ABSTRACT
A key initiative taken by the government of India in response to Prime Minister Narendra Modi's ‘Digital India’ move is the formation of an Internet of Things (IoT) ecosystem for smart healthcare. The Web of Medical Things (WoMT) is the collection of medical devices and applications connecting to healthcare IT systems. Nevertheless, security remains a challenge where massive data breaches result in the loss or compromise of millions of personally identifiable healthcare records. Also, WoMT-based services are suffering from poor authentication methods resulting in disclosure of session keys and leading to various intensive attacks. Hence, to overcome these issues, a state-of-art authentication (Handshake) protocol using elliptic curve cryptography (ECC) is proposed here to reduce the computational/communicational cost and increase attack resistance capabilities with formal proof of security. ECC provides better security when compared to ElGamal with smaller keys. However, if the curve is not a supersingular curve, the protocol is subjective to quantum attacks. In order to safeguard against quantum attacks and to ensure end-to-end (E2E) security in WoMT, the adoption of quantum safe approaches is indispensable. Quantum cryptography or quantum key distribution (QKD) solves the key distribution problem by allowing the parties to exchange the key with absolute security, as guaranteed by the laws of quantum physics. Hence, in the proposed improved model, the keys K/K' generated at the end of authentication phase are used as random input (α) for generating the quantum key. Quantum entanglement property imposes a threshold on the information leaked to an unauthorized user and thus ensures that an eavesdropper will not be able to obtain the secret key in real time or in offline. To prove the strength of the improved model, a comparison is made against the basic model with evaluation metrics as formal proof of security and attack resistance capability. The security analysis of the proposed improved model confirms that a high security level is guaranteed in WoMT environment.
