Received: 20 February 2023 | Revised: 14 April 2023 | Accepted: 14 April 2023

DOI: 10.37917/ijeee.19.2.9 Vol. 19 | Issue 2 | December 2023

Open Access
Iraqi Journal for Electrical and Electronic Engineering
Original Article

A Privacy-Preserving Scheme for Managing Secure Data

in Healthcare System
Naba M. Hamed*1 , Ali A Yassin2
1 College
of Computer Science and Information Technology, University of Basrah, Basrah, 61004, Iraq
2 Department of Computer science, Education College for Pure Sciences, University of Basrah, Basrah, 61004, Iraq

Correspondance
*Naba M.Hamed
Department of Computer science,
College of Computer Science and Information Technology,
University of Basrah, Basrah, Iraq.
Email: [email protected]

Abstract
In the world of modern technology and the huge spread of its use, it has been combined with healthcare systems and the
establishment of electronic health records (EHR) to follow up on patients. This merging of technology with healthcare
has allowed for more accurate EHRs that follow a patient to different healthcare facilities. Timely exchange of electronic
health information (EHR) between providers is critical for aiding medical research and providing fast patient treatment.
As a result, security issues and privacy problems are viewed as significant difficulties in the healthcare system. Several
remote user authentication methods have been suggested. In this research, we present a feasible patient EHR migration
solution for each patient. finally, each patient may securely delegate their current hospital’s information system to a
hospital certification authority in order to receive migration proof that can be used to transfer their EHR to a different
hospital. In addition, the proposed scheme is based on crypto-hash functions and asymmetric cryptosystems by using
homomorphic cryptography. The proposed scheme carried out two exhaustive formal security proofs for the work that
was provided. Using Scyther, a formal security tool, we present a secure user authentication technique in the proposed
healthcare scheme that ensures security and informal analysis.
Keywords
Electronic Health Records, Scyther, Migration Data, Asymmetric encryption, Homomorphic Cryptography.

I. I NTRODUCTION study fields have evolved to improve human life.

The internet has become an indispensable part of everyday
life. Thanks to the fast progress of internet technology, we can
now deliver any service from anywhere and at any time [1].
Remote user authentication is becoming an increasingly sig-
nificant component of gaining access to valuable services or
resources in the healthcare system, cloud applications, multi-
server configurations, and mobile devices. Remote user au-
thentication is an essential component of any security strategy.
In the absence of authentication, audit trails are opaque, and
authorization grants identity-based privileges [2]. If we can-
not distinguish between authorized and unauthorized parties,
secrecy and privacy will be violated. In recent years, various
An Electronic Health Record (EHR) is a personal medical
record incorporated into health information systems [3]. Many
countries create health information systems to help administer
each patient’s activities and health monitoring. Consider the
following scenario: A patient (let’s call her Alice) plans to
see a doctor at a new hospital. If she visits a new hospital,
she may be required to disclose her personal medical infor-
mation again. Furthermore, if her doctor needs her medical
treatment history from other institutions, she must decide how
to securely communicate this information to her doctor. These
issues are very pressing. Our proposed approach guarantees
that data access and data transfer are simple and secure. Each

This is an open-access article under the terms of the Creative Commons Attribution License,
which permits use, distribution, and reproduction in any medium, provided the original work is properly cited.
©2023 The Authors.
Published by Iraqi Journal for Electrical and Electronic Engineering | College of Engineering, University of Basrah.

https://doi.org/10.37917/ijeee.19.2.9 https://www.ijeee.edu.iq | 70
71 | Hamed & Yassin
user must be granted the proper access rights [4]. One of
the most straightforward and practical security solutions is
password-based authentication. Password-based authentica-
tion mechanisms are used in the healthcare system, e-business,
database management systems, and smart card applications.
Our method presents a feasible and verifiable patient EHR
fair exchange for health information systems. Patients must
not only delegate the transfer of their personal EHR from
their current hospital health information system to the hospi-
tal system of their choice but also retain their privacy [4]. Our
system ensures safe data storage and the secure transmission
of permitted information to a specified place. We propose a
high-level, realistic, and demonstrable patient EHR fair ex-
change model with key agreements for health information
systems. A patient can not only delegate the current hospital’s
health information systems to migrate their personal EHR to
the chosen hospital system but also maintain their privacy [5].
In India, EHR guidelines advocate for the safe sharing
of health information with minimal disclosure of personal
identification. The majority of identity-related breaches are
triggered by the leak of sensitive information associated with
identifiers, as well as the vast data collection and tracking
permitted by service providers [6]. The General Data Pro-
tection Regulation encourages entity-controlled identifiers
and limited information collection to preserve privacy. Many
countries have laws in place to protect patients’ privacy, such
as the Health Insurance Portability and Accountability Act
(HIPAA)in the United States. Confidentiality in telecare ser-
vices has become a key problem, especially how to ensure
patient data security and privacy while transmitting over a
public channel [7] [8]. User authentication is the first step in
ensuring that only authorized users have access to protected
data. Although password-based user authentication is the most
convenient approach, it is prone to numerous attacks and may
pose a threat to data security. Multifactor authentication is a
recommended strategy in which any user is granted access to
specified data after verifying two or more pieces of evidence
[9] [10] perform poorly or have serious security flaws in the
context of tele-health services. Our system stores data and
securely transfers approved information to defined places. In
this paper, we offer a safe technique for authenticating EHR
patients and the Healthcare Center Server using real mem-
ber IDs and verification codes. To provide robust security
while maintaining good performance. The proposed work
employs, based on multi-factor authentication, a lightweight
crypto-hash function for the generation of One-Time Pass-
words (OTP) and symmetric key encryption (CTR mode) and
an asymmetric key of homomorphic encryption Damgoard,
Geisler and Kroigaard (DGK) to offer strong security per-
formance. The primary goal of this research is to provide a
robust authentication mechanism to address difficulties iden-
tified in previous studies. In practice, the Scyther security
proof was utilized to show the strong security and resistance
of our strategy against hostile attacks. The suggested tech-
nique strikes a good compromise between security complexity
and performance, and it may be used in healthcare systems.
The remainder of the article is structured as follows. Sec-
tion 2 reviews the related work. Section 3 focuses on the
proposed scheme. Section 4 This section evaluates security
analysis of the proposed scheme in terms of formal and in-
formal security analysis. Section 5 presents the performance
results. Finally, section 6 presents the conclusions.
II. R ELATED W ORK
A. Centralized Identity Management for Entity Authentica-
tion
As part of a centralized identity management system, a cen-
tralized identity distribution point (IDP) will be responsible
for issuing an identity (email ID, phone number, government
identification code, patient identification code), as well as
for maintaining the trust factor associated with those iden-
tities. Credential-based authentication is a well-established
initial line of defense in any identification scheme. As the pri-
vacy and security of patient data records are critical in EHRs,
credential-based protection is a relatively simple and adapt-
able first-hand solution that is able to identity theft, spoofing
attacks, data loss, and other types of privacy violations. It
is possible to add an extra layer of protection to the current
credentials-based authentication by including secondary fac-
tors such as OTP, captchas, patterns, or biometrics in addition
to the credentials-based authentication [11]. Many studies on
two-factor authentication [12] and three-factor authentication
[13] have been conducted for the purpose of validating medi-
cal records [12]. Although it adds an extra layer of protection,
multifactor authentication is vulnerable to attacks such as
identity theft, replay attacks, phishing attacks, and denial of
service attacks, among others. The authentication of entities
can be achieved by binding centralized identifiers to crypto-
graphically generated keys, signatures, and certificates with
the help of public key infrastructure (PKI).
B. Decentralized identity management for entity authenti-
cation
The whole concept of decentralization is founded on the basic
assumption that a transaction for the transfer of a commodity
or asset between two parties is accepted by the participating
nodes through the use of a consensus mechanism. This trans-
action is recorded in an immutable distributed ledger as part
of the transaction log. Blockchain is a practical distributed
ledger technology, and it was this protocol that introduced
the concept of decentralization into the settlement of finan-
cial transactions. Later, the framework was generalized in
72 | Hamed & Yassin
the healthcare ecosystem by introducing programming capa-
bilities using smart contracts. were the first to propose the
use of blockchain technology in the design of healthcare or
the purpose of decentralized identity management. MedRec
[14], was the first functioning prototype of a blockchain-based
system for accessing health records that is built on Ethereum
smart contracts. Additionally, a solution for identity manage-
ment and verification that uses blockchain technology was
created [15]. The system aims to enable greater flexibility
in health record access while simultaneously increasing pa-
tient data privacy. Furthermore, an efficient authentication
mechanism for a hospital network based on blockchain was
proposed [16] for the identification of distributed patients
among others. Additionally, [17] presented a group authenti-
cation approach that would allow authorized group members
to access sensitive health information in the context of a re-
mote medical monitoring system. Moreover, using blockchain
technology, [18] created a multi-identity verification system
for a secure medical data sharing paradigm, preventing depen-
dence on a third party [19] which allows signers to update their
certificates without having to sign again. Furthermore, a de-
centralized, secure, and lightweight certificate-less signature
protocol was proposed by transforming the logic of the key
generation center (KGC) into smart contract code, which can
withstand KGC compromised attacks and distributed denial of
service attacks [20]. However, none of the above-mentioned
approaches takes into account the integration of authentication
with access control to increase the overall system efficiency.
Consequently, the fundamental purpose of this research is
to provide a robust authentication technique based on cryp-
tosystem tools to solve issues highlighted in previous studies
and provide an efficient, verifiable, and practical EHR fair
exchange method, allowing each patient to safely transfer
their own EHR from one institution to another. The proposed
approach may also provide ease, speed, and integrity. We built
a high-level, realistic, and verifiable EHR fair exchange plan
with essential agreement for the health information system. A
patient could not only delegate the current hospital’s health in-
formation systems to move their personal EHR to the chosen
hospital system but also maintain their privacy. We demon-
strated the security of our protocol using security analysis and
the Scyther tool in the security analysis discussed in the fol-
lowing section. The performance comparison and efficiency
analysis findings show that the proposed approach delivers
a greater level of security while maintaining computational
economy.
III. P ROPOSED S CHEME
The major purpose of the proposed scheme is to enable safe
patient-centric EHR access while also providing efficient data
security and administration. Users with access based on their
professional duties, such as physicians, nurses, and medical
researchers, make up the user data. In practice, user data
might be assigned to a separate sector of society, such as
healthcare. It also includes users who are intimately con-
nected to a data owner (for example, family members or close
friends), and have access to EHRs based on access privi-
leges granted by the EHR’s owner. The architecture is made
up of four parts: EHR owner (EHRWi ), EHR user (EHRU j ),
Cloud Health Server (CHS(CHSk )), a hospital certification
authority HCA assists a patient (EHRU j ) in generating the
patient’s migration permit signature to another hospital or
medical center in the public key infrastructure (PKI); where
(1 ≤ i ≤ N),(1 ≤ j ≤ M),(1 ≤ k ≤ Z); each of N, M, Z repre-
sent the number of patient EHRW , users (EHRU ), healthcare
centers (CHS), respectively. The EHRWi is the individual
whose medical information is contained in the record, and
he has full access to that data. The owner might share his
information with friends, physicians, or nurses to seek clinical
advice. The EHRU j may be in the public or private sectors,
and their rights are determined by their roles with the EHR
owner. A user can be a healthcare professional such as a
doctor, a friend, a family member, or emergency personnel.
A CHSk is a storage facility that houses and manipulates sen-
sitive health data. Maintaining data privacy and accuracy of
patients necessitates a higher level of vigilance. The EHR
owner relies on the cloud server for remote data storage and
record maintenance, alleviating the burden of establishing
and maintaining local storage infrastructure. Most cloud data
storage services also offer benefits such as availability, scala-
bility, low cost, and on-demand data sharing among a group of
trusted users, such as physicians, insurance companies, emer-
gency personnel, family and friends in a collaboration team,
or employees in an enterprise organization. Because the data
owner no longer has physical control over the data, it is vital
to allow the data owner to check that his data is being saved
and maintained appropriately in the cloud. The registration
phase, the EHR migration phase, and the data exchange phase
comprise the four steps of our proposed scheme.
A. Registration Phase
In this phase, hospital certification authority (HCA) is respon-
sible to distributes the key parameters and certificate between
main components.
1) Cloud Health Server Side
Each health establishment (Cloud Health Server (CHSk ))
should be identified as a health mother institution (hospital
certification authority (HCA)) for the purpose of achieving,
distributing, and exchanging data among different patients
belonging to different establishments. HCA applies the fol-
lowing steps for each CHSk .
73 | Hamed & Yassin

• Step1. Compute a public key, (PU(CHSk ) = (N, g, h, u)). 3) User Side

In the healthcare system, there is important part represented
• Step2. Compute a private key, (Pr(CHSk ) = (p, q, v p , vq )). by users like employees, doctors, administrator. The user (Ui )
sends his request to (CHSk ) for registering and getting his
• Step3. Send the tuple (ID(CHSk ) , IDHCA , PU(CHSk ) , Pr(CHSk ) )electronic healthcare record (EHRUi ) that consists of sensitive
to CHSk and declare the public key PU(CHSk ) to other information such as (IDUi , PWUi , AddressUi , EmailUi , . . . etc.).
healthcare institutions CHS1 , CHS2 ,. . . CHSn (see Fig- However, CHSk prepares anomaly parameters IDAUi = H(IDUi ),
ure 1). PWAUi = H(PWUi ) and forwards user’s request (IDAUi , PWAUi )
to HCA. The following steps performed by HCA to generate
2) Patient Side main keys.
A patient (Wi ) sends request to (CHSk ) for registering and • Step1. Generate Shared key (SKUi ) and certificate (CertUi ).
getting his electronic healthcare record EHR owner(EHR(Wi ) )
that consists of sensitive information such as (ID(Wi ) , PW(Wi ) , • Step2. Send the tuple (SKUi , IDAUi , PWAUi ,CertUi ) to Ui
Address(Wi ) , Email(Wi ) , . . . etc.). However, CHSk first pre- via CHSk .
∗ 1
pares hash function that is H, where H : Zn → {0, 1} . CHSk • Step3. CHSk upgrades the main information of EHREi <
prepares anomaly parameters IDAWi = H(IDWi ), PWAWi = SKUi , IDAUi , PWAUi ,CertUi , . . . > for using it in the next
H(PWWi ). Then, CHSk forwards patient’s request based on phases (see Fig. 2).
his anomaly parameters to the HCA to help Wi obtaining
the permission parameters from HCA that implementing the
following steps:

• Step1. Generate Shared key (SK(Wi ) ) and certificate

(Cert(Wi ) ).

• Step2. Send the tuple (SK(Wi ) , ID(AWi ) , PW(AWi ) ,Cert(Wi ) )

to Wi via CHSk .

• Step3. CHSk upgrades the main information of EHR(Wi )

such as ID(AWi ) , PW(AWi ) and keeps the shared key for
using it in the next phases. Fig. 2. Registration phase of user phase.

Finally, the EHR(Wi ) is active to use in the healthcare

system and applied key operations (update, insert, delete) on B. Login and Authentication Phase
it (see Fig. 1). In this phase, the patient and employee want to login the
healthcare system , receiving report from his doctor or sending
quires to his doctor for accessing EHRWi existed CHSk .
1) Patient Side (The owner of EHR)
The patient (Wi ) desires to access the system in order to view
his electronic health record (EHRWi ), gets a report from his
doctor, or sends some queries to his doctors. There are main
steps to allow Wi from accessing the system as follows:
• Step1. The Wi enters his IDWi , PWWi and then generates
an integer random number ri ∈ Zn ∗ . Finally, he calcu-
lates an anonymity of identity and one-time password
ID′AWi = H(IDWi ), PWAW′ = H(H(PW ) ⊕ r )), respec-
i Wi i
tively.
Fig. 1. Registration phase of cloud health server side and • Step2. Wi encrypts EWi = EncSKWi (ri ) using symmetric
patient side. PW ′
′ ) = g AWi hri modN ,
key and EHWi = HEncSKWi (PWAW i
which is based on homomorphic encryption.
74 | Hamed & Yassin

• Step3. Wi sends his login request < ID′AWi , EH(Wi ) , EWi >
to CHSk .

• Step4. In the Cloud Healthcare server side, CHSk veri-

fies patient’s login request as follows.
?
(a) IDWi = ID′AWi ; if so, CHSk restores random num-
ber by decrypting ri′ = DecSKWi (EWi ).
′′ = H(H(PW ) ⊕ r ′ )) and
(b) CHSk computes PWAW i Wi i
? ′′
compares between EHWi = gPW ri′
AWi h modN. If so,
he accepts; CHSk sends challenge as verification
code (VC) to Wi . Where, VC represents SMS
message that is sent via mobile communication
channel.

• Step5. As a result, Wi retrieves verification code (VC’)

via his mobile phone number and computes CHWi =
H(CertWi ⊕VC′ ). Then, he replies CHWi to CHSk .

• Step6. CHSk computes CHW′ i = H(CertWi ⊕ VC′ ) and

?
compares between CHWi = CHW′ i . If so, CHSk accepts
the user’s login request and allows him to use the re-
sources and services od system based on his privileges.
Otherwise, he rejects the login phase (see Fig. 3).

2) User Side Fig. 3. Login and authentication phase of patient.

The Ui wishes to login system for checking EHRWi of patient
based on his role and privileges. The details of main steps are
′′ = H(H(PW ) ⊕ r ′ )) and
(b) CHSk computes PWAU
viewed as follows: i Ui i
? PW ′′ ′
compares between E( H(Ui )) = g AUi hri modN.
• Step1. Ui → CHSk : IDU′ i , EHUi , EUi . Ui performs the
If so, CHSk generates and encrypts verification
following computations:
code (VCUi )EUi = EncSKUi (VCUi ) and generates
(a) Ui enters his IDUi , PWUi and then generates ran- Quick Response Code QRUi that contains encrypted
dom number ri ∈ Zn∗ . Finally, Ui computes ID′AUi = verification code (VCUi ) (see Fig. 2. Then, CHSk
′ = H(H(PW )⊕r ), respectively. sends (QRUi ) to Ui . Where, VCUi represents SMS
H(IDUi ), PWAU Ui i
i message that is sent by CHSk via mobile commu-
(b) Ui encrypts EUi = EncSKUi (ri ) using symmetric nication channel.
PW ′
′ ) = g AUi hri modN,
key and EHUi = HEncSKUi (PWAUi
which is based on homomorphic encryption. • Step3 . Ui → CHSk : CHUi . Upon receiving this infor-
mation in Step 2, Ui computes:
(c) Ui sends his login request < ID′AUi , EHUi , EUi > to
CHSk as a first factor. (a) He works on reading (QRUi ) using QR & Barcode
Scanner. After scanning step, he will get (EUi )
• Step2. CHSk → Ui : QRUi . CHSk verifies patient’s login and decrypts VCU′ i = DecSKUi (EUi ).
request as follows:
(b) He computes CHUi = H(CertUi ⊕ VCU′ i ). After
?
(a) CHSk checks IDUi = ID′AUi ; if the verification of that, Ui computes SKUi = SKUi ⊕ VCU′ i . Then,
? computes ECertUi = EncSKU′ (CertUi ).
IDUi = ID′AUi is successful, CHSk restores random i

number by decrypting ri′ = DecSKUi (EUi ). (c) He sends the tuple < ECertUi ,CHUi > to CHSk .
75 | Hamed & Yassin
• Step4. Upon receiving the information in Step 3, CHSk
computes CHU′ i = H(CertUi ⊕ VCUi ) and compare be-
? (
tween CHUi = CHU′ i . If so, CHSk accepts the user’s
login request and allows him to use the resources and
services of system based on his privileges. Then, CHSk
computes SKUi = SKUi ⊕ VCUi and decrypts CertU′ i =
DecSKU′′ (ECertUi ) . Otherwise, he rejects the current
i
phase.
Note: Now the user can work according to the his privi-
leges granted to him from administor (doctor, administrator).
C. EHR Migration Phase
In this phase, the patient wishes to receive medical treatment
in a certain institution CHSK′ , which does not necessarily be
the same institution that registered her/him previously.
• Step1. Wi computes a random value rWi with a random
number ri ∈ Zn∗ , where rWi = ri ⊕ HWi . After correctly
calculating the foregoing, he sends his request to the
CHSk in an anomaly and freshness message style. The
message request includes (CertWi , ID′AWi , EAWi ), which
is computed from (ID′AWi = IDAWi ⊕ rWi ) and encrypted
main parameter via his shared key EAWi = EncSKWi (rWi ).
 
CertWi ,D′AW ,EAWi
i
Wi −→ CHSk
• Step2. Following the receipt of this message by CHSk ,
it can check the CertWi with his index file; if it is found
then go to step 3. Otherwise, go to the Step4.
• Step3. Wi performs the main medical treatment in his
institution, the results report (RRWi ) should be added
to the EHRWi by EHRU j directly and apply the same
functions in the upgrading phase.
• Step4. This case means that the patient wishes to do
some medical treatments outside of his healthcare cen-
ter. The new institution CHSK′ is used public key of
HCA to encrypt AE pk1 = AEncPUHCA ((CertWi , ID′AWi ,
EAWi )), and sends (IDCHSK′ , AE p k1) to HCA for ensur-
ing from the validity of the patient and his institution.
• Step5. This message tuple IDCHSK′ , AE p k1 is delivered
to HCA. When HCA has received this message with
IDCHSK′ , it can decrypt AE p k1 based on PrH CA in or-
der to restore all parameters using ADecPrH CA (AE p k1).
First, it can fetch the random value rWi′ = DecSKWi (EAWi ),
we notice this step also verifies certificate of Wi relied
on his shared key SKWi and CertWi . Second, it compares
′ ′
between IDAWi and IDAWi ⊕ rWi , if they are matched, This section evaluates security analysis of the proposed scheme
it ensures from the authority of Wi and saves current
parameters for usage in the next steps. Finally, HCA
returns the result R to the server CHSK′ using the fol-
lowing function.
(H (rWi′ CertWi )) if Wi is registered
L
R=
(H (rWi′ 0))
L
if Wi isnot registered
As a result, HCA detects Wi ’s institution CHSk based
on his certificate CertWi . It sends (R, IDCHSk ) to CHSK′ .
• Step6. CHSK′ receives this message challenge, it can
verify the patient by comparing HrWi ⊕CertWi with R.
When the above parameters are not valid, CHSK′ notifies
the patient to register at a public healthcare center or
checks his authority with his medical institution CHSk
(see Fig. 4).
D. Treatment and Exchanging Phase
In this phase, Wi can do many medical treatments such as
tests of blood diseases, blood pressure, diabetes, Covid-19
infection, CT-Scan, MRI in the CHSK′ .
(a) The results report (RRWi ) should be added to the EHRWi
existing in the original patient’s institution CHSk where
he belongs in the registration phase. Therefore, CHSK′
computes AE p k2 = AEncPUCHS (CertWi , RRWi ) based on
k
the identification of patient’s institution detected previ-
ously in Step3.2. Finally, CHSK′ sends message tuple
(IDCHSK′ , IDCHSk , AE p k2) to HCA.
(b) The server HCA will behave according to the delegated
message tuple (IDCHSK′ , IDCHSk , AE p k2) , and will ex-
change secure data of medical institutions (CHSk ,CHSK′ )
by forwarding patient’s data (IDH CA, AE p k2) to CHSk .
E. Upgrading Phase
When CHSk receives (IDH CA, AE p k2), it decrypts AE p k2
with PrCHSk . If it is valid, it can obtain RRWi , CertWi and
upgrade the information of EHRWi by adding the new status
of the patient Wi relied on RRWi . The upgrade process will be
performed by EHR user (EHRU j ) working as an employee
who has privileges that allow him to upgrade to the EHRWi .
Additionally, these privileges gained by the Administrator
(ADM), represent the role of U j . Now, the EHRWi contains
the last update of the patient’s case. In an emergency patient’s
case, EHRU j can tell the family member about the patient’s
case by sending SMS-Emergency to the patient’s family mem-
ber (see Fig. 5).
IV. S ECURITY A NALYSIS
in terms of formal and informal security analysis as the fol-
lows:
76 | Hamed & Yassin

Fig. 4. EHR migration phase.

Fig. 7.

Fig. 5. Explains the treatment and exchange.

A. Formal Security Analysis

Scyther, which is based on the Security Protocol Description
Language (SPDL) proposed in [21], is a formal verification
tool for security protocols. Many security protocols have
applied the Scyther tool for verification. Our protocol is ver-
ified using the ”verification claims” and ”automatic claims”
schemes in the Scyther tool. Currently, the proposed scheme
has been written in SPDL, and the results are viewed as Au-
tomatic Claim and Verification Claim. Based on the Scyther
tool, our approach resists harmful attacks such as MITM at-
tack, insider attack, replay attack, spoofing, and impersonation
The login and authentication phases are depicted in Fig. 6 and
Fig. 6. Login and Authentication phase that cannot be
attacked of patient.
Our investigation has revealed that the proposed solu-
tion provides security against malicious attacks as previously
stated. Because of this, SPDL is capable of performing a
number of critical cryptographic activities, such as sending
and receiving messages between components, and it also dis-
77 | Hamed & Yassin
Fig. 7. Login and Authentication phase that cannot be
attacked of user.
tinguishes between the obligations that each component bears.
After removing the security components of the proposed sys-
tem, such as crypto hashing and encryption, we will be able
to observe the system’s apparent vulnerability. As a result,
the system becomes unsafe as a result of this, making it more
vulnerable to assault by malicious entities (see Fig. 8. Fig-
ure 9 demonstrates the safety and security of the Login and
Authentication phase that cannot be attacked of user.
Fig. 8. Login and authentication phase that can be attacked.
B. Informal Security Analysis
In this section, the proposed scheme is proved using an in-
formal method. We aim to resist well-known attacks such
as MITM attack, replay attack, and insider attack according
to the proposed scheme. Furthermore, the proposed scheme
possesses several merits, including user anonymity, mutual
Fig. 9. Model checking of the login and authentication phase
of patient.
authentication, and session key agreement.
Proposition 1. Our proposed scheme provides mutual
authentication.
Proof. This security feature denotes that an attacker
should fail to impersonate the legal system’s components
(Wi , Di , ADM, Ei ) to CHSK , and vice versa. In this paper, au-
thentication of Ui to CHSK has used the following four steps:
• User (Ui ), who possesses the secret factors, can suc-
cessfully bring the factors (ID′AUi , EHUi , EUi ) to CHSk
as a first factor.
?
• CHSk compares IDUi = ID′AUi ; if the verification of
?
IDUi = ID′AUi is successful, it computes ri′ = DecSKUi (EUi ).
Then, it computes PWAU ′′ = H(H(PW ) ⊕ r ′ ) and com-
i Ui i
? PW ′′ ′
pares EH(Ui ) = g AUi hri modN. If so, CHSk generates
and encrypts verification code (VCUi ) EU i = EncSKUi
(VCUi ) and generates the Quick Response code (QRU i)
that contains the encrypted verification code (VCUi ).
Then, CHSk sends (QRUi ) to Ui .
• Upon receiving this information, Ui scans (QRU i) using
a QR scanner. Subsequently, Ui will get (EU i) and de-
crypt VCU′ i = DecSKUi (EU i). Then, it computes CHU i =
H(CertUi ⊕ VCU′ i ). Next, Ui computes SKUi = SKUi ⊕
78 | Hamed & Yassin
VCU′ i and then computes ECertUi = EncSKU′ (CertUi ) and
i
sends (ECertUi ,CHU i) to CHSk as a second factor.
• CHSk computes CHU′ i = H(CertUi ⊕ VCUi ) and com-
?
pares CHU i = CHU′ i. If so, a user is authenticated at the
same time. Then, CHSk computes SKUi = SKUi ⊕VCUi
and decrypts CertU′ i = DecSKU′′ (ECertUi ). Therefore, our
i ates and encrypts verification code (VCUi )EU i = EncSKUi
proposed scheme achieves mutual authentication be-
tween the two entities (Ui ,CHSK ). Otherwise, it rejects
the current phase.
Proposition 2. Our proposed scheme can support user
anonymity.
Proof. If an attacker tries to eavesdrop on the user’s
login request, he cannot obtain the user’s identity from the
crypto hash function since it is embedded with ri , which is
not identified to the attacker. Additionally, ri generates once
for each user’s login request. In the login and authentication
phase, Ui sends (ID′AUi , EH(Ui ) , EUi ) to CHSK . Thus, it has
been encrypted by shared key SKUi that was known by Ui and
CHSK . Therefore, it is difficult for an attacker to reveal the
user’s identity, and he cannot restore the shared key that is
generated once for each user’s login request. This indicates
that our proposed scheme can support user anonymity.
Proposition 3. Our proposed scheme can ensure forward
secrecy.
Proof. The popular session key relies on SKUi used in
the login and authentication phase. Our proposed scheme
protects the password even when the shared key SKUi is dis-
closed or leaked. If the shared key SKUi is revealed by the
adversary, the authentication of the system is not impressed
to affection of attackers’ behaviors, and he cannot use this
key in the next login phase since the shared key is generated
once based on VCUi . Furthermore, it is extremely difficult
for an adversary to derive PWAU ′ and random number r , as
i i
well as the attribute of the crypto one-way hash function
PWAU′ = H(H(PW ) ⊕ r ). Additionally, if an adversary can
i Ui i
eavesdrop all transmitted messages (ID′AUi , E( HUi ), EUi ), he
will be unable to use these parameters again for logging into
the system, as these parameters are generated once for each
user’s login request. Therefore, our proposed scheme ensures
perfect forward secrecy.
Proposition 4. Our proposed scheme can provide unlink-
ability.
Proof. This feature verifies that a user can attempt several
logins to the CHSK to consume resources/services without
others being able to connect the logins together to identify the
person. In the proposed scheme, each time Ui wants to log into
the system, he submits (ID′AUi , EH(Ui ) , EUi )) to CHSK . Thus,
the primitive components of (ID′AUi , EH(Ui ) , EUi ) are generated
once for each login phase by using the following points:
?
• CHSk checks IDUi = ID′AUi ; if the verification of IDUi =
?
ID′AUi is successful, CHSk restores random number by
decrypting ri′ = DecSKUi (EUi ).
′′ = H(H(PW ) ⊕ r ′ ) and com-
• CHSk computes PWAUi Ui i
? PW ′ ′
pares E( H(Ui )) = g AUi hri modN. If so, CHSk gener-
(VCUi ) and generates QRU i that contains the encrypted
verification code (VCUi ). Then, CHSk sends QRU i to
Ui .
As a result, the primitive parameters of (ID′AUi , EH(Ui ) , EUi )
generate once, and CHSk cannot link many logins with the
same Ui . Therefore, the proposed scheme can provide unlink-
ability.
Proposition 5. Our proposed scheme is resistant to replay
attacks.
Proof. In a replay attack, an adversary intercepts the
login message delivered by a legitimate user to the CHSk and
replays it back to the attacker. Then, the adversary reuses
this message to impersonate the user when logging into the
system in the next session. In our proposed scheme, each
new login request should be identical to CHSk′ s parameters
(ID′AUi , EH(Ui ) , EUi , ECertUi ,CHU i), and he will be unable to
use these parameters again for logging into the system, as
these parameters are generated once based on ri for each
user’s login request and he will be unable to get ri . Therefore,
an adversary cannot pass any replayed message to the CHSk
verification. Moreover, our approach can resist this attack
without synchronization clocks. Therefore, an adversary will
fail to apply this type of attack .
Proposition 6. Our proposed scheme can resist MITM
attacks.
Proof. An MITM attack intercepts a conversation be-
tween the parties to the communication. The conversation ap-
pears normal for both parties; however, all the information ex-
changed passes through the attacker, and he can eavesdrop or
modify and re-send. We assume that the attacker has obtained
′∗
(ID′AUi , EH(Ui ) , EUi ) and modified it as (IDAU i
, EH(Ui ) ∗, EUi ∗);
the modified parameters do not work, as CHSk verifies the
ID′ ∗AUi that was sent by the Ui , and finds that (ID′AUi ̸=
ID′ ∗AUi ). Additionally, the message (ID′AUi , EH(Ui ) , EUi ) is
generated once for each login phase. Thus, the proposed
scheme does not allow MITM attacks .
Proposition 7. Our proposed scheme is resistant to eaves-
dropping.
Proof. This is the process of intercepting and examining
messages to extract information from them. All parameters
exchanged between Ui and CHSk are the parameters used
only once (ID′AUi , EH(Ui ) , EUi , ri , SKUi andVCUi ); therefore, if
79 | Hamed & Yassin

eavesdropping these parameters, the attacker will fail to enter • If the patient wishes to have medical treatments outside
the system. of his healthcare center, the new institution CHSK′ sends
(IDCHSK′ , AE p k1) to HCA , where AE pk1 = AEncPUHCA
• Ui sends (ID′AUi , EH(Ui ) , EUi ) to CHSk .
(CertWi ), IDAWi′ , EAWi .
• CHSk sends QRU i to Ui .
• When HCA has received this message with IDCHSK′ , it
• Ui sends (ECertUi ,CHU itoCHSk ). can decrypt AE p k1 based on PrH CA to restore all pa-
rameters using (ADecPrH CA AE p k1). First, it can fetch
Note: parameters are generated once for each admin’s
the random value rWi′ = DecSKWi (EAWi ). Second, it
login request. Accordingly, the proposed scheme is resistant
to eavesdropping. compares ID′AWi and (IDAWi ⊕ rWi′ ), and if they are
Proposition 8. Our proposed scheme can withstand an matched, it ensures from the authority of Wi and saves
insider attack. the current parameters for usage in the next steps. Fi-
Proof. In our proposed scheme, when Ui wishes to reg- nally, HCA sends (R, IDCHSk ) to CHSK′ , where
ister with a cloud health server, he sends ID′AUi , EH(Ui ) in- H rW′i CertWi
 L


if Wi is registered
R=
stead of IDUi , PWUi . Due to the utilization of the one-way (H (rW′i ⊕ 0)) if Wi is not registered
hash function h(), it is difficult for the attacker to extract
the password of the user from the hashed value. In addi- • CHSK′ receives this message challenge, and it can ver-
tion, when the attacker wants to impersonate the valid user, ify the patient by comparing H(rWi ⊕ CertWi ) with R.
he needs to forge a legal login request parameter (ID′AUi , When the above parameters are not valid, CHSK′ notifies
EH(Ui ) , EUi ), in which ID′AUi = H(IDUi ), EHUi = HEncSKUi the patient to register at a public healthcare center or
′ ) = g( PW ′ )hri modN, E i = Enc checks his authority with his medical institution CHSk .
(PWAU i AUi U SKUi (ri ). However,
the attacker will be unable to obtain the SKUi of the user and
will fail to forge such parameters. V. P ERFORMANCE A NALYSIS
Proposition 9. Our proposed scheme provides key man-
A. Computational Cost
agement.
The computational cost is used to calculate the proposed
Proof. The primary parties have agreed to produce a
scheme’s temporal complexity. Table I compares the compu-
shared key for each login request based on (SKUi , ri ). When
tational costs of the most significant similar schemes with that
the patient successfully logs in, the primary parties (Ui ,CHSk )
of our technique and compares our technique with other rele-
execute the following steps to implement this phase:
vant research. Table II compares important security features
• The user (Ui ) computes SKUi = SKUi ⊕ ri . of the proposed approach with earlier efforts. Furthermore,
depending on [22], the processing times for the fundamen-
• The (CHSk ) side computes SKUi = SKUi ⊕ ri′ .
tal functions are roughly as follows applying the following
Therefore, we notice that our work has key management rules(see Fig. 10).
metric.
Proposition 10. Our proposed scheme provides EHR
migration phase in secure manner.
Proof. In this phase, the patient wishes to obtain medical
care in a given institution CHSK′ , which will not necessarily
be the same institution that enrolled them earlier. In this paper
as following steps:
• Wi who possesses the secret factors can successfully
bring the factors sends (CertWi , ID′AWi , EAWi ) to CHSk ,
where rWi = ri ⊕ H(IDWi ), (ID′AWi = IDAWi ⊕ rWi ) and
the encrypted main parameter via his shared key EAWi =
EncSKWi (rWi ).
• CHSk checks the CertWi with his index file; if it is found,
Wi performs the main medical treatment in his institu-
tion, the results report (RRWi ) should be added to the
EHRWi by EHRU j directly. Fig. 10. Computation cost comparison.
80 | Hamed & Yassin

TABLE I.
C OMPUTATION COST COMPARISON WITH OTHER RELATED WORKS .
Term Meaning Time needed
Th The time allotted to the crypto hash function. 0.0023 ms
T⊕ The processing time for the XOR operation. Negligible
TE nc The processing time for a symmetric encryption function. 0.0046 ms
T|| The processing time for the Concatenation operation. Negligible

TABLE II.
C OMPARING OF THE COMPUTATIONAL COST.
Scheme Registration Phase Login and Authentication Phases Total Cost
Wu et al. [21] 8Th + 3T⊕ + 7TII 35Th + 11T⊕ + 30TII + 1TDec + 1TEnc 43Th + 14T⊕ + 37TII + 1TDec + 1TEnc ≈ 0.1081
Taher et al. [22] 10Th + 10T⊕ + 9TII 21Th + 32T⊕ + 19TII 31Th + 42T⊕ + 28TII ≈ 0.0713
Yassin et al. [23] 5Th + 2T⊕ + 1TII 13Th + 12T⊕ + 6TII + 2TDec + 2TEnc 18Th + 14T⊕ + 7TII + 2TDec + 2TEnc ≈ 0.0598
Chatterjee et al. [24] 6Th + 3T⊕ + 15TII 2TDec + 2TEnc + 22Th + 5T⊕ + 88TII 28Th + 8T⊕ + 103TII + 2TDec + 2TEnc ≈ 0.0828
Our Scheme 2Th 8Th + 4TEnc + 3TDec + 6T⊕ 10Th + 4TEnc + 3TDec + 6T⊕ ≈ 0.0552

TABLE III. TABLE IV.

C OMPARISON WITH OTHER RELATED WORKS . C OMPARISON WITH OTHER RELATED WORKS .
Security Features [16] [17] [18] [19] Our Scheme Authors No of bits No of messages
Mutual Authentication YES YES NO YES YES
Anonymous & Untraceable YES YES YES YES YES Chatterjee et al. [24] 1280 2
Forward Secrecy YES YES NO YES YES Xiong et al. [19] 1120 3
Key Agreement NO NO NO NO YES
Tahe et al. [26] 1660 3
key management NO NO NO NO YES
MITM Attack YES NO NO NO YES Wu et al. [21] 1600 3
Replay Attack YES YES YES NO YES Our Scheme 736 3
Eavesdropping Attack NO NO NO NO YES
Unlinkability YES NO NO NO YES
EHR Migration phase NO NO NO NO YES
Insider attacks YES NO YES NO YES
and security are of the utmost importance inside these sys-
tems. It is commonly accepted that concerns around safety
and secrecy pose substantial challenges to the functioning of
According to the above-mentioned comparisons, the sug-
the healthcare system. We offer a safe user authentication ap-
gested system has a lower time complexity (10Th + 4TEnc +
proach for patients in the healthcare system that uses Scyther,
3TDec + 6T⊕ ≈ 0.0552) than those in previous relevant stud-
a formal security tool, to validate the proposed scheme’s se-
ies. We can see that the proposed system has a fair mix of
curity. Our proposed approach clearly ensures ease, speed,
performance and security aspects (see Table III).
and integrity. Our technique ensures safe data storage and
approved information flow to defined sites. To ensure strong
B. Communication Cost
security while maintaining appropriate speed, the proposed
The cost of transmitted messages is assessed during the login scheme employs a lightweight crypto hash function for the
and authentication process. We assumed the identity size is 32 generation of OTPs and DGK . The major purpose of this
bits, the hash value size is 160 bits [25], the cipher text value research is to provide a trustworthy authentication technique
size is 128 bits, and the cipher text value size is homomorphic based on cryptosystem tools to solve the issues highlighted
32 bits. Table IV compares our proposed approach with those in the previous studies. The suggested system will be able
in previous relevant research. to defend against attacks such as MITM, insider, and replay
attacks, among others. It is safe to employ features such as
VI. C ONCLUSIONS mutual authentication, anomalies, key management, and other
secure features, and it strives to achieve a mix of speed and
EHRs allow authorized health stakeholders to communicate
security.
organized medical data to enhance the quality of healthcare
delivery. Since the patient’s situation may become exceed-
ingly perilous if personal information becomes public, privacy
81 | Hamed & Yassin

TABLE V. thentication in electronic health records,” Cogent Engi-

N OTATION USED IN THE PROPOSED SCHEME . neering, vol. 9, no. 1, 2022.
Symbol Description
Ui User [7] H. A. Younis, I. M. Hayder, I. S. Seger, and H. A. Younis,
CHS Cloud Healthcare Server “Design and implementation of a system that preserves
KGC Key Generator Center the confidentiality of stream cipher in non-linear flow
⊕ XOR operation coding,” Journal of Discrete Mathematical Sciences and
MITM Man-In the middle attack Cryptography, vol. 23, no. 7, pp. 1409–1419, 2020.
EHRi Electronic healthcare record
[8] Y. Chen, J. Sun, Y. Yang, T. Li, X. Niu, and H. Zhou,
PUCHSk Public key of cloud health server
“Psspr: a source location privacy protection scheme
PrCHSk Private key of cloud health server
based on sector phantom routing in wsns,” International
IDWi Identity of patient Wi .
Journal of Intelligent Systems, vol. 37, no. 2, pp. 1204–
PWWi Password of patient Wi
1221, 2022.
CHSk The current medical establishment
SKUi Shared key of user [9] N. C. Basjaruddin, S. Ramadhan, F. Adinugraha, and
QRUi QRcode of user K. Kuspriyanto, “Baggage tracing at airports using near
EH(Wi ) Homomorphic encryption of Wi field communication,” in in 2019 International Confer-
h(.) One-way hash function ence on Advanced Mechatronics, Intelligent Manufac-
ri The one-time random number generated by user ture and Industrial Automation (ICAMIMIA), pp. 109–
113, 2019.
C ONFLICT OF I NTEREST [10] D. C. Nguyen, P. N. Pathirana, M. Ding, and A. Senevi-
The authors have no conflict of relevant interest to this article. ratne, “Bedgehealth: A decentralized architecture for
edge-based iomt networks using blockchain,” IEEE In-
ternet of Things Journal, vol. 8, no. 14, pp. 11743–
R EFERENCES 11757, 2021.
[1] P. D. Singh, G. Dhiman, and R. Sharma, “Internet of
things for sustaining a smart and secure healthcare sys- [11] I. Indu, P. R. Anand, and V. Bhaskar, “Identity and access
tem,” Sustainable computing: informatics and systems, management in cloud environment: Mechanisms and
vol. 33, p. 100622, 2022. challenges,” Engineering science and technology, an
international journal, vol. 21, no. 4, pp. 574–588, 2018.
[2] M. Hartmann, U. S. Hashmi, and A. Imran, “Edge
computing in smart health care systems: Review, chal- [12] A. Chaturvedi, D. Mishra, and S. Mukhopadhyay, “An
lenges, and research directions,” Transactions on Emerg- enhanced dynamic id-based authentication scheme for
ing Telecommunications Technologies, vol. 33, no. 3, telecare medical information systems,” Journal of King
2022. Saud University-Computer and Information Sciences,
vol. 29, no. 1, pp. 54–62, 2017.
[3] R. Fazal, M. A. Shah, H. A. Khattak, H. T. Rauf, and
F. A. Turjman, “Achieving data privacy for decision sup- [13] K. Renuka, S. Kumari, and X. Li, “Design of a secure
port systems in times of massive data sharing,” Cluster three-factor authentication scheme for smart healthcare,”
Computing, pp. 1–13, 2022. Journal of medical systems, vol. 43, no. 5, pp. 1–12,
2019.
[4] B. K. Rai, A. Tyagi, B. Arora, and S. Sharma,
“Blockchain based electronic healthcare record (ehr),” [14] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman,
in in ICCCE 2021: Springer, pp. 185–193, 2022. “Medrec: Using blockchain for medical data access and
permission management,” in in 2016 2nd international
[5] M. T. Chen and T. H. Lin, “A provable and secure patient conference on open and big data (OBD), pp. 25–30,
electronic health record fair exchange scheme for health 2016.
information systems,” Applied Sciences, vol. 11, no. 5,
2021. [15] Y. Liang, “Identity verification and management of elec-
tronic health records with blockchain technology,” in
[6] T. Manoj, K. Makkithaya, and V. Narendra, “A In 2019 IEEE International Conference on Healthcare
blockchain based decentralized identifiers for entity au- Informatics (ICHI), pp. 1–3, 2019.
82 | Hamed & Yassin

[16] A. Yazdinejad, G. Srivastava, R. M. Parizi, A. Dehghan-

tanha, K. R. Choo, and M. Aledhari, “Decentralized
authentication of distributed patients in hospital net-
works using blockchain,” IEEE journal of biomedical
and health informatics, vol. 24, no. 8, pp. 2146–2156,
2020.
[17] C. T. Li, D. H. Shih, C. C. Wang, C. L. Chen, and C. C.
Lee, “A blockchain based data aggregation and group
authentication scheme for electronic medical system,”
IEEE Access, vol. 8, pp. 173904–173917, 2020.
[18] X. Cheng, F. Chen, D. Xie, H. Sun, and C. Huang, “De-
sign of a secure medical data sharing scheme based on
blockchain,” Journal of medical systems, vol. 44, no. 2,
pp. 1–11, 2020.
[19] C. Lin, X. H. D. He, M. K. Khan, and K. K. R. Choo,
“A new transitively closed undirected graph authentica-
tion scheme for blockchain-based identity management
systems,” IEEE Access, vol. 6, pp. 28203–28212, 2018.
[20] L. Xiong, F. Li, M. He, Z. Liu, and T. Peng, “An efficient
privacy-aware authentication scheme with hierarchical
access control for mobile cloud computing services,”
IEEE Transactions on Cloud Computing, vol. 10, no. 4,
pp. 2309–2323, 2020.
[21] O. Siedlecka-Lamch, “Probabilistic and timed analysis
of security protocols,” in In Computational Intelligence
in Security for Information Systems Conference, pp. 142–
151, 2019.
[22] M. Kompara, S. H. Islam, and M. Hölbl, “A robust
and efficient mutual authentication and key agreement
scheme with untraceability for wbans,” Computer Net-
works, vol. 148, pp. 196–213, 2019.
[23] T. Y. Wu, L. Yang, Z. Lee, C. M. Chen, J. S. Pan, and
S. Islam, “Improved ecc-based three-factor multiserver
authentication scheme,” Security and Communication
Networks, vol. 2021, 2021.
[24] B. H. Taher, F. A. H. Liu, H. L. A. A. Yassin, and A. J.
Mohammed, “A secure and lightweight three-factor re-
mote user authentication protocol for future iot applica-
tions,” Journal of Sensors, vol. 2021, 2021.
[25] M. H. Alzuwaini and A. A. Yassin, “An efficient mecha-
nism to prevent the phishing attacks,” Iraqi Journal for
Electrical and Electronic Engineering, vol. 17, no. 1,
2021.
[26] A. A. Yassin, J. Yao, and S. Han, “Strong authentication
scheme based on hand geometry and smart card factors,”
Computers, vol. 5, no. 3, 2016.