1. Introduction
The transformative effect of eHealth on smart society (shown in
Figure 1) enables wearable medical devices for a vast number of applications, such as wearable fitness trackers, smart health watches, electrocardiogram (ECG) monitors, blood presser monitors, biosensors, etc. On the other front, advances in wireless communication lead to the emergence of the solidified and specialized wireless area network for these worn-on or implanted devices; the wireless body area network (WBAN). A WBAN typically consists of tiny biosensors or sensors (wearable and/or implanted) to collect/forward vital signs to the mobile or fixed gateway. It was developed to enable around-the-clock availability of a patient’s medical data to healthcare professionals. This unremitting availability of data will efficiently utilize healthcare resources and makes in-home monitoring for patients having chronic diseases [
1]. Unlike conventional sensor networks, a WBAN operates on more critical and sensitive patient information that demands significant security and privacy preservation from the practical aspect of this technology. This concern leads to the desire for more control of their data from the data owner end. This self-contradicting aspect results in severe security challenges for its practical adaptation. In the presence of its underlying Internet of Things (IoT) infrastructure, conventional encryption techniques preclude its adaption for WBAN security. Specifically, public-key encryption suffers from high computation, certificate, and key management overhead issues. The dynamic secret key management hinders the application of symmetric encryption as well. Considering the nature of WBAN healthcare systems, it is inevitable to provide this crucial data to its concerned healthcare professionals. Hence, traditional role-based access control and identity-based encryption (IBE) cannot guarantee fine-grained and one-to-many data transfer. Recently, attribute-based encryption (ABE) has gained popularity for secure access control mechanisms to confidential data because of its inherent support for fine-grained access and one-to-many transfer. ABE is a particular type of IBE; the user’s ID is described by the set of attributes, in which the data is encrypted for all those users who are the possessors of that specific set of attributes. The ABE schemes are categorized into two variants: ciphertext policy (CP-ABE) and key-policy (KP-ABE). Using CP-ABE, the data owner embeds access policy inside ciphertext and the private key of the end user is attached to the attribute set. Anyone can perform the decryption operation if his/her attributes matched with the specified access policy. While in KP-ABE, private keys are attached with the access control policy and ciphertext are attached with the attribute set [
2]. In the context of WBAN, ciphertext policy ABE (CP-ABE) is more appropriate because it provides more control to the data owners (patient in WBAN) over the recipients [
3] (medical stuff in WBAN) as opposed to its other type, i.e., key-policy ABE (KP-ABE) [
4]. The only series concern for most contemporary ABE schemes is that they rely heavily on expensive bilinear pairing and exponentiation operation in the encryption and decryption algorithm. This intense computation hinders its deployment for WBAN resource-constrained sensors [
3,
5]. This leads to the development of non-pairing ABE schemes in the research community. As a result, the most recent work equips the ABE with the elliptic curve cryptography (ECC) algorithms, which have much stronger bit security and also replace the ten times more expensive bilinear pairing operation with scalar point multiplication on an elliptic curve [
3]. At the same time, because of underlying ABE technology, linearity properties entrust the ECC algorithm with heavy operations. As we know, the number of operations linearly increases with the number of attributes and hence incurs a heavy load on WBAN sensors. Therefore, a secure and efficient management mechanism is needed, which stands this operation to an acceptable and minimum constant range for WBAN sensors nodes. In this paper, by utilizing Hu et al.’s [
4] secure framework for WBAN, we have proposed an efficient and secure ECC-based CP-ABE scheme for WBAN.
Our Contribution
The primary contribution of our work is as follows:
Considering the resource-scarce nature of WBAN, we have proposed an efficient and secure ABE scheme with outsourcing intense encryption and decryption operations without revealing the secret key/data content to the WBAN data sink node and cloud server digital signal processing (DSP), respectively.
Our proposed scheme is based on elliptic curve point scalar multiplication instead of costly bilinear pairing operations to address the resource-constrained nature of WBAN, especially the sensors. This feature makes it more appealing to smart healthcare.
Our proposed scheme supports indirect attribute/users revocation without the need for maintaining a private channel between the trusted attribute authority and the non-revoked users for disseminating updated decryption keys.
The proposed scheme inherently supports the integrity check, thus increasing the security and reliability of medical data.
The proposed scheme is secure under the elliptic curve decisional Diffie–Hellman (ECDDH) assumption using the selective-set security model.
The performance assessment of our scheme shows a significant overall efficiency in storage, computation, and communication.
3. System and Security Model
Figure 2 depicts the main components of our proposed scheme, namely the medical attribute authority (MAA), cloud service provider (CSP), body area network (BAN), data sink (DS), and medical data user (MDU). This section presents an overview of the roles played by each component.
MAA: The MAA acts as a key generation center (KGC) and the only fully trusted entity in the system model. KGC is responsible for the registration of all system users [
36]. Through the initialization phase, it produces public parameters (PARAMS), a system master key (SMK), and secret key components (SK) against a set of attributes
specific to each user.
CSP: This entity is providing services for storage and partial decryption via sub-entities storage service provider (SSP) and decryption service provider (DSP), respectively. The SSP stores the encrypted health-related data for each registered patient and serves as a repository for all the uploaded data. DSP performs partial decryption service to the interested MDU’s without knowing the actual data contents.
BAN: Body area network is a wireless network consisting of small biosensors. It could be implanted (placed inside the human body), wearable (on the body), or carried based on its specific use. Its deployment aims to persistently measure and notice the abnormal changes in the vital body parameters. Subsequently, consult in real time the healthcare professional for life support. Sensors are suffering from a scarcity of vital resources in memory, battery power, and computation power. In the traditional framework, these [
31] resource-constrained sensors are entrusted with the expensive secret distribution mechanism for access formulation along with its prime tasks of sensing, processing, and transmission. Moreover, because of the ABE linearity property, the encryption complexity grows with the size of the access policy. Exploiting the delegation property of the CP-ABE mode of encryption, we offload most of the computation to the gateway. More specifically, retaining part of the secret for little processing locally while exposing part of it to the gateway for most processing still ensures information-theoretical security of a secret.
DS: DS acts as a gateway for aggregation and dissemination of its corresponding sensor data to the MAA. It could be a mobile device such as a smartphone or a specialized BAN controller. Hence, it has significantly more memory, processing, and transmission capacity as opposed to the sensors. These features make us compel in our proposed framework to delegate most of the processing overhead from sensors to the DS. The traditional framework [
31] devotes this unit to the function of forwarding only, which is not a judicious use of this entity considering its resources.
MDU: It could be a doctor, nurse, or any other healthcare expert. To be registered into the system, each MDU must prove its credentials and affiliation in a set of attributes to the KGC. The KGC needs to verify the validity of these claimed attributes, subsequently computes its corresponding secret key components, and sends it via a secure channel to its concerned user. These secret key components are uniquely generated to prevent collision attacks by associating a random number to them. As long as the MDU poses the required set of attributes, it can access any patient’s encrypted data. MDU is usually a device, such as a mobile phone, with limited resources. In our framework, we shift most of the decryption overhead to the DSP of MAA. As a result, after retrieving the partially encrypted data from the DSP, it needs to perform a minor operation on its full decryption.
In our threat model, we take the CSP honest-but-curious, adapted by most of the ABKS schemes, which means they will honestly run the algorithm and infer privacy information based on the available data. The medical attribute authority and the data owner (DO) are fully trusted entities in our system model. Corrupted data users (DU) may also collide with each other. To prove the security of an ABE scheme, the selective-set security model generally makes use of a game between the challenger
and an attacker
. In this game, the attacker faces challenges posed by the challenger to solve the underlying security assumption. Following are the six steps defined in our security game for our proposed scheme against a chosen-plaintext attack [
35].
Initialization: declares the encryption attribute set in the form of an access structure that he wants to be challenged upon.
Setup: To generates the system parameters, runs the setup algorithm, keeps the SMK to itself and sends the public parameter PARAMS to adversary .
Phase 1: The adversary is allowed to adoptively ask for a set of secret key components of attribute sets such that all the attribute sets associated to the corresponding secret key components do not satisfy the .
Challenge: Now, submits two equal length messages and to with . flips binary coin b to encrypt under and sends the generated ciphertext to .
Phase 2: Both adversary and challenger adoptively repeat the same steps as they did in phase 1.
Guess: outputs a guess of b to .
The advantage gained by in the above game is defined by .
Table 1 lists all the notations used in this work.
4. Proposed Model
In this section, a detail description of our proposed scheme algorithms (i.e., , , , , , ) is presented.
Setup (: Run by
, the Algorithm 1 takes EEC domain parameters as an implicit security parameter
as input. Define the universal attribute set
for attribute space in the system. A secure hash function
is chosen to map global identity
.
for each attribute
, chooses
uniformly at random. The public key components corresponding to each system attribute
is given by
. Moreover, it chooses
uniformly at random to be the master secret key
. Thereafter, setting accordingly, the master public key
is
. Finally, the algorithm sets the
and
.
Algorithm 1: Setup . |
Input Implicit security parameter . Output System secret key and public parameter. Define an elliptic curve over a finite field with a prime order r. Generate a cyclic group of subgroup over with generator G of order q. Generate universal attribute set . For each , it randomly chooses element . subsequently computes public key components corresponding to each attribute i as . Randomly chooses as a master secret key. Accordingly, compute master public key by . Set the . Set the .
|
Encryption: To preserve the data privacy and delegate most of the computation of encryption, this algorithm specifies the access control policy tree in the form of , where and are two subtrees of connected by an AND logical operator ⋀. This division of access control tree leads to two algorithms: local encryption (Algorithm 2) and outsource encryption (Algorithm 3).
For optimal efficiency, the
attaches only one virtual attribute, as shown in
Figure 3. The algorithm randomly specify a 1-degree polynomial
and set
,
and
, where
.
Let
be the set of leaf nodes in
. This algorithm encrypts
M by computing
such that
. Let
serve as the encryption key and
be the integrity key for
M, then
and
can be computed
and
, respectively. Finally, the algorithm outputs temporal ciphertext
Let
be the set of leaf nodes in
. Beginning at the root node
of the subtree
, this algorithm chooses a polynomial
of degree
for each node
v. Note that the value for root node
has been set as
. The value of the inner node
x is calculated by the equation as
and randomly chooses
coefficients to build the polynomial
. Then, the algorithm generates the temporal ciphertext
. Combining the above generated ciphertext with the received ciphertext from
, the whole ciphertext is given as:
Key Generation The Algorithm 4 runs by
, and is used to generate the secret key
under the valid attribute set
by the corresponding
. More specifically, upon receiving the claimed attribute set, the
needs to check its validity and assign a unique global identity
to this
. It selects a random
and computes local private key
. This algorithm for each attribute
generates its corresponding key components, a delegate key given by
. Here,
is the inverse of element
chosen in setup phase.
Algorithm 2:. |
Input Access structure , the message M and public parameters . Output Local version of ciphertext . Randomly specify a 1-degree polynomial corresponding to the root R of . Randomly chooses and . Set the root node R value to . For the root nodes and of subtrees set and , respectively. Use scalar point multiplication to compute . We let and represent the encryption and integrity key for M, respectively. Compute message M encryption using secure symmetric cipher. Compute message M authentication code using HMAC function. Let be a set of leaf nodes in . For each do. using ECC point multiplication End for. Set the ciphertext .
|
Algorithm 3:. |
Input Access structure , and public parameters . output. Randomly specify a polynomial with degree , where is the threshold of root node of subtree . Set the value of root node to . Randomly select coefficients to uniquely define . For inner node v in do. Set . Randomly select coefficients to uniquely define . End For. Let be the set of leaf nodes in . For each do. using point multiplication. End For. The whole ciphertext is given by .
|
Algorithm 4:. |
Input claimed attribute set , system master key Output keys: and . After the confirmation of the claimed attribute set , the assigned a global unique identity to its . Select a random , compute . Compute and set . For each do. Compute of . Compute . End For. Set the Keys , .
|
Finally, the algorithm via a secure channel submits the secret keys and to its concerned .
Decryption: Realizing a CP-ABE scheme via scalar point multiplication instead of bilinear pairing operations still faces a deployment challenge for lightweight devices, especially for sensors. The scheme makes use of threshold secret sharing for secret distribution. Subsequently, the reconstruction makes use of polynomial interpolation, a heavy computation operation. MDU is usually a device such as a mobile phone with limited resources. Hence, this phase delegates most of the decryption load to the . This phase makes use of two algorithms (Algorithm 5) and (Algorithm 6).
This algorithm is run by
, which makes use of a recursive function
. If
y is leaf node, let
,
is defined as:
which states that the output of
must be an element in
group
or null.
For a leaf node
, the function
proceeds as follows:
For a non-leaf node
y, it calls
for each child
x and stores the result as
in
sized set
of child node
x. To reconstruct the value of
at nodes
y using lagrange interpolation, the algorithm proceeds as follows:
where
and
is the lagrange coefficients
Accordingly, the recursive function
at root node
R returns
. Finally, the temporal ciphertext
set as:
.
. After receiving the intermediate ciphertext
calculates
. Here,
and
are the recovered keys for decryption and integrity of message
M, respectively. Therefore, after decrypting
we can confirm, whether
to assure that the
M is correctly received and not being tempered. Hence, the proposed scheme provides confidentiality, authenticity, and integrity of encrypted data, which is the top most priority of any health-related application.
Algorithm 5:. |
Input Delegate key component , system public parameter and . Out Put Temporal ciphertext . Let y be a node in . If is leaf node AND then. Compute . Else Set . End if. For each non-leaf node y in do. Let represent -sized set of child node x. If no such set exist then Set . Else Compute lagrange coefficient where and is the lagrange coefficients . End if. End for. Let R represent the root node of . If then recursively compute . End if Set the temporal ciphertext .
|
Algorithm 6:. |
Input local secret key , and temporal ciphertext . Output Message M. Compute Decrypt and compute . If then M is valid. End if. Return M.
|
5. Security Analysis
This section, along with security proof, also assesses the proposed scheme’s collision resistance and attribute/user revocation features.
5.1. Security Proof
The security proof of our scheme in the selective security model is presented as a game between the challenger and an attacker . In this game, the attacker confronts challenges posed by the challenger to break the underlying hardness assumption. Since our scheme is based on ECC, hence, the attacker’s goal is to reduce the hardness of the elliptic curve decisional Diffie–Hellman (DDH) assumption.
Theorem 1. If an adversary in the selective-set model successfully attacks our proposed scheme with, at most, advantage ϵ, then it can also build a simulator that can distinguish an elliptic curve DDH tuple with non-negligible advantage .
Proof. Let there exist an adversary , in the particular set security model that in polynomial time with non-negligible advantage can break our scheme, then we can build a simulator to play the ECDDH with advantage in polynomial time.
Firstly, the challenger generates an EC group with order q and sets over the finite field having a base point G. Then, challenger takes a fair binary coin , flips it outside of ’s view for some random choices a, b, z . Now, the choices for is given as:
- -
Case 1. if , then ECDDH challenge instance as,
, and sent to .
- -
Case 2. if , then ECDDH challenge instance as,
, and sent to .
Initialization: The simulator runs adversary , to gets an access structure that the adversary wants to be challenged upon.
Setup: The simulator needs to send the public parameters to adversary as follows:
at first sets the system parameters .
Then, for , sets according to the following condition:
If it sets and where is randomly chooses from .
If , it sets , where is randomly chooses from .
Sends the system public parameters to and keeps the secret parameter as secret.
In the above scenario, does not observe any change as and are analogous to and of the proposed scheme.
Phase 1: adoptivily calls for a number of secret key components of attribute sets such that all the attribute sets associated to the corresponding secret key components do not satisfy the . Now, sends the secret key components to as follows:
Case 1. if
, it sets
as
Case 2. if
, it sets
as
The distribution for both the terms in Equations (1) and (2) is uniform, thus, in ’s perspective, the key components generated by are the same as the basic scheme.
Challenge: submits two equal length messages
and
to
. First
sets
and then sends
to the DO. It randomly selects
and sets
for root node R according to the proposed scheme.
is also sent
along with
to ESP (i-e sink node) to distribute it for the remaining attributes in
randomly selects a bit
to encrypt
and generates the ciphertext
as follows:
Hence, and represent the encryption and integrity K for message M, respectively. Afterwards, computes .
after computing
and
transmits below ciphertext to adversary
.
The challenger
flips coin
, thus the following cases arises:
If satisfies case 1, which is identical to our original encryption, then . Therefore, if S is set to d, there should be , and , where .
If satisfies case 2, which is different from our proposed scheme, then . Therefore, if S is set to z, it turns out that , and .
Phase 2: Both and follow the same steps as they did in Phase 1.
Guess: output a guess of b to .
If , output , which indicates a valid ECDDH instance, .
If , output , which indicates a random instance, .
Now, according to the security game, where
, the adversary
cannot predict the
, thus we have
Since
outputs
when
, it gives
When
, the adversary
can predict the correct
, thus we have
Since
outputs
when
, we have
According to the selective set security model of our proposed scheme, the overall advantage using Equations (8) and (10) of
in this game is
or,
or,
or,
Hence, it conflicts with our assumption, which proves the security of our proposed scheme under the ECDDH assumption. □
5.2. Secure against Collusion Attack
One of the most anticipated attacks on any attribute-based system is a collision attack. Therefore, it is required of the designers of such a system to implicitly avoid it in their proposed scheme. Let us assume that multiple users possess some secret key components, where no individual secret key has access to the message. If they play the role of an attacker to launch a collision attack (i.e., a combination of their secret keys) by trying to decrypt a message that is encrypted under the intersects (common attributes) of their attributes sets. It is assumed that they constitute secret key components labeled to their common attribute set in the form of
Even after collectively generating secret keys among themselves, still, they are unable to decrypt the message because of the random selection of
for each user to satisfy the equation
Hence, the association of the secret key component with attributes along with a unique global identity and a random number for each user makes the proposed scheme resistant to collusion attack.
5.3. Attribute/User Revocation
Nowadays, revocation is a desirable property on the part of an ABE-based scheme. Considering the following aspects, equipping the ABE scheme with revocation is not a simple task: First, the attribute authority labeled each user secret key from a universal set of attributes instead of a unique user-specific attribute. As a result, a malicious user cannot simply be singled out on an attribute or set of attributes; second, after the revocation of a misbehaving user, the system must avoid the collusion attack even if there exists the overlapping of attributes with non-revoked users. The ABE scheme supports two types of revocation, direct revocation and indirect revocation, to address these issues. Indirect revocation incurs the liability on TAA to update and distribute the non-revoked users’ secret key with every revocation event. In direct revocation, we do not need to perform updation on the secret key of non-revoked users. All contemporary direct revocation schemes require system users to maintain an updated and long list of revoked users, which must be labeled to ciphertext. This computation and storage overhead linearly increases with the increase in revoked users in the encryption and decryption algorithms system.
Given the resource-constrained and medical-centric characteristics of our proposed scheme MAA, the indirect revocation fits aptly into our ehealth practical scenario. The computation and storage cost of our scheme is independent of the number of revoked users. The KGC of MAA explicitly maintains the list of global IDs GID and its associated attribute lists for each registered user. To revoke the system attribute from its universal set of attributes, the KGC deletes the associated system attribute’s public key. Similarly, to revoke the user-specific attribute, the KGC must delete the corresponding secret key component for that specific user. Further, KGS deletes the entire attribute set and the GID assigned to that user to revoke a user. For all of these revocation scenarios, the MAA needs to update the delegated key with the help of MSK and the revoked of the revoked attribute and produces a new delegate key of the revoked attribute . Furthermore, our proposed scheme avoids the need for maintaining a private channel between the MAA and the non-revoked user for the dissemination of the updated delegated key .
6. Performance Analysis
In this section, we compare our proposed scheme with five related schemes in [
19,
20,
21,
22,
23], in terms of its features, communication overhead, and computation overhead. Moreover, for the sake of fair comparison, we set n = 20 and m = 10 representing attributes in universal set and encryption, respectively.
6.1. Features Analysis
Table 2 depicts the comparison of various features of our scheme with related schemes for a WBAN from four perspectives: encryption delegation, decryption delegation, integrity check, and attribute revocation. Additionally, our proposed scheme lacks time-based access control and hierarchical access control support. In some practical scenarios, it is inevitable to provide access control for a specific time interval. For instance, a medical document may have different privacy requirements for a different period. More specifically, fewer medical experts have access to the medical record at an early time, while more experts can get access to it at a later time point. Similarly, the hierarchical access permission ensures access to the corresponding documents based on the specific role of the data users. For example, the hospital president can access all the information of the patients and doctors, while the medical experts can access his/her patient information only.
6.2. Communication Overhead
Communication overhead relates to the transfer of the message. In the most commonly adopted architectures of ABE, the least number of messages that should be transmitted are of the public key, private key, and ciphertext. For the sake of analysis, we take the length of these messages as a metric to determine and compare the relative communication overhead. Most contemporary ABE schemes use bilinear pairing; a map involves two groups . Because of the underlying modular exponentiation, these are termed RSA-based ABE schemes. Accordingly, we call our scheme an ABE ECC-based scheme.
As we know, ECC has much stronger hit security; we considered 160-bit, i.e., secp160r1 elliptic curve, which has up to 1024-bit RSA security strength. Based on the above-stated assumptions, the size of both public and private keys in the ABE RSA-based scheme is 1024-bit, while the size of an element in
and
is 1024 bits and 2048-bits. Accordingly, the size of an elliptic curve point is 320 bits, corresponding to both its coordinates. As a result, the 160 bits and 320 bits constitute the private key and public key size, respectively, in ABE ECC-based schemes. For comparison, the communication overhead is identical for each ABE RSA-based scheme. Therefore, we compute the [
23] overhead for illustration purposes. The ciphertext in [
23] scheme is given by
, where m represents the maximum number of attributes attached to the ciphertext. According to the setup phase of this scheme, g and e(g,g) belong to the group
and
, respectively. As a result, the size of each ciphertext component
and
is 2048, 1024, (2m × 1024) and (m × 1024) bits, respectively. In this way, the length of ciphertext CT is (3m + 3) × 1024 ≈ 33,792 bits. Here, the public key is set to
, so its length is 4 × 1024 ≈ 4096 bits. In addition, the private key is given by
where S represents the user set of attributes associated to the key K. Therefore, the length of the private key of scheme [
23] computes to (m + 3) × 1024 ≈ 13,312 bits.
Similarly, we compute the public key, private key, and ciphertext length in our scheme. According to the encryption process of our proposed scheme, the ciphertext is . The size of attribute set T is taken constantly for all schemes and, hence, rolled out of the total ciphertext size. Here, and are the single coordinates on the elliptic curve, each having 160 bits in length. Similarly, consists of 320 bits, a single point on the elliptic curve. Thus, the length of the ciphertext in our proposed scheme computes to (m + 1) × 320 ≈ 3520 bits. The public key components in our scheme are , and consists of (n + 1) × 320 ≈ 6720 bits, as each of its components is a single point on the elliptic curve. The private key of our scheme is , . Hence, its length computes to (m + 1) × 160 ≈ 1760 bits.
We can see from
Table 3 that the ciphertext and private key sizes of our proposed scheme are significantly lower than those of all other schemes. We can observe from
Table 3 that only the length of the public key in our proposed scheme is higher than the scheme with a constant-size public key [
19,
23]. However, overall communication overhead for the private key, the public key, and ciphertext size in our scheme is significantly lower than that of [
19]. Moreover, the scheme in [
23] is based on KP-ABE as opposed to our CP-ABE-based scheme, which provides more control to the patient over the recipient of its sensitive medical data. Moreover, the generation of the public key is a one-time process in the lifetime of the system.
6.3. Computation Overhead
The computation overhead is mainly caused by the ABE scheme operations, including bilinear pairing, ECC-based scalar point multiplication, exponentiation, hashing, basic arithmetic, and logical operations. We have considered the most expensive exponentiation operations, bilinear pairing, and elliptic curve base scalar point multiplications. Comparatively, the cost of other least costly operations can be ignored [
3]. For the sake of simplicity,
Table 4, based on [
37], is constructed, which shows the execution time (in millisecond) required by each group operation. According to work in [
37], single bilinear pairing and modular exponentiation operation is about 10 and 2 times ECC-based scalar point multiplication, respectively.
To evaluate the computation overhead of the proposed scheme, we need the individual computation overhead of users and service providers on both the encryption and decryption sides. Therefore, in
Table 5, we compare the computation overhead incurred on MDO and ESP in the encryption offloading and the MDU and DSP in the decryption offloading. As our scheme is free from costly pairing operations, all matrices’ execution time is comparatively less than other schemes. We can also see from
Table 5 that the unwanted linearity property of ABE is shifted to comparatively resource-rich server providers (DSP and ESP). Hence, the data users are left with a significantly less and constant number of operations. Thus, based on the performance assessments, our scheme demonstrates more efficiency and the best solution for a WBAN in terms of communication, computation, and security.
6.4. Rank-Based Evaluation of Performance Matrices
In this research work, a fuzzy logic-based evaluation, which is constructed on the method distance from average solution (EDAS), is used for calculating the ranking of the proposed scheme with state-of-the-art algorithms in terms of computational cost operations, such as KeyGen, Enc, Enc, Dec, and Dec, on both the sides of the sender and receiver to find the top rank efficiency of these schemes. The above-stated performance matrices/operations are compared with existing state-of-the-art schemes, including the proposed scheme in this section.
In this evaluation, the authors use the EDAS approach to collect the cross-efficient values of numerous parameters of five schemes, including the proposed scheme. The aggregate of appraisal scores can be measured for ranking of given schemes to compute the positive distance from the average solution, which is represented in the equation as () and the negative distance from the average solution is represented by the symbol ().
In
Table 6 below, the performance matrices are deliberated as the criteria of state-of-the-art schemes.
Step 1: Calculate the solution of the average value (
) of all matrices in Equation (
7);
where,
The above steps define the performance matrices as benchmarks of various schemes. The calculation of aggregate in Equations (
7) and (
8) can be gained as the average value (
) for each calculated benchmark value against each given value in
Table 7.
Step 2: In this step of the EDAS method, the positive distance from the average is denoted as
, and is calculated as shown in Equations (
9)–(
11) as given below:
If the
th criterion is more beneficial, then
and if non-beneficial, then the given equation will be changed as follows below:
The results replicate in
Table 8 following as:
Step 3: In this step of the EDAS, the negative distance from the average is denoted as
), and is calculated using Equations (
12), (
13) and (15) as follows:
If the
criterion is more beneficial, then
and if non-beneficial, then the given equation will be changed as follows below:
In the above equations, and stand for the positive distance and negative distance of appraised algorithms from the average value concerning rating performance parameters, respectively.
The results reproduced are shown in
Table 8 as:
Step 4: In this step, the the weighted sum of
for the rated algorithms in
Table 9 is shown below:
Step 5: In this step, the weighted sum of
for the rated algorithms in
Table 10 is shown below in Equation (
16):
The results obtained are reflected in
Table 10 as shown:
Step 6: In this step, the normalized scores of
and
for the rated algorithms are calculated as presented in Equations (
17) and (
18):
Step 7: In this step, the scores of
and
to receive an appraisal score (
AS) is calculated, which is equal to
for the rated algorithms given in Equation (
19).
where
.
The is determined by the aggregate score of and .
Step 8: In this step, measurement of the appraisal scores
in terms of decreasing order and then concluding of the ranking of rated algorithms is performed. The paramount ranking algorithms have the higher
. Thus, in
Table 11 below, the proposed algorithm has the highest
.
The final results of the overall ranking are represented in
Table 11:
The ranking shows that the proposed algorithm is the best out of five total state-of-the-art algorithms in the stated research domain.