Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Fei Zhu,Xun Yi,Alsharif Abuadbba,Ibrahim Khalil,Surya Nepal,Xinyi Huang

DOI: https://doi.org/10.1109/JIOT.2021.3059570

2021-01-01

Abstract:In a typical e-healthcare system, it is common for users’ physiological data collected by Internet-of-Things (IoT) devices to be processed and shared in a third-party environment. To improve service quality, healthcare data sharing in third-party environments needs to ensure the integrity, source authentication, and privacy of the data. Redactable signature schemes (RSSs) are designed to address this concern over the past decades. More concretely, an RSS allows a signature holder to delete privacy-sensitive parts of the signed data and derive a valid signature for the retained data without any help from the original signer. This also provides a flexible data sharing mechanism in a bandwidth-saving manner. However, almost all of the existing RSSs are built on top of public-key infrastructure (PKI) systems, which involve heavyweight public-key management problems and are not suitable for resource-limited IoT applications. Besides, we argue that the only known PKI independent RSS for IoT has some security flaws and requires a large storage space. In this work, we eliminate some of the costs associated with PKI and certificates (such as key managements and certificate verifications) in traditional RSS and propose the first identity-based RSS satisfying the requirements of protecting the integrity and source authentication with selective disclosure control for healthcare data sharing in IoT. We prove the security of the scheme in the random oracle model under the $k$ -SDH assumption. Theoretical comparison and experimental analysis show that our construction has a practical performance. As an extension, we also discuss how to extend our design to achieve fine-grained redaction control, which provides a feasible strategy for a signer to prevent additional redaction or arbitrary redaction from dishonest signature holders.

Jianghua Liu,Lei Xu,Bruce Gu,Lei Cui,Fei Zhu

DOI: https://doi.org/10.1007/978-3-031-23020-2_25

2022-01-01

Abstract:Smart healthcare, as an examplar domain, is empowered by the remarkable miniaturization of sensors and the proliferation of smart devices, which lead to the production of massive amounts of healthcare data. Smart healthcare in the future is expected as a health service system that uses wearable devices, IoT, and mobile internet to dynamically collect and deliver healthcare data and then intelligently provide healthcare services. However, security is increasingly being challenged due to the highly valuable data transformed in such a healthcare network that might be tampered with by malicious users or disclosed without considering the privacy of patients. These pose new challenges for improving healthcare services' safety, quality, and efficiency. In this paper, we propose a redactable signature scheme (RSS) with a short signature and fine-grained sharing control for authenticating the integrity and authenticity of healthcare data while preserving the privacy of patients in the smart healthcare system. The security analysis of our construction shows that it achieves unforgeability and unlinkability. Finally, the efficiency comparison with other related solutions indicates that our scheme could solve the security issues for healthcare data sharing in the smart healthcare system with less computational and communication overhead.

Jianghua Liu,Jian Yang,Wei Wu,Xinyi Huang,Yang Xiang

DOI: https://doi.org/10.1109/tc.2022.3207138

IF: 3.183

2023-04-08

IEEE Transactions on Computers

Abstract:Recent advancements in the Internet of Things (IoT) and cloud computing technologies have accelerated the development of various practical applications, including healthcare systems. Adequately revealing the collected healthcare data in a cloud-assisted healthcare IoT system brings a huge potential for improving the safety, quality, and efficiency of healthcare services. However, often the data collected in a healthcare IoT system is vital and sensitive. The dissemination of such data is also vulnerable to malicious attacks such as tampering, eavesdropping, and forgery. Thus, disseminated data's integrity, authenticity, and privacy are elementary security demands to end-users and owners. Also, the resource-constrained nature of healthcare IoT devices invalidates the existing solutions. To address the above challenges, we propose a lightweight and secure redactable signature scheme with coarse-grained additional redaction control (CRS) for secure dissemination of healthcare data in a cloud-assisted healthcare IoT system. The security analysis indicates our CRS is secure against signature forgery, additional redaction attacks, and redacted version linkability. Compared to other existing solutions, our scheme can achieve some level of security but less computational complexity and communication overhead.

engineering, electrical & electronic,computer science, hardware & architecture

Liehuang Zhu,Yumeng Xie,Yuao Zhou,Qing Fan,Chuan Zhang,Ximeng Liu

DOI: https://doi.org/10.1016/j.future.2023.07.031

2023-01-01

Abstract:The Healthcare Internet of Things (HIoT) system enables remote monitor patient health state and feedback on medical treatments timely. The success of HIoT relies on how to share health data securely and efficiently. Existing solutions either fail to ensure the security or incur significant overheads. In this paper, we put forward an efficient and secure health data sharing scheme for HIoT systems, named ESDS, to solve this dilemma. In ESDS, we first signcrypt the health data collected by IoT devices to protect patient privacy and ensure data authenticity. Next, we aggregate N signatures for N pieces of different health data into a short signature, which significantly reduces storage space and transmission size, i.e., from O(N) to O(1). Then, we apply local verifiability to verify one piece of health data under the aggregated signature. With this property, a doctor only needs one auxiliary message generated by the patient to check the target message without obtaining whole health data, which improves system verification efficiency. Extensive security analysis and performance evaluation show that ESDS is secure and efficient.

Hongliang Zhu,Ying Yuan,Yuling Chen,Yaxing Zha,Wanying Xi,Bin Jia,Yang Xin

DOI: https://doi.org/10.1109/ACCESS.2019.2924486

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is also known as the Internet of everything. As an important part of the new generation of intelligent information technology, the IoT has attracted the attention both of researchers and engineers all over the world. Considering the limited capacity of smart products, the IoT mainly uses cloud computing to expand computing and storage resources. The massive data collected by the sensor are stored in the cloud storage server, also the cloud vulnerability will directly threaten the security and reliability of the IoT. In order to ensure data integrity and availability in the cloud and IoT storage system, users need to verify the integrity of remote data. However, the existing remote data integrity verification schemes are mostly based on the RSA and BLS signature mechanisms. The RSA-based scheme has too much computational overhead. The BLS signature-based scheme needs to adopt a specific hash function, and the batch signature efficiency in the big data environment is low. Therefore, for the computational overhead and signature efficiency issues of these two signature mechanisms, we propose a scheme of data integrity verification based on a short signature algorithm (ZSS signature), which supports privacy protection and public auditing by introducing a trusted third party (TPA). The computational overhead is effectively reduced by reducing hash function overhead in the signature process. Under the assumption of CDH difficult problem, it can resist adaptive chosen-message attacks. The analysis shows that the scheme has a higher efficiency and safety.

Jianghua Liu,Jian Yang,Xinyi Huang,Lei Xu,Yang Xiang

DOI: https://doi.org/10.1109/tsc.2023.3348497

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:The widespread application of Internet of Things technology in the medical field results in the generation of a large amount of healthcare data. Adequately learning valuable knowledge from the massive healthcare data brings a huge potential for improving the efficiency, quality, and safety of healthcare services. Online learning over the cloud offers decent training and fast inference services. However, outsourcing healthcare data learning to the cloud might cause patient privacy disclosure and data integrity and authenticity compromises. These security threats further affect the accuracy of the trained model or distort the inference results. Although researchers have tried to solve the privacy-preserving or data integrity issues with different techniques, none of them satisfy the security demands in online training of healthcare data. In this paper, we present an efficient redactable group signature scheme (RGSS) for the online learning healthcare system. The security analysis shows that our construction not only prevents privacy compromise but also provides integrity and authenticity verification. In addition to the private property of RGSS, the signer-anonymous also enhances patient privacy-preserving. Compared with other solutions, our RGSS is secure and efficient in promoting scientific research on learning large amounts of healthcare data that aim to improve healthcare services.

computer science, information systems, software engineering

Jianghua Liu,Jinhua Ma,Yang Xiang,Wanlei Zhou,Xinyi Huang

DOI: https://doi.org/10.1109/tdsc.2019.2892446

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In the context of Information Societies, a tremendous amount of information is daily exchanged or released. Among various information-release cases, medical document release has gained significant attention for its potential in improving healthcare service quality and efficacy. However, integrity and origin authentication of released medical documents is the priority in subsequent applications. Moreover, sensitive nature of much of this information also gives rise to a serious privacy threat when medical documents are uncontrollably made available to untrusted third parties. Redactable signatures allow any party to delete pieces of an authenticated document while guaranteeing the origin and integrity authentication of the resulting (released) subdocument. Nevertheless, most of existing redactable signature schemes (RSSs) are vulnerable to dishonest redactors or illegal redaction detection. To address the above issues, we propose two distinct RSSs with flexible release control (RSSs-FRC). We also analyse the performance of our constructions in terms of security, efficiency and functionality. The analysis results show that the performance of our construction has significant advantages over others, from the aspects of security and efficiency.

Zetian Zhang,Jingyu Wang,Lixin Liu,Yongfeng Li,Yun Hao,Hanqing Yang

DOI: https://doi.org/10.1016/j.adhoc.2024.103588

IF: 4.816

2024-01-01

Ad Hoc Networks

Abstract:With the rapid development of Internet of Things (IoT) technology in industrial, agricultural, medical and other fields, IoT terminal devices face security and privacy challenges when sharing data. Among them, ensuring data confidentiality, achieving dual-side privacy protection, and performing reliable data integrity verification are basic requirements. Especially in resource-constrained environments, limitations in the storage, computing, and communication capabilities of devices increase the difficulty of implementing these security safeguards. To address this problem, this paper proposes a resource-constrained anonymous data-sharing scheme (ADS-RC) for the IoT. In ADS-RC, we use elliptic curve operations to replace computation-intensive bilinear pairing operations, thereby reducing the computational and communication burden on end devices. We combine an anonymous verifiable algorithm and an attribute encryption algorithm to ensure double anonymity and data confidentiality during the data-sharing process. To deal with potential dishonest behavior, this solution supports the revocation of malicious user permissions. In addition, we designed a batch data integrity verification algorithm and stored verification evidence on the blockchain to ensure the security and traceability of data during transmission and storage. Through experimental verification, the ADS-RC scheme achieves reasonable efficiency in correctness, security and efficiency, providing a new solution for data sharing in resource-constrained IoT environments.

Shengmin Xu,Jianting Ning,Xinyi Huang,Yingjiu Li,Guowen Xu

DOI: https://doi.org/10.1109/tdsc.2021.3106393

2022-01-01

Abstract:Healthcare Internet-of-Things (IoT) enables lightweight devices to observe patients’ vital signals and outsource them to a remote cloud to enjoy flexible data sharing. However, it faces many security threats as the outsourced data is no longer physically controlled by data owners, and the cloud that hosts the outsourced data is not fully trusted. Many privacy protection technologies have been adopted to solve this problem, among which cryptographic mechanisms have become one of the most promising tools. Unfortunately, current cryptographic mechanisms in healthcare IoT mainly suffer from the following challenges: 1) dynamic user groups for managing users’ accessibility; 2) efficient revocation mechanism to mitigate the burden during user revocation; 3) forward and backward secrecy to ensure session independence in the presence of session key leakage; 4) revocable storage to prevent data users from learning any unauthorized data even the data is authorized before; and 5) information manipulation during data transmission. In this article, we introduce a practical and secure system to address the above problems. Our system provides fine-grained access control with dynamic user groups for optimizing scalability and functionality. We prove that our system is secure against numerous real-world threats. Extensive comparison and experimental analysis demonstrate that our system enjoys superior performance than the state-of-the-art solutions.

Wenjuan Tang,Ju Ren,Kun Deng,Yaoxue Zhang

DOI: https://doi.org/10.1109/jiot.2019.2923261

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:With rapid development of e-healthcare systems, patients that are equipped with resource-limited e-healthcare devices (Internet of Things) generate huge amount of health data for health management. These health data possess significant medical value when aggregated from these distributed devices. However, efficient health data aggregation poses several security and privacy issues such as confidentiality disclosure and differential attacks, as well as patients may be reluctant to contribute their health data for aggregation. In this paper, we propose a privacy-preserving heath data aggregation scheme that securely collects health data from multiple sources and guarantee fair incentives for contributing patients. Specifically, we employ signature techniques to keep fair incentives for patients. Meanwhile, we add noises into the health data for differential privacy. Furthermore, we combine Boneh-Goh-Nissim cryptosystem and Shamir's secret sharing to keep data obliviousness security and fault tolerance. Security and privacy discussions show that our scheme can resist differential attacks, tolerate healthcare centers failures, and keep fair incentives for patients. Performance evaluations demonstrate cost-efficient computation, communication and storage overhead.

Yang Yang,Bixia Yi,Yonghua Zhan,Minming Huang

DOI: https://doi.org/10.1007/978-981-19-8445-7_19

2022-01-01

Abstract:Many sanitizable signature schemes have been proposed to facilitate and secure the secondary use of medical data. These schemes allow a patient, authorized by the doctor, to modify and re-sign his/her electronic health record (EHR) to hide sensitive information and the new signature can be verified successfully. However, this may lead to fraud because patients may forge medical records for profit. To further standardize sanitization and reduce the sanitizers power, this paper proposes a new limited sanitizable signature scheme, which allows the signer to not only decide which message blocks can be modified but also determine the maximum of modifiable blocks and the expiration time for sanitization. We also propose a secure EHR sharing scheme suitable for medical scenarios based on the above limited sanitizable signature to realize privacy preserving medical data sharing. Finally, the security analysis and experimental results show that the security and efficiency of our scheme can be accepted.

Jinhui Liu,Yong Yu,Yannan Li,Yanqi Zhao,Xiaojiang Du

DOI: https://doi.org/10.1007/978-3-030-14234-6_34

2018-01-01

Abstract:With the widespread growth of cloud computing and mobile healthcare crowd sensing (MHCS), an increasing number of individuals are outsourcing their masses of bio-information in the cloud server to achieve convenient and efficient. In this environment, Cloud Data Center (CDC) needs to authenticate masses of information without revealing owners’ sensitive information. However, tremendous communication cost, storage space cost and checking time cost lead to CDC that give rise to all kinds of privacy concerns as well. To mitigate these issues, To mitigate these issues, we propose a data anonymous batch verification scheme for MHCS based on a certificateless double authentication preventing aggregate signature. The proposed scheme can authenticate all sensing bio-information in a privacy preserving way. We then present that the proposed CL-DAPAS scheme is existentially unforgeable in the Random Oracle Model (ROM) assuming that Computational Diffie-Hellman problem is difficult to solve. Furthermore, we provide an implementation and evaluate performance of the proposed scheme and demonstrate that it achieves less efficient computational cost compared with some related schemes.

Jingwei Liu,Huijuan Cao,Qingqing Li,Fanghui Cai,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.48550/arXiv.1804.01822

2018-04-05

Abstract:Recently, with the rapid development of big data, Internet of Things (IoT) brings more and more intelligent and convenient services to people's daily lives. Mobile healthcare crowd sensing (MHCS), as a typical application of IoT, is becoming an effective approach to provide various medical and healthcare services to individual or organizations. However, MHCS still have to face to different security challenges in practice. For example, how to quickly and effectively authenticate masses of bio-information uploaded by IoT terminals without revealing the owners' sensitive information. Therefore, we propose a large-scale concurrent data anonymous batch verification scheme for MHCS based on an improved certificateless aggregate signature. The proposed scheme can authenticate all sensing bio-information at once in a privacy preserving way. The individual data generated by different users can be verified in batch, while the actual identity of participants is hidden. Moreover, assuming the intractability of CDHP, our scheme is proved to be secure. Finally, the performance evaluation shows that the proposed scheme is suitable for MHCS, due to its high efficiency.

Cryptography and Security

Jinhui Liu,Yong Yu,Yannan Li,Yanqi Zhao,Xiaojiang Du

2018-01-01

Abstract:With the widespread growth of cloud computing and mobile healthcare crowd sensing (MHCS), an increasing number of individuals are outsourcing their masses of bio-information in the cloud server to achieve convenient and efficient. In this environment, Cloud Data Center (CDC) needs to authenticate masses of information without revealing owners’ sensitive information. However, tremendous communication cost, storage space cost and checking time cost lead to CDC that give rise to all kinds of privacy concerns as well. To mitigate these issues, To mitigate these issues, we propose a data anonymous batch verification scheme for MHCS based on a certificateless double authentication preventing aggregate signature. The proposed scheme can authenticate all sensing bio-information in a privacy preserving way. We then present that the proposed CL-DAPAS scheme is existentially unforgeable in the Random Oracle Model (ROM) assuming that Computational Diffie-Hellman problem is difficult to solve. Furthermore, we provide an implementation and evaluate performance of the proposed scheme and demonstrate that it achieves less efficient computational cost compared with some related schemes.

Yonghua Zhan,Yang Yang,Bixia Yi,Renjie He,Rui Shi,Xianghan Zheng

DOI: https://doi.org/10.1016/j.comcom.2024.107935

IF: 5.047

2024-09-13

Computer Communications

Abstract:With the widespread use of mobile communication and smart devices in the medical field, mobile healthcare has gained significant attention due to its ability to overcome geographical limitations and provide more efficient and high-quality medical services. In mobile healthcare, various instruments and wearable device data are collected, encrypted, and uploaded to the cloud, accessible to medical professionals, researchers, and insurance companies, among others. However, ensuring the security and privacy of healthcare data in the context of mobile networks has been a highly challenging issue.Certificateless signature schemes allow patients to conceal their respective privacy information for different sharing needs. Nevertheless, existing mobile healthcare data protection solutions suffer from costly certificate management and the inability to restrict signature verifiers. This paper proposes a certificateless designated verifier sanitizable signature for mobile healthcare scenarios, aiming to enhance the security and privacy of mobile healthcare data. This scheme enables the sanitization of sensitive data without the need for certificate management and allows for the specification of signature verifiers. This ensures the confidentiality of medical data, protects patient privacy, and prevents unauthorized access to healthcare data.Through security analysis and experimental comparisons, it is demonstrated that the proposed scheme is both efficient and effectively ensures data security and user privacy. Therefore, it is well-suited for privacy protection in mobile healthcare data.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianghua Liu,Jingyu Hou,Xinyi Huang,Yang Xiang,Tianqing Zhu

DOI: https://doi.org/10.1016/j.cose.2020.101756

IF: 5.105

2020-01-01

Computers & Security

Abstract:As a technological innovation, smart grid improves electricity services in terms of substantiality, economics, efficiency, and reliability. This owes to the bi-directional communication property which not only enables the fine-grained energy usage data to be available for different entities but also facilitates the automated grid management. However, sharing such energy usage data with other parties could potentially cause the leakage of customers’ sensitive information. In addition, the data are vulnerable to be tampered with by any internal or external attacker such that the value of data could be destroyed. Therefore, it is crucial to preserve customers’ privacy and provide authenticity and verifiability while sharing energy usage data with other parties. In this paper, we propose a bilinear-map accumulator based redactable signature scheme (RSS-BMA) which allows customers to safeguard their privacy while guaranteeing the verifiability of shared data. Furthermore, the batch-data-block verification property of our design enhances not only efficiency but also security by prohibiting additional redaction to a batch of data blocks. We analyze the efficiency and security of our proposed scheme extensively, and the results indicate our construction is more practical than others.

Yudi Zhang,Debiao He,Mohammad S. Obaidat,Pandi Vijayakumar,Kuei-Fang Hsiao

DOI: https://doi.org/10.1109/jsac.2020.3020656

IF: 16.4

2020-01-01

IEEE Journal on Selected Areas in Communications

Abstract:The rapid development of the Internet of Things (IoT) has led to the emergence of more and more novel applications in recent years. One of them is the e-health system, which can provide people with high-quality and convenient health care. Meanwhile, it is a key issue and challenge to protect the privacy and security of the user's personal health record. Some cryptographic methods have been proposed such as encrypt user's data before sharing it. However, it is complicated to share the data with multiple parties (doctors, health departments, etc.), due to the fact that data should be encrypted under each recipient's keys. Although several $(t,n)$ threshold secret sharing schemes can share the data only need one encryption operation, there is a limitation that the decryption private key has to be reconstructed by one party. To offset this shortcoming, in this paper, we propose an efficient identity-based distributed decryption scheme for personal health record sharing system. It is convenient to share their data with multiple parties and does not require to reconstruct the decryption private key. We prove that our scheme is secure under chosen-ciphertext attack (CCA). Moreover, we implement our scheme by using the Java pairing-based cryptography (JPBC) library on a laptop and an Android phone. The experimental results show that our system is practical and effective in the electronic personal health record system.

S. Satheesh Kumar,Manjula Sanjay Koti

DOI: https://doi.org/10.1007/s13721-021-00329-z

2021-08-12

Network Modeling Analysis in Health Informatics and Bioinformatics

Abstract:In recent decades, broad range of Internet of Things (IoT) technologies are deployed such as machine to machine communication, Internet Technologies (IT), robots, smart devices, and wireless sensor networks. IoT is a spectacular technology in the modern world of IT in which the objects can do data transmission and connect using the intranet or internet networks. Data security and privacy is one of the top most challenging issue where several researchers are showing interest that to especially in healthcare domain. For this reason, a hybrid combination of Elliptic Curve Digital Signature Algorithm (ECDSA), Rivest Cipher 4 (RC4), and Secure Hash Algorithm (SHA-256) is proposed for protecting the reliable data which is transmitted from the IoT based healthcare systems. In the proposed model, the ECDSA is used for improving the RC4 in which the encryption of key is processed by ECDSA for performing the XOR operation in RC4. Furthermore, the security is ensured by transforming the incoming data using the SHA-256 technique. Experimental results show that the proposed model outperforms for 10 MB of data in terms of encryption time that obtained as 631 ms, decryption time is 616 ms, and throughput obtained by the proposed models is 11.71 MB/ms when compared with other existing techniques such as ECC+3DES+SHA-256, RC4+AES+SHA-256, and ECC+RC2+SHA-256.

Libing Wu,Zhiyan Xu,Debiao He,Xianmin Wang

DOI: https://doi.org/10.1155/2018/2595273

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:With the application of sensor technology in the field of healthcare, online data sharing in healthcare industry attracts more and more attention since it has many advantages, such as high efficiency, low latency, breaking the geographical location, and time constraints. However, due to the direct involvement of patient health information, the privacy and integrity of medical data have become a matter of much concern to the healthcare industry. To retain data privacy and integrity, a number of digital signature schemes have been introduced in recent years. Unfortunately, most of them suffer serious security attacks and do not perform well in terms of computation overhead and communication overhead. Very recently, Pankaj Kumar et al. proposed a certificateless aggregate signature scheme for healthcare wireless sensor network. They claimed that their signature scheme was able to withstand a variety of attacks. However, in this paper, we find that their scheme fails to achieve its purpose since it is vulnerable to signature forgery attack and give the detailed attack process. Then, we propose a new certificateless aggregate signature scheme to fix the security flaws and formally prove that our proposed scheme is secure under the computationally hard Diffie-Hellman assumption. Security analysis and performance evaluation demonstrate that the security of our proposal is improved while reducing the computation cost. Compared with Pankaj Kumar et al.'s scheme, our proposed scheme is more efficient and suitable for the healthcare wireless sensor networks (HWSNs) to maintain security at various levels.