Security enhancement of the access control scheme in IoMT applications based on fuzzy logic processing and lightweight encryption

Abstract

AbstractSecurity of Internet-of-Medical-Things (IoMT) networks has evolved as a vital issue in recent years. The IoMT networks are designed to link patients with caregivers. All reports, data, and medical signals are transferred over these networks. Hence, these networks require robust and secure access strategies for patients to send their vital data or reports. Hence, hacking of these networks may lead to harmful effects on patients. One of the vulnerable points to hacking in these networks is the access point. Access to these networks could be performed with biometrics. The popular biometric traits for this purpose are biomedical signals such as Electrocardiogram (ECG) signals, as they are continuously monitored and measured for patients. A common thread between all biometric authentication systems is the possibility of losing the biometric traits forever if hacking attempts manage to concur the biometric template storage. A new trend in the field of biometric authentication is to avoid the utilization of original biometrics in access control processes. A possible alternative is to use cancelable biometrics instead. Cancelable biometrics can be generated through encryption schemes or non-invertible transforms. This paper adopts both strategies in a unified framework for cancelable ECG signal recognition that can be used in the access step of IoMT networks. The proposed framework begins with applying a non-invertible transformation on the ECG signals through fuzzy logic to change the dynamic range of the signals. As this process is non-invertible in nature, it prevents the recovery of the original ECG signals from the processed versions, which is the main target of cancelable biometric systems. After that, lightweight encryption through XOR operation with user-specific patterns is implemented. Here, the high complexity of full encryption schemes that need a large processing burden is eliminated. The addition of the encryption stage enhances the security of cancelable biometric traits, allowing a hybrid nature of the proposed cancelable biometric framework through the merging of non-invertible transforms and encryption algorithms. Moreover, an FPGA hardware implementation is introduced for real implementation of the proposed ECG-based cancelable biometric recognition framework. This hardware can accompany the user to allow access of the IoMT network when requested. Experimental results show a promising performance of the proposed framework with a large Area under the Receiver Operating Characteristic curve (AROC) of 99.5% and an Equal Error Rate (EER) of 0.058%.