Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Research ArticleAn Intelligent and Secure Health Monitoring Scheme Using IoTSensor Based on Cloud Computing
Jin-Xin Hu1 Chin-Ling Chen23 Chun-Long Fan1 and Kun-hao Wang3
1School of Computer Science Shenyang Aerospace University Shenyang City Liaoning Province China2Department of Computer Science and Information Engineering Chaoyang University of Technology Taichung Taiwan3School of Information Engineering Changchun University of Science and Technology Changchun 130600 China
Correspondence should be addressed to Chin-Ling Chen clcmailcyutedutw
Received 3 June 2016 Accepted 28 November 2016 Published 3 January 2017
Academic Editor Hai-Feng Ji
Copyright copy 2017 Jin-Xin Hu et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
Internet of Things (IoT) is the network of physical objects where information and communication technology connect multipleembedded devices to the Internet for collecting and exchanging data An important advancement is the ability to connect suchdevices to large resource pools such as cloud The integration of embedded devices and cloud servers offers wide applicability ofIoT to many areas of our life With the aging population increasing every day embedded devices with cloud server can providethe elderly with more flexible service without the need to visit hospitals Despite the advantages of the sensor-cloud model it stillhas various security threats Therefore the design and integration of security issues like authentication and data confidentialityfor ensuring the elderlyrsquos privacy need to be taken into consideration In this paper an intelligent and secure health monitoringscheme using IoT sensor based on cloud computing and cryptography is proposed The proposed scheme achieves authenticationand provides essential security requirements
1 Introduction
With the rapid development of the Internet of Things (IoT)medical sensors and Internet applications online medicalservice has become possible in recent years It is noteworthythat the number of elders with chronic disease is increasingevery year An aging society refers to a population structuremodel inwhich the aging population reaches or exceeds a cer-tain proportion According to the UNrsquos traditional standarda region is regarded as an aging society when people over 60years old account for 10 of the total population while thenew standard is people over 65 years old representing 7 ofthe total population Between 2015 and 2050 the proportionof the worldrsquos population over 60 years will nearly doublefrom 12 to 22 [1] An aging society means low fertilityaging population structure and social security system lagIn the meantime the health of the elderly has become ahighlighted social issue While more and more elders needlong-term care they also want to remain independent andactive and reside in their own homes for as long as possible
Due to the lack of medical resources they cannot be treatedappropriately The hospitals are filling up with an aging pop-ulation recovery groups and high risk groups Continuousmonitoring of critical vital signs of patients is a key process inhospitals Today this is usually performed via different cabledsensors attached to the patient and connected to bedsidemonitors [2] The limitation here is that the elders are tiedto bedside devices Consequently it has become feasible andnecessary to perform personal diagnoses of medical diseaseswith the measurement repository without visiting hospitals[3] With the increasing availability of medical sensors andIoT devices for personal use this situation opens up a newapplication area for body sensor networks
Wireless sensor networks (WSNs) are an emerging tech-nology that possesses a huge potential to play an impor-tant role in many applications [4] The rapid growth inphysiological sensors low-power integrated circuits andwireless communication has enabled a new generation ofwireless sensor networks now used for purposes such asmonitoring traffic crops infrastructure andhealthThebody
HindawiJournal of SensorsVolume 2017 Article ID 3734764 11 pageshttpsdoiorg10115520173734764
2 Journal of Sensors
area network field is an interdisciplinary area which couldallow inexpensive and continuous health monitoring withreal-time updates of medical records via the Internet [5]
However with the presence of sensor networks manychallenges have emerged in terms of flexibility scalability andheterogeneous information services The integration of WSNwith cloud provides greater flexibility unlimited resourcesimmense processing power and the ability to provide quickresponse to the user [6] Cloud computing provides scientistswith a completely new model for utilizing the computinginfrastructure Computer resources and storage resourcesand applications can be dynamically provisioned (and inte-grated within the existing infrastructure) on a pay-per-usebasis [7] To provide more suitable and convenient networkservices cloud computing has become even more flexiblefor personal use Since the cloud is a broad collection ofservices organizations can choose where when and howthey use cloud computing [8] There are different types ofcloud computing services commonly referred to as Softwareas a Service (SaaS) Platform as a Service (PaaS) and Infras-tructure as a Service (IaaS) Many studies [3 9] pointed outthat cloud computing services are clearly the future trendCloud computing services are provided through a browser toaccess online programming applications software and data[9] Cloud providers have to adhere to security and privacypolicies to ensure their usersrsquo data remain confidential andsecure [10]
Moreover since the number of smart phones is estimatedto reach 1 billion traditional phones started to be graduallyeliminated in 2015 The rapid development of smart phonesand the related technology means that mobile computing isno longer the priority we should also focus on reducing thecomputation cost and communication cost to achieve theoptimal efficiency Despite the agreement and certificationof parties to browse medical information the public still hasconcerns about the electronic medical record (EMR) systembecause of the information security issues such as hackinginformation transfer time and long-term data managementproblems
In recent years manymedical resources have been imple-mented for people seeking medical advice conveniently [11]In the literature [12] researchers combine mobile devicesand body sensors but do not sufficiently discuss securityissues Security issues of IoT sensors and medical systemshave always been a vital aspect part of active research Itis important to consider security solutions to guaranteedata authenticity freshness replay protection integrity andconfidentiality Some research such as [13ndash15] specificallyaddress security issues with respect to healthcare applica-tions In 2014 Ben Othman et al proposed an efficientsolution for securing data transmission which combinescompressive sensing with encryption and integrity checking[16] In 2015 an ECC-based mutual authentication protocolfor secure communication between embedded devices andcloud servers was presented in a paper by Kalra and Sood[17] In 2016 Lounis et al proposed a new cloud-basedarchitecture for medical wireless sensor networks which canensure the security of medical data without patientsdoctorsinterventions [18] However these schemes still fail to ensure
a patientrsquos privacy and nonrepudiation In this paper wepropose an intelligent and secure monitoring scheme usingIoT sensors based on cloud computing to protect the eldersrsquoprivacy
The main problem here is that the elderly population isincreasing every day and they should not be tied to theirbed with monitoring machines causing them inconvenienceand entailing the waste of medical resources On the otherhand the elderly with chronic conditions also have a highprobability of suffering some acute diseases or episodes suchas heart attacks Without the appropriate medical assistancethe consequences will be very serious The EMR will beused in our scheme to provide more flexible and appropriatemedical service Due to the importance of the eldersrsquo privacythe proposed scheme should focus on the advantages offeredby the characteristics of cloud computing and the security ofthe eldersrsquo information
The remainder of the paper is organized as follows Sec-tion 2 describes the current approaches on the configurationof medical sensor networks Section 3 introduces our schemearchitecture for a wireless IoT sensor network and the set-up procedure In Section 4 we analyze the security issues ofour scheme and compare it with other schemes Section 5contains some conclusions and offers some ideas for futurework
2 The Proposed Scheme
In our scheme each party should register at the key gener-ation center which will issue a pair of public key and privatekey to communicate with other partiesThe user also gets thepregenerated key it can be used to encrypt the private healthinformationThe elders can use a mobile device to connect tothe IoT medical sensor which can collect the biological dataSeven parties are involved in our scheme as follows
(1) Elder (E) The aging population with chronic disease(eg heart disease diabetes and hypertension) wears the IoTmedical sensor which can collect biological data
(2) Cloud (C) Intelligent Data Storage The elder can accessthe cloud service to uploaddownload the health informationvia authentication It can provide smart applications and sendprivate health reports to the elder at set periods of time Oncethere is an emergency situation the cloud will notify thehospital
(3) Hospital (H) It is a hospital where the elder can getphysical inspection and the report Once the elderrsquos biologicaldata are over a threshold the hospital will notify the elder anddispatch an ambulance after it gets the cloudrsquos notification
(4) Key Generation Center (KGC) The key generation centerwill issue a pair of public key and private key for the registeredparties The userrsquos pregenerated key and the time of the keyrsquosgeneration are stored in the database
(5) IoT Medical Sensor (MS) It is the collecting device ofthe elderrsquos biological data The IoT medical sensor can also
Journal of Sensors 3
(4)
(8) (5)
(3)
(6)
(6)(1)
(1)
(1)
(7)
(2)
Elder with IoT medical sensor Mobile device
CloudHospital
Emergency family contactsKey generation center
Figure 1 The system architecture
transfer the collected data to the mobile device via Bluetooth(Bluetooth 40) and themobile device can transfer the data tothe cloud
(6) Mobile Device (MD) A portable computing device witha unique International Mobile Equipment Identity (IMEI)which can connect with the IoT medical sensor It can locatethe elder with Global Positioning System (GPS) when thereis an emergency and get the reports for normal situation
(7) Emergency Family Contacts (EFC) They are the elderrsquosfamily members
The elder goes to the hospital for a health inspection andthe report will be uploaded to the cloud Every set period oftime the IoT medical sensor will collect the elderrsquos biologicaldata and transfer them to the cloud via mobile device Thehospital and the cloud process authentication procedureThescenarios are described in Figure 1
(1) The elder the hospital and the cloud must registerat the key generation center in advance via securechannel
(2) The elder goes to hospital for a physical inspection(3) The hospital uploads the elderrsquos physical inspection
report to the cloud(4) The IoTmedical sensor gets the elderrsquos biological data
via set periods of time and sends it to the mobiledevice
(5) The mobile device uploads the biological data to thecloud
(6) The cloud compares the data sent from the mobiledevice with the standard values stored in the databaseOnce there is an emergency the cloud notifies thehospital and contacts the elderrsquos family in an accept-able time
(7) After the hospital gets the notification it sends mes-sages and dispatches an ambulance to the elder
(8) If the data collected by the IoT medical sensor arenormal the cloud sends a health report to the elderat set periods of time
21 Notations The following lists notations that will be usedin our scheme
ID119883119883rsquos identity119904 the secret value119909 the KGCrsquos private key
ℎ0() the hash function ℎ0 0 1lowast rarr ℎ10 1
119897 119897 =256ℎ1() the hash function ℎ1 1198662 times 0 1
lowast times 1198661 rarr0 1119897 119897 = 256Δ119879 the valid transmission time interval119879119883119894 the 119894th timestamp generated by119883DataH119894 the elderrsquos physical inspection report gener-ated by the hospitalDataMS119894 the elderrsquos biological data collected by theIoT medical sensor for example EGC heart rateoxygen saturation blood pressure body temperatureand blood glucoseCert119883119883 partyrsquos identity certification being issued bythe KGCIMEI International Mobile Equipment IdentityPK119883SK119883119883rsquos publicprivate keykey119883-119884 the session key between119883 and 119884
SEK(M)SDK(M) using the symmetric key K toencryptdecrypt a message MSSK119909(M)DSK119909(M) using the private key SK119909 tosigndecrypt a message MVPK119909(M)EPK119909(M) using the public key PK119909 to ver-ifyencrypt a message MMSG119883 the patientrsquos health information being gener-ated by119883MSGEM the emergency messageMSGNM the normal report119860t119861 checking if 119860 is equal to 119861
insecure channel secure channel
22 Registration Phase Both the elder and the hospital mustregister at the key generation center in advanceTheKGCwillissue a pair of public key and private key for each party Theuser will get the cloudrsquos public key and use the pregeneratedkey to encryptdecrypt the medical information The KGCwill also record the keyrsquos generation time in the databaseTheflowchart of the registration phase is shown in Figure 2
(1)The elder the hospital and the cloud choose the iden-tity IDEIDHIDC and send it to the key generation centerthrough a secure channel The elder should also send hisher
4 Journal of Sensors
User (X) KGC
Chooses IDX
Stores SKX and key
IDX IMEI contact information
SKX key
CertE CertH
CertE CertH
SKX = h0(IDX x)
keyX-KGC
X-KGC
X-KGC
= h1(SKX x TKGC)
Records IDX TKGC
Stores IMEI and contact information
Figure 2 The registration phase
mobile devices IMEI and personal contact information to theKGC including emergency family contacts
(2) After receiving the message the KGC uses the privatekey 119909 to compute the userrsquos public key PKEPKHPKC theprivate key SKESKHSKC and the pregenerated session keykeyE-KGCkeyH-KGCkeyC-KGC as follows
SKE = ℎ0 (IDE 119909)
SKH = ℎ0 (IDH 119909)
SKC = ℎ0 (IDC 119909)
keyE-KGC = ℎ1 (SKE 119909 119879KGC)
keyH-KGC = ℎ1 (SKH 119909 119879KGC)
keyC-KGC = ℎ1 (SKC 119909 119879KGC)
(1)
Then the KGC sends (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) to the elder the hos-pital and the cloud respectively In addition the KGCgenerates the certification CertECertH for the elder andhospital respectively
(3) Each party stores (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) respectively The elderand hospital can use the certification CertECertH to processauthentication
23 The Health Data Uploading Phase
231 The Hospital Uploads Physical Inspection Report CaseThe elder goes to the hospital for a physical inspection Afterthe hospital and the cloud process authentication the hospitaluploads the physical inspection report to the cloud Theflowchart of the hospital uploading physical inspection reportcase is shown in Figure 3
(1)The hospital uses the session key keyH-C to encrypt thephysical inspection report and makes a timestamp 119879H1 The
hospital uses the cloudrsquos public key PKC to encrypt keyH-C andmakes a signature Sig
1as follows
MSGH1
= (IDH IDEDataH1DataH2 DataH119899 119879H1) (2)
1198621 = SEkeyH-C(MSGH1) (3)
1198622 = EPKC(keyH-C) (4)
Sig1= SSKH(ℎ1 (MSGH1)) (5)
Then the hospital sends Sig1 IDH IDE CertH 1198621 1198622
and 119879H1 to the cloud(2)The cloud verifies the hospitalrsquos signature according to
the hospitalrsquos identity IDH and checks if the timestamp 119879H1 isvalid or not as follows
1198791198621 minus 119879H1 le Δ119879 (6)
If (6) holds the cloud uses the KGCrsquos public key PKKGC toverify the hospitalrsquos certification CertH Then the cloud findsSDkeyH-C
according to IDH and uses the private key SKC andsession key keyH-C to decrypt 1198621 and 1198622
VPKH(Sig1)t ℎ1 (MSGH1) (7)
keyH-C = DSKC(1198622) (8)
(IDH IDEDataH1DataH2 DataH119899 119879H1)
= SDkeyH-C(1198621)
(9)
Afterwards the cloud stores MSGH1 and Sig1
232TheMobile Device Uploads Biological Data Case In thisphase we consider the IoTmedical sensors embedded into anelderrsquos body The elder uses the mobile device to transfer thebiological data which are measured by IoT medical sensorsto the cloud The flowchart of the mobile device uploadingbiological data case is shown in Figure 4
Journal of Sensors 5
Hospital (H) Cloud (C)
Verifies the hospitalrsquos signature
MSGH1 = (IDH IDE DataH1 DataH2 DataHn TH1)
C1 = SEkeyH-C(MSGH1)
C2 = EPKC (keyH-C)
VPKH (Sig1) ≟ h1(MSGH1)
keyH-C = DSKC (C2)
(IDH IDE DataH1 DataH2 DataHn TH1) = SDkeyH-C(C1)
Stores MSGH1 and Sig1
Sig1 = SSKH(ℎ1(MSGH1))
Checks if TC1minus TH1 le ΔT
Sig1 IDH IDE CertH C1 C2 TH1
Figure 3 The hospital uploads physical inspection report case
Verifies the received IMEI
IoT medical sensor (MS)
Cloud (C)Mobile device (MD)
MSGMS1 = (IDE DataMS1 DataMS2 DataMSn TMS1)
MSGMS1
C3 = SEkeyE-C(MSGMD1)
C4 = EPKC (keyE-C)
Checks if TC3minus TMD1 le ΔT
Verify CertE
keyE-C = DSKC (C4)
MSGMD1 = SDkeyE-C(C3)
Stores MSGMD1
MSGMD1 = (IMEI MSGMS1 TMD1)
IDE CertE C3 C4 TMD1
Figure 4 The mobile device uploads biological data case
6 Journal of Sensors
(1) The IoT medical sensor collects the biological dataMSGMS1 and sends them to the elderrsquos mobile device througha secure channel
MSGMS1
= (IDEDataMS1DataMS2 DataMS119899 119879MS1) (10)
(2)After receiving themessage themobile device uses thesession key keyE-C to encrypt the elderrsquos health informationMSGMD andmakes a timestamp119879MD Afterwards themobiledevice uses the cloudrsquos public key PKC to encrypt keyE-C
MSGMD1 = (IMEIMSGMS1 119879MD1) (11)
1198623 = SEkeyE-C (MSGMD1) (12)
1198624 = EPKC(keyE-C) (13)
Then the mobile device sends IDE CertE 1198623 1198624 and119879MD1 to the cloud
(3)The cloud checks if the timestamp119879MD1 is valid or not
1198791198623 minus 119879MD1 le Δ119879 (14)
If (14) holds the cloud verifies the received IMEI byfinding the mobile devicersquos registered IMEI which is storedin the database according to the elderrsquos identity IDE If itholds the cloud uses the public key PKKGC to verify the elderrsquoscertification CertE Then the cloud uses the private key SKCand session key keyE-C to decrypt 1198623 and 1198624 respectively
keyE-C = DSKC(1198624) (15)
MSGMD1 = SDkeyE-C (1198623) (16)
Afterward the cloud stores MSGMD1
24 The Notification Phase
241 The Emergency Case When the cloud gets the elderrsquosbiological data from the mobile device the cloud comparesthe data with the standard values stored in the database Ifthere is an emergency situation the cloud sends the alertmessage to the hospital and contacts the emergency familysimultaneously Then the hospital will contact the elder anddispatch an ambulance to help the elder if necessary Theflowchart of the emergency case is shown in Figure 5
(1) The IoT medical sensor collects the elderrsquos biologicaldata such as ECG oxygen saturation blood pressure andbody temperature The IoT medical sensor sends the biolog-ical data to the mobile device through a secure channel andmakes a timestamp 119879MS2
MSGMS2
= (IDEDataMS1DataMS2 DataMS119899 119879MS2) (17)
(2) After receiving the message the mobile device makesa timestamp 119879MD2 and integrates IMEI and MSGMS2
MSGMD2 = (IMEIMSGMS2 119879MD2) (18)
The mobile device then uses the session key keyE-C toencrypt MSGMD2 and the cloudrsquos public key PKC to encryptkeyE-C In the meantime the elder uses the private SKE and asignature Sig
2via mobile device as follows
1198625 = SEkeyE-C (MSGMD2) (19)
1198626 = EPKC(keyE-C) (20)
Sig2= SSKE(IMEI) (21)
The mobile device sends Sig2 IDE CertE 1198625 1198626 and
119879MD2 to the cloud(3) After receiving the message the cloud checks if the
timestamp 119879MD2 is valid or not
1198791198625 minus 119879MD2 le Δ119879 (22)
If (22) holds the cloud uses the private key SKC andsession key keyE-C to decrypt 1198626 and 1198625 as follows
keyE-C = DSKC(1198626)
(IMEIMSGMS2 119879MD2) = SDkeyE-C (1198625) (23)
The cloud then uses the KGCrsquos public key PKKGC to verifythe elderrsquos certification CertE and check if the mobile devicersquosIMEI is the same as the registered IMEI
VPK119901 (Sig2)t IMEI (24)
The cloud then compares the elderrsquos biological data withthe standard value stored in the database If some of theinspection data is beyond the threshold the cloud uses thehospitalrsquos public key PKH to encrypt the emergency messageMSGC1 and make a timestamp 119879C1
MSGC1 = (IDC IDEMSGEM 119879C1) (25)
1198627 = EPKH(MSGC1) (26)
The cloud sends IDC IDE CertE CertC 1198627 and 119879C1 tothe hospital
(4) After receiving the message the hospital checks if thetimestamp 119879C1 is valid or not as follows
1198791198627 minus 119879C1 le Δ119879 (27)
If (27) holds the hospital uses the public key PKKGCto verify the cloudrsquos and the elderrsquos certification Then thehospital uses the private key SKH to decrypt 1198627
MSGC1 = DSKH(1198627) (28)
(5) The hospital gets the elderrsquos identity and obtainshisher contact information which is stored in the databaseThe hospital then gets the elderrsquos location via the mobiledevice According toMSGC1 the hospital evaluates the elderrsquossituation to determine whether to dispatch the ambulanceto help the elder If the elder is able to receive the message
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
2 Journal of Sensors
area network field is an interdisciplinary area which couldallow inexpensive and continuous health monitoring withreal-time updates of medical records via the Internet [5]
However with the presence of sensor networks manychallenges have emerged in terms of flexibility scalability andheterogeneous information services The integration of WSNwith cloud provides greater flexibility unlimited resourcesimmense processing power and the ability to provide quickresponse to the user [6] Cloud computing provides scientistswith a completely new model for utilizing the computinginfrastructure Computer resources and storage resourcesand applications can be dynamically provisioned (and inte-grated within the existing infrastructure) on a pay-per-usebasis [7] To provide more suitable and convenient networkservices cloud computing has become even more flexiblefor personal use Since the cloud is a broad collection ofservices organizations can choose where when and howthey use cloud computing [8] There are different types ofcloud computing services commonly referred to as Softwareas a Service (SaaS) Platform as a Service (PaaS) and Infras-tructure as a Service (IaaS) Many studies [3 9] pointed outthat cloud computing services are clearly the future trendCloud computing services are provided through a browser toaccess online programming applications software and data[9] Cloud providers have to adhere to security and privacypolicies to ensure their usersrsquo data remain confidential andsecure [10]
Moreover since the number of smart phones is estimatedto reach 1 billion traditional phones started to be graduallyeliminated in 2015 The rapid development of smart phonesand the related technology means that mobile computing isno longer the priority we should also focus on reducing thecomputation cost and communication cost to achieve theoptimal efficiency Despite the agreement and certificationof parties to browse medical information the public still hasconcerns about the electronic medical record (EMR) systembecause of the information security issues such as hackinginformation transfer time and long-term data managementproblems
In recent years manymedical resources have been imple-mented for people seeking medical advice conveniently [11]In the literature [12] researchers combine mobile devicesand body sensors but do not sufficiently discuss securityissues Security issues of IoT sensors and medical systemshave always been a vital aspect part of active research Itis important to consider security solutions to guaranteedata authenticity freshness replay protection integrity andconfidentiality Some research such as [13ndash15] specificallyaddress security issues with respect to healthcare applica-tions In 2014 Ben Othman et al proposed an efficientsolution for securing data transmission which combinescompressive sensing with encryption and integrity checking[16] In 2015 an ECC-based mutual authentication protocolfor secure communication between embedded devices andcloud servers was presented in a paper by Kalra and Sood[17] In 2016 Lounis et al proposed a new cloud-basedarchitecture for medical wireless sensor networks which canensure the security of medical data without patientsdoctorsinterventions [18] However these schemes still fail to ensure
a patientrsquos privacy and nonrepudiation In this paper wepropose an intelligent and secure monitoring scheme usingIoT sensors based on cloud computing to protect the eldersrsquoprivacy
The main problem here is that the elderly population isincreasing every day and they should not be tied to theirbed with monitoring machines causing them inconvenienceand entailing the waste of medical resources On the otherhand the elderly with chronic conditions also have a highprobability of suffering some acute diseases or episodes suchas heart attacks Without the appropriate medical assistancethe consequences will be very serious The EMR will beused in our scheme to provide more flexible and appropriatemedical service Due to the importance of the eldersrsquo privacythe proposed scheme should focus on the advantages offeredby the characteristics of cloud computing and the security ofthe eldersrsquo information
The remainder of the paper is organized as follows Sec-tion 2 describes the current approaches on the configurationof medical sensor networks Section 3 introduces our schemearchitecture for a wireless IoT sensor network and the set-up procedure In Section 4 we analyze the security issues ofour scheme and compare it with other schemes Section 5contains some conclusions and offers some ideas for futurework
2 The Proposed Scheme
In our scheme each party should register at the key gener-ation center which will issue a pair of public key and privatekey to communicate with other partiesThe user also gets thepregenerated key it can be used to encrypt the private healthinformationThe elders can use a mobile device to connect tothe IoT medical sensor which can collect the biological dataSeven parties are involved in our scheme as follows
(1) Elder (E) The aging population with chronic disease(eg heart disease diabetes and hypertension) wears the IoTmedical sensor which can collect biological data
(2) Cloud (C) Intelligent Data Storage The elder can accessthe cloud service to uploaddownload the health informationvia authentication It can provide smart applications and sendprivate health reports to the elder at set periods of time Oncethere is an emergency situation the cloud will notify thehospital
(3) Hospital (H) It is a hospital where the elder can getphysical inspection and the report Once the elderrsquos biologicaldata are over a threshold the hospital will notify the elder anddispatch an ambulance after it gets the cloudrsquos notification
(4) Key Generation Center (KGC) The key generation centerwill issue a pair of public key and private key for the registeredparties The userrsquos pregenerated key and the time of the keyrsquosgeneration are stored in the database
(5) IoT Medical Sensor (MS) It is the collecting device ofthe elderrsquos biological data The IoT medical sensor can also
Journal of Sensors 3
(4)
(8) (5)
(3)
(6)
(6)(1)
(1)
(1)
(7)
(2)
Elder with IoT medical sensor Mobile device
CloudHospital
Emergency family contactsKey generation center
Figure 1 The system architecture
transfer the collected data to the mobile device via Bluetooth(Bluetooth 40) and themobile device can transfer the data tothe cloud
(6) Mobile Device (MD) A portable computing device witha unique International Mobile Equipment Identity (IMEI)which can connect with the IoT medical sensor It can locatethe elder with Global Positioning System (GPS) when thereis an emergency and get the reports for normal situation
(7) Emergency Family Contacts (EFC) They are the elderrsquosfamily members
The elder goes to the hospital for a health inspection andthe report will be uploaded to the cloud Every set period oftime the IoT medical sensor will collect the elderrsquos biologicaldata and transfer them to the cloud via mobile device Thehospital and the cloud process authentication procedureThescenarios are described in Figure 1
(1) The elder the hospital and the cloud must registerat the key generation center in advance via securechannel
(2) The elder goes to hospital for a physical inspection(3) The hospital uploads the elderrsquos physical inspection
report to the cloud(4) The IoTmedical sensor gets the elderrsquos biological data
via set periods of time and sends it to the mobiledevice
(5) The mobile device uploads the biological data to thecloud
(6) The cloud compares the data sent from the mobiledevice with the standard values stored in the databaseOnce there is an emergency the cloud notifies thehospital and contacts the elderrsquos family in an accept-able time
(7) After the hospital gets the notification it sends mes-sages and dispatches an ambulance to the elder
(8) If the data collected by the IoT medical sensor arenormal the cloud sends a health report to the elderat set periods of time
21 Notations The following lists notations that will be usedin our scheme
ID119883119883rsquos identity119904 the secret value119909 the KGCrsquos private key
ℎ0() the hash function ℎ0 0 1lowast rarr ℎ10 1
119897 119897 =256ℎ1() the hash function ℎ1 1198662 times 0 1
lowast times 1198661 rarr0 1119897 119897 = 256Δ119879 the valid transmission time interval119879119883119894 the 119894th timestamp generated by119883DataH119894 the elderrsquos physical inspection report gener-ated by the hospitalDataMS119894 the elderrsquos biological data collected by theIoT medical sensor for example EGC heart rateoxygen saturation blood pressure body temperatureand blood glucoseCert119883119883 partyrsquos identity certification being issued bythe KGCIMEI International Mobile Equipment IdentityPK119883SK119883119883rsquos publicprivate keykey119883-119884 the session key between119883 and 119884
SEK(M)SDK(M) using the symmetric key K toencryptdecrypt a message MSSK119909(M)DSK119909(M) using the private key SK119909 tosigndecrypt a message MVPK119909(M)EPK119909(M) using the public key PK119909 to ver-ifyencrypt a message MMSG119883 the patientrsquos health information being gener-ated by119883MSGEM the emergency messageMSGNM the normal report119860t119861 checking if 119860 is equal to 119861
insecure channel secure channel
22 Registration Phase Both the elder and the hospital mustregister at the key generation center in advanceTheKGCwillissue a pair of public key and private key for each party Theuser will get the cloudrsquos public key and use the pregeneratedkey to encryptdecrypt the medical information The KGCwill also record the keyrsquos generation time in the databaseTheflowchart of the registration phase is shown in Figure 2
(1)The elder the hospital and the cloud choose the iden-tity IDEIDHIDC and send it to the key generation centerthrough a secure channel The elder should also send hisher
4 Journal of Sensors
User (X) KGC
Chooses IDX
Stores SKX and key
IDX IMEI contact information
SKX key
CertE CertH
CertE CertH
SKX = h0(IDX x)
keyX-KGC
X-KGC
X-KGC
= h1(SKX x TKGC)
Records IDX TKGC
Stores IMEI and contact information
Figure 2 The registration phase
mobile devices IMEI and personal contact information to theKGC including emergency family contacts
(2) After receiving the message the KGC uses the privatekey 119909 to compute the userrsquos public key PKEPKHPKC theprivate key SKESKHSKC and the pregenerated session keykeyE-KGCkeyH-KGCkeyC-KGC as follows
SKE = ℎ0 (IDE 119909)
SKH = ℎ0 (IDH 119909)
SKC = ℎ0 (IDC 119909)
keyE-KGC = ℎ1 (SKE 119909 119879KGC)
keyH-KGC = ℎ1 (SKH 119909 119879KGC)
keyC-KGC = ℎ1 (SKC 119909 119879KGC)
(1)
Then the KGC sends (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) to the elder the hos-pital and the cloud respectively In addition the KGCgenerates the certification CertECertH for the elder andhospital respectively
(3) Each party stores (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) respectively The elderand hospital can use the certification CertECertH to processauthentication
23 The Health Data Uploading Phase
231 The Hospital Uploads Physical Inspection Report CaseThe elder goes to the hospital for a physical inspection Afterthe hospital and the cloud process authentication the hospitaluploads the physical inspection report to the cloud Theflowchart of the hospital uploading physical inspection reportcase is shown in Figure 3
(1)The hospital uses the session key keyH-C to encrypt thephysical inspection report and makes a timestamp 119879H1 The
hospital uses the cloudrsquos public key PKC to encrypt keyH-C andmakes a signature Sig
1as follows
MSGH1
= (IDH IDEDataH1DataH2 DataH119899 119879H1) (2)
1198621 = SEkeyH-C(MSGH1) (3)
1198622 = EPKC(keyH-C) (4)
Sig1= SSKH(ℎ1 (MSGH1)) (5)
Then the hospital sends Sig1 IDH IDE CertH 1198621 1198622
and 119879H1 to the cloud(2)The cloud verifies the hospitalrsquos signature according to
the hospitalrsquos identity IDH and checks if the timestamp 119879H1 isvalid or not as follows
1198791198621 minus 119879H1 le Δ119879 (6)
If (6) holds the cloud uses the KGCrsquos public key PKKGC toverify the hospitalrsquos certification CertH Then the cloud findsSDkeyH-C
according to IDH and uses the private key SKC andsession key keyH-C to decrypt 1198621 and 1198622
VPKH(Sig1)t ℎ1 (MSGH1) (7)
keyH-C = DSKC(1198622) (8)
(IDH IDEDataH1DataH2 DataH119899 119879H1)
= SDkeyH-C(1198621)
(9)
Afterwards the cloud stores MSGH1 and Sig1
232TheMobile Device Uploads Biological Data Case In thisphase we consider the IoTmedical sensors embedded into anelderrsquos body The elder uses the mobile device to transfer thebiological data which are measured by IoT medical sensorsto the cloud The flowchart of the mobile device uploadingbiological data case is shown in Figure 4
Journal of Sensors 5
Hospital (H) Cloud (C)
Verifies the hospitalrsquos signature
MSGH1 = (IDH IDE DataH1 DataH2 DataHn TH1)
C1 = SEkeyH-C(MSGH1)
C2 = EPKC (keyH-C)
VPKH (Sig1) ≟ h1(MSGH1)
keyH-C = DSKC (C2)
(IDH IDE DataH1 DataH2 DataHn TH1) = SDkeyH-C(C1)
Stores MSGH1 and Sig1
Sig1 = SSKH(ℎ1(MSGH1))
Checks if TC1minus TH1 le ΔT
Sig1 IDH IDE CertH C1 C2 TH1
Figure 3 The hospital uploads physical inspection report case
Verifies the received IMEI
IoT medical sensor (MS)
Cloud (C)Mobile device (MD)
MSGMS1 = (IDE DataMS1 DataMS2 DataMSn TMS1)
MSGMS1
C3 = SEkeyE-C(MSGMD1)
C4 = EPKC (keyE-C)
Checks if TC3minus TMD1 le ΔT
Verify CertE
keyE-C = DSKC (C4)
MSGMD1 = SDkeyE-C(C3)
Stores MSGMD1
MSGMD1 = (IMEI MSGMS1 TMD1)
IDE CertE C3 C4 TMD1
Figure 4 The mobile device uploads biological data case
6 Journal of Sensors
(1) The IoT medical sensor collects the biological dataMSGMS1 and sends them to the elderrsquos mobile device througha secure channel
MSGMS1
= (IDEDataMS1DataMS2 DataMS119899 119879MS1) (10)
(2)After receiving themessage themobile device uses thesession key keyE-C to encrypt the elderrsquos health informationMSGMD andmakes a timestamp119879MD Afterwards themobiledevice uses the cloudrsquos public key PKC to encrypt keyE-C
MSGMD1 = (IMEIMSGMS1 119879MD1) (11)
1198623 = SEkeyE-C (MSGMD1) (12)
1198624 = EPKC(keyE-C) (13)
Then the mobile device sends IDE CertE 1198623 1198624 and119879MD1 to the cloud
(3)The cloud checks if the timestamp119879MD1 is valid or not
1198791198623 minus 119879MD1 le Δ119879 (14)
If (14) holds the cloud verifies the received IMEI byfinding the mobile devicersquos registered IMEI which is storedin the database according to the elderrsquos identity IDE If itholds the cloud uses the public key PKKGC to verify the elderrsquoscertification CertE Then the cloud uses the private key SKCand session key keyE-C to decrypt 1198623 and 1198624 respectively
keyE-C = DSKC(1198624) (15)
MSGMD1 = SDkeyE-C (1198623) (16)
Afterward the cloud stores MSGMD1
24 The Notification Phase
241 The Emergency Case When the cloud gets the elderrsquosbiological data from the mobile device the cloud comparesthe data with the standard values stored in the database Ifthere is an emergency situation the cloud sends the alertmessage to the hospital and contacts the emergency familysimultaneously Then the hospital will contact the elder anddispatch an ambulance to help the elder if necessary Theflowchart of the emergency case is shown in Figure 5
(1) The IoT medical sensor collects the elderrsquos biologicaldata such as ECG oxygen saturation blood pressure andbody temperature The IoT medical sensor sends the biolog-ical data to the mobile device through a secure channel andmakes a timestamp 119879MS2
MSGMS2
= (IDEDataMS1DataMS2 DataMS119899 119879MS2) (17)
(2) After receiving the message the mobile device makesa timestamp 119879MD2 and integrates IMEI and MSGMS2
MSGMD2 = (IMEIMSGMS2 119879MD2) (18)
The mobile device then uses the session key keyE-C toencrypt MSGMD2 and the cloudrsquos public key PKC to encryptkeyE-C In the meantime the elder uses the private SKE and asignature Sig
2via mobile device as follows
1198625 = SEkeyE-C (MSGMD2) (19)
1198626 = EPKC(keyE-C) (20)
Sig2= SSKE(IMEI) (21)
The mobile device sends Sig2 IDE CertE 1198625 1198626 and
119879MD2 to the cloud(3) After receiving the message the cloud checks if the
timestamp 119879MD2 is valid or not
1198791198625 minus 119879MD2 le Δ119879 (22)
If (22) holds the cloud uses the private key SKC andsession key keyE-C to decrypt 1198626 and 1198625 as follows
keyE-C = DSKC(1198626)
(IMEIMSGMS2 119879MD2) = SDkeyE-C (1198625) (23)
The cloud then uses the KGCrsquos public key PKKGC to verifythe elderrsquos certification CertE and check if the mobile devicersquosIMEI is the same as the registered IMEI
VPK119901 (Sig2)t IMEI (24)
The cloud then compares the elderrsquos biological data withthe standard value stored in the database If some of theinspection data is beyond the threshold the cloud uses thehospitalrsquos public key PKH to encrypt the emergency messageMSGC1 and make a timestamp 119879C1
MSGC1 = (IDC IDEMSGEM 119879C1) (25)
1198627 = EPKH(MSGC1) (26)
The cloud sends IDC IDE CertE CertC 1198627 and 119879C1 tothe hospital
(4) After receiving the message the hospital checks if thetimestamp 119879C1 is valid or not as follows
1198791198627 minus 119879C1 le Δ119879 (27)
If (27) holds the hospital uses the public key PKKGCto verify the cloudrsquos and the elderrsquos certification Then thehospital uses the private key SKH to decrypt 1198627
MSGC1 = DSKH(1198627) (28)
(5) The hospital gets the elderrsquos identity and obtainshisher contact information which is stored in the databaseThe hospital then gets the elderrsquos location via the mobiledevice According toMSGC1 the hospital evaluates the elderrsquossituation to determine whether to dispatch the ambulanceto help the elder If the elder is able to receive the message
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Sensors 3
(4)
(8) (5)
(3)
(6)
(6)(1)
(1)
(1)
(7)
(2)
Elder with IoT medical sensor Mobile device
CloudHospital
Emergency family contactsKey generation center
Figure 1 The system architecture
transfer the collected data to the mobile device via Bluetooth(Bluetooth 40) and themobile device can transfer the data tothe cloud
(6) Mobile Device (MD) A portable computing device witha unique International Mobile Equipment Identity (IMEI)which can connect with the IoT medical sensor It can locatethe elder with Global Positioning System (GPS) when thereis an emergency and get the reports for normal situation
(7) Emergency Family Contacts (EFC) They are the elderrsquosfamily members
The elder goes to the hospital for a health inspection andthe report will be uploaded to the cloud Every set period oftime the IoT medical sensor will collect the elderrsquos biologicaldata and transfer them to the cloud via mobile device Thehospital and the cloud process authentication procedureThescenarios are described in Figure 1
(1) The elder the hospital and the cloud must registerat the key generation center in advance via securechannel
(2) The elder goes to hospital for a physical inspection(3) The hospital uploads the elderrsquos physical inspection
report to the cloud(4) The IoTmedical sensor gets the elderrsquos biological data
via set periods of time and sends it to the mobiledevice
(5) The mobile device uploads the biological data to thecloud
(6) The cloud compares the data sent from the mobiledevice with the standard values stored in the databaseOnce there is an emergency the cloud notifies thehospital and contacts the elderrsquos family in an accept-able time
(7) After the hospital gets the notification it sends mes-sages and dispatches an ambulance to the elder
(8) If the data collected by the IoT medical sensor arenormal the cloud sends a health report to the elderat set periods of time
21 Notations The following lists notations that will be usedin our scheme
ID119883119883rsquos identity119904 the secret value119909 the KGCrsquos private key
ℎ0() the hash function ℎ0 0 1lowast rarr ℎ10 1
119897 119897 =256ℎ1() the hash function ℎ1 1198662 times 0 1
lowast times 1198661 rarr0 1119897 119897 = 256Δ119879 the valid transmission time interval119879119883119894 the 119894th timestamp generated by119883DataH119894 the elderrsquos physical inspection report gener-ated by the hospitalDataMS119894 the elderrsquos biological data collected by theIoT medical sensor for example EGC heart rateoxygen saturation blood pressure body temperatureand blood glucoseCert119883119883 partyrsquos identity certification being issued bythe KGCIMEI International Mobile Equipment IdentityPK119883SK119883119883rsquos publicprivate keykey119883-119884 the session key between119883 and 119884
SEK(M)SDK(M) using the symmetric key K toencryptdecrypt a message MSSK119909(M)DSK119909(M) using the private key SK119909 tosigndecrypt a message MVPK119909(M)EPK119909(M) using the public key PK119909 to ver-ifyencrypt a message MMSG119883 the patientrsquos health information being gener-ated by119883MSGEM the emergency messageMSGNM the normal report119860t119861 checking if 119860 is equal to 119861
insecure channel secure channel
22 Registration Phase Both the elder and the hospital mustregister at the key generation center in advanceTheKGCwillissue a pair of public key and private key for each party Theuser will get the cloudrsquos public key and use the pregeneratedkey to encryptdecrypt the medical information The KGCwill also record the keyrsquos generation time in the databaseTheflowchart of the registration phase is shown in Figure 2
(1)The elder the hospital and the cloud choose the iden-tity IDEIDHIDC and send it to the key generation centerthrough a secure channel The elder should also send hisher
4 Journal of Sensors
User (X) KGC
Chooses IDX
Stores SKX and key
IDX IMEI contact information
SKX key
CertE CertH
CertE CertH
SKX = h0(IDX x)
keyX-KGC
X-KGC
X-KGC
= h1(SKX x TKGC)
Records IDX TKGC
Stores IMEI and contact information
Figure 2 The registration phase
mobile devices IMEI and personal contact information to theKGC including emergency family contacts
(2) After receiving the message the KGC uses the privatekey 119909 to compute the userrsquos public key PKEPKHPKC theprivate key SKESKHSKC and the pregenerated session keykeyE-KGCkeyH-KGCkeyC-KGC as follows
SKE = ℎ0 (IDE 119909)
SKH = ℎ0 (IDH 119909)
SKC = ℎ0 (IDC 119909)
keyE-KGC = ℎ1 (SKE 119909 119879KGC)
keyH-KGC = ℎ1 (SKH 119909 119879KGC)
keyC-KGC = ℎ1 (SKC 119909 119879KGC)
(1)
Then the KGC sends (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) to the elder the hos-pital and the cloud respectively In addition the KGCgenerates the certification CertECertH for the elder andhospital respectively
(3) Each party stores (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) respectively The elderand hospital can use the certification CertECertH to processauthentication
23 The Health Data Uploading Phase
231 The Hospital Uploads Physical Inspection Report CaseThe elder goes to the hospital for a physical inspection Afterthe hospital and the cloud process authentication the hospitaluploads the physical inspection report to the cloud Theflowchart of the hospital uploading physical inspection reportcase is shown in Figure 3
(1)The hospital uses the session key keyH-C to encrypt thephysical inspection report and makes a timestamp 119879H1 The
hospital uses the cloudrsquos public key PKC to encrypt keyH-C andmakes a signature Sig
1as follows
MSGH1
= (IDH IDEDataH1DataH2 DataH119899 119879H1) (2)
1198621 = SEkeyH-C(MSGH1) (3)
1198622 = EPKC(keyH-C) (4)
Sig1= SSKH(ℎ1 (MSGH1)) (5)
Then the hospital sends Sig1 IDH IDE CertH 1198621 1198622
and 119879H1 to the cloud(2)The cloud verifies the hospitalrsquos signature according to
the hospitalrsquos identity IDH and checks if the timestamp 119879H1 isvalid or not as follows
1198791198621 minus 119879H1 le Δ119879 (6)
If (6) holds the cloud uses the KGCrsquos public key PKKGC toverify the hospitalrsquos certification CertH Then the cloud findsSDkeyH-C
according to IDH and uses the private key SKC andsession key keyH-C to decrypt 1198621 and 1198622
VPKH(Sig1)t ℎ1 (MSGH1) (7)
keyH-C = DSKC(1198622) (8)
(IDH IDEDataH1DataH2 DataH119899 119879H1)
= SDkeyH-C(1198621)
(9)
Afterwards the cloud stores MSGH1 and Sig1
232TheMobile Device Uploads Biological Data Case In thisphase we consider the IoTmedical sensors embedded into anelderrsquos body The elder uses the mobile device to transfer thebiological data which are measured by IoT medical sensorsto the cloud The flowchart of the mobile device uploadingbiological data case is shown in Figure 4
Journal of Sensors 5
Hospital (H) Cloud (C)
Verifies the hospitalrsquos signature
MSGH1 = (IDH IDE DataH1 DataH2 DataHn TH1)
C1 = SEkeyH-C(MSGH1)
C2 = EPKC (keyH-C)
VPKH (Sig1) ≟ h1(MSGH1)
keyH-C = DSKC (C2)
(IDH IDE DataH1 DataH2 DataHn TH1) = SDkeyH-C(C1)
Stores MSGH1 and Sig1
Sig1 = SSKH(ℎ1(MSGH1))
Checks if TC1minus TH1 le ΔT
Sig1 IDH IDE CertH C1 C2 TH1
Figure 3 The hospital uploads physical inspection report case
Verifies the received IMEI
IoT medical sensor (MS)
Cloud (C)Mobile device (MD)
MSGMS1 = (IDE DataMS1 DataMS2 DataMSn TMS1)
MSGMS1
C3 = SEkeyE-C(MSGMD1)
C4 = EPKC (keyE-C)
Checks if TC3minus TMD1 le ΔT
Verify CertE
keyE-C = DSKC (C4)
MSGMD1 = SDkeyE-C(C3)
Stores MSGMD1
MSGMD1 = (IMEI MSGMS1 TMD1)
IDE CertE C3 C4 TMD1
Figure 4 The mobile device uploads biological data case
6 Journal of Sensors
(1) The IoT medical sensor collects the biological dataMSGMS1 and sends them to the elderrsquos mobile device througha secure channel
MSGMS1
= (IDEDataMS1DataMS2 DataMS119899 119879MS1) (10)
(2)After receiving themessage themobile device uses thesession key keyE-C to encrypt the elderrsquos health informationMSGMD andmakes a timestamp119879MD Afterwards themobiledevice uses the cloudrsquos public key PKC to encrypt keyE-C
MSGMD1 = (IMEIMSGMS1 119879MD1) (11)
1198623 = SEkeyE-C (MSGMD1) (12)
1198624 = EPKC(keyE-C) (13)
Then the mobile device sends IDE CertE 1198623 1198624 and119879MD1 to the cloud
(3)The cloud checks if the timestamp119879MD1 is valid or not
1198791198623 minus 119879MD1 le Δ119879 (14)
If (14) holds the cloud verifies the received IMEI byfinding the mobile devicersquos registered IMEI which is storedin the database according to the elderrsquos identity IDE If itholds the cloud uses the public key PKKGC to verify the elderrsquoscertification CertE Then the cloud uses the private key SKCand session key keyE-C to decrypt 1198623 and 1198624 respectively
keyE-C = DSKC(1198624) (15)
MSGMD1 = SDkeyE-C (1198623) (16)
Afterward the cloud stores MSGMD1
24 The Notification Phase
241 The Emergency Case When the cloud gets the elderrsquosbiological data from the mobile device the cloud comparesthe data with the standard values stored in the database Ifthere is an emergency situation the cloud sends the alertmessage to the hospital and contacts the emergency familysimultaneously Then the hospital will contact the elder anddispatch an ambulance to help the elder if necessary Theflowchart of the emergency case is shown in Figure 5
(1) The IoT medical sensor collects the elderrsquos biologicaldata such as ECG oxygen saturation blood pressure andbody temperature The IoT medical sensor sends the biolog-ical data to the mobile device through a secure channel andmakes a timestamp 119879MS2
MSGMS2
= (IDEDataMS1DataMS2 DataMS119899 119879MS2) (17)
(2) After receiving the message the mobile device makesa timestamp 119879MD2 and integrates IMEI and MSGMS2
MSGMD2 = (IMEIMSGMS2 119879MD2) (18)
The mobile device then uses the session key keyE-C toencrypt MSGMD2 and the cloudrsquos public key PKC to encryptkeyE-C In the meantime the elder uses the private SKE and asignature Sig
2via mobile device as follows
1198625 = SEkeyE-C (MSGMD2) (19)
1198626 = EPKC(keyE-C) (20)
Sig2= SSKE(IMEI) (21)
The mobile device sends Sig2 IDE CertE 1198625 1198626 and
119879MD2 to the cloud(3) After receiving the message the cloud checks if the
timestamp 119879MD2 is valid or not
1198791198625 minus 119879MD2 le Δ119879 (22)
If (22) holds the cloud uses the private key SKC andsession key keyE-C to decrypt 1198626 and 1198625 as follows
keyE-C = DSKC(1198626)
(IMEIMSGMS2 119879MD2) = SDkeyE-C (1198625) (23)
The cloud then uses the KGCrsquos public key PKKGC to verifythe elderrsquos certification CertE and check if the mobile devicersquosIMEI is the same as the registered IMEI
VPK119901 (Sig2)t IMEI (24)
The cloud then compares the elderrsquos biological data withthe standard value stored in the database If some of theinspection data is beyond the threshold the cloud uses thehospitalrsquos public key PKH to encrypt the emergency messageMSGC1 and make a timestamp 119879C1
MSGC1 = (IDC IDEMSGEM 119879C1) (25)
1198627 = EPKH(MSGC1) (26)
The cloud sends IDC IDE CertE CertC 1198627 and 119879C1 tothe hospital
(4) After receiving the message the hospital checks if thetimestamp 119879C1 is valid or not as follows
1198791198627 minus 119879C1 le Δ119879 (27)
If (27) holds the hospital uses the public key PKKGCto verify the cloudrsquos and the elderrsquos certification Then thehospital uses the private key SKH to decrypt 1198627
MSGC1 = DSKH(1198627) (28)
(5) The hospital gets the elderrsquos identity and obtainshisher contact information which is stored in the databaseThe hospital then gets the elderrsquos location via the mobiledevice According toMSGC1 the hospital evaluates the elderrsquossituation to determine whether to dispatch the ambulanceto help the elder If the elder is able to receive the message
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
4 Journal of Sensors
User (X) KGC
Chooses IDX
Stores SKX and key
IDX IMEI contact information
SKX key
CertE CertH
CertE CertH
SKX = h0(IDX x)
keyX-KGC
X-KGC
X-KGC
= h1(SKX x TKGC)
Records IDX TKGC
Stores IMEI and contact information
Figure 2 The registration phase
mobile devices IMEI and personal contact information to theKGC including emergency family contacts
(2) After receiving the message the KGC uses the privatekey 119909 to compute the userrsquos public key PKEPKHPKC theprivate key SKESKHSKC and the pregenerated session keykeyE-KGCkeyH-KGCkeyC-KGC as follows
SKE = ℎ0 (IDE 119909)
SKH = ℎ0 (IDH 119909)
SKC = ℎ0 (IDC 119909)
keyE-KGC = ℎ1 (SKE 119909 119879KGC)
keyH-KGC = ℎ1 (SKH 119909 119879KGC)
keyC-KGC = ℎ1 (SKC 119909 119879KGC)
(1)
Then the KGC sends (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) to the elder the hos-pital and the cloud respectively In addition the KGCgenerates the certification CertECertH for the elder andhospital respectively
(3) Each party stores (PKE SKE keyE-KGC) (PKH SKHkeyH-KGC) and (PKC SKC keyC-KGC) respectively The elderand hospital can use the certification CertECertH to processauthentication
23 The Health Data Uploading Phase
231 The Hospital Uploads Physical Inspection Report CaseThe elder goes to the hospital for a physical inspection Afterthe hospital and the cloud process authentication the hospitaluploads the physical inspection report to the cloud Theflowchart of the hospital uploading physical inspection reportcase is shown in Figure 3
(1)The hospital uses the session key keyH-C to encrypt thephysical inspection report and makes a timestamp 119879H1 The
hospital uses the cloudrsquos public key PKC to encrypt keyH-C andmakes a signature Sig
1as follows
MSGH1
= (IDH IDEDataH1DataH2 DataH119899 119879H1) (2)
1198621 = SEkeyH-C(MSGH1) (3)
1198622 = EPKC(keyH-C) (4)
Sig1= SSKH(ℎ1 (MSGH1)) (5)
Then the hospital sends Sig1 IDH IDE CertH 1198621 1198622
and 119879H1 to the cloud(2)The cloud verifies the hospitalrsquos signature according to
the hospitalrsquos identity IDH and checks if the timestamp 119879H1 isvalid or not as follows
1198791198621 minus 119879H1 le Δ119879 (6)
If (6) holds the cloud uses the KGCrsquos public key PKKGC toverify the hospitalrsquos certification CertH Then the cloud findsSDkeyH-C
according to IDH and uses the private key SKC andsession key keyH-C to decrypt 1198621 and 1198622
VPKH(Sig1)t ℎ1 (MSGH1) (7)
keyH-C = DSKC(1198622) (8)
(IDH IDEDataH1DataH2 DataH119899 119879H1)
= SDkeyH-C(1198621)
(9)
Afterwards the cloud stores MSGH1 and Sig1
232TheMobile Device Uploads Biological Data Case In thisphase we consider the IoTmedical sensors embedded into anelderrsquos body The elder uses the mobile device to transfer thebiological data which are measured by IoT medical sensorsto the cloud The flowchart of the mobile device uploadingbiological data case is shown in Figure 4
Journal of Sensors 5
Hospital (H) Cloud (C)
Verifies the hospitalrsquos signature
MSGH1 = (IDH IDE DataH1 DataH2 DataHn TH1)
C1 = SEkeyH-C(MSGH1)
C2 = EPKC (keyH-C)
VPKH (Sig1) ≟ h1(MSGH1)
keyH-C = DSKC (C2)
(IDH IDE DataH1 DataH2 DataHn TH1) = SDkeyH-C(C1)
Stores MSGH1 and Sig1
Sig1 = SSKH(ℎ1(MSGH1))
Checks if TC1minus TH1 le ΔT
Sig1 IDH IDE CertH C1 C2 TH1
Figure 3 The hospital uploads physical inspection report case
Verifies the received IMEI
IoT medical sensor (MS)
Cloud (C)Mobile device (MD)
MSGMS1 = (IDE DataMS1 DataMS2 DataMSn TMS1)
MSGMS1
C3 = SEkeyE-C(MSGMD1)
C4 = EPKC (keyE-C)
Checks if TC3minus TMD1 le ΔT
Verify CertE
keyE-C = DSKC (C4)
MSGMD1 = SDkeyE-C(C3)
Stores MSGMD1
MSGMD1 = (IMEI MSGMS1 TMD1)
IDE CertE C3 C4 TMD1
Figure 4 The mobile device uploads biological data case
6 Journal of Sensors
(1) The IoT medical sensor collects the biological dataMSGMS1 and sends them to the elderrsquos mobile device througha secure channel
MSGMS1
= (IDEDataMS1DataMS2 DataMS119899 119879MS1) (10)
(2)After receiving themessage themobile device uses thesession key keyE-C to encrypt the elderrsquos health informationMSGMD andmakes a timestamp119879MD Afterwards themobiledevice uses the cloudrsquos public key PKC to encrypt keyE-C
MSGMD1 = (IMEIMSGMS1 119879MD1) (11)
1198623 = SEkeyE-C (MSGMD1) (12)
1198624 = EPKC(keyE-C) (13)
Then the mobile device sends IDE CertE 1198623 1198624 and119879MD1 to the cloud
(3)The cloud checks if the timestamp119879MD1 is valid or not
1198791198623 minus 119879MD1 le Δ119879 (14)
If (14) holds the cloud verifies the received IMEI byfinding the mobile devicersquos registered IMEI which is storedin the database according to the elderrsquos identity IDE If itholds the cloud uses the public key PKKGC to verify the elderrsquoscertification CertE Then the cloud uses the private key SKCand session key keyE-C to decrypt 1198623 and 1198624 respectively
keyE-C = DSKC(1198624) (15)
MSGMD1 = SDkeyE-C (1198623) (16)
Afterward the cloud stores MSGMD1
24 The Notification Phase
241 The Emergency Case When the cloud gets the elderrsquosbiological data from the mobile device the cloud comparesthe data with the standard values stored in the database Ifthere is an emergency situation the cloud sends the alertmessage to the hospital and contacts the emergency familysimultaneously Then the hospital will contact the elder anddispatch an ambulance to help the elder if necessary Theflowchart of the emergency case is shown in Figure 5
(1) The IoT medical sensor collects the elderrsquos biologicaldata such as ECG oxygen saturation blood pressure andbody temperature The IoT medical sensor sends the biolog-ical data to the mobile device through a secure channel andmakes a timestamp 119879MS2
MSGMS2
= (IDEDataMS1DataMS2 DataMS119899 119879MS2) (17)
(2) After receiving the message the mobile device makesa timestamp 119879MD2 and integrates IMEI and MSGMS2
MSGMD2 = (IMEIMSGMS2 119879MD2) (18)
The mobile device then uses the session key keyE-C toencrypt MSGMD2 and the cloudrsquos public key PKC to encryptkeyE-C In the meantime the elder uses the private SKE and asignature Sig
2via mobile device as follows
1198625 = SEkeyE-C (MSGMD2) (19)
1198626 = EPKC(keyE-C) (20)
Sig2= SSKE(IMEI) (21)
The mobile device sends Sig2 IDE CertE 1198625 1198626 and
119879MD2 to the cloud(3) After receiving the message the cloud checks if the
timestamp 119879MD2 is valid or not
1198791198625 minus 119879MD2 le Δ119879 (22)
If (22) holds the cloud uses the private key SKC andsession key keyE-C to decrypt 1198626 and 1198625 as follows
keyE-C = DSKC(1198626)
(IMEIMSGMS2 119879MD2) = SDkeyE-C (1198625) (23)
The cloud then uses the KGCrsquos public key PKKGC to verifythe elderrsquos certification CertE and check if the mobile devicersquosIMEI is the same as the registered IMEI
VPK119901 (Sig2)t IMEI (24)
The cloud then compares the elderrsquos biological data withthe standard value stored in the database If some of theinspection data is beyond the threshold the cloud uses thehospitalrsquos public key PKH to encrypt the emergency messageMSGC1 and make a timestamp 119879C1
MSGC1 = (IDC IDEMSGEM 119879C1) (25)
1198627 = EPKH(MSGC1) (26)
The cloud sends IDC IDE CertE CertC 1198627 and 119879C1 tothe hospital
(4) After receiving the message the hospital checks if thetimestamp 119879C1 is valid or not as follows
1198791198627 minus 119879C1 le Δ119879 (27)
If (27) holds the hospital uses the public key PKKGCto verify the cloudrsquos and the elderrsquos certification Then thehospital uses the private key SKH to decrypt 1198627
MSGC1 = DSKH(1198627) (28)
(5) The hospital gets the elderrsquos identity and obtainshisher contact information which is stored in the databaseThe hospital then gets the elderrsquos location via the mobiledevice According toMSGC1 the hospital evaluates the elderrsquossituation to determine whether to dispatch the ambulanceto help the elder If the elder is able to receive the message
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Sensors 5
Hospital (H) Cloud (C)
Verifies the hospitalrsquos signature
MSGH1 = (IDH IDE DataH1 DataH2 DataHn TH1)
C1 = SEkeyH-C(MSGH1)
C2 = EPKC (keyH-C)
VPKH (Sig1) ≟ h1(MSGH1)
keyH-C = DSKC (C2)
(IDH IDE DataH1 DataH2 DataHn TH1) = SDkeyH-C(C1)
Stores MSGH1 and Sig1
Sig1 = SSKH(ℎ1(MSGH1))
Checks if TC1minus TH1 le ΔT
Sig1 IDH IDE CertH C1 C2 TH1
Figure 3 The hospital uploads physical inspection report case
Verifies the received IMEI
IoT medical sensor (MS)
Cloud (C)Mobile device (MD)
MSGMS1 = (IDE DataMS1 DataMS2 DataMSn TMS1)
MSGMS1
C3 = SEkeyE-C(MSGMD1)
C4 = EPKC (keyE-C)
Checks if TC3minus TMD1 le ΔT
Verify CertE
keyE-C = DSKC (C4)
MSGMD1 = SDkeyE-C(C3)
Stores MSGMD1
MSGMD1 = (IMEI MSGMS1 TMD1)
IDE CertE C3 C4 TMD1
Figure 4 The mobile device uploads biological data case
6 Journal of Sensors
(1) The IoT medical sensor collects the biological dataMSGMS1 and sends them to the elderrsquos mobile device througha secure channel
MSGMS1
= (IDEDataMS1DataMS2 DataMS119899 119879MS1) (10)
(2)After receiving themessage themobile device uses thesession key keyE-C to encrypt the elderrsquos health informationMSGMD andmakes a timestamp119879MD Afterwards themobiledevice uses the cloudrsquos public key PKC to encrypt keyE-C
MSGMD1 = (IMEIMSGMS1 119879MD1) (11)
1198623 = SEkeyE-C (MSGMD1) (12)
1198624 = EPKC(keyE-C) (13)
Then the mobile device sends IDE CertE 1198623 1198624 and119879MD1 to the cloud
(3)The cloud checks if the timestamp119879MD1 is valid or not
1198791198623 minus 119879MD1 le Δ119879 (14)
If (14) holds the cloud verifies the received IMEI byfinding the mobile devicersquos registered IMEI which is storedin the database according to the elderrsquos identity IDE If itholds the cloud uses the public key PKKGC to verify the elderrsquoscertification CertE Then the cloud uses the private key SKCand session key keyE-C to decrypt 1198623 and 1198624 respectively
keyE-C = DSKC(1198624) (15)
MSGMD1 = SDkeyE-C (1198623) (16)
Afterward the cloud stores MSGMD1
24 The Notification Phase
241 The Emergency Case When the cloud gets the elderrsquosbiological data from the mobile device the cloud comparesthe data with the standard values stored in the database Ifthere is an emergency situation the cloud sends the alertmessage to the hospital and contacts the emergency familysimultaneously Then the hospital will contact the elder anddispatch an ambulance to help the elder if necessary Theflowchart of the emergency case is shown in Figure 5
(1) The IoT medical sensor collects the elderrsquos biologicaldata such as ECG oxygen saturation blood pressure andbody temperature The IoT medical sensor sends the biolog-ical data to the mobile device through a secure channel andmakes a timestamp 119879MS2
MSGMS2
= (IDEDataMS1DataMS2 DataMS119899 119879MS2) (17)
(2) After receiving the message the mobile device makesa timestamp 119879MD2 and integrates IMEI and MSGMS2
MSGMD2 = (IMEIMSGMS2 119879MD2) (18)
The mobile device then uses the session key keyE-C toencrypt MSGMD2 and the cloudrsquos public key PKC to encryptkeyE-C In the meantime the elder uses the private SKE and asignature Sig
2via mobile device as follows
1198625 = SEkeyE-C (MSGMD2) (19)
1198626 = EPKC(keyE-C) (20)
Sig2= SSKE(IMEI) (21)
The mobile device sends Sig2 IDE CertE 1198625 1198626 and
119879MD2 to the cloud(3) After receiving the message the cloud checks if the
timestamp 119879MD2 is valid or not
1198791198625 minus 119879MD2 le Δ119879 (22)
If (22) holds the cloud uses the private key SKC andsession key keyE-C to decrypt 1198626 and 1198625 as follows
keyE-C = DSKC(1198626)
(IMEIMSGMS2 119879MD2) = SDkeyE-C (1198625) (23)
The cloud then uses the KGCrsquos public key PKKGC to verifythe elderrsquos certification CertE and check if the mobile devicersquosIMEI is the same as the registered IMEI
VPK119901 (Sig2)t IMEI (24)
The cloud then compares the elderrsquos biological data withthe standard value stored in the database If some of theinspection data is beyond the threshold the cloud uses thehospitalrsquos public key PKH to encrypt the emergency messageMSGC1 and make a timestamp 119879C1
MSGC1 = (IDC IDEMSGEM 119879C1) (25)
1198627 = EPKH(MSGC1) (26)
The cloud sends IDC IDE CertE CertC 1198627 and 119879C1 tothe hospital
(4) After receiving the message the hospital checks if thetimestamp 119879C1 is valid or not as follows
1198791198627 minus 119879C1 le Δ119879 (27)
If (27) holds the hospital uses the public key PKKGCto verify the cloudrsquos and the elderrsquos certification Then thehospital uses the private key SKH to decrypt 1198627
MSGC1 = DSKH(1198627) (28)
(5) The hospital gets the elderrsquos identity and obtainshisher contact information which is stored in the databaseThe hospital then gets the elderrsquos location via the mobiledevice According toMSGC1 the hospital evaluates the elderrsquossituation to determine whether to dispatch the ambulanceto help the elder If the elder is able to receive the message
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
6 Journal of Sensors
(1) The IoT medical sensor collects the biological dataMSGMS1 and sends them to the elderrsquos mobile device througha secure channel
MSGMS1
= (IDEDataMS1DataMS2 DataMS119899 119879MS1) (10)
(2)After receiving themessage themobile device uses thesession key keyE-C to encrypt the elderrsquos health informationMSGMD andmakes a timestamp119879MD Afterwards themobiledevice uses the cloudrsquos public key PKC to encrypt keyE-C
MSGMD1 = (IMEIMSGMS1 119879MD1) (11)
1198623 = SEkeyE-C (MSGMD1) (12)
1198624 = EPKC(keyE-C) (13)
Then the mobile device sends IDE CertE 1198623 1198624 and119879MD1 to the cloud
(3)The cloud checks if the timestamp119879MD1 is valid or not
1198791198623 minus 119879MD1 le Δ119879 (14)
If (14) holds the cloud verifies the received IMEI byfinding the mobile devicersquos registered IMEI which is storedin the database according to the elderrsquos identity IDE If itholds the cloud uses the public key PKKGC to verify the elderrsquoscertification CertE Then the cloud uses the private key SKCand session key keyE-C to decrypt 1198623 and 1198624 respectively
keyE-C = DSKC(1198624) (15)
MSGMD1 = SDkeyE-C (1198623) (16)
Afterward the cloud stores MSGMD1
24 The Notification Phase
241 The Emergency Case When the cloud gets the elderrsquosbiological data from the mobile device the cloud comparesthe data with the standard values stored in the database Ifthere is an emergency situation the cloud sends the alertmessage to the hospital and contacts the emergency familysimultaneously Then the hospital will contact the elder anddispatch an ambulance to help the elder if necessary Theflowchart of the emergency case is shown in Figure 5
(1) The IoT medical sensor collects the elderrsquos biologicaldata such as ECG oxygen saturation blood pressure andbody temperature The IoT medical sensor sends the biolog-ical data to the mobile device through a secure channel andmakes a timestamp 119879MS2
MSGMS2
= (IDEDataMS1DataMS2 DataMS119899 119879MS2) (17)
(2) After receiving the message the mobile device makesa timestamp 119879MD2 and integrates IMEI and MSGMS2
MSGMD2 = (IMEIMSGMS2 119879MD2) (18)
The mobile device then uses the session key keyE-C toencrypt MSGMD2 and the cloudrsquos public key PKC to encryptkeyE-C In the meantime the elder uses the private SKE and asignature Sig
2via mobile device as follows
1198625 = SEkeyE-C (MSGMD2) (19)
1198626 = EPKC(keyE-C) (20)
Sig2= SSKE(IMEI) (21)
The mobile device sends Sig2 IDE CertE 1198625 1198626 and
119879MD2 to the cloud(3) After receiving the message the cloud checks if the
timestamp 119879MD2 is valid or not
1198791198625 minus 119879MD2 le Δ119879 (22)
If (22) holds the cloud uses the private key SKC andsession key keyE-C to decrypt 1198626 and 1198625 as follows
keyE-C = DSKC(1198626)
(IMEIMSGMS2 119879MD2) = SDkeyE-C (1198625) (23)
The cloud then uses the KGCrsquos public key PKKGC to verifythe elderrsquos certification CertE and check if the mobile devicersquosIMEI is the same as the registered IMEI
VPK119901 (Sig2)t IMEI (24)
The cloud then compares the elderrsquos biological data withthe standard value stored in the database If some of theinspection data is beyond the threshold the cloud uses thehospitalrsquos public key PKH to encrypt the emergency messageMSGC1 and make a timestamp 119879C1
MSGC1 = (IDC IDEMSGEM 119879C1) (25)
1198627 = EPKH(MSGC1) (26)
The cloud sends IDC IDE CertE CertC 1198627 and 119879C1 tothe hospital
(4) After receiving the message the hospital checks if thetimestamp 119879C1 is valid or not as follows
1198791198627 minus 119879C1 le Δ119879 (27)
If (27) holds the hospital uses the public key PKKGCto verify the cloudrsquos and the elderrsquos certification Then thehospital uses the private key SKH to decrypt 1198627
MSGC1 = DSKH(1198627) (28)
(5) The hospital gets the elderrsquos identity and obtainshisher contact information which is stored in the databaseThe hospital then gets the elderrsquos location via the mobiledevice According toMSGC1 the hospital evaluates the elderrsquossituation to determine whether to dispatch the ambulanceto help the elder If the elder is able to receive the message
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Sensors 7
IoT medical sensor (MS)
Mobile device (MD)
Cloud (C)
Hospital (H)
Elder (E)
Emergency family contacts (EFC)
MSGMS2 = (IDE DataMS1 DataMS2 DataMSn TMS2)
MSGMS2
C5 = SEkeyE-C(MSGMD2)
C6 = EPKC (keyE-C)
Sig2 = SSKE (IMEI)
Checks if TC5minus TMD2 le ΔT
keyE-C = DSKC (C6)
(IMEI MSGMS2 TMD2) = SDkeyE-C(C5)
Verifies CertE
MSGC1 = (IDC IDE MSGEM TC1)
C7 = EPKH (MSGC1)
Checks if TC7minus TC1 le ΔT
Verifies CertE
MSGC1 = DSKH(C7)
MSGH2 = (IDE CertE IDH CertH MSGEM TH2)
C8 = EPKE (MSGH2)
Checks if TC8minus TH2 le ΔT
Verifies CertH
MSGH2 = DSKH (C8)
MSGMD2 = (IMEI MSGMS2 TMD2)
VPKp(Sig2) ≟ IMEI
IDH CertH IDE CertE C8 TH2
Sig2 IDE CertE C5 C6 TMD2
IDC IDE CertE CertC C7 TC1
Figure 5 The emergency case
the hospital uses the elderrsquos public key PKE to encrypt thenotification MSGH2 and makes a timestamp 119879H2
MSGH2 = (IDECertE IDHCertHMSGEM 119879H2) (29)
1198628 = EPKE(MSGH2) (30)
The hospital then sends IDH CertH IDE CertE 1198628 and119879H2 to the elder
(6) The elder checks if the timestamp 119879H2 is valid or notwhen heshe receives the message
1198791198628 minus 119879H2 le Δ119879 (31)
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
8 Journal of Sensors
Cloud (C)Mobile device (MD)
MSGC2 = (IDC IDE MSGNM TC2)
C9 = EPKH (MSGC2)
Checks if TC9minus TC2 le ΔT
MSGC2 = DSKE (C9)
Stores MSGC2
C9 IDC CertC TC2
Figure 6 The normal case
If (31) holds the elder uses the public key PKKGC to verifythe hospitalrsquos certification and uses the private key SKE todecrypt 1198628
MSGH2 = DSKH(1198628) (32)
(7) If the elder is unconscious and cannot respond to thehospitalrsquos notification the hospital gets the elderrsquos location viaGPS and dispatches an ambulance to help himher directly
242TheNormal Case If the elderrsquos biological data fall in theaverage scope the cloud will send a report back to the eldervia period of timeThe flowchart of the normal case is shownin Figure 6
(1)The clouduses the elderrsquos public key PKE to encrypt thenormal health report MSGC2 and makes a timestamp 119879C2
MSGC2 = (IDC IDEMSGNM 119879C2) (33)
1198629 = EPKH(MSGC2) (34)
The cloud sends the encrypted health information 1198629IDC CertC and 119879C2 to the elder via set period time
(2) After receiving the message the elder checks if thetimestamp 119879C2 is valid or not as follows
1198791198629 minus 119879C2 le Δ119879 (35)
If (35) holds the elder uses the public key PKKGC to verifythe cloudrsquos certification CertC The elder then uses the privatekey SKE to decrypt 1198629
MSGC2 = DSKE(1198629) (36)
The elder stores MSGC2
3 Security Analysis
In this section we present a security analysis to discuss howour scheme can defend against various attacks
31 Replay Attack In our scheme we use the timestampmechanism to defend against the replay attack The receiverwill verify if the timestamp is valid or not by checking thevalid time interval via (6) (14) (22) (27) (31) and (35)Therefore our scheme can defend against replay attack
32 Man-in-Middle Attack If there is a man-in-middleattack our scheme will be able to resist it by checking thetimestamps to verify if the messages are valid
The elder the hospital and the cloud can prove hisheridentity via certification in our scheme The elder sends thecertification CertE to the cloud and the hospital The hospitalsends the certification CertH to the cloud and the elderThe cloud sends the certification CertC to the elder and thehospital Every party will check if the received certification isvalid or not
In our scheme during the health data uploading phasethe hospital and the mobile device use the session keykeyH-CkeyE-C and the public key PKC to encrypt the infor-mation via (3) (4) (12) (13) (19) (20) (26) (30) and (34)
Other parties cannot decrypt the message without theprivate key or the session key so attackers cannot achieve theman-in-middle attack
33 Integrity In the transmission process themobile devicersquosIMEI is authenticated
VPKE(Sig2)t IMEI (37)
Therefore tampering behaviors can be rapidly detectedso the proposed scheme can ensure data integrity
34 Data Security Our scheme involves the digital envelopemechanism In order to ensure the elderrsquos privacy we use thepublic key to encrypt the symmetric key via (3) (12) (19)(26) (30) and (34) emergency information MSGEM andnormal report MSGNM We use the symmetric key to protectthe elderrsquos secret biological data via (4) (13) and (20)
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Sensors 9
Table 1 The nonrepudiation proof
Nonrepudiation proof Issuer Holder Nonrepudiation verificationSig1= SSKH(ℎ1(MSGH1)) Hospital Cloud VPKH
(Sig1)t ℎ1(MSGH1)
Sig2= SSKE(IMEI) Elder Cloud VPKE
(Sig2)t IMEI
Table 2 The security comparisons of related works
Security issue Proposed schemeBen Othman et al [16] Kalra and Sood [17] Lounis et al [18] Our scheme
Replay attack NA Yes NA YesMan-in-middle attack NA Yes Yes YesIntegrity Yes NA Yes YesData security NA Yes Yes YesConfidentiality Yes Yes Yes YesNonrepudiation NA NA NA YesPrivacy NA NA NA Yes
35 Confidentiality In our scheme we use the asymmet-ricsymmetric key to ensure the safety of the patientrsquos per-sonal information as shown in (3) (4) (12) and (13)
In the notification phase the mobile device uses thesession key keyE-C and cloudrsquos public key PKC to encrypt theinformation as shown in (19) and (20)
Then the cloud uses the hospitalrsquos public key PKH toencrypt the emergency message as shown in (26)
Afterwards the hospital uses the elderrsquos public key PKE toencrypt the notification as shown in (30)
In the normal case the cloud uses the elderrsquos public keyPKE to encrypt the normal health report as shown in (34)
The elderrsquos privacy information is protected Thereforeour scheme can achieve confidentiality
36 Nonrepudiation The cloud can use the hospitalrsquos publickey to verify the uploaded data via (7) The hospital cannotdeny the uploading fact The cloud can verify the correctnessof themobile devicersquos IMEI via (24)Themobile device cannotdeny the transmission Every party can use the KGCrsquos publickey PKKGC to verify whether the senderrsquos certification is validor not The nonrepudiation proof is shown in Table 1
37 Privacy Data transmission on the Internet is insecureand the elderrsquos private information may be revealed inthe transmission process In this paper we use symmetricencryption to protect hisher personal privacy fromunautho-rized access The elderrsquos privacy is ensured
38 Transmission Continuity The elderrsquos physical report andthe biological data which are measured by IoT medicalsensors will be stored in the cloud In order to ensuretransmission continuity the receiver will send information tothe sender If the cloud has not received the elderrsquos biologicaldata in an acceptable time which is recommended by thedoctor the cloud will notify the elder and contact hisheremergency family
39 Security Analysis Comparison According to the securityissue we make a comparison with other schemes in Table 2In Table 2 Ben Othman et alrsquos scheme [16] and Lounis et alrsquosscheme [18] have some weaknesses They cannot resist thereplay attack Ben Othman et alrsquos scheme cannot ensure thesecurity of data And Kalra and Soodlsquos scheme [17] cannotachieve integrity The proposed scheme can resist the replayattack and man-in-middle attack and provide integrity anddata security
4 Discussions
41 The Computation Cost of Our Scheme In this subsec-tion we present the proposed schemersquos computation costin Table 3 We use SHA-256 hash function AES-symmetricencryption Menezes-Vanstone cryptosystem and signaturegenerated by the ECDSA [20]
42 The Communication Cost of Our Scheme In this sub-section we show the communication cost of the proposedscheme in Table 4 The highest communication cost in ourscheme is for emergency case while the cost is 5119879ID + 3119879
1015840
AS +11198791015840S+1119879
1015840
Sig+3119879T+5119879Cert = 5lowast80+3lowast1024+1lowast256+1lowast1024+3lowast16+5lowast8192 = 45760 bitsThe time of transmitting thesemessages is 4576020 lowast 10minus6 = 09152ms under the 20Mbpsbandwidth network environment Fast transmission makesour scheme feasible and efficient
5 Conclusions
The elderrsquos continuous medical monitoring is a seriousproblem In this paper we proposed a scheme with IoTsensor based on cloud computing tomake the elder safely andconveniently monitored In our scheme the digital envelopedigital certification signature and timestamp mechanismsare involved We also use the cloudrsquos characteristics to make
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
10 Journal of Sensors
Table 3 The computation cost of our scheme
Case PartyElder Hospital Cloudkey generation center
The case when hospital uploads physical inspection report NA 2119879AS + 1119879Sig + 1119879S + 1119879H 1119879AS + 1119879Sig + 1119879SThe case when mobile device uploads biological data 1119879AS + 1119879S NA 1119879AS + 1119879SThe emergency case 3119879AS + 1119879Sig + 1119879S 2119879AS 2119879AS + 1119879Sig + 1119879SThe normal case 1119879AS NA 1119879AS119879H the time to execute a one-way hash function119879S the time to execute a symmetric encryptiondecryption operation119879AS the time to execute an asymmetric encryptiondecryption operation119879Sig the time to executeverify a signature
Table 4 The communication cost of our scheme
Case CostThe case when hospitaluploads physical inspectionreport
2119879ID+11198791015840
AS+11198791015840
S+11198791015840
Sig+1119879T+119879Cert
The case when mobiledevice uploads biologicaldata
1119879ID + 11198791015840
AS + 11198791015840
S + 1119879T + 119879Cert
The emergency case 5119879ID+31198791015840
AS+11198791015840
S+11198791015840
Sig+3119879T+5119879Cert
The normal case 1119879ID + 11198791015840
AS + 1119879T + 119879CertTotal 8119879ID+6119879
1015840
AS+31198791015840
S+21198791015840
Sig+6119879T+8119879Cert119879ID the time to transmit the identity (80 bits)119879T the time to transmit a timestamp (16 bits)1198791015840
S the time to transmit a symmetric encryption ciphertext (256 bits)1198791015840
AS the time to transmit an asymmetric encryption ciphertext (1024 bits)1198791015840
Sig the time to transmit a signature (1024 bits)119879Cert the time to transmit a certificate (8192 bits) [19]
sure that the elder can get the availablemedical service conve-nientlyThe asymmetricsymmetric encryption technology isused to protect the inspection report and the biological dataof the elder The elderrsquos biological data and other personalinformation can be uploaded to the cloud via authenticationThe hospital can notify the elder or dispatch an ambulancedirectly to himher if there is an emergency situation Theelder can receive hisher personal health reports via setperiods of time and browse the reports on their mobiledevice Therefore our scheme can provide more flexible andaccurate medical service as well as reduce the waste ofmedical resource
Besides our scheme can defend against the replay attackand man-in-middle attack and offer data security integritynonrepudiation and confidentiality in a cloud environmentAs a result the elder need not worry about the insecure accessof medical records in our proposed medical environments
In the future we will focus on the bioinformatics certifi-cation to make the whole process easier for the elderly
Competing Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
This research was supported by the Ministry of Science andTechnology China under Contract nos MOST 103-2632-E-324-001-MY3 MOST 105-2221-E-324-007 and MOST105-2622-E-305-004-CC2
References
[1] World Health Organization httpwwwwhointmediacentrefactsheetsfs381en
[2] H Baldus K Klabunde and G Musch ldquoReliable set-up ofmedical body-sensor networksrdquo Lecture Notes in ComputerScience (including subseries LectureNotes inArtificial Intelligenceand Lecture Notes in Bioinformatics) vol 2920 pp 353ndash3632004
[3] H J La H T Jung and S D Kim ldquoExtensible diseasediagnosis cloud platformwithmedical sensors and IoT devicesrdquoin Proceedings of the 3rd International Conference on FutureInternet of Things and Cloud (FiCloud rsquo15) pp 371ndash378 IEEERome Italy August 2015
[4] Z Zhang and X Hu ldquoZigBee based wireless sensor networksand their use inmedical and health care domainrdquo in Proceedingsof the 7th International Conference on Sensing Technology (ICSTrsquo13) pp 756ndash761 Wellington New Zealand December 2013
[5] httpsenwikipediaorgwikiBody area network[6] F Banaie and S A H Seno ldquoA cloud-based architecture for
secure and reliable service provisioning in wireless sensornetworkrdquo in Proceedings of the International Conference onComputer and Knowledge Engineering (ICCKE rsquo14) pp 96ndash101Mashhad Iran October 2014
[7] C Vecchiola S Pandey and R Buyya ldquoHigh-performancecloud computing a view of scientific applicationsrdquo in Pro-ceedings of the 10th International Symposium on PervasiveSystems Algorithms and Networks (ISPAN rsquo09) pp 4ndash16 IEEEKaohsiung Taiwan December 2009
[8] httpssupportrackspacecomwhite-paperunderstanding-the-cloud-computing-stack-saas-paas-iaas
[9] C-L Chen T-T Yang M-L Chiang and T-F Shih ldquoAprivacy authentication scheme based on cloud for medicalenvironmentrdquo Journal ofMedical Systems vol 38 article no 1432014
[10] A Hendre and K P Joshi ldquoA semantic approach to cloudsecurity and compliancerdquo inProceedings of the IEEE 8th Interna-tional Conference on Cloud Computing (CLOUD rsquo15) pp 1081ndash1084 New York NY USA June 2015
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
Journal of Sensors 11
[11] C-L Chen T-T Yang and T-F Shih ldquoA secure medical dataexchange protocol based on cloud environmentrdquo Journal ofMedical Systems vol 38 no 9 article 112 2014
[12] P Tudor W Martin B Natalia P Zeeshan and B LeonldquoAmbient Health Monitoring the smartphone as a body sensornetwork componentrdquo Innovation in Medicine and HealthcareInmed vol 6 no 1 pp 62ndash65 2013
[13] Z-Y Wu Y-C Lee F Lai H-C Lee and Y Chung ldquoAsecure authentication scheme for telecaremedicine informationsystemsrdquo Journal of Medical Systems vol 36 no 3 pp 1529ndash1535 2012
[14] S Sahaa and S Kumar Tomar ldquoIssues in transmitting physicalhealth information in m-healthcarerdquo International Journal ofCurrent Engineering and Technology vol 3 no 2 pp 411ndash4132013
[15] Q Pu J Wang and R-Y Zhao ldquoStrong authentication schemefor telecare medicine information systemsrdquo Journal of MedicalSystems vol 36 no 4 pp 2609ndash2619 2012
[16] S Ben Othman A Trad and H Youssef ldquoSecurity architecturefor at-home medical care using Wireless Sensor Networkrdquo inProceedings of the 10th International Wireless Communicationsand Mobile Computing Conference (IWCMC rsquo14) pp 304ndash309IEEE Nicosia Cyprus August 2014
[17] S Kalra and S K Sood ldquoSecure authentication scheme for IoTand cloud serversrdquo Pervasive andMobile Computing vol 24 pp210ndash223 2015
[18] A Lounis A Hadjidj A Bouabdallah and Y Challal ldquoHealingon the cloud secure cloud architecture for medical wirelesssensor networksrdquo Future Generation Computer Systems vol 55pp 266ndash277 2016
[19] X509mdashWikipedia httpsenwikipediaorgwikiX509[20] D Johnson andAMenezes ldquoThe elliptic curve digital signature
algorithm (ECDSA)rdquo Tech Rep CORR 99-34 Department ofC amp O University of Waterloo 1999
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpswwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of