Secure Elgamal Based Authentication Scheme for Cloud Assisted IOT Based Wireless Body Area Network

: Now-a-days ireless Body Area Network (WBAN) is considered to be new era technique in which patient’s health record are monitored remotely by using wearable sensors from anywhere in the world. In such high-level communication, there is need of security services are required to protect the data being used by healthcare professionals and patients from intruders or attackers. Therefore, many researchers are showing their keen interest for security enhancement of WBAN architecture for secure communication. In this dissertation work, different security and privacy techniques are reviewed and analysed WBAN/IoT challenges as well their limitations based on the latest standards and publications. This research also covers the state-of-art security measures and research in WBAN. This research presents an ElGamal cryptosystem and biometric information authentication scheme for WBAN/IOT applications. This work observed that most of the authentication protocols using hash function and ElGamal cryptosystem for cloud-based applications are affected by security attacks and are unable to hide the actual identities of the end users during login session. Therefore, this work has introduced a secure biometric ElGamal-based authentication as well as data sharing schemes. The result analysis shows that the proposed work is better with respect to existing work with respect to execution time and cost as well as security level.


I. INTRODUCTION
A Body Area Network (BAN) is a short-range wireless network consisting of devices positioned inside, above and around the body. It offers data communication over short distances, limited to distances of a few meters. Figure 1 shows the basic concept. This new type of intrinsically personal network uses portable and implanted electronic circuits. It implements extremely useful functions and capabilities in practical and discrete configurations that operate with very low energy consumption and offer exceptional security [1].
The number of technical products used by one person, a desktop computer, a laptop, a tablet, a mobile phone has increased considerably and one person often uses multiple products on a regular basis. Other products are implanted in humans to monitor various bodily functions and conditions, as well as the environment [2].
The sensor nodes are positioned directly on the body or under the skin of a person to record certain body parameters such as the electrocardiogram (ECG), the electroencephalogram (EEG), body movements, temperature, blood pressure, blood sugar, heart rate, respiratory rate, etc. [3]. These sensors are designed for specific purposes to meet the requirements. For example, an EEG sensor should monitor electrical activity in the brain. Another example is the ECG sensor, developed to monitor cardiac activity.

II. LITERATURE REVIEW
Kim et al. [4] proposed a secure and lightweight mutual authentication and key establishment scheme using wearable devices to resolve the security shortcomings. The proposed scheme can be suitable to resource-limited environments.
Jiang et al. [5] proposed an optimized system for deep distributed learning which includes a cloud server and several smartphones with IT functions. Each device is used as a personal mobile data hub to enable mobile computing while protecting data protection. The proposed system stores private data locally on smartphones, shares the settings formed and creates a global consensus model. The feasibility and usability of the proposed system are assessed through three experiments and the related discussion. Experimental results show that the proposed www.ijoscience.com 49 distributed deep learning system can reconstruct the behaviour of centralized training.
Pandey et al. [6] presented a state-of-art survey about various features of BAN specifically communications, sensors, applications, requirements, standards & protocol, and security aspects.
Meng et al. [7] proposed a new anonymous mutual authentication and key agreement scheme, with untraceability and session key forward secrecy. The scheme uses as few hash functions and XOR operations as possible for authentication and key agreement. It is officially proven to be correct through BAN logic, and its security has been verified by using the Automated Validation of Internet Security Protocols and Applications (AVISPA) as well.

III. OBJECTIVES
To solve the mentioned problems in previous schemes, an algorithm is proposed for secure authentication system for WBAN/IOT.
 A secure authentication and key agreement scheme for cloud-assisted WBAN/IOT system is proposed. Therefore, only authorized users have ability to access information and the proposed system can ensure user's privacy and data integrity.  From the execution of the proposed procedures, the system reduces the burden on some computations and is suitable for implementation in the current mobile environment.

IV. PROPOSED METHODOLOGY
For secure cloud-assisted IOT application, three roles participate in this system: the user (U), the cloud-service centre (CSC) and the Authenticator (A). Before accessing the system, every participant must register with the CSC and it will issue one specific certificate to access data files in WBAN/IOT.


Step 1. The user U goes to the Authenticator to take authentication permission to access or upload a file.  Step 2. The user uploads his/her biometric information in encrypted form to the Authenticator (A) and A will authenticate previously registered user. If not registered then make a registration and store information.  Step 3. A authenticate user and redirect user U to CSC.  Step 4. The user U can either upload a new file or access existing files. For accessing other file he has to provide some accessing parameters and accessing license will be provided to the user for a specific time limit.
 Step 5. The authorized user U can access files stored in cloud center.

Fig. 1 Flow Chart of Proposed Work
As more and more organizations and individuals tend to outsource their data to cloud storage, the security and user privacy protection attract more attention. Encryption and decryption of data files are primarily user-centric, that only legitimate users are allowed to upload and download files, and specify whether a file can be shared to other users. There are two ends while we talk about the security of the data in a cloud environment. In order to keep securities at cloud storage following skeleton of the proposed work which is hybrid in nature containing three stages is given.
Section presents proposed security scheme which provides a complete outsourcing solution of data-not only the data confidentiality but also its authentication. Proposed security scheme consists of four stages (AuthUser, KeyGen, EncryData, DecryData). AuthUser is a stage to authenticate the iot user for secure outsourcing of data at the cloud end. KeyGen is a module that is run by cloud server to generate a public and private key that is to be used in next stage of this scheme. EncryData is a stage where data is encrypted using proposed algorithm and store it at cloud database. DecryData is stage that is used at retrieval time of data, this module decrypts the data using proposed algorithm www.ijoscience.com 50  In the second stage, proposed work deals with new designed encryption algorithm which is based on the concept of ElGamal algorithm. In the third stage of proposed work, the phase of data file authentication and decryption, firstly the user of data file will take permission for retrieval of data file. Immediately the CSS gives license for the user authentication. Finally the user use the secrete key to retrieve the data for decryption.

C. Elgamal Algorithm
ElGamal algorithm consists of three processes; there is the process of forming the key, the process of encryption and the decryption process. This algorithm is a block cipher, which was doing the encryption process on the plaintext blocks that generate ciphertext blocks then it had done the decryption process, and the results are re-combined into a whole and understandable message.

Key Formation Process
Key formation process consists of key public and private key. The process is to determine a prime number p, primitive element VOL. Coordinates (x, y) ∈ E p follows certain additive abelian properties.
The strength of Elliptic curve analogue ElGamal encryption scheme (ECAEES) depends on Elliptic curve discrete logarithmic problem (ECDLP) which is an exponentially difficult problem with raise in key size. Performing encryption and decryption operation using ECAEES over a finite field requires computation for encoding plain data to the coordinate of the elliptic curve.

Koblitz encoding technique
For the Koblitz method, we choose p such that the following conditions are satisfied:  p is a prime such that p does not divide −16(4A 3 + 27B 2 ).  p ≡ 3 mod 4.  p has more than 2560 bits.  p > m.
After converting the message to a number m, we use the following algorithm to encode the message as a point on an elliptic curve E.
 Given an elliptic curve over a finite field : Ep : y 2 = x 3 + ax + b mod p  Represent the plain message as an integer m (where 0 ≤ m < p/1000 -1).  For 0 ≤ j < 1000, compute x j = 1000m + j and s j = x 3 j + ax j + b mod p.  If s (p−1)/2 j ≡ 1 mod p, then s j is a square mod p.  For p ≡ 3 mod 4, y j ≡ s (p+1)/4 j mod p.  The message m is embedded as P m = (xj , yj).  m can be recovered by a division operation on x coordinate of P m and taking the floor value V. RESULT ANALYSIS According to the simulation scenario, table 1 has been given as an evidence to show that proposed cryptosystem for WBAN/IOT takes less time to execute.  According to the simulation scenario, table 2 has been given as an evidence to show that proposed cryptosystem for WBAN/IOT takes less communication cost in terms of data bits.
According to the simulation scenario, table 3 has been given as an evidence to show that proposed cryptosystem for WBAN/IOT takes less upload and download execution time in terms of data bits.

A. Comparative Performance Analysis
In [1] author presented an ElGamal cryptosystem and biometric information along with a user's password-based authentication scheme for cloud-based IoT applications refereed as SAS-Cloud. This research presents an modified ElGamal cryptosystem and biometric information authentication scheme for WBAN/IOT applications for license based data sharing applications.
The table 4 shows the comparative feature analysis of proposed algorithm with existing algorithm. The table 5 and figure 8 shows the comparative performance evaluation for login as well as authentication of proposed algorithm with existing algorithm.  Shen et al [11] 11 Hwang and Li [12] 11 Lee et al. [8] 13 Execution taken in Login and Authentication zone, and there still remain various extensive issues and challenges which is difficult to overcome. This work reviewed the deployment of WBANs in terms of security and privacy. It has also dealt with WBAN communication architecture, the security and privacy in WBAN and the threats to the integration of sensors and actuators as well as attacks to WBANs. This implies that the framework provides for the other substantive safety measures such as trust, audit, digital forensics and IDPS to guarantee compliance within the law and ethical behaviour by healthcare workers and system operators who have the access to patient records and information. These implications require the public and health care personnel to be aware of the challenges that come along with WBAN usage to ensure that the application in delivering patient's healthcare is secured at all levels. This work reviewed the deployment of WBANs in terms of security and privacy. This work observed that most of the authentication protocols using hash function and ElGamal cryptosystem for cloud-based applications are affected by security attacks and are unable to hide the actual identities of the end users during login session. Therefore, this work has introduced a secure biometric ElGamalbased authentication as well as data sharing schemes. The result analysis shows that the proposed work is better with respect to existing work with respect to execution time and cost as well as security level. In future, this work will be enhanced with some other parameters such as computational cost, storage space. This work will also be enhanced for estimating the level of security by applying different types of attacks. Somehow, it can also be enhanced while estimating the network load while transmitting over IOT.