The International Arab Journal of Information Technology (IAJIT)


Lightweight Secure MQTT for Mobility Enabled e- health Internet of Things

Internet of Things (IoT) is a smart interconnection of miniature sensors, enabling association of large number of smart objects ranging from assisted living and e-health to smart cities. IoT devices are equipped with limited resources in terms of power, memory and processing capabilities, therefore, presenting novel challenges to security. The purpose of this paper is to design energy efficient security mechanism for IoT based e-health system in which medical data is encrypted using lightweight cryptographic operations. The proposed scheme provides end-to-end data confidentiality for mobility enabled e- health IoT system. Our security scheme is simple and can be computed quickly on scarce resourced motes while providing required security services. Further, the mobility of patients is managed securely without the need of frequent reconfigurations during their movement within hospital/home premises. The evaluation results demonstrate that the proposed scheme reduces energy utilization to 17.84% and increases longevity of motes by 5.6 times compared to Certificate-Based Datagram Transport Layer Security (CB-DTLS). Energy consumption in configuration handover during mobility is handled by resource-rich devices, which make this scheme efficient in managing mobility of sensors. This work can be used as a basis for future research on securing patient data in an e-health system using energy efficient cryptographic operations.

[1] Abbas N., Asim M., Tariq N., Baker T., and Abbas S., “A Mechanism for Securing IoT- enabled Applications at the Fog Layer,” Journal of Sensor and Actuator Networks, vol. 8, no. 1, pp. 16, 2019.

[2] Abouelmehdi K., Beni-Hssane A., Khaloufi H., and Saadi M., “Big Data Security and Privacy in healthcare A Review,” Procedia Computer Science, vol. 113, pp. 73-80, 2017.

[3] Ahamed F. and Farid F., “Applying Internet of Things and Machine-Learning for Personalized Healthcare: Issues and Challenges,” in Proceedings of International Conference on Machine Learning and Data Engineering, Sydney, pp. 19-21, 2018.

[4] Albalas F., Al-Soud M., Almomani O., and Almomani A., “Security-Aware CoAP Application Layer Protocol for the Internet of Things using Elliptic-Curve Cryptography,” The International Arab Journal of Information Technology, vol. 15, no. 3A, pp. 550-558, 2018.

[5] Alzahrani S., “Sensing for the Internet of Things and its Applications,” in Proceeding of 5th International Conference on Future Internet of Things and Cloud Workshops, Prague, pp. 88-92, 2017.

[6] Amaran M., Noh N., Rohmad M., and Hashim H., “A Comparison of Lightweight Communication Protocols in Robotic Applications,” Procedia Computer Science, vol. 76, pp. 400-405, 2015.

[7] Banks A. and Gupta R., MQTT Version 3.1.1., OASIS Standard. http://docs.oasis- mqttv3.1.1- os.html, Last Visited, 2019.

[8] Bello O. and Zeadally S., “Intelligent Device-to- Device Communication in the Internet of Things,” IEEE Systems Journal, vol. 10, no. 3, pp. 1172-1182, 2016.

[9] Biswas K., Muthukkumarasamy V., Wu X., and Singh K., “Performance Evaluation of Block Ciphers for Wireless Sensor Networks,” in Proceedings of International Conference on Advanced Computing and Communication Technologies, New Delhi, pp. 443-452, 2016.

[10] Cha S., Hsu T., Xiang Y., and Yeh K., “Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges,” IEEE Internet Things, vol. 6, no. 2, pp. 2159-2187, 2019.

[11] Chakravorty R., “MobiCare: A Programmable Service Architecture for Mobile Medical Care,” in Proceedings of 4th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, Pisa, 2006.

[12] Chattopadhyay A., Nag A., Ghosh D., and Chanda K., “A Secure Framework for IoT-Based Healthcare System,” in Proceedings of the International Ethical Hacking Conference, Kolkata, pp. 383-393, 2018.

[13] Chen W., Jiang J., and Skocik N., “On the Privacy Protection in Publish/Subscribe Systems,” in Proceedings of International Conference on Wireless Communications, Networking and Information Security, Beijing, pp. 597-601, 2010.

[14] Contiki., “Contiki: The Open Source Operating System for the Internet of Things,”, Last Visited, 2017.

[15] Curguz J., “Vulnerabilities of the SSL/TLS Protocol,” Computer Science and Information Technology, vol. 6, pp. 245-256, 2016.

[16] Daemen J. and Rijmen V., the Design of Rijndael, Springer, 2002.

[17] Deebak B. and Al-Turjman F., “Secure-User Sign-in Authentication for Iot-Based Ehealth Systems,” Complex and Intelligent Systems, pp. 1-21, 2021.

[18] Ding L., Wang Z., Wang X., and Wu D., “Security Information Transmission Algorithms for Iot Based On Cloud Computing,” Computer Communications, vol. 155, pp. 32-39, 2020.

[19] Dunkels A., Eriksson J., Finne N., and Tsiftes N., “Powertrace: Network-level Power Profiling for Low-Power Wireless Networks,” SICS Technical Report T2011:05, 2011. 780 The International Arab Journal of Information Technology, Vol. 18, No. 6, November 2021

[20] Elhoseny M., Ramirez-Gonzalez G., Elnasr O., Shawkat S., Arunkumar N., and Farouk A., “Secure Medical Data Transmission Model for IoT-Based Healthcare Systems,” IEEE Access, vol. 6, pp. 20596-20608, 2018.

[21] El-Zouka H. and Hosni M., “Secure IoT Communications for Smart Healthcare Monitoring System,” Internet of Things, vol. 13, no. 3, 2021.

[22] European Commission Information Society, Internet of Things Strategic Research Roadmap, 2009.

[23] Hathaliya J. and Tanwar S., “An Exhaustive Survey on Security and Privacy Issues in Healthcare 4.0,” Computer Communications, vol. 153, pp. 311-335, 2020.

[24] Holst A., “Number of IoT Connected Devices Worldwide 2019-2030,” connected-devices-worldwide/, Last Visited, 2021.

[25] Hong D., Sung J., Hong S., Lim J., Lee S., Koo B., Lee C., Chang D., Lee J., Jeong K., Kim H., Kim J., and Chee S., “HIGHT: A New Block Cipher Suitable for Low-Resource Device,” in Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, pp. 46-59, 2006.

[26] Hummen R., Shafagh H., Raza S., Voig T., and Wehrle K., “Delegation based Authentication and Authorization for IP-based Internet of Things,” in Proceedings of the 11th IEEE International Conference on Sensing, Communication, and Networking, Singapore, 2014.

[27] Jara A., Zamora-Izquierdo M., and Skarmeta A., “Interconnection Framework for mHealth and Remote Monitoring Based on the Internet of Things,” IEEE Journal on Selected Areas in Communications, vol. 31, no. 9, pp. 47-65, 2013.

[28] Kang N., Oh S., and Yoon S., “Secure Initial-Key Reconfiguration for Resource Constrained Devices,” IETF draft-kang-core-secure- reconfiguration- 01, 2014.

[29] Kenny C., “Random Number Generators: An Evaluation and Comparison of Random.Org and some Commonly Used Generators, 2005,” df, Last Visited, 2021.

[30] Kent S. and Seo K., “Security Architecture for the Internet Protocol,” RFC 4301, 2005.

[31] Khan S. and Aggarwal R., “Efficient Mutual Authentication Mechanism to Secure Internet of Things (IoT),” in Proceedings of International Conference on Machine Learning, Big Data, Cloud and Parallel Computing, Faridabad, pp. 409-412, 2019.

[32] Koop E., Mosher R., Kun L., Geiling J., Grigg E., Long S., Macedonia C., Merrell R., Satava R., and Rosen J., “Future Delivery of Health Care: Cybercare,” IEEE Engineering in Medicine and Biology Magazine, vol. 27, no. 6, pp. 29-38, 2008.

[33] Li S., Xu L., and Zhao S., “The Internet of Things: A Survey,” Information Systems Frontiers, vol. 17, pp. 243-259, 2015.

[34] Moosavi S., Gia T., Rahmani A., Nigussie E., Virtanen S., Isoaho J., and Tenhunen H., “SEA: a Secure and Efficient Authentication and Authorization Architecture for Iot-Based Healthcare using Smart Gateways,” Procedia Computer Science, vol. 52, no. 1, pp. 452-459, 2015.

[35] O’Neil M., “Pcg: A Family of Simple Fast Space-Efficient Statistically Good Algorithm for Random Number Generation. HMC-CS-2014- 0905,” Technical Report, Harvey Mudd College, 2014.

[36] Pascu L., “IoT Disrupts Market; could add $14.2 Trillion to Global Economy by 2030,” news/iiot-disrupts-market-add-14-2-trillion- global-economy-2030/, Last Visited, 2019.

[37] Pasha M. and Shah S., “Framework for E-Health Systems in IoT-Based Environments,” Wireless Communications and Mobile Computing, vol. 18, pp. 1-12, 2018.

[38] Polk T. and Turner S., “Security Challenges for the Internet of Things,” IETF Security, 2011.

[39] Rifà-Pous H. and Herrera-Joancomartí J., “Computational and Energy Costs of Cryptographic Algorithms on Handheld Devices,” Future Internet, vol. 3, no. 1, pp. 31- 48, 2011.

[40] Sahraoui S. and Bilami A., “Efficient HIP-Based Approach to Ensure Lightweight End-To-End Security in Internet of Things,” Computer Networks, vol. 91, pp. 26-45, 2015.

[41] Saied Y. and Olivereau A., “D-HIP: A distributed Key Exchange Scheme for HIP-Based Internet of Things,” in Proceedings of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, San Francisco, pp. 1-7, 2012.

[42] Saleem W., Ali H., and AlSalloom N., “A Framework for Securing EHR Management in the Era of Internet of Things,” in Proceedings of 3rd International Conference on Computer Applications and Information Security, San Francisco, pp. 1-5, 2020.

[43] Sirohi P., Agarwal A., and Tyagi S., “A Comprehensive Study on Security Attacks on SSL/TLS Protocol,” in Proceedings of 2nd International Conference on Next Generation Computing Technologies, Dehradun, pp. 893- 898, 2016. Lightweight Secure MQTT for Mobility Enabled e-health Internet of Things 781

[44] Sunar B., Martin W., and Stinson D., “A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks,” IEEE Transactions on Computers, vol. 56, no. 1, pp. 109-119, 2006.

[45] Suzaki T., Minematsu K., Morioka S., and Kobayashi E., “TWINE: A Lightweight Block Cipher for Multiple Platforms,” in Proceedings of International Conference on Selected Areas in Cryptography, Burnaby, pp. 339-354, 2013.

[46] Texas Instruments., “MSP430F261x MSP430F241x Mixed Signal Microcontroller datasheet,” df, Last Visited, 2019.

[47] The HiveMQ Team, “MQTT Essentials,” part-3-client-broker-connection-establishment, Last Visited, 2018.

[48] Trappe W., Howard R., and Moore R., “Low- Energy Security: Limits and Opportunities in the Internet of Things,” IEEE Security and Privacy, vol. 13, pp. 14-21, 2015.

[49] Xu D., He W., and Li S., “Internet of Things in Industries: A Survey,” IEEE Transactions on Industrial Informatics, vol. 10, no. 4, pp. 2233- 2243, 2014.

[50] Zhang W., Bao Z., Lin D., Rijmen V., Yang B., and Verbauwhede I., “RECTANGLE: a Bit-Slice Lightweight Block Cipher Suitable for Multiple Platforms,” Science China Information Sciences, vol. 58, pp. 1-15, 2015.

[51] Zhou J., Cao Z., Dong X., and Vasilakos A., “Security and Privacy for Cloud-Based IoT: Challenges, Countermeasures, and Future Directions,” IEEE Communications Magazine, vol. 55, no. 1, pp. 26-33, 2017.

[52] Zolertia., “Z1 Datasheet,” r/Z1/Hardware/Revision%20C/Datasheets/Zolerti a%20Z1%20datasheet%20Revision%20C. pdf, Last Visited, 2019. Adil Bashir received his Bachelor of Technology (B. Tech) in Computer Science and Engineering from Islamic University of Science and Technology, Jammu and Kashmir, India in year 2011. He did his Master of Technology (M. Tech) in Communication and Information Technology and PhD both from National Institute of Technology (NIT) Srinagar, India in the year 2013 and 2021 respectively. Presently, he is an Assistant Professor in the Department of Computer Science and Engineering at Islamic University of Science and Technology, Awantipora, Kashmir. His research interests are Internet of Things, Wireless Sensor Networks, Embedded Systems and Network Security. Ajaz Hussain Mir has done his Bachelor of Engineering (B.E) in Electrical Engineering with specialization in Electronics & Communication Engineering (ECE). He did his Master of Technology (M.Tech) in Computer Technology and PhD both from IIT Delhi in the year 1989 and 1996 respectively. He is Chief Investigator of Ministry of Communication and Information Technology, Govt. of India project: Information Security Education and Awareness (ISEA). Presently, he is Professor in the Department of Electronics & Communication Engineering at NIT Srinagar, India. He has been guiding PhD and M.Tech thesis in Security and other related areas and has a number of International publications to his credit. His areas of interest are Biometrics, Image processing, Security, Wireless Communication and Networks.