CSEF: Cloud-Based Secure and Efficient Framework for Smart Medical System Using ECC

Smart architecture is the concept to manage the facilities via internet utilization in a proper manner. There are various technologies used in smart architecture such as cloud computing, internet of things, green computing, automation and fog computing. Smart medical system (SMS) is one of the application used in architecture, which is based on communication networking along with sensor devices. In SMS, a doctor provides online treatment to patients with the help of cloud-based applications such as mobile device, wireless body area network, etc. Security and privacy are the major concern of cloud-based applications in SMS. To maintain, security and privacy, we aim to design an elliptic curve cryptography (ECC) based secure and efficient authentication framework for cloud-assisted SMS. There are six phases in the proposed protocol such as: patient registration phase, healthcare center upload phase, patient data upload phase, treatment phase, checkup phase and emergency phase. In CSEF, there are four entities like healthecare center, patient, cloud and doctor. In CSEF, mutual authentication establishes between healthcare center and cloud, patient and cloud, doctor and cloud, and patient and healthcare center by the using ECC and hash function. The CSEF is secure against security attacks, and satisfies many security attributes such as man-in-the-middle attack, impersonation attack, data non-repudiation, doctor anonymity, replay attack, known-key security property, message authentication, patient anonymity, data confidentiality, stolen-verifier attack, parallel session attack and session key security. Further, the CSEF is efficient in terms of computation and communication compared to others related frameworks. As a result, CSEF can be utilized in cloud-based SMS.


I. INTRODUCTION
In the smart cities, there are billions of devices which are associated with IoT framework for different applications. Smart city is the environment that designates to develop the facilities to citizen and government assistance by preparing internet technologies. With the rapid advancement of machine-to-machine and device-to-device communication, there is an exponential increment in the utilization of different smart applications, such as smart e-healthcare and smart education etc. IoT-based framework is being utilized worldwide The associate editor coordinating the review of this manuscript and approving it for publication was Mansoor Ahmed . in the construction of future smart cities [1] to provide services such as e-healthcare and smart transport system to the end clients. The cloud computing is a structure of resources using different applications. To offer favorable and quick network services, a new type of cloud computing association [2], [3] includes a large number of processors, high-speed networks, memories and various devices are presented by users via the internet server. Cloud services offer through a web browser to get online data information. These computing strategies can be obtained by the cloud stage. In addition, Tsai et al. [4] clarified that cloud services will be useful in the future. In this way, privacy and security of cloud have turned out to be important issues. Different research articles have presented various issues of their misgivings, for example, cloud privacy [5], [6] and cloud services [7]. As given in [8]- [20] many operations are related to utilization and cloud services in cyber physical system.
With the speedy advancement of data innovation, the utilization of SMS is expanding step by step. SMS is one of the application which is used in cloud environment [21]. In SMS, a doctor provides online treatment to patients via cloud system. There are more information about healthcare system and its application in [22]- [24]. In SMS, patient and doctor communicated to each other via cloud server in insecure communication channel. It is major concern that cloud is not fully secure. For this system, there are many security issues like patent anonymity and unlinkability, doctor anonymity and unlinkability, data confidentiality, integrity, etc [25]- [27]. In SMS, users have unique access unambiguous and privilege in healthcare system. They save and recapture their data in cloud database. This data can be classified in many categories which manages user and system level obligations. Chatterjee et al. [28] presented biometric and access control based authentication framework for SMS with adapted structure, which does not maintain patient unlinkability and the medical information between patient and doctor in public channel. Amin et al. suggested an authentication framework for healthcare system [29] and patient authentication work using wireless sensor networks for medical system [30]. But, still there is a need to make secure and efficient authentication framework for the patient, doctor, medical data and other security aspects in medical system, so that any attacker could not find patient's or doctor's data information. Recently, there are many schemes proposed to recognized these issues [28], [29], [31], [32]. In the proposed framework, we develop a secure and efficient mutual authentication framework using ECC and cloud for SMS.

A. RELATED WORK
In recent years, there are many cloud based authentication protocols for TMIS [3], [33]- [42]. Islam et al. suggested authentication framework which is used for integrated method to user for information exchange in communication system [43]. Wazid et al. proposed anonymity preservation authentication and key agreement method for healthcare system [32]. Sutrala et al. suggested RSA-based patient anonymous authentication framework for TMIS and discuss that their scheme is secure over insecure channel with verifying security tools [44]. In 2012, Padhy et al. suggested approach for cloud-based in TMIS [45]. In 2014, Chen et al. provided a cloud-assisted data exchange framework [46]. In the same year, Chen et al. suggested a safe authentication framework for cloud-based healthcare system [47]. In 2015, Amin et al.
proposed key agreement scheme for healthcare system [23], He et al. provided robust anonymous authentication framework for TMIS [34], Zhou et al. offered a safe and efficient framework for cloud-assisted wireless body area network [48]. In 2016, Chiou et al. [49] [6]. In 2018, Jangirala et al. proposed an authentication protocol for cloud-centric public safety device communications [51]. In the same year, Li et al. shows that Mohit et al. framework fails to patient anonymity and unlinkability, health report revelation attack, inspection report forgery attack and absence of medical relationship among them. Moreover, they provided an enhance protocol in the similar background [52]. In 2019, Chandrakar et al. proposed cloud-based authenticated scheme for healthcare monitoring system protocol which fails against patient unlinkability, impersonation attack and doctor unlinkability [53]. In same year, Kumari et al. [54] discussed design flaws and cryptanalysis of Mohit et al. [50] protocol. Ghani et al. [55] proposed a secure and key management in IoT-based wireless sensor networks: An authentication protocol using symmetric key. This work is secure and efficient in communication system. Mahmood et al. [56] presented an enhanced anonymous identity-based key agreement protocol for smart grid advanced metering infrastructure. Hussain et al. [57] discussed security weaknesses of Das et al.'s protocol [58] like traceability, stolen-verifier attack, stolen smart device attack and non provision of perfect forward secrecy. Mansoor et al presented securing IoTbased RFID systems: a robust authentication protocol using symmetric cryptography [59]. In this protocl, Mansoor et al. found security drawback of protocol [60] such as collision attack, stolen verifier attack and DoS attack. Further, They provided improved authentication protocol in same environment. Chaudhry et al. proposed correcting design flaws: an improved and cloud assisted key agreement scheme in cyber physical systems [61]. In this protocol, authors have discussed design flow and incorrectness of the Challa et al.'s protocol [62]. Further, Chaudhry et al. proposed enhanced protocol in cyber physical systems. In 2020, Chen et al. [63] proposed a secure electronic medical record authorization system for smart device application in cloud computing environments, Mo et al. [64] proposed an improved anonymous authentication protocol for wearable health monitoring systems and Alzahrani et al. [65] proposed a secure and efficient remote patient-monitoring authentication protocol for cloud-IoT.

B. MOTIVATIONS
With growth in science and engineering, different utilization scope of Smart-Physical System (SPS) are now opening due to their developing safety, usability, reliability efficiency and autonomy. For offering on-demand access to shared deal with utilizations, cloud environment is crucial in order to reduce infrastructure expenditures. However, the communication between entities in cloud-based SMS is vulnerable to many attacks, such as replay, man-in-the-middle, impersonation, anonymity, known-key security, data confidentiality, data non-repudiation, message authentication, stolen-verifier attack, privileged-insider attack and parallel session attack. Thus, to ensure quality of service, information, security and privacy is an basic concern in cloud-based SMS. Even though key agreement frameworks [46], [47], [49], [50], [52], [53] have been provided over the last few years, their achievement is not yet sufficient. Also, these protocols disrupt the basic requirements of construction, so resulting in elemental omissions. In this paper, we aim to proposed a cloudbased secure and efficient mutual authentication framework using ECC for smart medical system.

C. RESEARCH CONTRIBUTIONS
The contributions of CSEF are as below: -The proposed framework has different phases such as: Registration phase, Healthcare center upload phase, Patient data upload phase, Treatment phase, Check up phase and Emergency phase. -The mutual authentication is established among patient, cloud server, healthcare center and doctor to build up the security of a architecture and communicating information. -Further, CSEF satisfies different security attributes and secure against different attacks. -The session key is established between patient and cloud, doctor and cloud, healthcare center and cloud, and healthcare center and patient. -The comparative analysis proves the efficiency of CSEF. It is better than other frameworks in the same environment.

D. ORGANIZATION OF THE PAPER
The remaining part of the paper is mapped as follows. Section II, we describe the Mathematical preliminaries.
Section III, The CSEF framework. Section IV, The security evaluation. Section V, performance evaluation. Finally, we have given conclusion. Further, we have provided Table.1 for the useful notations in the paper.

II. MATHEMATICAL PRELIMINARIES A. ELLIPTIC CURVE CRYPTOGRAPHY OVER FINITE FIELD
Let where q be the large prime number and E(F q ) denotes an elliptic curve (EC) over prime finite field F q ,. An equation of elliptic curve over F q is given by v 2 = u 3 + αu + β mod q, where α, β ∈ F q . The EC is said to be non singular if 4α 3 + 27β 2 mod q = 0. G is the group under addition which is defined as where the point is known as a zero member of G.
We assume that the three problems above are intractable. That is, there is no polynomial time algorithm that can solve these problems with non-negligible probability. Next, we explain why we adopted ECC to design the authentication protocol for smart medical system networks.
-More complex: Since ECC can be implemented in different ways rather than a single encryption algorithm, it is more complex copmare to RSA. Moreover, ECDLP is more difficult to break than the factorization and discrete logarithm problem. Although many authors have tried to attack ECC. But, it is still infeasible to break ECC with existing computational resources. Thus, the security strength of ECC is much stronger than other public key cryptosystems like as Diffie-Hellman (D-H) or RSA [70]. -Smaller key size: As dispalyed in Table.2, we compare RSA and ECC offers equivalent security with smaller key sizes which implies lower power, bandwidth, and computational requirements. These advantages are very important when public-key cryptography is implemented for low power environments [70]. -Computational efficiency: ECC is much more efficient than RSA and D-H public protocols in terms of computation, since implementing scalar multiplication in software and hardware is much more feasible than performing multiplications or exponentiations in them [70]. Thus, according to above attractive properties of ECC, we chose it to design the proposed CSEF.

1) REGISTRATION PHASE
In this phase, P gets registration with the help of H . The detail of this phase is shown in Table. 3 and described as below: Step 1. P inputs ID P , PW P and executes PWP = h(h(ID P PW P ) ID P PW P ) and P ⇒ H : , generates sn P ∈ Z q . Then, stores NID P , ID P , sn P in cloud database. Further, H encrypts E P1 = E h(PWP T R1 ID P ) (NID P , ID P , sn P ) and H ⇒ P : Step 3. Upon collecting {E P1 }, P decrypts (NID P , ID P , sn P ) = D h(PWP T R1 ID P ) ( E P1 ) and stores parameters NID P , ID P , sn P in database.

2) HEALTHCARE CENTER UPLOAD PHASE
In HUP, H and C manage the session key H sends P's medical data to C. The information of this phase is shown in Table 4 and explained as below: Step 1. H generates medical record m H = (ID P , Data P ) and random value a ∈ Z q . Then, H inputs ID H and a. Further, Step 4. Upon collecting = H 2 . After that, C stores parameters ID P , C H , Sig H , NID P , sn P in database.

3) PATIENT DATA UPLOAD PHASE
In PUP, P requests body sensor to collect the fresh medical record of P and sends to P's mobiles device. The details of this phase is shown in the Table 5 and explained as below: Step 1. P medical record m B = (ID P , Data B ) from body sensor. Then, P inputs ID P , NID P and encrypts E 4 = E h(ID P NID P T P1 ) (ID P , NID P ). Then, P → C : = h(m H ). Furthermore, P encrypts C P = E h(sn P NID P ID P ) (m H , m B ), makes digital signature Sig P = S PR P (h(m B )), computes H 4 = h(SK PC C P Sig P H * 3 cdg T P3 T C5 ) and encrypts E 6 = E h(sn P NID P ID P ) (dg, H 4 , Sig P , C P ). Then, P → C : = H 4 . Then, C stores parameters C P , ID P , Sig P in database.

4) TREATMENT PHASE
The information of TP shown in Table 6 and explained as below: Step 1. D generates random r ∈ Z q , encrypts E 7 = E h((PK D ⊕PK C )⊕T D1 ) (ID D , rg) and D → C : , generates random number s ∈ Z q , computes H 5 = h(ID P ID D Sig H Sig P C P T C8 T D1 ) and encrypts E 8 = E sn P (Sig P , Sig H , NID P , C P , ID P , H 5 , s). After that C → D :

5) CHECKUP PHASE
The details of CP is shown in Table 7. and discussed as below: Step 1. P inputs ID P , NID, sn P , generates random value x ∈ Z q , encrypts E 10 = E SK PC (ID P , NID P , sn P , xg) and P → C : M 10 = {E 10 , T P4 }. = H 8 . After that C stores parameter C E in database.

6) EMERGENCY PHASE
When, P has emergency or heart attack position, body sensor attack inform to C and C informs to H . The details of EP is shown Table.8 and discussed as below: Step 1. P input ID P , EP request and computes H 9 = h(H 6 ID P T EP1 ). Further, P generates a random number as α ∈ Z * q , encrypt E 13 = E SK PC (H 9 , α, EP requist ). Then, P → C : M 13 = {E 13 , T EP1 }.
Step 2. On getting M 13    h(H 9 ID H ID P αg T EP3 ). Further, P computes SK PH = h(H 9 ID P ID H αβg T EP3 T EP5 ). In EP, P and H agree on session key SK PH = SK HP .

IV. SECURITY ANALYSIS
In this session, we evaluate CSEF, it has capacity to resist several security features and attributes. The details of security analysis is explained as below:

A. MAN-IN-THE-MIDDLE ATTACK
This attack make the task of keeping data secure and private particularly challenging since attacks can be mounted from remote computers with fake addresses in network system [72]. In CSEF, we adopted method to avoid this attack with help [47], [50]. the details for this as below: - = H 2 then, stores ID P , C H , Sig H , NID P , sn P . Hence, P anonymity manages in HUP. Similarly, P maintains anonymity in PUP, TP, CP and EP. Hence, CSEF maintains P anonymity in SMS.

C. DOCTOR ANONYMITY
We discuss D anonymity in TP of CSEF: -During TP, D's identity ID P is encrypted by screening actual ID D . Here, ID P in encrypted with key h(PK D PK C T D1 ), as get E 7 = E h(PK D PK C T D1 ) (ID D , rg) and only be decrypt by C, (ID D , rg) = D h(PK D PK C T D1 ) (E 7 ) with using key h(PK D PK C T D1 ). Then, C stores parameters C D , Sig D in database. Therefore, CSEF provides D's anonymity in SMS.

D. STRONG REPLAY ATTACK
In CSEF, we use the time-stamp condition T i − T j ≤ T and random values as a counter-measure every phase. In CSEF, T is the valid time length. Further, random number and current time value are used to computing hash value, encryption, decryption, session keys and different keys. In ECC, one way VOLUME 8, 2020 Here, A cannot find session key in different phases. Hence, CSEF has manages known-key security.

F. DATA CONFIDENTIALITY
In CSEF, we discuss the details of data confidentiality as below: -In HUP, H encrypts as E 1 = E h(PK H ⊕T H 1 )⊕(PK C ⊕T H 1 )) (ID H , ag) with using key h(PK H ⊕ T H 1 ) ⊕ (PK C ⊕ T H 1 ) and forwards to C. Further, C decrypts (ID H , ag) = D h(PK H ⊕T H 1 )⊕(PK C ⊕T H 1 )) (E 1 ) with using key h((PK H ⊕ T H 1 ) ⊕(PK C ⊕ T H 1 )). Furthermore, C encrypts = H 2 . Then, stores parameters ID P , C H , Sig H , NID P , sn P in database.
Similarly, CSEF data confidentiality maintains in PUP, TP, CP and EP. Hence, CSEF offers data confidentiality.  Similarly, impersonation attacks cannot work in PUP, TP, CP and EP phases. Thus, CSEF is free from this attack.

J. STOLEN-VERIFIER ATTACK
The stolen-verifier attack means that A who steals a password from the cloud server can use it directly to impersonate a legitimate participant in an authentication process. In fact, A who has a verifies password may further mount a guessing attack. In CSEF, we discuss verification of stolen-verifier attack as below: -P inputs ID P , PW P and computes PWP = h(h(ID P PW P ) ID P PW P ) and P sends message {ID P , PWP, T R1 } to H via secure channel. -On getting message, H verifies T R2 − T R1 ≤ T . Then, H computes NID P = h(ID P PWP T R1 ), generates sn P ∈ Z q . Then, stores NID P , ID P , sn P in cloud database. Further, H encrypts E P1 = E h(PWP T R1 ID P ) (NID P , ID P , sn P ) and sends {E P1 } to P via secure channel.
-Upon obtain {E P1 }, P decrypts (NID P , ID P , sn P ) = D h(PWP T R1 ID P ) (E 1 ) and stores parameters NID P , ID P , sn P in database. Here, A can not access password and dynamic pseudo random of P. Because, we use hash value, dynamic pseudo random, encryption and decryption methods. Hence, CSEF is free from stolen-verifier attack.

L. PARALLEL SESSION ATTACK
This attack commonly happens when A reuse historical message in insecure channel to make a fresh request, then impersonates the understandable participant to compute session key. In CSEF, A has to know the components reposed of the information then, A can form the suitable request or keys. As this analysis, A cannot obtain SK . Hence, CSEF is free from this attack.

V. PERFORMANCE EVALUATION
In this section, we discuss the performance evaluation as below:

A. COMPARISON OF THE SECURITY AND FUNCTIONALITY FEATURES
Here, we discuss the security attributes comparison of CSEF with similar framework, like Chen et al. [    and Chandrakar et al. [53] protocol. The evaluation offers an insight capability of CSEF with other frameworks. The Table 9 is shown comparison of the security and functionality features of CSEF and other related frameworks.  [49], [50].    • The computation expenditure of Chandrakar et al.'s [53] is 7T Sign + 15T S + 39T H ≈ 3.5031 second, which is approximately 49.698% greater than CSEF computation expenditure. The efficiency of CSEF and other related frameworks are shown in Figure 2.
The CSEF is productive in terms of communication expenditure. The comparison of communication expenditure of CSEF and other relevant frameworks is displayed in Figure 3.

C. COMPARISON OF THE COMMUNICATION EXPENDITURE
• The communication expenditure of Chandrakar et al. [53] is 9440 bits, which is approximately 217.0% grater than CSEF communication cost.

VI. CONCLUSION
Security and privacy are two essential concerns to establish a secure authentication framework in smart medical system. The paper is the construction of an ECC-based suitable framework for smart medical system in cloud environment. In this paper, we have discussed six different phases such as registration phase, healthcare center upload phase, patient data upload phase, treatment phase, check up phase and emergency phase. The paper has shown the security analysis of the presented framework. Further, we have demonstrated that the proposed framework manages better security and privacy features and attributes compared to related frameworks in the similar environment. Also, we have shown that the proposed framework is more efficient in term of computation and communication expenditure compared with related protocols in SMS. Hence, CSEF is the real life application in cloud-based smart medical system.
ADESH KUMARI received the master's degree in mathematics from Maharshi Dayanand University (MDU), Rohtak, India. She is currently pursuing the Ph.D. degree from the Department of Mathematics, Jamia Millia Islamia, New Delhi, India. She has authored or coauthored ten research articles in reputed international journals and conferences. Her research interests include remote user authentication protocols, smart card security, information security, and cloud computing.
VINOD KUMAR received the Master of Philosophy degree in mathematics from Chaudhary Charan Singh University, Meerut, India, and the Master of Technology degree from IIT Kharagpur, in 2013. He is currently working as an Assistant Professor with the Department of Mathematics, PGDAV College, University of Delhi, New Delhi, India. He has authored or coauthored of 20 research articles in reputed international journals and conferences. He is a reviewer of many reputed journals. His research interests include remote user authentication protocols, information and network security, cloud computing, cryptographic security protocols, vehicular networking, and applied mathematics.
M. YAHYA ABBASI received the Ph.D. degree from the Department of Mathematics, Aligarh Muslim University, Aligarh, India. He is currently an Assistant Professor with the Department of Mathemtics, Jamia Millia Islamia, New Delhi, India. He is edited two books and published more than 40 research articles in reputed international journals and conferences. His research interests include abstract algebra, application of algebra, and cryptography. VOLUME 8, 2020 SARU KUMARI received the Ph.D. degree in mathematics from Chaudhary Charan Singh University, Meerut, India, in 2012. She is currently an Assistant Professor with the Department of Mathematics, Chaudhary Charan Singh University. She has published more than 133 research articles in reputed International journals and conferences, including 115 publications in SCI-indexed journals. Her current research interests include information security and applied cryptography. She is a Technical Program Committee member for many International conferences. She has served as a Lead/Guest Editor of four special issues in SCI journals of Elsevier, Springer, and Wiley. She is on the Editorial Board of more than 12 journals of international repute, including seven SCI journals. CHIEN-MING CHEN (Senior Member, IEEE) received the Ph.D. degree from National Tsing Hua University, Taiwan. He is currently an Associate Professor with the Shandong University of Science and Technology, China. His current research interests include network security, the mobile Internet, the IoT, and cryptography. He also serves as an Associate Editor for IEEE ACCESS and an Executive Editor for the International Journal of Information Computer Security.