An Intelligent and Secure Health Monitoring Scheme Using IoT Sensor Based on Cloud Computing

Internet of Things (IoT) is the network of physical objects where information and communication technology connect multiple embedded devices to the Internet for collecting and exchanging data. An important advancement is the ability to connect such devices to large resource pools such as cloud. The integration of embedded devices and cloud servers offers wide applicability of IoT to many areas of our life. With the aging population increasing every day, embedded devices with cloud server can provide the elderly with more flexible service without the need to visit hospitals. Despite the advantages of the sensor-cloud model, it still has various security threats. Therefore, the design and integration of security issues, like authentication and data confidentiality for ensuring the elderly’s privacy, need to be taken into consideration. In this paper, an intelligent and secure health monitoring scheme using IoT sensor based on cloud computing and cryptography is proposed. The proposed scheme achieves authentication and provides essential security requirements.


Introduction
With the rapid development of the Internet of Things (IoT), medical sensors, and Internet applications, online medical service has become possible in recent years.It is noteworthy that the number of elders with chronic disease is increasing every year.An aging society refers to a population structure model in which the aging population reaches or exceeds a certain proportion.According to the UN's traditional standard a region is regarded as an aging society when people over 60 years old account for 10% of the total population, while the new standard is people over 65 years old representing 7% of the total population.Between 2015 and 2050, the proportion of the world's population over 60 years will nearly double, from 12% to 22% [1].An aging society means low fertility, aging population structure, and social security system lag.In the meantime, the health of the elderly has become a highlighted social issue.While more and more elders need long-term care, they also want to remain independent and active and reside in their own homes for as long as possible.
Due to the lack of medical resources, they cannot be treated appropriately.The hospitals are filling up with an aging population, recovery groups and high risk groups.Continuous monitoring of critical vital signs of patients is a key process in hospitals.Today, this is usually performed via different cabled sensors attached to the patient and connected to bedside monitors [2].The limitation here is that the elders are tied to bedside devices.Consequently, it has become feasible and necessary to perform personal diagnoses of medical diseases with the measurement repository without visiting hospitals [3].With the increasing availability of medical sensors and IoT devices for personal use, this situation opens up a new application area for body sensor networks.
Wireless sensor networks (WSNs) are an emerging technology that possesses a huge potential to play an important role in many applications [4].The rapid growth in physiological sensors, low-power integrated circuits, and wireless communication has enabled a new generation of wireless sensor networks, now used for purposes such as monitoring traffic, crops, infrastructure, and health.The body area network field is an interdisciplinary area which could allow inexpensive and continuous health monitoring with real-time updates of medical records via the Internet [5].
However, with the presence of sensor networks, many challenges have emerged in terms of flexibility, scalability, and heterogeneous information services.The integration of WSN with cloud provides greater flexibility, unlimited resources, immense processing power, and the ability to provide quick response to the user [6].Cloud computing provides scientists with a completely new model for utilizing the computing infrastructure.Computer resources and storage resources and applications can be dynamically provisioned (and integrated within the existing infrastructure) on a pay-per-use basis [7].To provide more suitable and convenient network services, cloud computing has become even more flexible for personal use.Since the cloud is a broad collection of services, organizations can choose where, when, and how they use cloud computing [8].There are different types of cloud computing services commonly referred to as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).Many studies [3,9] pointed out that cloud computing services are clearly the future trend.Cloud computing services are provided through a browser to access online programming applications, software, and data [9].Cloud providers have to adhere to security and privacy policies to ensure their users' data remain confidential and secure [10].
Moreover, since the number of smart phones is estimated to reach 1 billion, traditional phones started to be gradually eliminated in 2015.The rapid development of smart phones and the related technology means that mobile computing is no longer the priority; we should also focus on reducing the computation cost and communication cost to achieve the optimal efficiency.Despite the agreement and certification of parties to browse medical information, the public still has concerns about the electronic medical record (EMR) system because of the information security issues, such as hacking, information transfer time, and long-term data management problems.
In recent years, many medical resources have been implemented for people seeking medical advice conveniently [11].In the literature [12], researchers combine mobile devices and body sensors but do not sufficiently discuss security issues.Security issues of IoT sensors and medical systems have always been a vital aspect part of active research.It is important to consider security solutions to guarantee data authenticity, freshness, replay protection, integrity, and confidentiality.Some research, such as [13][14][15], specifically address security issues with respect to healthcare applications.In 2014, Ben Othman et al. proposed an efficient solution for securing data transmission, which combines compressive sensing with encryption and integrity checking [16].In 2015, an ECC-based mutual authentication protocol for secure communication between embedded devices and cloud servers was presented in a paper by Kalra and Sood [17].In 2016, Lounis et al. proposed a new cloud-based architecture for medical wireless sensor networks which can ensure the security of medical data without patients/doctors interventions [18].However, these schemes still fail to ensure a patient's privacy and nonrepudiation.In this paper, we propose an intelligent and secure monitoring scheme using IoT sensors based on cloud computing to protect the elders' privacy.
The main problem here is that the elderly population is increasing every day and they should not be tied to their bed with monitoring machines, causing them inconvenience and entailing the waste of medical resources.On the other hand, the elderly with chronic conditions also have a high probability of suffering some acute diseases or episodes, such as heart attacks.Without the appropriate medical assistance, the consequences will be very serious.The EMR will be used in our scheme to provide more flexible and appropriate medical service.Due to the importance of the elders' privacy, the proposed scheme should focus on the advantages offered by the characteristics of cloud computing and the security of the elders' information.
The remainder of the paper is organized as follows: Section 2 describes the current approaches on the configuration of medical sensor networks.Section 3 introduces our scheme architecture for a wireless IoT sensor network and the setup procedure.In Section 4, we analyze the security issues of our scheme and compare it with other schemes.Section 5 contains some conclusions and offers some ideas for future work.

The Proposed Scheme
In our scheme, each party should register at the key generation center which will issue a pair of public key and private key, to communicate with other parties.The user also gets the pregenerated key; it can be used to encrypt the private health information.The elders can use a mobile device to connect to the IoT medical sensor which can collect the biological data.Seven parties are involved in our scheme as follows.
(1) Elder (E).The aging population with chronic disease (e.g., heart disease, diabetes, and hypertension) wears the IoT medical sensor which can collect biological data.
(2) Cloud (C): Intelligent Data Storage.The elder can access the cloud service to upload/download the health information via authentication.It can provide smart applications and send private health reports to the elder at set periods of time.Once there is an emergency situation, the cloud will notify the hospital.
(3) Hospital (H).It is a hospital where the elder can get physical inspection and the report.Once the elder's biological data are over a threshold, the hospital will notify the elder and dispatch an ambulance after it gets the cloud's notification.

(4) Key Generation Center (KGC).
The key generation center will issue a pair of public key and private key for the registered parties.The user's pregenerated key and the time of the key's generation are stored in the database.
(5) IoT Medical Sensor (MS).It is the collecting device of the elder's biological data.The IoT medical sensor can also  The elder goes to the hospital for a health inspection and the report will be uploaded to the cloud.Every set period of time, the IoT medical sensor will collect the elder's biological data and transfer them to the cloud via mobile device.The hospital and the cloud process authentication procedure.The scenarios are described in Figure 1.
(1) The elder, the hospital, and the cloud must register at the key generation center in advance via secure channel.
(2) The elder goes to hospital for a physical inspection.
(3) The hospital uploads the elder's physical inspection report to the cloud.
(4) The IoT medical sensor gets the elder's biological data via set periods of time and sends it to the mobile device.
(5) The mobile device uploads the biological data to the cloud.
(6) The cloud compares the data sent from the mobile device with the standard values stored in the database.Once there is an emergency, the cloud notifies the hospital and contacts the elder's family in an acceptable time.
(7) After the hospital gets the notification, it sends messages and dispatches an ambulance to the elder.
(8) If the data collected by the IoT medical sensor are normal, the cloud sends a health report to the elder at set periods of time.

Notations.
The following lists notations that will be used in our scheme: ID  : 's identity.: the secret value.

Registration Phase.
Both the elder and the hospital must register at the key generation center in advance.The KGC will issue a pair of public key and private key for each party.The user will get the cloud's public key and use the pregenerated key to encrypt/decrypt the medical information.The KGC will also record the key's generation time in the database.The flowchart of the registration phase is shown in Figure 2.
(1) The elder, the hospital, and the cloud choose the identity ID E /ID H /ID C and send it to the key generation center through a secure channel.The elder should also send his/her

User (X) KGC
Chooses ID X Stores SK X and key ID X , IMEI, contact information SK X , key Records ID X , T KGC Stores IMEI and contact information mobile devices IMEI and personal contact information to the KGC, including emergency family contacts.
(2) After receiving the message, the KGC uses the private key  to compute the user's public key PK E /PK H /PK C , the private key SK E /SK H /SK C , and the pregenerated session key key E-KGC /key H-KGC /key C-KGC as follows: (1) Then, the KGC sends (PK E , SK E , key E-KGC ), (PK H , SK H , key H-KGC ), and (PK C , SK C , key C-KGC ) to the elder, the hospital, and the cloud, respectively.In addition, the KGC generates the certification Cert E /Cert H for the elder and hospital, respectively.
(3) Each party stores (PK E , SK E , key E-KGC ), (PK H , SK H , key H-KGC ), and (PK C , SK C , key C-KGC ), respectively.The elder and hospital can use the certification Cert E /Cert H to process authentication.

The Hospital Uploads Physical Inspection Report Case.
The elder goes to the hospital for a physical inspection.After the hospital and the cloud process authentication, the hospital uploads the physical inspection report to the cloud.The flowchart of the hospital uploading physical inspection report case is shown in Figure 3.
(1) The hospital uses the session key key H-C to encrypt the physical inspection report and makes a timestamp  H1 .The hospital uses the cloud's public key PK C to encrypt key H-C and makes a signature Sig 1 as follows: Then, the hospital sends Sig 1 , ID H , ID E , Cert H ,  1 ,  2 , and  H1 to the cloud.
(2) The cloud verifies the hospital's signature according to the hospital's identity ID H and checks if the timestamp  H1 is valid or not as follows: If (6) holds, the cloud uses the KGC's public key PK KGC to verify the hospital's certification Cert H .Then, the cloud finds SD key H-C according to ID H and uses the private key SK C and session key key H-C to decrypt  1 and  2 : key (ID H , ID E , Data H1 , Data H2 , . . ., Data H ,  H1 ) = SD key H-C ( 1 ) .
Afterwards, the cloud stores MSG H1 and Sig 1 .

The Mobile Device Uploads Biological Data Case.
In this phase, we consider the IoT medical sensors embedded into an elder's body.The elder uses the mobile device to transfer the biological data which are measured by IoT medical sensors to the cloud.The flowchart of the mobile device uploading biological data case is shown in Figure 4.

Hospital (H) Cloud (C)
Verifies the hospital's signature MSG H1 = (ID H , ID E , Data H1 , Data H2 , . . ., Data Hn , T H1 ) ) (ID H , ID E , Data H1 , Data H2 , . . ., Data Hn , T H1 ) = SD key H-C (C 1 ) Stores MSG H1 and Sig 1  (1) The IoT medical sensor collects the biological data MSG MS1 and sends them to the elder's mobile device through a secure channel: (2) After receiving the message, the mobile device uses the session key key E-C to encrypt the elder's health information MSG MD and makes a timestamp  MD .Afterwards, the mobile device uses the cloud's public key PK C to encrypt key E-C : Then, the mobile device sends ID E , Cert E ,  3 ,  4 , and  MD1 to the cloud.
(3) The cloud checks if the timestamp  MD1 is valid or not: If ( 14) holds, the cloud verifies the received IMEI by finding the mobile device's registered IMEI which is stored in the database according to the elder's identity ID E .If it holds, the cloud uses the public key PK KGC to verify the elder's certification Cert E .Then, the cloud uses the private key SK C and session key key E-C to decrypt  3 and  4 , respectively: MSG MD1 = SD key E-C ( 3 ) .
Afterward, the cloud stores MSG MD1 .

The Notification Phase
2.4.1.The Emergency Case.When the cloud gets the elder's biological data from the mobile device, the cloud compares the data with the standard values stored in the database.If there is an emergency situation, the cloud sends the alert message to the hospital and contacts the emergency family simultaneously.Then, the hospital will contact the elder and dispatch an ambulance to help the elder, if necessary.The flowchart of the emergency case is shown in Figure 5.
(1) The IoT medical sensor collects the elder's biological data, such as ECG, oxygen saturation, blood pressure, and body temperature.The IoT medical sensor sends the biological data to the mobile device through a secure channel and makes a timestamp  MS2 : (2) After receiving the message, the mobile device makes a timestamp  MD2 and integrates IMEI and MSG MS2 : The mobile device then uses the session key key E-C to encrypt MSG MD2 and the cloud's public key PK C to encrypt key E-C .In the meantime, the elder uses the private SK E and a signature Sig 2 via mobile device as follows: The mobile device sends Sig 2 , ID E , Cert E ,  5 ,  6 , and  MD2 to the cloud.
(3) After receiving the message, the cloud checks if the timestamp  MD2 is valid or not: If ( 22) holds, the cloud uses the private key SK C and session key key E-C to decrypt  6 and  5 as follows: The cloud then uses the KGC's public key PK KGC to verify the elder's certification Cert E and check if the mobile device's IMEI is the same as the registered IMEI: The cloud then compares the elder's biological data with the standard value stored in the database.If some of the inspection data is beyond the threshold, the cloud uses the hospital's public key PK H to encrypt the emergency message MSG C1 and make a timestamp  C1 : The cloud sends ID C , ID E , Cert E , Cert C ,  7 , and  C1 to the hospital.
(4) After receiving the message, the hospital checks if the timestamp  C1 is valid or not as follows: If (27) holds, the hospital uses the public key PK KGC to verify the cloud's and the elder's certification.Then, the hospital uses the private key SK H to decrypt  7 : (5) The hospital gets the elder's identity and obtains his/her contact information which is stored in the database.The hospital then gets the elder's location via the mobile device.According to MSG C1 , the hospital evaluates the elder's situation to determine whether to dispatch the ambulance to help the elder.If the elder is able to receive the message,  the hospital uses the elder's public key PK E to encrypt the notification MSG H2 and makes a timestamp  H2 : The hospital then sends ID H , Cert H , ID E , Cert E ,  8 , and  H2 to the elder.(6) The elder checks if the timestamp  H2 is valid or not when he/she receives the message: If (31) holds, the elder uses the public key PK KGC to verify the hospital's certification and uses the private key SK E to decrypt  8 : If the elder is unconscious and cannot respond to the hospital's notification, the hospital gets the elder's location via GPS and dispatches an ambulance to help him/her directly.

The Normal Case.
If the elder's biological data fall in the average scope, the cloud will send a report back to the elder via period of time.The flowchart of the normal case is shown in Figure 6.
(1) The cloud uses the elder's public key PK E to encrypt the normal health report MSG C2 and makes a timestamp  C2 : The cloud sends the encrypted health information  9 , ID C , Cert C , and  C2 to the elder via set period time.
(2) After receiving the message, the elder checks if the timestamp  C2 is valid or not as follows: If (35) holds, the elder uses the public key PK KGC to verify the cloud's certification Cert C .The elder then uses the private key SK E to decrypt  9 .
The elder stores MSG C2 .

Security Analysis
In this section, we present a security analysis to discuss how our scheme can defend against various attacks.

Replay Attack.
In our scheme, we use the timestamp mechanism to defend against the replay attack.The receiver will verify if the timestamp is valid or not by checking the valid time interval via ( 6), ( 14), ( . Therefore, our scheme can defend against replay attack.

Man-in-Middle
Attack.If there is a man-in-middle attack, our scheme will be able to resist it by checking the timestamps to verify if the messages are valid.The elder, the hospital, and the cloud can prove his/her identity via certification in our scheme.The elder sends the certification Cert E to the cloud and the hospital.The hospital sends the certification Cert H to the cloud and the elder.The cloud sends the certification Cert C to the elder and the hospital.Every party will check if the received certification is valid or not.
Other parties cannot decrypt the message without the private key or the session key, so attackers cannot achieve the man-in-middle attack.

Integrity.
In the transmission process, the mobile device's IMEI is authenticated: Therefore, tampering behaviors can be rapidly detected, so the proposed scheme can ensure data integrity.
In the notification phase, the mobile device uses the session key key E-C and cloud's public key PK C to encrypt the information as shown in (19) and (20).
Then, the cloud uses the hospital's public key PK H to encrypt the emergency message as shown in (26).
Afterwards, the hospital uses the elder's public key PK E to encrypt the notification as shown in (30).
In the normal case, the cloud uses the elder's public key PK E to encrypt the normal health report as shown in (34).
The elder's privacy information is protected.Therefore, our scheme can achieve confidentiality.
3.6.Nonrepudiation.The cloud can use the hospital's public key to verify the uploaded data via (7).The hospital cannot deny the uploading fact.The cloud can verify the correctness of the mobile device's IMEI via (24).The mobile device cannot deny the transmission.Every party can use the KGC's public key PK KGC to verify whether the sender's certification is valid or not.The nonrepudiation proof is shown in Table 1.

3.7.
Privacy.Data transmission on the Internet is insecure and the elder's private information may be revealed in the transmission process.In this paper, we use symmetric encryption to protect his/her personal privacy from unauthorized access.The elder's privacy is ensured.

Transmission Continuity
. The elder's physical report and the biological data which are measured by IoT medical sensors will be stored in the cloud.In order to ensure transmission continuity, the receiver will send information to the sender.If the cloud has not received the elder's biological data in an acceptable time, which is recommended by the doctor, the cloud will notify the elder and contact his/her emergency family.

Security Analysis Comparison.
According to the security issue, we make a comparison with other schemes in Table 2.In Table 2, Ben Othman et al. 's scheme [16] and Lounis et al. 's scheme [18] have some weaknesses.They cannot resist the replay attack.Ben Othman et al. 's scheme cannot ensure the security of data.And Kalra and Sood's scheme [17] cannot achieve integrity.The proposed scheme can resist the replay attack and man-in-middle attack and provide integrity and data security.

The Computation Cost of Our Scheme.
In this subsection, we present the proposed scheme's computation cost in Table 3.We use SHA-256 hash function, AES-symmetric encryption, Menezes-Vanstone cryptosystem, and signature generated by the ECDSA [20].

The Communication Cost of Our Scheme.
In this subsection, we show the communication cost of the proposed scheme in Table 4.The highest communication cost in our scheme is for emergency case, while the cost is

Conclusions
The elder's continuous medical monitoring is a serious problem.In this paper, we proposed a scheme with IoT sensor based on cloud computing to make the elder safely and conveniently monitored.In our scheme, the digital envelope, digital certification, signature, and timestamp mechanisms are involved.We also use the cloud's characteristics to make    T : the time to transmit a timestamp (16 bits).  S : the time to transmit a symmetric encryption, ciphertext (256 bits).

𝑇 󸀠
AS : the time to transmit an asymmetric encryption, ciphertext (1,024 bits).

𝑇 󸀠
Sig : the time to transmit a signature (1024 bits). Cert : the time to transmit a certificate (8192 bits) [19].
sure that the elder can get the available medical service conveniently.The asymmetric/symmetric encryption technology is used to protect the inspection report and the biological data of the elder.The elder's biological data and other personal information can be uploaded to the cloud via authentication.The hospital can notify the elder or dispatch an ambulance directly to him/her if there is an emergency situation.The elder can receive his/her personal health reports via set periods of time and browse the reports on their mobile device.Therefore our scheme can provide more flexible and accurate medical service as well as reduce the waste of medical resource.
Besides, our scheme can defend against the replay attack and man-in-middle attack and offer data security, integrity, nonrepudiation, and confidentiality in a cloud environment.As a result, the elder need not worry about the insecure access of medical records in our proposed medical environments.
In the future, we will focus on the bioinformatics certification to make the whole process easier for the elderly.

Figure 3 :
Figure 3: The hospital uploads physical inspection report case.

Figure 4 :
Figure 4: The mobile device uploads biological data case.

𝑇
ID : the time to transmit the identity (80 bits).

Table 2 :
The security comparisons of related works.

Table 3 :
The computation cost of our scheme.2 AS + 1 Sig + 1 S + 1 H 1 AS + 1 Sig + 1 S The case when mobile device uploads biological data 1 AS + 1 S N/A 1 AS + 1 S The emergency case 3 AS + 1 Sig + 1 S 2 AS 2 AS + 1 Sig + 1 S : the time to execute a one-way hash function. S : the time to execute a symmetric encryption/decryption operation. AS : the time to execute an asymmetric encryption/decryption operation. Sig : the time to execute/verify a signature. H