorithm or device that embeds the algorithm. These features are the most adopted and wellrecognized to measure the strength of any lightweight cryptographic cipher or algorithm. ISO security requirements for lightweight cryptography such as (ISO/IEC 29192) [9] and NIST characteristics are used for building security evaluation criteria. Following are the major steps of research method.

A. CASE STUDY
In order to complete the data collection, two case studies were performed.
Case 1: In this case study, we highlighted the general issues related to lightweight authentication in broader sense such as the main problem related to authentication issue and root cause of the problem were brought into consideration. The cause effect of problems were discussed. A comprehensive and detailed observation was carried out to collect the required data related to problem. For this purpose open ended questions were asked to get deep knowledge about the problem domain and then the collected data was analysed for finding the criteria and alternatives. The proposed solutions of problem were chalked out and proper report was prepared related to the authentication problems in IoHT. From this case study it was concluded that the main issue is the selection and ranking of lightweight authentication cipher which can provide solution towards the lightweight authentication issues. In this step a proposed solution to the problem was suggested and step-wise procedure of this case study is given in Fig 2. Case 2: In the second case of our study, the problem was discussed in more detailed and comprehensive manner to get deep knowledge about the problem of authentication in medical care environment.A proper and systematic procedure has been followed in pursuing this research. A survey was done to collect the requirements from medical IT personnel to know about their changing needs like power consumption, memory requirements, fast transmission, strength of security etc. This case study is conducted to get more and in-depth detail about the impacts of lightweight authentication cipher in healthcare environment. The main focus is to know about impacts of cipher in healthcare environment in terms of different parameters such as memory, throughput, latency, power, energy, chip area, program code size and key size. This group discussion is aimed to know from the IT experts in healthcare field about every detail of these security requirements. For this purpose, a questionnaire is presented to IT personnel in healthcare environment, which is comprised of 36 questions. After collecting comprehensive detail about security requirements related to light weight block cipher, the required ciphers are selected against the requirements for evaluation purposes to get the best cipher. The detail of questionnaire for collection of data is given in Table 2. In order to build evaluation framework the security criteria and alternatives are selected. Then, selected security features or criteria is built based upon their needs. The selected ciphers for evaluation are totally based on the suitability to IoHT. The interaction and relation of security requirements in IoMT based system is shown in Fig 3. In this figure IoMT gadgets before deployment in network are checked against the predefined criteria. This criteria is used as assessment for decision making regarding selection of most suitable lightweight cipher in healthcare environment. The selected cipher is most ideal as it covers all the dimensions of lightweight cryptographic security. Thus, it allows the secure and reliable communication from IoMT devices to gateway and data centers.

B. BUILDING SECURITY EVALUATION CRITERIA
For building criteria for lightweight cryptography, the security requirements are collected from three different sources such as literature, ISO light weight cryptography standard and NIST security requirements. In first step, a deep search of literature is performed to know about the most common security requirements. In this step, 85 light weight security requirement are identified. In second step, we removed those requirements, which were commonly used by different authors. In third step, we compared the security requirements obtained from literature with ISO and NIST security require-ments. From ISO lightweight cryptography security standard, we derived 11 requirements and 10 requirements were identified from NIST. In fourth step, we have collected 48 security requirements. After complete analysis, we finally selected those requirements, which are most important for building the security criteria and adopted by many sources. The detailed procedure of building security requirements or criteria is depicted in Fig 4. The number of citations of security requirements or criteria is depicted in Fig 5. In this figure, throughput and power are the most cited security requirements and used by different authors for light weight security evaluation.
Security criteria used by each author along with sources are given in Table 3.
Each requirement contributed towards building the security evaluation criteria are discussed below as.

1) CHIP AREA
Area occupied by semiconductor [9]. It can be also obtained by dividing layout area of application in µm 2 and corresponding area of NAND 2 gate. CMOS technology plays important role in chip area and hardware implementation of cipher and also have impacts on gate equivalence and energy usage. Chip area is an important factor and its smaller value is desirable [27], [41]. It can be represented by using the following equation. C = L A n where, C is chip area, L is layout area of application and A n is corresponding area of NAND2 gate.

2) THROUGHPUT
Throughput is the ratio of block size and time to encrypt one block. Throughput=Block size/Encryption Time of a block [42]. Throughput is number of bits generated per second at a specific frequency during the procedure of cipher encryption and decryption [27]. This frequency is identified in either 100 kHz and for of hardware based implementation 4 MHz is used [27]. Higher value of throughput is desired [41]. Mathematically it is written as.
where, T is throughput, B is block size, F is frequency and N is number of cycles per block.

3) ENERGY CONSUMPTION
Energy consumption can be computed by power consumption over certain period of time [9]. Energy consumption also depends upon the block size and latency. The encryption and key scheduling also have impacts on energy consumption [29]. Energy consumption also depends upon the number of iterations [43]. The smaller value of energy consumption is desirable for IoT devices. According to [20] a fast executing algorithm can diminish the energy usage and increase the battery lifetime. In equation form energy can be written as.
where, E b is energy per bit in µJ, L is latency, P is power consumed by hardware or software in micro watt and B is block.

4) POWER CONSUMPTION
It is amount of power needed to use the circuit [41]. Power can be found by GE and corresponding CMOS technology. The lower value of power is desired so cipher consumes less power will be preferred. Power consumption is dependent on opted technology and simulation method [27]. Lower value of power is desired. Power in equation form is represented as.
where, P is power consumed, B is block size, L is latency and E b is energy.

5) LATENCY
Latency is delay encountered by cryptographic scheme in real time communication system or it is time elapsed during the computation of cipher text or plain text. The lower value for latency is desired [27], [41]. Latency in mathematical form is written as.
L is latency, k is number of clock cycles to compute a block of cipher text and t cycle is Time for one cycle.

6) PROGRAM CODE SIZE
Size of cryptographic algorithm/mechanism code in bytes [9]. It is fixed amount of data, which evaluates function independently from input [41].

7) RAM SIZE
Size of temporary storage space a cryptographic mechanism requires in random access memory including the registers in the processor [9].Memory is often the most expensive part of the implementation of a lightweight primitive [41].

8) KEY SIZE
It is measured by number, which describes the amount of work or the number of operations required to break a cryptographic cipher or system [9]. Key size describes the strength of security.

C. BUILDING CIPHER PROFILES
Our method for selection of lightweight cipher is inspired by using NIST profiles that are built for variety of applications. These profiles describe different characteristics of cryptographic primitive. Profile consists different categories of characteristics such as physical characteristics, performance characteristics and security characteristics. Physical characteristics describes area in GE, memory (RAM\ROM) and implementation type [44]. Lightweight primitives can also be implemented in software, typically using microcontrollers. In this case, the relevant metrics are RAM consumption, size of code and throughput [41]. Performance characteristics show latency, throughput and power. Security characteristics   Each profile is composed of three parts such as performance characteristics, physical characteristics and security characteristics, which are discussed below as.

1) PERFORMANCE CHARACTERISTICS
The performance metrics can be described by throughput, power and latency. Both Power and energy metrics are related with constrained devices. Example of power consumption is RFID chip, which uses electromagnetic field to run its internal circuit. Latency is related with real time applications, where fast response time is required. Unlike conventional algorithms, for light weight application high throughput is not a design goal but still moderate level of throughput is required for applications [44].

2) PHYSICAL CHARACTERISTICS
Physical metrics describe gate area, memory such as (RAM/ROM), implementation type i.e. software or hardware and energy consumption [44]. Gate area is also known as chip area and ROM shows the code size.

3) SECURITY CHARACTERISTICS
Security characteristics of profile describe the security strength also known as key size, side channel resistance and attack models. In this work, building a profile for cipher, we have considered only security strength as a metric. NIST has termed the key size as security strength in their profiles, this is the main reason for calling the key size as security strength. The minimum key size for light weight cipher should be 112 to provide maximum security for longer period of time [45]. Similarly, the detail of all selected lightweight cryptographic ciphers for security evaluation purpose are given below as.

a: PRESENT-80
It is one of the first ciphers used for encryption of ultraconstrained devices. It is also as standardized in ISO/IEC 29192 standard [46]. Key size of PRESENT is 80/128-bit and it takes 31 rounds to converts 64-bit data blocks [19]. This algorithm is more ideal for devices with limited power abilities and restricted battery life due to small key size [42]. PRESENT algorithm is hardware efficient but its software implementation reduces the size of the code [46]. As far as the code size is concerned then PRESENT is a reasonable choice [20]. b: SEA SEA is Scalable Encryption Algorithm, designed for processors with limited instruction set. The main goal of this design is to meet the low memory, small code and limited instruction sets [46]. This algorithm was initially designed to provide encryption at low cost on very low processers with limited instructions, memory and code size [47]. Both hardware and software implementation of SEA cipher are working well [48].

c: HIGHT
HIGHT is a block cipher which is presented by Hong et al. HIGHT has 64 bits block size and 128 size of key [41]. It completes its operation in 32 rounds [19]. It provides high security and employs Feistel structure [42]. This algorithm is targeted for systems with limited or low resources [49].

d: LEA
LEA is abbreviated for Lightweight Encryption Algorithm. This algorithm is stream cipher and was designed by Electronics and Telecommunication Research Institute of Korea. It has small code size and requires less power [46]. LEA completes in 24, 28 and 32 rounds. This algorithm is designed to apply to lightweight environments [50].

e: AES
Advance Encryption Standard or (AES) was developed by Singh and Deshpande [28]. It is available in key sizes of 128, 192 and 256 bits. The key size determines the strength of the cipher, higher the size of key more encryption the algorithm will provide [28]. It can be implemented in both hardware and software [46]. The block size of AES is 128 bits [24].

Mcrypton was developed in 2005 by Hosseinzadeh and
Bafghi et al. [51]. It is miniature version of crypton and uses 64 bits block size by providing three key options such 64, 96 and 128 sizes [52]. It is more suitable for resource constrained computing scenarios such as sensor network and RFID tags [53]. It completes in 13 rounds [46].

g: NOEKEON
This algorithm is presented by Abdul-Latip et al. [54] for submission to the NESSIE project in 2000. Noekeon key size is 128 bits and it takes 16 rounds and each round is composed of three transformations [55]. It can be implemented both in hardware and software. The key scheduling of Noekeon allows to resist against the related key attacks [55]. This algorithm is vulnerable to related key cryptanalysis [46]. It uses bit-slicing techniques, which leads to lesser code size, better performance and less energy consumption [24].  [33]. It is lightweight block cipher with block size of 64 bits and key size of 64, 80 and 128 bits [56]. The Feistel structure of key scheduling of KLEIN cipher allows it to avoid key related attacks [56]. KLEIN has good software performance on legacy systems and at the same time its hardware implementation can also be compact [57]. KLEIN is based on Substitution-Permutation Network (SPN), which is used in AES and PRESENT ciphers [58], [59].

i: CAMELLIA
This cipher was presented by Nippon Telegraph and Telephone Corporation (NTTC) and Mitsubishi Electric Corporation of Japan [60]. It has good efficiency at both hardware and software and provides high level of security [60]. It is block cipher, which supports 128, 192 and 256 key sizes [61].
The new functions such as F L/F L −1 with the support of whitening layers of Camellia allows more security against attacks [62].

j: TEA
It is Tiny Encryption Algorithm with block size of 64 bits and key size of 128 bits [46]. It was developed by David Wheeler and Roger Needham at the Computer Laboratory of Cambridge University in 1994 [63]. It shows strong resistance to differential cryptanalysis. Its version are extended TEA and block TEA, which overcome the drawbacks of TEA cipher [46]. TEA hardware architecture provides simplicity, flexibility, less number of computations with the simple key scheduling [64]. XTEA is very fast algorithm as it does not use S-boxes and initialization time. The structure of XTEA algorithm is Feistal and it is used for real time applications [64]. The complete detail of all light weight ciphers selected for security evaluation is given in Table 4.
The detail of input data for profile entry is given in [46]. The selected ciphers will be evaluated based upon these profiles.
Profiles of individual ciphers are shown in Table 5.
The main motivation of proposed work is to select the best lightweight cryptographic primitive for lightweight authentication for IoHT. This research work completes in phasewise fashion such as in first phase, the selection problem is identified then alternatives and criteria or properties for lightweight crypto security are identified. In this phase, security evaluation criteria is built based upon security requirements, which are collected from three different sources such as literature, ISO light weight security standard and NIST security characteristics. After, building the security evaluation criteria, 10 ciphers are selected for assessment and among these ciphers, one cipher is selected as best choice for light weight security in IoHT based system.
In second phase, CRITIC method has been employed to assign weights to the security criteria or properties related to lightweight cryptography. In 3 rd phase, the alternatives are ranked by using TOPSIS method. TOPSIS method selects the best cipher among the list of 10 lightweight ciphers. All of phases involved in the research procedure are depicted diagrammatically in Fig 7. D. CRITIC METHOD CRITIC stands for ''CRiteria Importance Through Intercriteria Correlation'' and it was introduced by Diakoulaki et al. [65] in 1995. It is MCDM method which is applied for assigning weights to criteria in this research work. This method assigns weights to the criteria objectively such that without the judgements of decision makers or using pairwise comparison [66]. CRITIC method is the type of correlation method [67].   such as C j for j = 1, 2, 3 . . . n, in a problem. This method is composed of the following steps [66], [68].
Step-1 (Building a Decision Matrix): In the first step of this method a decision matrix X is created. In equation (1), X ij shows the performance value of it h alternative on j th criterion.
Step-2 (Decision Matrix Normalization): The normalization of the decision matrix is done by using the following equation.
X * ij is the normalized performance value of ith alternative on jth criterion.
Step-3 (Calculation of Standard Deviation and Its co-Relation With Other Criteria for Criteria Weights): In this step, the weights of j th criterion can be found with the following equation.
In equation (3), C j is the amount of information contained in j th criterion. C j is calculated as follow.
where, σ j is standard deviation of the j th criterion and r jj is the correlation coefficient between the two criteria.

E. CRITIC NUMERICAL WORK
In this section, weights are assigned to the criteria by using CRITIC method. The main purpose of the proposed work is to find the best light weight cryptographic primitive or cipher by using hybrid MCDM approach. The profiles of lightweight ciphers as (previously mentioned) have been used as alternative such as P 1 , P 2 , P 3 , P 4 , P 5 , P 6 , P 7 , P 8 , P 9 and P 10 for the purpose of decision making. Security requirements, performance and physical characteristics are used as criteria such as chip area (C 1 ), Throughput (C 2 ), power consumption (C 3 ), energy (C 4 ), latency (C 5 ), program code size (C 6 ), RAM size (C 7 ) and security strength (C 8 ). All the selected criteria are quantitative in nature. Criteria can be divided into two types: beneficial and non-beneficial. In this table beneficial criteria are C2 and C8 and remaining are non-beneficial criteria. Decision matrix is established for ten (10) type of different lightweight crypto ciphers with respect to defined security properties/criteria as are given in Table 6. Decision matrix is normalized by applying equation (2) and results is given in Table 7.  Correlation coefficient of each criteria is calculated as shown in Table 8.
Measure of conflict, quantity of information, criteria weights and standard deviation are shown in Table 9.
The weights assigned to the security criteria after applying the CRITIC method and results are displayed in Fig 8.

F. TOPSIS METHOD
This method ''Technique for Order Preference by Similarity to Ideal Solution'' (TOPSIS) was presented by Krohling and Pacheco [69]. This method works on by using ideal solution, if alternative is closer towards the positive ideal solution then it will considered as best solution. TOPSIS   method follows simple computation procedure, it is well established and reliable [69]. In TOPSIS method the selected alternative should have the minimum distance from the positive ideal solution and the maximum distance from the negative-ideal solution. This method follows the following procedure [69], [70].
Step-1 (Building Decision Matrix): In this step, a decision matrix such as D is constructed by using multiple criteria and alternatives. For example for ''n'' number of alternatives and criteria, the decision matrix can be found as.
where A 1 , A 2 , A 3...... A n , are variable alternatives and C 1 , C 2 , C 3...... C n are the criteria. VOLUME 8, 2020  Step-2 (Building Normalized Decision Matrix): The input data of the decision matrix D originated from different sources, therefore, it has to be normalized to convert it into a dimensionless matrix.
The comparison of different criteria is done via Dimension matrix. A normalized decision matrix is built by using the following formula.
For i = 1 . . . . . . . . . .m and j = 1 . . . . . . n Step-3 (Determining the Weighted Normalized Decision Matrix): It is not necessary that all attributes must be of same importance. Therefore, a weighted normalized decision matrix can be obtained by multiplying the each element of normalized decision matrix with a random weight number as given in formula below.
Step-4 (Finding Ideal Positive and Negative Solutions): The positive ideal solutions are denoted by A + and negative ideal solutions are represented by A − . These are determined by using weighted decision matrix.
where, J denotes the beneficial attributes and J' is shows nonbeneficial attributes.
Step-5 (Determining the Separation Measures): Ideal and no ideal separation are calculated by the following formulae.
Step-6 (Finding of Relative Closeness): It is determined with respect to the ideal solutions by using the following equation.
Step-7 (Ranking of Alternatives): The ranking is done by using Ci value, the maximum value of Ci means the higher the ranking order and alternative can be described as better in terms of performance. Ranking of preferences can be performed in ascending or descending order. The descending order of preferences can be used for comparing the better performance.

1) APPLICATION OF TOPSIS METHOD
In context of decision making, the TOPSIS method is applied for ranking alternatives. TOPSIS method selects the profile that describes the best light weight authentication algorithm or cipher among the ten alternatives. The decision matrix as mentioned in Table (5) is normalized by using equation (6) and output is shown in Table 9. The criteria weights obtained from CRITIC method are also written in Table 10.
Ideal positive solution (A +) and Ideal negative solution (A − ) are determined from weighted normalized data table and results are given in Table 11.
Ideal separation measure, non-ideal separation measures, value of relative closeness are calculated by equation (10), (11) and (12) respectively and results are depicted in Table 12.
Ranking of alternatives is performed based upon the values of relative closeness. The higher value of C i indicates the best alternative among the five alternatives. The alternatives are ordered according the values of relative closeness and best alternative among the all alternatives is given in Table 13.
From Table 13, it is clear that P 8 alternative has the highest value among all alternatives so it best option of security for lightweight cryptography. The comparison of alternative is given in Fig 9. Alternatives in chronological orders are P 8 > P 3 > P 7 > P 9 > P 2 > P 5 > P 4 > P 6 > P 10 > P 1 . It is clear from Fig  8 that P 8 is profile of KLEIN cipher, which is considered to be best lightweight cryptographic cipher against the security requirements for light weight security in internet of health things.

2) CRYPTO ANALYSIS OF KLEIN CIPHER
Our proposed evaluation framework ranks and selects the KLEIN cipher among the different ciphers and hence, it can be used for light weight cryptographic security in IoHT environment. KLEIN cipher is ideal for healthcare environment as the following crypto-analysis which validates the reason for selection of KLIEN cipher among the list of selected ciphers by our proposed evaluation framework intended to select best choice among the list of lightweight cryptographic authentication ciphers.
• KLEIN cipher is well suited for low-resource applications such as IoT and wireless sensor and actuators based networks. This is the main reason that it can be used as light weight security option for IoHT system.
• It provides good security in full rounds. KLEIN offers a variety of key sizes, which makes it more flexible.
• Besides, KLEIN can be implemented on both hardware and software like legacy sensors systems.
• KLEIN uses byte-oriented structure like AES for better software performances.
• The S-box nature of KLEIN provides strong resistant against side channel attacks [57].
• Similarly, Gong et al. [57] also studied the performance of KLEIN cipher with other lightweight ciphers such as AES, NOEKEON, SEA, HIGHT, PRESENT and mCrypton on different platforms such as IRIS and TelosB and according to the results obtained they suggested that KLEIN cipher shows better performance among the mentioned ciphers. They also compared the hardware implementation of KLEIN and it showed good results, comparatively.
• KLEIN cipher is selected as best option for lightweight authentication as it provides best results among the selected algorithm for different assessment parameters like size of memory, code size, RAM size, chip area, latency, throughput, power consumption, memory usage and type of implementation.
• From the decision matrix (Input table), it is quite clear that KLEIN cipher requires less chip area and low power consumption and low latency as compared to all other ciphers. In light of above discussion, we believe that KLEIN cipher is better choice as light weight security option in IoHT environment. Several studies are available regarding different aspects of security [71]- [78].

3) SIGNIFICANCE OF USING CRITIC AND TOPSIS
In the proposed evaluation framework both CRITIC and TOPSIS methods have been used to support the validity of framework. The main idea of using CRITIC method VOLUME 8, 2020   for assigning weights to criteria or requirements is, this method uses statistical techniques to validate the proposed framework empirically. Similarly, CRITIC method assigns uniform weight values to the criteria and it is based upon analytical testing of decision matrix [67]. CRITIC method also uses co-relational analysis and standard deviation for finding the contrast among all the criteria [68]. Similarly, TOPSIS method has been used for evaluation and ranking of lightweight authentication ciphers against the defined criteria or requirements. TOPSIS performs ranking based on similarity to the ideal solution. It avoids the same similarity index to both negative and positive ideal solutions. TOPSIS is more practical and more ideal techniques for ranking of alternatives [71]. TOPSIS provides ease and efficient computation. It is mathematical model which measures both best and worst alternatives by considering the relative performance.
In light of above discussion, we can say that both multi criteria decision making techniques such as CRITIC and TOPSIS are adequate enough to be fit in this framework for the purpose of assigning weights to criteria and evaluating alternatives against the criteria defined for lightweight authentication ciphers.

VII. LIMITATIONS AND CHALLENGES
• This proposed evaluation framework is applied on data collected from microcontroller technology for 10 lightweight security ciphers. The performance and evaluation results may change with the changes in the technology used for running these ciphers. The proposed framework is using limited number of ciphers and it can be extended for more number of ciphers.
• Although, we have made a vigorous attempt to formulate the best security evaluation criteria based on most vital security requirements but relatively, these requirements get changed from one platform to other platform. These requirements are not absolute as security parameters for some other frameworks or plateforms. Like some authors used different evaluation metrics, but still the main focus was to include the most fundamental security requirements.
• There are some important security requirements like side channel attacks, short input performance, size of file, encryption and decryption time, avalanche effect, block size, efficiency, figure of merit, technology used and execution time. These parameters can also be used as evaluation metric for selection of light weight authentication cipher.

VIII. CONCLUSION
Light weight cryptographic security of IoT based system in health care environment is important due to nature of wearable devices, nodes and sensors. In modern world there are enormous number of lightweight authentication ciphers but the selection and ranking of these algorithm becomes an issue due to the number of factors and conflicting objectives involved. This issued become more significant in healthcare environment due to the nature of sensitive and fragile data related to patient's record. Hence, the selection of most appropriate and best authentication cipher providing a solution towards light weight authentication security issues is the most challenging task due to the rapidly changing in the number of evaluation parameters. For this purpose a proposed evaluation framework is presented to address the issued related to the decision making and evaluation of lightweight ciphers. Light weight cryptographic cipher is considered for authentication based upon different physical, performance and security parameters or requirements, extracted from ISO lightweight cryptography standard and National Institute of Standards and Technology (NIST). The proposed framework works in two folds: in first evaluation metric or criteria and profiles are built based on different requirements and in second fold, the hybrid MCDM methods such as CRITIC and TOPSIS methods are applied for the purpose of objective weight assignment to criteria and ranking the alternatives respectively. Weights are assigned to the criteria by using CRITIC method and then TOPSIS method is used to rank the profiles of lightweight authentication ciphers based upon security requirements. The results obtained after the empirical work suggest that KLEIN cipher is ranked as first among the lightweight ciphers such as PRESENT-80, SEA, HIGHT, LEA, AES Block cipher, mCrypton, NOEKEON, Camellia and TEA ciphers. KLEIN cipher can used as lightweight authentication option for IoT devices operating in healthcare system. Results obtained from the evaluation framework are impactful and have been thoroughly revised by the experts in the field of IoT security evaluation. The ranking of ciphers is done based upon the quantitative and empirical data after applying both MCDM methods. These are the standard methods and results obtained from these methods are impactful and recognizable. These methods have variety of applications in other domains as well like industry, transportation, agricultural, production, business, engineering and banking. The proposed evaluation framework selects the most suitable of lightweight authentication cipher and hence, it can be used as benchmark for assessment and ranking of lightweight cryptographic ciphers in healthcare or in any other environment. This framework provides a comprehensive guideline for security policy makers and IoT network administrator in healthcare environment to select and use the most suitable authentication cipher against the defined security criteria. The security evaluation criteria covers all the dimensions of lightweight cryptographic security to provide a full pledged secure IoHT based system. VOLUME 8, 2020 The proposed evaluation framework for lightweight cryptographic authentication cipher focuses basically upon the physical and performance characteristics of ciphers. Our future work is to extend this framework by adding security requirements such as resistance against side channel attacks, relevant attack models, encryption and decryption time, block size, number of rounds, key scheduling and structure. In future, we will focus on bringing these security requirements for considering the most suitable and appropriate lightweight authentication cipher to address the authentication issues prevailing in healthcare environment. Our focus is also to use fuzzy approach for decision making and setting a new benchmark related to security requirements of IoHT devices.