1 Introduction

1.1 Motivation

oHT (Internet of Healthcare Things) has gained a lot of popularity in recent years among applications in the medical industry. The concept of Internet of Healthcare Things is defined as the discipline of Internet of Things (IoT) wherein sector of healthcare network is involved in particular. It integrates multiple healthcare system devices, healthcare data systems, and healthcare monitoring applications. The combined system enables seamless connectivity, management and analysis of the recieved information of the patients to enhance overall execution of the healthcare systems. Precisely, IoHT involves the real time health data collection from the patients remotely or in a mode of clinical setting. It facilitates the exchange of information to the parties of the healthcare network including caregivers, providers, or other related entities. The primary importance of the healthcare data is that it can be used for health monitoring, diagnosis, chronic illness management, plans of personalized treatment, and other research purposes.

Wireless Communication Network (WCN) is used by healthcare organizations to coordinate people and medical devices. To make medical healthcare convenient, IoHT provides the advantage of addressing and monitoring the health of patients from a distance. Therefore, by using the IoHT system, well-maintained and precise diagnoses are adapted. As far as financial expenses are concerned, it is anticipated to save about $300 billion a year in cost [1,2,3].

With the current global pandemic COVID-19, the IoHT network provides access to monitor patients remotely. It has proved effective for those who require emergency care from a distance to maintain isolation as described by the COVID protocols. By utilizing advanced diagnostic tools, the IoHT network decreases the need for in-person consultations and thereby improves the standard of healthcare.

With the advancements of the IoHT network, dynamic scheduling, telemedicine, home care, and monitoring are all made possible. The introduction of artificial intelligence in IoHT has created a boost in semantic understanding and sensory capability. IoHT systems leverage medical equipment and services to enhance the user experience in the form of the best possible source, service, time, and diagnosis management [4]. One of the influential concepts that is credited with elevating the global standard of living is the adoption of the IoHT system. The aspect of security is of uttermost importance and therefore poses one of the most significant challenges in the IoHT domain. Consequences of inadequate security include invasions of security and privacy attacks that cause delayed interruption, eavesdropping, and illegal access. The data security in the IoHT has received immense attention. Therefore, security at various stages, including data monitoring, data acquisition, data transmission, data diagnosis, and data storage is required to be protected [5,6,7].

1.2 Related work

To meet the security essentials of the IoHT network, several conventional security measures were incorporated. Traditional security solutions, however, cannot ensure appropriate and complete security due to system constraints including power consumption, extremely low latency, dependability, and accuracy. To strengthen the physical security of the IoHT network against node replacement and node manipulation threats, a two-stage authentication mechanism is proposed in [8]. There are three types of nodes in this network. The first type is the node of the patient, the second is the sink node, and the third is the node of the server. The sink node connects the patient node to the healthcare cloud server and commences the authentication procedure. The authentication process is divided into two steps. The first step begins between the sink and server nodes. The second stage of authentication is carried out by the sink node and patient node.

In [9], the Convolutional Neural Network (CNN) prediction model is used to examine the security performance of the IoHT network. The four convolution layers and four inception branch blocks constitute the model. The models use the existing healthcare data and extract its data features. The model employs Secrecy Outage Probability (SOP) to analyze security performance. The approach reduces the Mean Squared Error (MSE) by 20%. A technique of secret sharing and data mending is provided in [10] to secure data acquisition in the IoHT system. The Slepian-Wolf Coding (SWC) is used in the sharing mechanism. For data storage, multiple cloud servers are used. With the aid of a patient access control approach, these servers provide collaborative creation of patient data sharing with healthcare professionals and healthcare centers.

The KATAN secret cipher method in IoHT is used to demonstrate safe data acquisition [11]. KATAN refers to a specific block cipher in the KATAN family, which is designed to be compact and efficient. There are four tiers in the network. The IoT network sensors constitute the top layer. The fog layer is the second one. The cloud computing layer comes in at layer three, and the healthcare provider follows at layer four. The two methods employed in the first two layers are the secret cipher share algorithm and the hardware-based cipher algorithm. Data privacy is offered through the KATAN algorithm, which is predicated on secret cipher sharing. At the cloud computing layer, the distributed database method is employed to secure the patient’s personal data. In [12], the signature technique is used to improve the confidentiality and security of healthcare data acquisition. To increase privacy, noise is added to the acquired healthcare data.

For data integrity and data authentication, an edge server is used in [13]. Before sending the health data to the edge server, data is encrypted to protect privacy. Decryption is carried out by the cloud server to ensure data availability. According to [2], the identity management methodology improves IoHT security. The method entails mapping the credential information of the user. The information of the credentials is encrypted using a hashing algorithm attribute-based encryption. While creating an account, the output token is created using Elliptic Curve Cryptography (ECC). The fog node controls the key verification identity management. A password strength assessment mechanism is used to investigate password-based security issues [14]. The method employs the personal data of the user to evaluate password strength and select a password with a greater level of security.

For the IoHT network, the security framework is examined by the Identified Security Attributes (ISA). The decision-making utilizes the Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) and analytical hierarchical procedure. Two processes together form the security framework. In the first process, weight attributes are derived using an analytical hierarchical approach, and in the second process, security criteria are assessed using the TOPSIS methodology [15]. In [16], the blockchain-based technique is used to increase IoHT security. The health information of the user is obtained by an Unmanned Ariel Vehicle (UAV). The closest server to the UAV is chosen for the data storage. Two procedures are followed by the authentication. Encryption is the first step, and blockchain is the second. By using tokens to establish communication, the UAV subsequently sends the shared key to the body sensor hives. The health data is then stored by the UAV using blockchain.

A trigonometric map-based cryptosystem is used to securely communicate the medical image data. To determine hamming distance, the cryptosystem creates the first three keystreams from the most recent trigonometric map. On the output distance vector and keystream, the bit XOR concept is used. The encrypted image is created by bit XORing the output from the prior operation with the generated vector [17]. The trust-based security is defined as the approach of securing the network based on the estimated trust. For IoHT network, the trust based security involves the security of the network based on the level of the trust achieved by the entities of the network. To incorporate such mechanisms trust models are used to estimate security strengths determining the level of the trust. In [18], trust assessment is carried out via the technique of artificial neural networks. By combining the evaluation of parameters such as compatibility computation, packet delivery computation, node identification, and trust computations of dependability, the degree of trust is assessed. The encryption system uses a combination mechanism that uses the safe hash algorithm and ECC.

To provide security to the electronic health data, an effective IoT-enabled watermarking technique while addressing the conflicts of ownership, data integrity, data confidentiality, and data privacy [19]. In [20], a blockchain-based mechanism has been incorporated with a hybrid computing paradigm to ensure security with low latency, devoid of single-point failure, and low storage cost in the network of IoHT. The methodology involves ring-based access control with selective decentralization such that the records of the patient and the device authentication remain preserved. In [21], a privacy-preserving forward algorithm has been incorporated to enhance security in IoHT. The mechanism enables monitoring in the cloud for the remote healthcare network. It involves the Hidden Markov Model (HMM) for monitoring with a single server. In [22], privacy preserving optimization scheme has been incorporated to provide a secured clinical pathway in the network of healthcare. The information is communicated without the revelation of the personal information of the patients including gender, age, and name, nor the information of the hospital records including disease type, medication, treatment, estimated expenses, and physical index. Table 1 provides a broad outline of the latest methodologies incorporated to enhance the security of the IoHT network. It involves mechanisms based on specific objectives such as cryptographic techniques, intrusion detection system methods, authentication protocols, and enhanced secure data transmission procedures. It is made evident how these tactics help to safeguard sensitive medical data and maintain system integrity by these methodologies in the IoHT network.

Table 1 Most recent security enhancement methodologies in Internet of Healthcare Things
Full size table

Existing IoHT security models often use static methods that fail to address evolving threats. This paper introduces a dynamic, trust-based framework, advancing theoretical understanding and offering practical benefits for applications like remote medical procedures and health tracking. It significantly enhances both theoretical and practical aspects of IoHT security, addressing current and future challenges.

1.3 Novelty

In this paper, an extensive survey on the security in IoHT is focused on. The related recent work on the attack possibilities and their countermeasures in the IoHT has been investigated. Overall, the prime contributions of the paper are given below.

  • The security architecture of IoHT has been identified.

  • The recent methodologies, their performance parameters, and attack types in IoHT are well-investigated.

  • The most fundamental challenges in the security of IoHT are well elaborated in the paper.

  • To improve and preserve the overall security of the IoHT network we have proposed the intelligent trust-based scheme in IoHT.

1.4 Organization

The paper is organized as follows. Section 1 presents the introduction. Section 2 describes the architecture of IoHT based on the security perspective. The process flow in the IoHT is well discussed in Sect. 3. The open challenges in the security of IoHT are well illustrated in Sect. 4. The proposed system to enhance the security in IoHT is presented in Sect. 5. Section 6 describes the future research directions given security in IoHT. Security standards in IoHT are discussed in Sect. 7. To the closure of the paper, the conclusion is given in Sect. 8.

1.5 Ethical considerations

The proposed security framework categorizes ethical principles in the form of data confidentiality, information consent, and the bias mitigation. The patients or the applicants for data collection are informed about the objectives, threats and benefits of this research work. The primary importance is given to the consent that is required to be obtained before the data collection of the patients or applicants. Data confidentiality and privacy is maintained such that personal information is not compromised and is used only for research purposes. The methodology incorporates measures not to include data that may involve any sort of bias in trust level estimates, to guarantee equity and fairness in trust level estimation of the node.

2 System architecture of IoHT

Irrespective of the numerous applications of the IoHT network, there are certain challenges associated with it. Providing security in the network of IoHT is one of the prime challenges required to be fulfilled. The network of IoHT is susceptible to numerous attacks as far as different levels of the network are concerned. The overall architecture with a security perspective of the IoHT architecture is shown in Fig. 1. It illustrates the architecture of the IoHT network wherein medical devices in the form of sensors, medical servers, cloud servers, healthcare applications, and healthcare experts are interconnected using network infrastructure. The figure also represents the possible attacking scenario in the IoHT network to show the possible vulnerable sites of the IoHT network. The basic architecture of the IoHT consists of a 3S-level system. It includes sensor-level network, server-level network, and service-level network. Each of the levels in view of security is briefly discussed below:

Fig. 1
figure 1

System architecture of IoHT network with the possible attacking scenarios

Full size image

2.1 Sensor level

All the medical devices and numerous types of sensors such as heart rate sensors, temperature sensors, and position sensors form the primary base of the IoHT architecture. These devices support different types of network topologies depending on the corresponding specifications and standards. The devices and the sensors are used to detect and measure the changes in environmental, physiological, and substantial quantities. These sensors and devices sense and gather the data for further processing.

At the sensor level, the limitations of resources provide inadequate support in guarding and providing an efficient security mechanism against potential attackers. Therefore, increases the threat of security attacks at the device and sensor level. Various types of attacks are possible at the device and sensor level in the architecture of the IoHTs. These attacks include Sybil attacks [49], eavesdropping, physical attacks [5], forgery attacks [50], side-channel attacks, remote hijacking, false data injection attacks [51], distributed denial of service attacks, eavesdropping, impersonation and spoofing attacks[52].

2.2 Server level

The data sensed by the devices and sensors are communicated to the servers through wireless body area networks including Bluetooth, Zigbee, and WiFi standards. The servers act as a data storage unit. The storage and processing at the cloud perform various functions such as ultimate data aggregation, data analytics, and data inference. The utilization of the cloud provides the solution to the processing of huge data volumes. Thereby, providing efficiency in terms of compatibility with off-shelf analysis, affordability, scalability, and performance as a whole. Cloud storage in particular offers permanent storage services that can prove beneficial for the cases of history-based data analytics. The data is further processed by incorporating advanced intelligent algorithms to decide as per the visualization and representation of the received data.

The use of the cloud in the IoHT offers off-site data storage. However, the security challenges offered by the cloud create serious security threats. The breakthrough in the servers creates breaches and therefore menaces in terms of integrity, confidentiality, privacy, and secrecy. The emergent risks in the latest intelligence-based attacks have a major impact on the security network of IoHT and therefore, must be addressed with efficient and effective potential solutions. The latest attacks possible at the server level includes quantum attack [53], dictionary attack [54], collision attack [11], User to Root (U2R) attacks [55], machine learning attacks [56], Man in the middle attack [57], exposure attacks [58], insider attacks [59, 60], and routing attacks [61].

2.3 Service level

The data analytics of the received data is evaluated by intelligent algorithms for the appropriate prediction of healthcare events such as disease detection, clinical diagnosis, medical decision support, need for immediate medical attention, medical emergencies, and health monitoring evaluation. The inference with intelligence in the IoHT to provide corresponding service and attention enhances fundamental and necessary decision support to healthcare professionals. The service level incorporates enhancement in the computational, availability, and execution capabilities. The inherent sensitivity of health data, the highly dynamic roles of stakeholders, the heterogeneity in Electronic Health Records (EHRs), and potentially dire implications from failures are just a few examples of the domain-specific challenges in IoHT services.

The challenges in the network of IoHT services raised favorable sites for the attacker that paved the way for numerous security attacks. The most recent attacks at the service level include key logging attack [14], ‘physical medical devices capture attack [62], impersonation attack [63], bad-mouthing attack, good-mouthing attack, on–off attack [64], inside attacks [65], address resolution protocol spoofing attacks [39], reuse attack, replay attack [26], injection attacks [66], tracking attacks [67], jamming attack [68], and chosen ciphertext attack [69], and botnet attacks [70].

3 Process flow of intelligent IoHT

Various methods were followed to incorporate intelligence in IoHT [71,72,73,74,75,76,77,78,79,80]. In this section, a general adaptive and intelligent mechanism in IoHT is investigated. It involves the methodology followed in IoHT to provide a clear idea of the operation. The process in IoHT involves a three-layer methodology. The first layer is the layer of devices. The second layer is the layer of communication and the third layer is the layer application process layer. The over all layered structured of IoHT is shown in Fig. 2. It depicts the layer-based architectural network of IoHT system. It outlines 3 layered structure including layer of devices, layer of communication and layer of processing. Each layer is illustrated with the specific role and integrations within the system with a clear understanding of process flow in the IoHT network.

Fig. 2
figure 2

IoHT system in the context of the layered architecture

Full size image

3.1 Layer of devices

The layer of devices performs the data acquisition from the devices at the user end. The devices include different types of sensors for example temperature sensor, heart rate sensor, oxygen saturation level sensor, and so on. The data sensed by the sensors undergoes pre-processing before transmitting it to the communication layer. The pre-processing involves the analysis of data such that the data is transformed into a specified format for effective and easy handling and computation. The processed data is then transmitted to the layer of communication.

3.2 Layer of communication

The layer of communication incorporates the procedure of transmission to the application part. The transmission of the data can be incorporated via a base station or through other wireless communication technologies. These wireless communication technologies include Bluetooth, Wireless Fidelity (Wi-Fi), Zigbee, Light Fidelity (Li-Fi), and radio frequency mobile communication. The fundamental operation of this layer is the transmission of the appropriate data to the application processing layer.

3.3 Layer of application processing

The layer of application processing involves the analysis of the retrieved sensed data. The assessment of received data defines the allocation of suitable applications such that the patients are proactively connected to the medical attention. The layer offers the visualization of the patient to connect with the end service providers including ambulances, hospitals, medicine supply chains, and the attention of medical professionals.

4 Security standards

This section describes the security standards for the IoHT found in the international norms. Data information, the sensor devices, and the networks including servers are the thrust areas that fall under the aspects of security. There are numerous ways to implement security in Information and Communication Technology (ICT). In contrast to the conventional ICT architectural notion, the architectural element takes security architecture into account to safeguard an IoT and IoHT system. To provide a high-level understanding of IoHT security, an architecture is developed. The protection of the data occupies prime importance in the IoHT network. The data acquired from the sensor, data to be transmitted in the network, and data meant for controlling actuators operate life-critical execution. Therefore, the safeguarding of the data in the IoHT must be ensured with utmost accuracy. This aspect encompasses several IoT data protection techniques, including encryption, key cryptography, replay protection, authenticity, and secrecy. The framework element offers standardized procedures for creating and implementing IoHT systems that have security-related problems. Various security-related general topics and considerations are covered by several international standards. This aspect has to do with standards that offer information on the general implementation and applicability of the IoHT system.

For the implementation of IoHT environment, networks connecting IoHT units are crucial. The network factor is connected to secure transport challenges from a security standpoint. The protocol factor, however, also contains standards about network protocols because we considered the network protocol to be a separate element. The policy element relates to standards for organizations, laws, and policies that deal with security in the IoHT system. Standards relating to privacy include numerous perspectives and details on several subjects that compensate the core standards in terms of network protocol, platform, and use case. The protocol is connected to network protocol-related standards that offer secure communication in IoHT. For particular IoHT domain, network protocols, and platforms, relates to authentication, authorization, and access control. Application instances for various IoHT contexts with security-related problems are provided by several standards. There are two possibilities for addressing the standards in IoHT. The security framework to define the standards in IoHT network is The first possibility is the choice of standards for interoperability and the second possibility is the standard for both security and interoperability. In addition, Fig. 3. shows the overview of security standards in IoHT. The security standards as per various elements are characterized into the following categories [81,82,83]. The description for each of the standards is given as follows:

Fig. 3
figure 3

Security standards in the IoHT framework representing standards with their corresponding target parameter

Full size image

4.1 IEEE 1888.3 standards

The IEEE 1888.3 standards state the requirements of security and privacy for pervasive control network protocol. The network satisfying these standards provides secure mechanisms with high energy efficiency and Quality of Service (QoS) for the IoHT and IoT network in general. The standard offers various architectures and architectural components that are required to satisfy the criteria of security. The criteria of security specified by the standard include confidentiality, integrity, authentication, and access control. Additionally, the standard specifies security mechanisms included in handshaking, access control, and communication sequence authentication.

4.2 National Institute of Standards and Technology (NIST) security framework

The security standards and framework offered by the NIST emphasize the major areas to find the security requirements that can be potentially adapted to the communication network of IoHT. The NIST cybersecurity framework involves the standards for industry, organizations to balance the cybersecurity risks due to infrastructure. IoHT is also considered as part of such critical infrastructure and therefore offers cybersecurity outcomes, activities, and informative references to develop the individual organizational profile. The NIST privacy framework offers the identification of the privacy risks and protection of the privacy of the individual in an organization network of IoHT. NIST SP 800-53 offers the privacy and security controls of the data and information of the system network. NIST SP 800-53R offers the management of availability, integrity, and confidentiality of the information of the communication network such as the network of IoHT-based environments.

4.3 IEEE-SA standards

There are various network-related standards from IEEE-SA. The IEEE 802 family of standards for Local Area Network (LAN) and Metropolitan Area Network (MAN) includes several wireless network and wired network protocols. In an IoHT communication environment, wired network technologies are still in use, and network protocols adhere to many of the same standards. IEEE 802.11 defines the standard for Wi-Fi and IEEE 802.15.4 defines the standard for Bluetooth, Wireless Highway Addressable Remote Transducer Protocol (HART), ZigBee, Thread, IPv6 over Low-power Wireless Personal Area Networks (6LoWPAN), and Z-Wave. However, since these standards can facilitate data interchange in the IoHT network, therefore, these protocols can address the issue of transport interoperability.

4.4 IETF standards

The IETF standardization provides services in security and interoperability without the consideration of internet standards. For the scenario where the level is evaluated as high, the provisions of RFC (Request for Comments) are converted into the desired description of the internet. First, we conducted a conventional track analysis of the RFC series. The RFC-8323 provides the protocol definition for IoT through TLS, WebSocket, and TCP in the form of Constrained application protocol (CoAP). Limited devices can connect via CoAP because it was built for constrained devices. Additionally, CoAP can be used to connect devices in low-power, lossy networks, and other restricted networks.

4.5 ISO/IEC standards

A paradigm for interoperability inside IoHT systems and an understanding of interoperability for IoHT systems were the main issues of ISO/IEC 21823-1:2019. As a result, ISO/IEC 21823-1:2019 offers many components and traits enabling IoHT interoperability. An aspect model for interoperability is provided by the standard, and it is categorized into five types: transport type, syntactic type, semantic, behavioral, and policy. The shared communication infrastructure that allows IoT units to exchange data is the transport interoperability component.

4.6 ITU-T standards

International Telecommunication Union—Telecommunication (ITU-T) Standardization Sector arranged its standards into a series from A to Z under several headings. Series Y, in particular, is a collection of suggestions for the Internet of Things (IoHT as the case study), Internet protocol characteristics, and next-generation networks. Moreover, series X (security, data communication network, communication framework in an open system) and series F (services offered by communication in a non- telephonic environment) are linked with the guidelines of the IoHT communication environment. ITU-TY.4000/Y.2060 refers to the standardization of IoHT and IoT in ITU-T. The scope, concept, reference, and high-level requirements in IoT are present in this version of the standard. The standard ITU-TY.4000/Y.2060 defines the two fundamental conditions including interoperability and security in IoT and IoHT.

4.7 OCF standards

In February 2020, the Open Connectivity Foundation (OCF) published the most recent internal standards (specification vide 2.1.1), which includes sixteen various complications. The OCF specification provides the foundation for ISO/IEC 30118-1:2018. All devices using the OCF framework must adhere to the OCF Core Specifications (OCF-CS), which encompasses the whole OCF framework. The standard includes some interoperability elements because it specifies the fundamental architecture, user interfaces, communication protocols, network, framework of resources, and offered services for OCF execution in IoT contexts including IoHT.

4.8 M2M standards

The Machine-to-Machine (M2M) technology is a core component of the IoHT system, therefore M2M standards are also analyzed. In Technical Specification 0003, Version 3.11.0 (TS-0003V3.11.0), appropriate security-associated solutions for oneM2M-based systems are described. The standard goes into great detail to describe security-related factors, such as security schematic, authorization, security offered services and security affiliated interaction, security-related parameters, algorithms, protocols, and privacy protection architecture. The secure communication scenario is expressed in TS-0003-V3.11.0 and is further abstracted in TS-0016-V3.0.2. A secure environment offers a logical entity that provides a connection to the sensitive functionalities and the corresponding data to be approved in one M2M entity and protects them against tampering, unauthorized monitoring, or execution. The abstraction standard, in particular, concentrated on the declaration of the corresponding interfaces and mechanisms in a secured communication scenario with the direct technical schematic.

4.9 ISO 25237:2017, ISO/IEC 27701, ISO/IEC 27002

The International Organization for Standardization (ISO) standard referenced offers several methods, such as pseudorandomization, of the data to anonymous data in the healthcare industry. By modifying the criteria, healthcare organizations can share medical records for research without endangering patient privacy, and patients can trust them.

5 Open challenges in the security of IOHT

There are various challenges identified in the security of the IoHT network that are required to be addressed [7, 71, 72, 84,85,86,87,88,89,90]. The list of open key challenges in the security of IoHT is shown in Fig. 4. These challenges are discussed below:

Fig. 4
figure 4

Open key security challenges in IoHT network

Full size image

5.1 Latency

The huge healthcare data volume creates a drastic impact on the factor of latency. Moreover, the systems of IoHT involve end-to-end processing and transmission which increases the delay in the network. Several security enhancement mechanisms were defined in IoHT. Besides, creating a balance between latency and security is still an open challenge. Therefore, security schemes especially for time-critical applications such as telesurgery are required to fulfill the demand for security with minimum latency.

5.2 Complexity in security schemes

Complexity is one of the challenging parameters in IoHT. Moreover, the employment of security methodologies such as cryptographic techniques in IoHT increases the complexity of the network. The complexity affects the storage capacity, resource consumption, availability, quality of service, and process management of the IoHT network. Therefore, an efficient security mechanism for the IoHT with low complexity is required to be developed.

5.3 Real-time security status

The security of the IoHT network is required to be examined continuously such that the status of the security remains up-to-date. However, continuous examination of the whole network is a cumbersome process and requires more battery consumption. Besides, determining the security status of the network at regular intervals can pose a security threat to the IoHT network. Therefore, real-time security examination of the IoHT network is an open issue and required to be optimized.

5.4 Accuracy and computation time

It is considered one of the primary parameters of the security mechanisms based on artificial intelligence. It defines the correctness of the security mechanism such as in intrusion detection schemes appropriateness of distinction between the valid node and an invalid node is defined by the accuracy. Maintaining a high accuracy with a large volume of data for the existing attacks is a considerable threat that needs to be addressed.

5.5 Limited resource

The IoHT involving body area network relies on limited power such that the energy incorporated during processing is less. The wearable IoHTs are required to have sufficient power to execute for a longer duration. Especially for IoHT-based implants, the required active time is preferably longer as the replacement of them is painful and costlier. Moreover, the size of the IoHT is comparatively small with restricted memory and limited power. Security mechanisms are required to execute with small power and memory. The current security schemes are large and to operate well with constraints is quite challenging.

5.6 Heterogeneity

The IoHT involves a wide variety of applications. These applications encompass a wide variety of device classes. The devices vary in properties and exhibit different regulatory requirements. Applying the same security mechanism on different classes of devices is likely to create an adverse impact on the security of the network. Therefore, specific application-based security schemes are required to be suggested.

5.7 Mobility management

The devices in IoHT are operated in a dynamic environment. Mobility plays an important role in the security of the communication network. The interferences due to mobility create distracted communication which ultimately affects the security of the network. Furthermore, the IoHT occupies a diverse nature of mobility speeds. Considering different mobility speeds while analyzing security is an important challenge and is required to be addressed. Therefore, Security schemes with the consideration of the varying mobility in the IoHT network are desirable.

5.8 Resiliency

The security schemes are required to be resilient such that the errors in the mechanism are not able to create a drastic impact on the decision. The schemes are required to be able to recover the error at a high pace without any effect on the network of IoHT. Designing the security schemes with the property of resiliency is an open challenge.

5.9 Artificial intelligence-based attacks

Artificial Intelligence (AI) based attacks in the IoHT network is a new research direction that requires immense attention. The application-specific attacks based on AI in IoHT can create a serious threat wherein minute disturbances devised by the attacker on the devices of the network can prove extremely catastrophic. Therefore, countermeasure strategies for such attacks are required to be formulated.

5.10 Intrusion prevention schemes

The security of the IoHT can be improved by the methodology of intrusion prevention schemes. These schemes are required to be able to eliminate the effect of the attacker and continue the function of the system without failure. Moreover, a security mechanism must be capable of enhancing the security of the network and counter-attacking the detected intruder. However, based on the tiny protocol stack the adaptation of the intrusion prevention or security enhancement schemes is an open challenge.

5.11 Communication channel

The communication medium in IoHT is the wireless channel incorporating a diverse range of wireless technologies such as Zigbee, WiFi, Bluetooth, Worldwide Interoperability for Microwave Access (WiMax), Global System for Mobile Communications (GSM), Z-Wave, etc. Due to the wireless nature of the technology, traditional security methods become obsolete. Building a complete security mechanism or protocol that will work for both wired and wireless technologies while meeting strict security criteria is quite challenging. Additionally, the wireless channel inhibits the broad nature and, therefore is vulnerable to security attacks.

5.12 Dynamic security updates

The security protocol must be regularly updated to offer adequate security in IoHT infrastructure. Executing an advanced and adaptive security model is a challenging task. The security models that are capable of fulfilling the security requirements of the latest and upcoming IoHT systems are a matter of concern.

5.13 Scalability

The number of sensors employed in IoHT or smart healthcare systems is rapidly increasing. Therefore, more massive proportion of devices will interface with the global network. As a result, it is difficult to implement an enormously scalable security mechanism while meeting complex security criteria.

5.14 Multi-protocol networks

The communication network in the infrastructure of IoHT involves the interconnection of several smart devices while operating a proprietary network protocol. It includes the connection of smart IoHT devices over IP networks. Therefore, with the existing protocol network, satisfying all the security requirements for the diverse and dynamic IoHT system is quite challenging.

The overall challenges in the security of IoHT are specified in Table 2. This table provides the overview of prominent security challenges in IoHT network. It involves authentication vulnerabilities of IoHT network, data privacy concerns, data integrity threats, and overall network security attacks in IoHT. Each of the challenge is defined with its possible effect on the network of IoHT.

Table 2 Recent and prominent challenges in the security of IoHT
Full size table

6 Proposed system model

There are various security-challenging parameters required to be fulfilled in the IoHT network as mentioned in the previous section. To provide an improvement in the security of IoHT while considering these challenges we have proposed a trust assessment framework for IoHT. The proposed framework achieves the security prerequisites required by the network of IoHT. The security issues addressed by the proposed trust level mechanism are illustrated as follows:

  • Trust management decreases the vulnerabilities due to services offered by the vulnerable nodes.

  • Intrusion detection based on the signal strength, communication channel variation, and communication overload can be easily detected.

  • The allocation of services according to the degree of trust enables security by enhancing the decision-making process between the nodes of the communication network.

  • The security issues due to the trust on the connecting nodes or in other words, mismanagement of the trust are well addressed by the proposed model. The estimation of degree of trust enhances the security of the overall network by managing the degree of trust among the devices.

The proposed system model is shown in Fig. 5. The proposed framework is divide into three phases.

Fig. 5
figure 5

Proposed system model with trust level security framework

Full size image

6.1 Parameter estimation

This phase provides the estimation of security parameters for the nodes participating in the network of IoHT. As far as the data of the patient is concerned, the node interaction is required to be trustworthy. Trustworthiness is defined by three.

parameters such as breach history, secrecy capacity, and energy efficiency.

Illustration The process of estimating the parameter values of the model from the different feature data is called parameter estimation. Different features that significantly impact trust and overall security are taken into consideration. Based on the data estimated for the IoHT network various parameter values are estimated such that the trust model is trained as per the estimated data.

6.1.1 Breach history

It is defined as the violation of the security requirements such as the availability of confidential information to the untrustworthy user or spoofing of ID or resources. In the network of IoHT, possible breach sites have tremendously increased due to the improvisation of the cloud network, multi-cooperative communication, and personal user information availability. In 2020 COVID-19 has severely affected security in every part of the world. Due to multiple registrations for medical attention, scams were increased by 400% in March. Breach history depends on the number of registrations done by the patients at any portal with open access.

Illustration The parameter of breach history at time \(t\) for the \(k^{th}\) node is defined as:

$$ B_{h} \left[ {k,t} \right] = \sum P_{n} \left( {n\left[ {k,t} \right] \in \left[ {0, 1} \right]} \right) $$
(1)

where \(n\) is the registrations of nodes having breach history, \(P_{n}\) as the probability for \(n\) number of registered nodes. Therefore, for the \(kth\) node, the breach history is evaluated as:

$$ B_{h} = \left\{ {B_{h} \left( {1,1} \right), B_{h} \left( {2,1} \right), B_{h} \left( {3,1} \right), \ldots , B_{h} \left( {n,t} \right) } \right\} \in \left[ {0,1} \right] $$
(2)

The 0 value denotes the node without breach history while 1 denotes the user with breach history.

6.1.2 Secrecy rate

It is considered as one of the important parameters of security. The security of the network is compromised if the capacity of the intruder is more as compared to the capacity of the valid node. The secrecy rate of the participating node(s) is estimated. The secrecy outage probability for the respective node is defined to evaluate the trustworthiness of the participating node of the IoHT network.

Illustration Consider an IoHT network with \(k \) number of users, such that the secrecy rate for the \(k^{th}\) node is given by:

$$ S_{r} \left( k \right) = \left\{ {\begin{array}{*{20}l} {S_{cv} \left( k \right) - S_{ce} \left( k \right)} \hfill & { S_{cv} \left( k \right) \ge S_{ce} \left( k \right)} \hfill \\ 0 \hfill & {elsewhere} \hfill \\ \end{array} } \right\} $$
(3)

where \(S_{ci} = B_{i} {\text{log}}\left( {1 + SNR_{i} } \right)\),\( i = valid user,intruder, S_{r}\) is the secrecy rate, \(S_{cv}\) is the capacity of the valid user, \(B\) is the operating bandwidth, \(S_{ce}\) is the capacity of the eavesdropper.

The secrecy outage probability for the respective greater than or equal to 0.7 is taken as 1 and below 0.7 is taken as 0.

$$ S_{p} \left[ k \right] = P\left( {S_{r} \left( k \right) \in \left[ {0, 1} \right]} \right) $$
(4)

where \(S_{p}\) is the secrecy outage probability.

In other words, secrecy rate is a parameter of data confidentiality. It is a critical parameter of security because it involves protecting sensitive information from unauthorized access and ensuring that only intended parties can view or use it. In the context of network security, especially in the Internet of Health Things (IoHT) framework, secrecy is vital for several reasons such as: maintaining trust, data confidentiality, prevention of data breaches.

6.1.3 Energy efficiency

The trustworthiness of the node is evaluated by the parameter of energy efficiency. The maximum and minimum possible energy efficiency of the respective node at the time instant \(t\) is defined. If the node lies in the range, it is considered trustworthy, and if the node does not lie in the range then it is specified as an untrustworthy node.

Illustration The energy efficiency (bps/watt) of the node is defined as the ratio of the capacity of the user to the power consumed as:

$$ EE\left( n \right) = \frac{{S_{cv} \left( k \right)}}{{P_{c} }} $$
(5)

The maximum energy efficiency is estimated without the inclusion of additional propagation losses while the minimum energy efficiency is estimated with the inclusion of propagation loss. If the estimated lies in the range between the maximum and minimum energy efficiency, the user is allocated with the value 1 otherwise is allocated with 0 value.

Energy efficiency is the parameter based on capacity and power consumed. It is a crucial security parameter because it helps prevent potential vulnerabilities associated with resource depletion and device failures. In the IoHT network, energy-efficient devices are less likely to suffer from rapid battery depletion, which could be exploited by attackers through resource exhaustion attacks. Efficient energy use also ensures stable device operation, reducing the risk of unauthorized access and disruptions caused by frequent shutdowns or reboots. Additionally, by optimizing energy consumption, network stability is maintained, supporting reliable performance and resilience against multiple attacks. Thus, energy efficiency contributes to overall security by enhancing device longevity, maintaining network reliability, and mitigating potential security risks associated with energy constraints.

6.2 Trust estimation

Trust is the primary parameter of network security. Secure communication is established if the nodes are trustworthy. The proposed framework defines three trust levels for the users. The lowest trust level users are not allowed for active communication with other participating nodes of IoHT. Active communication is defined as the participation in data collection from the sensors of the patient or transmission of the collected data or the allocation of the medical application or the availability of the patient’s information. The average trust level users take part in the communication processes such as the availability of patient information, and allocation of medical applications but are not allowed to participate in time-critical communication networks such as telesurgery and are not allowed to participate in decision-making processes such as health care application unit. The highest level of trust users actively participate in the network of IoHT and can take part in multi-cooperative communication. These nodes are highly suitable for time-critical healthcare applications (Table 3).

Table 3 Trust prediction analysis using different algorithms for 6G network
Full size table

The 0 indicates that the breach history for the particular node is not present and 1 indicates that the breach history of the node is present. For secrecy rate, 1 indicates that the user lies in the range of minimum and maximum secrecy rate and 0 specifies that the secrecy rate for the user does not lie in the estimated range of maxima and minima. Similarly, for energy efficiency 0 designates the user does not lie in the range of minima and maxima while 1 indicates that the energy efficiency of the user does lie in the calculated range of minima and maxima. The trustworthiness of the nodes is defined by the parameters given in Table 4.

Table 4 Parameter definitions to determine the trustworthiness
Full size table

6.3 Updation and monitoring

For every time instant \(t\), the parameter for each participating node is updated such that the evaluation of the trustworthiness is revised. Further, the parameters are continuously monitored for change. If any of the parameters shows a change such that the change in the trust level is observed, the corresponding parameter for the node is updated, and therefore, in the consecutive next iterations, security attacks can be detected and removed from the communication network based on trust management. The frequency of updation is executed based on the type of the network applications and the change of the security parameters corresponding to each node of the network. In time-critical applications such as telesurgery, updation must be of shorter duration to ensure alertness and security in the network for any subsequent changes in the behavior of the node. However, for less critical applications, the updation can occur at regular intervals of time with the consideration of the balance between the security and efficiency of the model. The computational overhead with respect to the proposed scheme is essential for balancing the efficiency of the network while maintaining security. One of the prominent impacts on the computational overheads is the analysis of the limited number of security parameters. Secondly, is the frequency of updation and monitoring of the security status of the network. A balance is required to be maintained to ensure security with low computational overheads.

The overall methodology of the proposed framework nvolves the enhancement of the security in the IoHT network. The proposed scheme involves the three step process. The first first process is the parameter estimation. This process incorporates all nodes present in the network such that the security parameters are determined. These parameters are breach history, secrecy rate and energy efficiency. The second process is the estimation of the trust levels determined for the nodes of the network. The trust levels are allocated based on the values of security parameters. This process is followed by the allocation of the services corresponding to the respective levels. If the node is determined to be untrustworthy, it is removed from the network. The lowest trust level users are not allowed for active communication (both transmission and reception). The average level trust nodes take part in active communication, however, time critical applications and multi-cooperative communication is restricted to these users. The high level trust users participate in the multi-cooperative communication wherein nodes can provide the services to other users as well and can be used for time critical applications such as telesurgery. The proposed framework for the IoHT network can be well understood by the step by step process flow given in the flowchart Fig. 6.

Fig. 6
figure 6

Flowchart of the proposed mechanism of trust level mechanism

Full size image

6.3.1 Case study of the 6G network

This case study is about the 6G wireless communication network where trust ranking model can be incorporated. This trust ranking model consists of supervised machine learning model. The model is used to predict the trust ranks based on various attributes. Five trust ranks are considered for the model. The fifth rank shows the highest trust, fourth rank shows above moderate trust, third rank as the moderate trust, second rank as the below moderate trust and first rank defines the lowest trust. Based on the ranks of the trust services can be allotted to the users. For highly confidential services fifth rank is followed. The trust ranking model involves the training of the prediction model using the data attributes based on security parameters of the 6G network. After the preprocessing of the data, the training of the model is followed, such that the model is able to predict the rank of the node present in the 6G network. This allows the security enhancement of the network by allowing the services to the users as per the trust rank achieved. For high trust users confidential services are applicable where as for low trust ranks any possible security vulnerable service is not applicable and transmission of artificial noise is initiated for that user to counteract the possible vulnerability. The overall scenario can be show in Fig. 7. below.

Fig. 7
figure 7

Trust ranking mechanism in 6G network for 5 trust ranks

Full size image

The Table 3 shows the results of case study for 6G network, in which whole communication users are identified in the form of different trust ranks using prediction models. The performance of these prediction models for 5 trust ranks are evaluated in this table. Accurate prediction of the trust rank defines the security of the network as the services are offered based on the allotted trust rank of the user. Similarly, with the same analogy trust levels can be predicted for the IoHT network.

In view of future research three primary considerations can be incorporated to enhance the security of the IoHT network. The first is the consideration of multiple security attributes of the IoHT network such as time complexity, computational complexity, resource availability, non-repudiation, auditability and other relevant possible security attributes. The second consideration of the future research direction in IoHT network is the number of trust levels. More number of trust levels, more will be the bifurcation of the specific services allotted to the users. However, increasing number of trust levels also increases the complexity of the security model. The third consideration is the involvement of deep learing and machine learning prediction models, optimization models, and the environment based reinforcement learning models.

7 Future research directions in security enhancement of IoHT system

The review on the security of IoHT highlights future research directions in various areas of security. Security in wearable healthcare systems is an emerging field and requires more advancement. Security in the data acquisition and storage based on cloud technologies is another research direction in IoHT. Data processing, algorithm efficiency, and artificial intelligence for the enhancement of the security of IoHT can prove extremely valuable. The research directions listed below are a few examples that can be used to improve the security of IoHT systems [7, 78, 91, 92]. The overall visualization and the other possible future directions in the security enhancement of the IoHT system are shown in Fig. 8.

Fig. 8
figure 8

Security based visualization in IoHT representing IoHT network based security threats, countermeasures and pssible future directions

Full size image

7.1 Artificial intelligence

Artificial intelligence is one of the prominent and latest research topics inculcated in the various fields including the security of IoHT. Machine learning, deep learning, and reinforcement learning are the primary approaches to artificial intelligence. The different algorithms of machine learning and deep learning are executed in the form of intrusion detection schemes and intrusion prevention schemes. The whole security network in the IoHT can be further improved by optimizing the artificial learning procedures. The security at various levels of the IoHT system can be enhanced by incorporating security examination at the edge level using the schemes of artificial intelligence.

7.2 Security assessment

The proper standard and implementation to ensure security measurement is not present in the literature. Different research directions focused on the areas of security parameter optimization. Various tools such as adversarial analysis were executed to estimate the security level of the IoHT system. However, these mechanisms do not follow the same level of standards, rules, theories, and assumptions. Therefore, the comparison of these varying mechanisms is not a suitable criterion. Security assessment standard is the latest research direction to analyze the levels of security and privacy in the network of the IoHT system. Security assessment in the literature involves the input of the users using a web-based IoHT system evaluated to assess the security. Though, cryptographic solutions are security enhancement mechanisms these schemes do not provide any benchmark for the security assessment. Thus, vast research is required for the development of efficient security assessment schemes in the IoHT system.

7.3 Blockchain

In the literature, blockchain has been developed for the security of financial records such that the decentralized mechanism is followed. The mechanism involves the dependency of the blocks on one another. The incorporation of the blockchain mechanism in the IoHT system leads to an extensive enhancement in security. The blockchain scenario can be applied to the server level of the IoHT system to provide decentralized data security. One of the fundamental limitations of the blockchain mechanism is that it requires vast resources for computation and, therefore cannot be operated at the sensor level. To counteract such disadvantages, optimization methods are required, and thus can be adapted at the server level to secure the health data and medical records. Permission management given the blockchain mechanism is one of the schemes evolving in the research field of the IoHT system.

7.4 Smart gateways

Considering entry points of the IoHT system as one of the primary aspects of security authorization and authentication. Smart gateway is the new research direction that proves an enhancement of data security. These gateways are impervious to different attacks such as denial of service attacks, man-in-the-middle attacks, black hole attacks, routing attacks, and other attacks on the data. A smart gateway is a potential solution for the improvement of data security. More efficient mechanisms are required for the security enhancement in IoHT using smart gateways.

7.5 5 Protocol standardization

Communication in the IoHT network is critical and, therefore requires a balance between content and speed. Various communication protocols were evaluated for different types of sensors used at the sensor level. Protocol standardization is required to generalize the communication in the IoHT system while using different types of sensors to execute the operation seamlessly. Protocol standardization can be further optimized for the time management of data transmission such that the network is optimized without network congestion.

7.6 Trust management

Trust management is one of the latest research directions in the field of security in IoHT systems. The security of the IoHT network can be improved by the incorporation of a trust mechanism on the nodes such that only trusted nodes are capable of communicating in the IoHT network. One of the major advantages of trust management is that the nodes that are identified as trusted nodes are allowed to process and transmit the data in the network. Optimizing trust management in the IoHT using artificial intelligence is one of the ways to advance security adaptability.

7.7 Optimizing energy

The resources at the sensor level are quite limited. Therefore requirement of resources at the sensor level of the IoHT system is required to be optimized. The solution of optimization involves lightweight security enhancement mechanisms, intelligent priority based communication systems, and optimized design algorithms.

7.8 Need for robust health dataset

The availability of the data in healthcare applications is required to be validated whether in the form of numerical data, images, or videos. The acquisition of the data for example, the data on blood type, sugar level, blood pressure, etc. to form the healthcare dataset consists of different information. The procedures of security enhancement in IoHT that depend on artificial intelligence are critical. Therefore, more updated and robust healthcare datasets are required for the advancement of security in the IoHT system.

7.9 Reliability of 6G with IoHT networks

The latest wireless communication network in the form of 6G has gained great recognition. Many communication researchers are working on the development of technologies that can be adopted in the 6G network. Considering 6G as the prominent part in different fields of application, IoHT networks are required to be made reliable with the architecture of 6G.

7.9.1 Data fidelity and data limitation

The introduction of mobile health could solve the limitation of data fidelity. The acquisition of multimodal data collection due to variation of data in terms of time series, system operation, and sensor sampling creates a deterioration in the performance of the IoHT system as a whole. The current IoHT network lacks the potential to manage heterogeneous data efficiently. Therefore, transfer learning is one of the possible techniques to handle the variations in the data. The data reliability issues due to the biased data lead to false or misleading conclusions. Thus, verifying the data fidelity is one of the important aspects that is worthy of exploration.

Overall, in different areas of IoHT network, immediate research is required to enhance the security. Artificial intelligence based models are requisite to be optimized for the advancements in intrusion detection and prevention schemes in IoHT network. Enhancing security standards in the IoHT are of critical importance to deliver uniform and reliable benchmarks. As far as the technology of blockchain in IoHT network is concerned, optimization at the server level, smart gateway mechanisms are the possible security enhancement solutions. Protocol standardization is another primary aspect to advance trust management in the varied sensor network using artificial intelligence based mechanisms. Considering IoHT as the source limited network, energy efficient solutions with latest attributes of security. By incorporating advanced measures in these areas security, reliability and efficiency of the IoHT network can be enhanced.

8 Conclusion

The Internet of Healthcare Things (IoHT) is a network of sensors, servers, and the corresponding medical services where the essential heath data is processed, communicated, and analyzed. The evaluated data is observed for the inconsistencies in providing specific services in terms of medical attention. The advancement such as the involvement of cloud servers, and big data in the technology of IoHT has created a big challenge in the security framework. This work provides a systematic survey of the security of IoHT. To identify the possible security attack, IoHT architecture with the security visualization is well elaborated in the paper. The recent security concerns in IoHT along with countermeasures have been presented. Incorporating intelligence in the security mechanism of IoHT proves an effective approach. These approaches involve the methodology of machine learning, deep learning, and reinforcement schemes. However, considering the limitations of computational time, complexity, and resource availability, we have proposed a trust evaluation framework for the IoHT network. The whole network is divided into three types of users. The first type is the highest degree trust user. The second type is the average degree trust user and the third type is the lowest degree trust user. The proposed scheme provides security enhancement in the network of IoHT.

It is essential for practitioners to effectively implement the proposed mechanism involving integration of continuous assessment of security parameters in the IoHT network such as breach history, secrecy rate, and energy efficiency in the form of routine security parameter estimations. The dynamicity of the proposed security framework must be maintained such that real time updates of the trust levels with respect to the user must be facilitated with correct service allocations. This ensures confidentiality maintained by the high trust nodes and low trust nodes are restricted to such services. It is recommended, that policymakers create and implement guidelines for trust-based security measures and stimulate research projects that progress IoHT security solutions involving more and more security attributes affecting security of IoHT network. While technology manufacturers should concentrate on creating safe, interoperable products that adhere to these security solutions. Healthcare providers should embrace these frameworks and perform frequent security assessments to guarantee compliance.