ISA Evaluation Framework for Security of Internet of Health Things System Using AHP-TOPSIS Methods

Security has become a vital factor for any Internet of things network but it is of paramount importance for Internet of Health Things (IoHT). IoHT also known as Internet of Medical Things (IoMT) is integration of IoT and healthcare environment, where fragile data related to the patients is transmitted from IoT devices to server. During this transmission, if, any eavesdropping or intrusion occurs then it will not only lead to the serious mutilation of entire network but this data will be handled maliciously for wrong doings as well. Therefore, a proper security is indispensable for IoHT based equipments due to exposure to different attacks. Security of IoHT has been the burning issue in last couple of years. In this regard different security models, surveys, frameworks have been presented. In this article, a proposed Identified Security Attributes (ISA) framework is presented to evaluate the security features of IoHT based device in healthcare environment. The proposed framework uses hybrid MCDM methods such as Analytical Hierarchical Process (AHP) and Technique for Order Preference by Similarity to Ideal Solution (TOPSIS). This framework works in two phase: in first phase the weights of attributes are derived by using AHP method and in second phase security assessment of alternatives is performed based upon security criteria by using TOPSIS method. The outcomes of proposed security assessment framework demonstrate that the reliable and secure alternative among alternatives is selected in IoMT system. This approach can be used as a guideline for future use in IoMT systems or any other IoT based domain. To the best of our knowledge, it is novel approach to address the security assessment of IoT and these MCDM methods have never been used before for assessment and decision making in IoHT system for security.


I. INTRODUCTION
Internet of health thing (IoHT) also knowna as Internet of Medical things (IoMT), is the network of healthcare devices connected to the cloud for sending and receiving data related to the chronical diseases of patients [1]. IoMT allows to reduce the unnecessary visits to hospital and alleviates burden on medical care system by providing connectivity over secure network between medical experts and patients; which, ultimately leads to saving of a lot of time and money [2], [3]. This is the reason, the number of IoT devices in healthcare network are increasing exponentially in last few years and contributed a lot towards the financial zone. According to Frost & Sul- The associate editor coordinating the review of this manuscript and approving it for publication was Gautam Srivastava . livan analysis report, IoMT market was worth $22.5 billion in 2016; this figure is expected to touch $72.02 billion in 2021 [2]. IoMT is sharply increasing such that 60% of global health care organizations have adapted it and by the end of 2020 it is estimated to increase by 27% [3].
IoT devices operating in healthcare environment are susceptible to various cyber threats and attacks.The healthcare industry faces 340% more security issues than any other industry and it's 200% more susceptible to data theft [3]. According to report over 90% of enterprises are facing at least on security breach [4]. Another study suggested that there is an average of 164 cyber threats detected per 1,000 connected host devices in IoMT system [5]. IoMT devices are deployed in network without considering the security in mind, this is the main reason that these devices suffer from confidentiality, integrity and availability issues [6]. These vulnerabilities allow the cybercriminals to get access into the IoMT network and obtain the sensitive and personal data about the patients. One of the serious problems faced by IoMT devices is security and privacy issues. According to Jhonson and Jhonson IoMT devices like digital insulins are vulnerable to cyber threats [7]. In IoHT system, data relevant to patients is stored in the cloud and it is moving back and forth through millions of IoT devices and thus it spawns the vulnerability to data in their applications. Due to this vulnerability, many enterprises may not be willing to store IoT applications on the cloud. Therefore, risk assessment is mandatory prior to put their applications to the cloud and for mobile devices installing the IoT applications [8].
Sometimes, decision making regarding the selection of best security option for IoHT devices is an issue due to the many factors involved like evolving complex criteria pertaining to security, huge number of heterogeneous IoT devices, limited processing, and memory capabilities of these device. In light of these circumstances, lacking of proper security procedures and criteria is not a good approach. Keeping in view these factors, in this research work, we are presenting an evaluation framework in healthcare environment, which attempts to evaluate the IoT devices in light of security criteria and select the best IoT device as alternative among the list of devices. Security criteria or requirements are identified from literature review and International standard Organization (ISO) standard. A multi criteria is built in light of identified security requirements for decision making purposes. This selection criteria defines a full package of security, which can be implemented in any IoT devices in healthcare environment. A full-fledged secure IoHT system can be well described by fulfilling the security requirements or criteria such as confidentiality, integrity, availability, access control, authentication, authorization, network monitoring, physical security, network monitoring, secure key management, continuity, trustworthiness, auditing and non-repudiation. These requirements define the architecture of IoMT network in terms of considering different issues and challenges. The basic security requirements are defined in confidentiality integrity and availability (CIA model) [9], [10]- [13], [14]. The security of IoHT system has been addressed by different methods, but, in this regard, the multi criteria decision making (MCDM) approach is significant to mention. MCDM is also known as Multi Criteria Decision Analysis (MCDA) [15]. Multi criteria decision-making methods have various applications in different domains. Sometimes, it becomes very hard to find appropriate solution to the problems. Decision making is always a tough job due to imprecise, uncertainties and subjective nature of criteria [16].
For this purpose in this research work, we present ISA framework for security assessment and selection of IoHT based equipment with respect to identified security requirements or criteria in healthcare environment. These security requirements of IoT not only limited to specific application domain but they cover almost every area such as smart home, smart grid, smart agriculture, and smart city. The IoT security goals can be achieved by evaluating all the security requirements and implementing them for protecting IoT devices. In this research work, security of IoHT devices is assessed by using multi criteria decision making (MCDM) method and best option/equipment is to be selected from the alternatives.
The organization of the paper is as follows: section II describes motivation, in section III literature review has been discussed. In section IV, research method has been discussed, which includes criteria selection processes and proposed framework discussed along with and its validation by MCDM methods. Section V ends with conclusion.

II. CONTRIBUTION AND RESEARCH GAP
The contributions made by earlier methods for security evaluation in IoHT system are great but still there exists some drawbacks and gaps that are required to be addressed: • Criteria identified by previous studies are not sufficient enough to meet the all security requirements of IoT. Therefore, for security assessment a complete pack of security requirements needs to be considered. This work has targeted the same to include all the security requirements in order to provide full-fledge IoT security solution in healthcare environment. Criteria like continuity, trustworthiness, network monitoring and secure key management were neglected by previous works.
• In previous works, the security requirements are collected only from the literature but in this work, we integrated both literature and ISO security standard ISO/IEC 27000-series (ISO/IEC, 2018), which is well-known security standard for implementing security all over the world.
• In this work, two MCDM methods such as AHP and TOPSIS have been used, which are ideal to provide a good platform for assessment and decision making. AHP requires less quantitative data and in TOPSIS information loss is less in the evaluation processes.
• To the best of our knowledge, this is novel approach, which combines both AHP-TOPSIS for security assessment in and decision making purposes in healthcare environment

III. MOTIVATION
The proposed research work is motivated to achieve the following objectives.
• Decision making in IoHT is big challenge due the number of criteria and sub-criteria involved. The prime focus of this research work is to select the best security solutions for IoHT systems by using hybrid MCDM approach • The security of IoMT system is getting a burning topic in last decade so this motivation led us to assess the security of IoMT based system • There exists a research gap between existing work and proposed work. This proposed work is based upon security requirements identified from both sources such as ISO security standard and literature. ISO standard for security requirements have never been used before for security evaluation or assessment criteria

IV. RELATED WORK
IoT devices have limited processing, bandwidth and memory capabilities due to their limited structures, which make them vulnerable to many security threats and attacks [17], [18]- [20]. This is the main reason, that IoT security has been the most intriguing and busy research area since last decade i.e. 2011 to 2019 as shown in Fig 1. To address the security and privacy issues in IoT different frameworks have been presented like [21]- [26]. IoT devices experience more serious privacy security risks [27]. Especially, in healthcare environment these risks become more serious and sever due the nature of data handled by the network. As, data related to patients are stored in cloud server of hospital center, required to be kept secured [28]. For security of IoMT or IoHT many works are available but in this literature study, we are restricting our discussion to MCDM methods such as AHP and TOPSIS. But, still, some frameworks for security in IoMT are discussed like Leister et al. [29] presented evaluation framework for adaptive security in IoHT. Nkomo and Brown [30] presented a hybrid cybersecurity framework for IoMT. Jan et al. [31] presented the authentication of nodes for streaming of data. Similarly, there are many other frameworks intended to address the security of IoMT system are presented [32]- [38].
MCDM methods have wide range of applications in IoMT system. The role of multi criteria decision making analysis in healthcare has been briefly discussed by Frazão et al. [39]. These methods not only address the security issues but are also applied for variety of the purposes like assessment and selection in IoMT. Drake et al. [40] used MCDM methods for contracts and tender process in healthcare environment. Liu et al. [41] presented a hybrid MCDM model for mobile healthcare system.
We highlighted those related work, which addressed the security of IoT in healthcare by using multi criteria decision making methods such as AHP and TOPSIS or both together.The detail of AHP or TOPSIS method or both for security assessment and decision making in IoMT based systems are given in Table 1.
All frameworks, models and schemes for providing security solutions towards IoMT using MCDM methods like AHP, TOPSIS or any other MCDM methods are reported along with the features or criteria. The summary of our literature is depicted in Table 2.

V. RESEARCH METHOD
The security of IoHT devices is indispensable due to ubiquitous and multi sensor approach adapted by IoHT network. In this research, our prime focus is to present proposed ISA framework to provide solution towards the security challenges faced by IoMT system. The proposed security framework of security evaluation and selection of IoHT devices based upon identified set of attributes as depicted in Figure 1. The main idea is before introducing an IoT device into operating environment such as healthcare environment, it is necessary to check its security with respect to security criteria. In this research, both MCDM methods such AHP and TOPSIS have been used for assessment and selection of IoHT device with respect to security features. Research method has the following subsections: In first section, security requirements or criteria are identified, in second section, proposed framework is presented, in third section weights are assigned to criteria by using AHP and fourth section describes how TOPSIS method has been used for assessment and decision making.

A. SELECTION OF SECURITY REQUIREMENTS OR CRITERIA
The security requirements also known criteria are identified and selected for the security evaluation of IoT devices in healthcare environment. These security requirements not only limited to specific application domain but they cover almost every application domains such as smart health, smart home, smart grid, smart agriculture, smart city etc. The security goal of IoHT can be achieved by evaluating all the security requirements and implementing them for protecting the IoT devices in healthcare environment. In this research work, security requirements are identified from both sources such as literature and International Standard Organization (ISO) information security standard such as ISO/IEC 27000-series (ISO/IEC, 2018). ISO/IEC 27000-series (ISO/IEC, 2018) is a well-known standard and widely accepted standard [14]. This standard implements an information security management system based upon defined set of basic requirements. This is also current standard in Australia. This standard, provides guidance pertaining to controlling, implementation, managing measures and approach towards risk management [14]. Similarly, after studying literature, many security requirements or criteria from various research articles are collected and detail about these is given in total of 13 security requirements are selected based upon their impact on IoMT security, frequency of occurrence and factor of commonality in literature. Selected security attributes along with sources are marked in Table 4. The overall picture of steps taken towards the completion of research work in summarised fashion is depicted in Fig 2. Frequency of attributes citation based on number of papers in literature is depicted in Fig 3. The overall procedure for selection of security requirements consists of different steps: in step one 119 attributes are identified from literature, in second step duplicates or repetition of attributes is removed, in third step attributes are identified from ISO standard, in 4 th step all attributes are combined and in last step final attributes for security assessment have been selected. Procedure for selection of security attributes/criteria is shown in Fig 4. All finally selected attributes for security assessment in this research work have been explained in Table 5.
In this research work, four IoT based equipments or devices are selected as alternatives for decision making. These alternatives are labelled as D 1 D 2 , D 3 and D 4 . The hierarchical structure of 13 security requirements for ''n'' number of alternatives or IoHT devices is depicted in Fig 5.

B. PROPOSED FRAME WORK FOR SECURITY EVALUATION AND DECISION MAKING
The proposed framework for security evaluation is also known as Identified Security Attributes (ISA) framework.
The main objective of framework is to achieve the security evaluation of IoT devices or alternatives based upon the identified security criteria in healthcare environment. After identifying and selection of security requirement or attributes, the IoT devices as alternative are selected and data is collected from by consulting the security experts in the field of IoT security. Our data collection technique inspired by Delphi method [68]. The proposed security framework for evaluation and decision making about security of IoT devices in medical care system is shown in Fig 6. This framework works in two phases: in first phase AHP method assigns weights and in second phase TOPSIS method has been used for ranking of alternatives.

C. ASSIGNING WEIGHTS TO SECURITY REQUIREMENTS OR CRITERIA BY USING AHP
In this research Analytic Hierarchy Process (AHP) method has been used for assigning weights to the criteria. This method is ideal for problem situations that involve multicriteria decision making situations. There are many reasons for selecting this method like, it focuses upon diminishing the cognitive errors by simplifying, partitioning, and comparing multiple attributes. It is not only suitable for comparing qualitative indices but also for quantitative indices. Thus, it has various applications in domains like selection, assessment, resource allocation, conflicts resolution, priority and ranking, and optimization. AHP method is subjective in nature, it means the experts or decision makers assign weights         based upon their opinions [69]. AHP is a technique which prioritizes each alternative based upon their significance of hierarchy or goals identification [70]. According to [71]- [73] the AHP method involves the following steps.
Step-1. Identification of criteria and alternatives In first step criteria, sub-criteria and alternatives are identified and they are represented in the form of hierarchical shape. Step-2. Assigning weights or scores In this step, weights are assigned by experts based upon the relative importance of each criteria based upon a defined scale. The qualitative scores are converted into quantitative form.
Step-3. Building a pairwise comparison matrix A pairwise matrix is obtained by using a scale from 1 to 9. In comparison matrix a ij shows the significance of i th criteria relative to j th criteria. If a ij is greater than one then the i th criterion is more important as compared to j th criterion and when a ij is less than one the i th criterion is less important. For a ij = 1, it means both are having same importance. In this comparison is done in the form of matrix as shown in equation (1).
Step-4. Constructing a normalized pairwise comparison matrix In this step, the sum of columns of matrix is calculated, each element is divided by sum of column and then averages of rows are calculated in normalized pairwise comparison matrix. In this steps weights of criteria are calculated, which show the priorities of each criterion. Weights are determined by two methods i.e. Lambda max (λ max ) and geometric mean in AHP. λ max is eigenvalue and equation for finding λ max is given as.
Step-5. Consistency matrix Consistency matrix is built to check whether the comparison is consistent or not. In this step Consistency Index (C.I) is found by using equation (3) and Consistency Ratio (C.R) is calculated by equation (4). In this step the each element of first column in pairwise comparison matrix is multiplied with the weights of first row in normalized pairwise matrix, similarly this procedure is repeated for all the columns.
C.R = C.I R.I (4) If, CR value is 0.1 or less than 0.1 then it acceptable, otherwise the procedure will be repeated from the beginning.

D. AHP NUMERICAL WORK
In first step of AHP, a decision matrix was built by using a set of identified requirements or criteria and alternatives. A questionnaire is presented to the different experts in field of IoT security and some questions related to four IoT alternatives against the identified set of attributes were asked. Like, which security attribute is important and how much they are related to each other. Data from different experts panel pertaining to each IoMT security criterion is reported and prioritized based upon numerical weightage for different IoHT alternatives. The identified security requirements are labelled as C 1 , C 2 , C 3 , C 4 , C 5 , C 6 , C 7 , C 8 , C 9 , C 10 , C 11 , C 12 and C 13 . Similarly, the alternatives are coded as D 1 , D 2 , D 3 , and D 4 as shown in Table 6. These codes are only assigned for simplicity in calculation.
A comparison matrix is made based upon comparing criteria by following pairwise comparison scale [16]. AHP pairwise comparison scale is shown in Table 7. In this table, highest score is 9, it means a security attribute having 9 value is extremely important as compared to other security attribute(s) and lowest score is 1, which means equally preferred in comparison with other attributes. Like C 9 is equally important as C 1 , C 2 , C 3 as shown in pairwise comparison matrix. Similarly, a criterion is equally important, when it is compared with itself so the values in this case are 1. All the values in diagonal show equal importance.
A pairwise comparison matrix, is built of all security attributes by using equation (1) based upon AHP pairwise comparison scale. Criteria weights are calculated with nor- malized pairwise comparison matrix by using equation (2) and results are depicted in Table 8. The criteria weights are numbers, which show the importance of each criterion. C 1 is given more weight or score among the criteria listed in Table 8, it means it is very important criteria as suggested by the experts' panel. Similarly, C 12 and C 13 both criteria are having lowest values among others, it means that these are not important criteria as other criteria are important.
The calculated criteria weights are further verified by consistency ratio (C.R) value and the procedure of verification is continued by finding the Lambda max. By using equation (2), Lambda max (λ max ) can be calculated as follows.
The Random Index (R.I) for ''N'' number of criteria is shown in Table 9 [74]. In this research work, we have used 13 security requirements as the number of criteria, so the value of R.I is 1.56 according to Table 9.
Consistency index is calculated by using equation (3) as given as below.
Consistency Ratio (C.R) is calculated by using equation (4) below as.
C.R = 0.15 1.56 = 0.96 < 0.1 or (9.6% < 10%) As, the value of C.R is less than 0.1 or 10 %, it means that inconsistency is reliable and we can proceed towards further security evaluation.

E. TOPSIS METHOD FOR EVALUATION OF SECURITY ATTRIBUTES
In this section, we perform some empirical work to validate the proposed framework by using TOPSIS method. In first section the TOPSIS method along with step-wise procedure has been discussed and in next section how this method in context of our research has been used will be discussed.

F. TOPSIS METHOD
The Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) was presented by Krohling and Pacheco [75]. This method works based on using ideal solution, if alternative is closer towards the positive ideal solution then it will considered as best solution. TOPSIS method follows simple computation procedure, it is well established and reliable [75]. In TOPSIS method the chosen alternative should have the shortest distance from the positive ideal solution and the farthest from the negative-ideal solution. In this research work, TOPSIS method is applied for assessment and ranking of IoHT devices. The following steps are used in TOPSIS method for ranking of alternatives [75], [76].
Step-1 Determine weight of decision making and constructing decision matrix In this step, a decision matrix such as D is constructed by using multiple criteria and alternatives. For example for'' n'' number of alternatives and criteria, the decision matrix can be written as.
Step-2 Construction of normalized decision matrix The data of the decision matrix D comes from various sources, therefore, it has to be normalized to transform it into a dimensionless matrix. Dimension matrix allows the comparison of different criteria. A normalized decision matrix is built by using the following formula.

Step-3. Determining weighted normalized decision matrix
It is not necessary that all attributes must be of same importance. Therefore, a weighted normalized decision matrix is obtained by multiplying the each element of normalized decision matrix with a random weight number as given in formula below.
Step-4. Determining ideal positive and negative solutions The positive ideal (A + ) and the negative ideal (A − ) solutions are defined according to the weighted decision matrix.
where, J denotes the beneficial attributes and J' is shows nonbeneficial attributes.
Step-5. Calculation of separation measure In this step ideal and no ideal separation are calculated by the following formulae.
Step-6. Measure the relative closeness of each location to the ideal solution For each competitive alternative the relative closeness of the potential location with respect to the ideal solution is computed.
Step-7. Ranking of alternatives or preference order The ranking is done by using Ci value, the higher value of Ci means the higher the ranking order and alternative can be described as better in terms of performance. Ranking of the preference in descending order thus allows relatively better performances to be compared.

G. TOPSIS NUMERICAL WORK
In this section, we will assess four IoHT devices or equipments for security for 13 identified security requirements using TOPSIS method. The TOPSIS method is used for ranking alternatives (devices). Data relevant about security criteria is collected from the expert panel based upon Saaty's scale. A questionnaire is presented, which is answered by the experts in the field of IoT security. Decision matrix is constructed for IoHT devices and security requirements from expert panel. All the criteria are qualitative, so the quantitative data has been obtained for all IoT devices from expert panel by using scale ranges from 1 to 10. Based on this scaling the values out of 10 are given for alternatives against the security criteria as depicted in matrix (D) given below as.
Normalized decision matrix is obtained by using equation (6) and results are listed in Table 10 along with criteria weights (C.W), which are calculated by using AHP method in previous work. The data in decision matrix comes from different expert's opinions so it is important to normalize the data of decision matrix to convert it into dimensionless form.
Weighted normalized matrix is created by using equation (7) and results are given in Table 11. It is not necessary for each criteria to be of equal importance. For this purpose, weighted normalized decision matrix is obtained by multiplying each element of normalized decision matrix with a random weight number.
Ideal positive solution (A +) and ideal negative solution (A − ) are calculated by using equation (8) and equation (9) respectively and values are given in Table 12. The positiveideal solution is composed of all best values attainable of criteria, and the negative-ideal solution consists of all the worst values attainable of criteria.
Positive ideal solutions and negative ideal solutions are used in finding ideal separation measures and non-ideal separation measures. These are calculated by using equations (10) and equation (11). Ideal separation measures (S + ) for D 1 , D 2 , D 3 and D 4 can be calculated as follow. Ideal separation measures are given in Table 13.
For each competitive alternatives i.e. D 1 , D 2 , D 3 and D 4 , the relative closeness (Ci) of the potential location with respect to the ideal solution is computed by using equation (12). For each alternative such as D 1 , D 2 , D 3 and D 4 , relative closeness of potential location with respect to ideal solution such as C i (D 1 ), C i (D 2 ), C i (D 3 ), C i (D 4 ) are calculated as given below. C 1 C 2 C 3 C 4 C 5 C 6 C 7 C 8 C 9 C 10 C 11 C 12 C 13 D 1 7      Based upon scoring of C i , ranking is performed and higher value of C i indicates best alternative among the four alternatives such as D 1 , D 2 , D 3 and D 4 . After the calculation of relative closeness (C i ) then ranking is performed based upon the value of C i . D 1 alternative has higher value among the other alternatives so it ranked as 1 st based on higher value of C i . The results of all alternatives based on higher score are given as D 1 >D 4 >D 3 >D 2 and their ranking preferences have been displayed in Table 14.
In Table 14, according to ranking D 1 alternative is higher in rank than other alternatives based upon the security requirements or criteria so it can be described as most reliable and secure IoT equipment in healthcare environment.

VI. CONCLUSION
The security of IoT is important due to its fast growing and multi-application nature. In this research work, a framework towards the security evaluation is applied for the security ranking of IoT devices in healthcare environment. This security evaluation framework is presented in light of using multi criteria decision making approaches. Requirements for security assessment are selected from both sources literature and ISO security standard. Then, MCDM methods such as AHP and TOPSIS are applied to validate the proposed framework. Weights are assigned by using AHP method and then TOP-SIS method is used evaluate the security requirements for the ranking of alternatives. Precise and accurate results are obtained after the empirical work and these results can be used as metric of selecting the most reliable IoT solution in terms of security. This framework can be used for providing future guideline for selection of best security solution for IoHT based system and it can be used for making more suitable frameworks in future.
Our future work is to extend this framework by including more security requirements and alternatives and to use other multi criteria decision making approaches for assessment and decision making.
LANJING WANG was born in Henan, China, in 1975. He received the B.M. degree in library science from Zhengzhou University, Henan, the M.S. degree in basic mathematics from Henan University, Henan, in 2008, and the Ph.D. degree in management from Nanjing University, Jiangsu, China, in 2012. From 2013 to 2015, he was a Lecturer with the School of Business, Henan University, where he has been an Associate Professor, since 2016. He is the author of one book, more than 20 articles. His research interests include logistics information management, innovation management, and digital economy.
YASIR ALI received the M.Sc. degree in computer science from the University of Peshawar. He is currently pursuing the M.S. degree in computer science with the Department of Computer Science, University of Swabi. He is also working as a Lecturer with the Government Postgraduate College, Swabi. His research interests include the Internet of Things and security evaluation.
SHAH NAZIR received the Ph.D. degree in computer science with a specialization in software engineering. He has worked at the University of Peshawar. He is currently serving as an Assistant Professor and the Head of the Department of Computer Science, University of Swabi. He has several research publications in well-reputed international journals and conference proceedings. His research interests include component-based software engineering, software birthmark, systematic literature review, and decision making. He is a reviewer of several journals and conferences.
MAHMOOD NIAZI is currently an Associate Professor of software engineering with the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He has spent over a decade with leading technology firms and universities as a Process Analyst, a Senior Systems Analyst, the Project Manager, a Lecturer, and a Professor. He has participated in and managed several software development projects. He has published over 100 articles in peer-reviewed conferences and journals. His research interests include evidence-based software engineering, requirements engineering, sustainable, reliable, and secure software engineering processes, global system development and management, project management, and software process improvement. His work has received over 3000 citations and has received awards for best papers at several conferences.