A Privacy-Preserved ID-Based Secure Communication Scheme in 5G-IoT Telemedicine Systems

5G networks have an efficient effect in providing quality of experience and massive Internet of things (IoT) communication. Applications of 5G-IoT networks have been expanded rapidly, including in smart medical healthcare. Emergency medical services (EMS) hold an assignable proportion in our lives, which has become a complex network of all types of professionals, including care in an ambulance. A 5G network with EMS can simplify the medical treatment process and improve the efficiency of patient treatment. The importance of healthcare-related privacy preservation is rising. If the work of privacy preservation fails, not only will medical institutes have economic and credibility losses but also property losses and even the lives of patients will be harmed. This paper proposes a privacy-preserved ID-based secure communication scheme in 5G-IoT telemedicine systems that can achieve the features below. (i) The proposed scheme is the first scheme that integrates the process of telemedicine systems and EMS; (ii) the proposed scheme allows emergency signals to be transmitted immediately with decreasing risk of secret key leakage; (iii) the information of the patient and their prehospital treatments can be transmitted securely while transferring the patient to the destination medical institute; (iv) the quality of healthcare services can be assured while preserving the privacy of the patient; (v) the proposed scheme supports not only normal situations but also emergencies. (vi) the proposed scheme can resist potential attacks.


Introduction
The 5G (fifth generation) networks are the newest standard of mobile telecommunication that is being deployed on the earth. 5G networks provide speed, capacity, and scalability, which have an efficient effect on energy consumption and provide quality of services (QoS) and amount of devices communication [1,2]. A device connects with a small base station through high-band spectrum technology and devices-to-devices communication [1,3,4]. 5G networks combine and connect virtual systems to the cloud and help derive different calculating models [5]. 5G networks will have a huge impact on connected services and devices through higher reliability, connectivity, and storage [5]. Internet of things (IoT) arranges objects as a part of network settings in a distributed network. IoT has become a concept of enclosing several technologies and a network between objects and human beings, which can interact and cooperate with other devices to communicate and share information. The vision of next-generation 5G wireless communications lies in providing very high data rates, extremely low latency, manifold an increase in base station capacity, and significant improvement in users' perceived quality of service compared to current 4G LTE networks [6]. 5G can significantly increase the capacity and speed to provide reliable and speedy connectivity to the future IoT and, moreover, provide reliable connections to thousands of devices at the same time [7]. 5G will be able to provide a massive connection of Internet of things (IoT), where billions of smart devices can be connected to the internet [7]. However, security and privacy issues of transmitted information mation, which is usually important, sensitive, and private, to healthcare services through public networks when using telemedicine systems [8,12,13]. This means that medical professionals are able to know the health condition of a patient immediately and following up on the health condition of the patient becomes more convenient than before [12]. A general telemedicine system in 5G-IoT environments includes three types of telemedicine, which are synchronous telemedicine, asynchronous telemedicine, and remote health monitoring [2,14]. Synchronous telemedicine allows the patient and the medical professional to communicate directly through telecommunication technology, such as Microsoft Teams (version 1.5, Microsoft Corporation, Washington, US), Cisco Webex (version 42.9, Cisco Systems, San Jose, California, US), Zoom (version 5.11, Zoom Video Communications, Inc., San Jose, California, US), etc. Asynchronous telemedicine means that the medical professional can follow up on the patient's health condition through biodata continually transmitted by the patient and stored and analyzed by the server in the medical institute. Furthermore, the system can automatically notify the medical professional when the patient's health condition turns bad after analyzing and predicting the biodata. Remote health monitoring allows the medical professional in real-time to monitor the patient's health condition, and the medical professional can receive an alert immediately if an emergency happens to the patient through this type of telemedicine. This paper focuses on the scenarios of remote health monitoring and asynchronous telemedicine. Meanwhile, data transmission security will be discussed, such as eavesdropping, man-in-the-middle (MITM) attack, data tempering attack, message modification attack, data interception attack, etc. [8,15]. Technical support is not enough though famous regulations providing personal information privacy have been announced [8,15].
Shamir introduced an identity-based (ID-based) cryptosystem [16], and an ID-based cryptosystem derives the user's public key from the public and unique information of the user. Gentry et al. developed hierarchical ID-based cryptography (HIDC) based on the original ID-based cryptosystem, and HIDC has been proven to reduce the loading of private key generation and the risk of key escrow [17]. Several works have been proposed in the past two decades [18][19][20][21], including Santos et al.'s work, which is a lightweight federal identity management mechanism for IoT [22]. Moreover, Lin and Hsu [8] proposed a hierarchical ID-based cryptography for federal identity management in telemedicine in a 5G-IoT environment, which includes IoT gateways in the system structure. The proposed scheme applied a similar structure that the smart lamp replaces IoT gateway in the work of Lin and Hsu [8], and the scenario of the proposed scheme includes an emergency that is not included in Lin and Hsu's work [8].
Key insulation, which is introduced by Dodis et al., is one of the effective solutions to a key exposure problem [23]. More and more wearable healthcare devices are used, and they only have limited resources to protect keys. Any malicious adversary can easily obtain the key information of users or devices, which leads to the key exposure problem. Once a private key is compromised, a malicious adversary has the chance to use the exposed private key to submit a legitimate request [24]. In a public key cryptosystem that is keyinsulated, a receiver has two types of secret keys, a decryption key and a helper key. The decryption key is a short-term key for decrypting ciphertexts and is periodically updated by the helper key. More specifically, the lifetime of a system is divided into discrete time periods, and the receiver can decrypt the ciphertext, which is encrypted at some time period, by using a decryption key updated by the helper key at the same time period. The decryption key is stored in a powerful but insecure device such as portable healthcare devices, and the helper key is stored in a physically secure but computationally limited device called a helper, such as a smartphone. Key-insulated encryption can significantly reduce the impact of the key exposure problem, and many researchers have taken several approaches to realize secure key-insulated cryptosystems. Many cryptographers have proposed several types of key-insulated cryptographic schemes, such as symmetric-keybased key-insulated encryption [23], key-insulated signatures [25], parallel key-insulated encryption [24,26], etc. A chaotic system has features that can correspond to important features, confusion and diffusion of cryptosystems [27][28][29]. First, the result of a chaotic system is unpredictable if small changes in initial values happen [27,30]. Second, a chaotic system is a complex oscillation [27,30]. Third, a chaotic system has a qualitative change of character of solutions [27,30]. Cryptosystems based on Chebyshev chaotic maps have been widely discussed for decades, including lightweight solutions [13,28,29,[31][32][33]. Mathematical definitions of Chebyshev chaotic maps are given in Table 1 [13,28,29,[31][32][33]. Proposed schemes in this paper apply extended Chebyshev chaotic maps that satisfy definitions in Table 1. Table 1. Mathematical definitions of Chebyshev chaotic maps.

Semi-group property
T r (T s (x)) = T rs (x) = T s (T r (x)) for any (s, r) ∈ Z and s ∈ [−1, 1]. Chebyshev polynomial restricted to interval [-1, 1] is a well-known chaotic map for all n > 1, which has a unique continuous invariant measure with positive Lyapunov exponent ln n. For n = 2, Chebyshev maps reduces to well-known logistic maps.

Extended Chebyshev polynomials
Zhang [34] proved that the semi-group property holds for Chebyshev polynomials defined on interval (− ∞, +∞), and extended Chebyshev polynomials is defined as T n (x) = (2xT n−1 (x) − T n−2 (x)) mod N, where n ≥ 2 , x ∈ (− ∞, +∞), and N is a large prime number. Semi-group property holds, and extended Chebyshev polynomials also commute as Chaotic maps-based discrete logarithm problem (CMDLP) Given two elements x and y, it is computationally infeasible to find the integer n such that T n (x) mod N = y.
Chaotic maps-based Diffie-Hellman problem (CMDHP) Given three elements x, T r (x) mod N, and T s (x) mod N, it is computationally infeasible to compute T rs (x) mod N.

Proposed Scheme
In this paper, a scenario that includes a patient Pa i , a smart lamp SL j , an ambulance A ij , and a server of a medical institute (MS) is focused as illustrated in Figure 1. based key-insulated encryption [23], key-insulated signatures [25], parallel key-insulated encryption [24,26], etc.
A chaotic system has features that can correspond to important features, confusion and diffusion of cryptosystems [27][28][29]. First, the result of a chaotic system is unpredictable if small changes in initial values happen [27,30]. Second, a chaotic system is a complex oscillation [27,30]. Third, a chaotic system has a qualitative change of character of solutions [27,30]. Cryptosystems based on Chebyshev chaotic maps have been widely discussed for decades, including lightweight solutions [13,28,29,[31][32][33]. Mathematical definitions of Chebyshev chaotic maps are given in Table 1 [13,28,29,[31][32][33]. Proposed schemes in this paper apply extended Chebyshev chaotic maps that satisfy definitions in Table 1. Table 1. Mathematical definitions of Chebyshev chaotic maps.

Semi-group property
T r (T s (x)) = T rs (x) = T s (T r (x)) for any (s, r)∈Z and s∈ -1, 1]. Chebyshev polynomial restricted to interval [-1, 1] is a well-known chaotic map for all n > 1, which has a unique continuous invariant measure with positive Lyapunov exponent ln n. For n = 2, Chebyshev maps reduces to well-known logistic maps.

Extended Chebyshev polynomials
Zhang [34] proved that the semi-group property holds for Chebyshev polynomials defined on interval (-∞, +∞), and extended Chebyshev polynomials is defined as T n (x) = (2xT n-1 (x)-T n-2 (x)) mod N, where n ≥ 2, x∈(-∞, +∞), and N is a large prime number. Semi-group property holds, and extended Chebyshev polynomials also commute as T r (T s (x)) mod N = T rs (x) mod N = T s (T r (x)) mod N. Chaotic maps-based discrete logarithm problem (CMDLP) Given two elements x and y, it is computationally infeasible to find the integer n such that T n (x) mod N = y. Chaotic maps-based Diffie-Hellman problem (CMDHP)

Proposed Scheme
In this paper, a scenario that includes a patient Pa i , a smart lamp SL j , an ambulance A ij , and a server of a medical institute (MS) is focused as illustrated in Figure 1. Once an emergency occurs to the patient, an emergency signal is sent by the wearable device(s) to a nearby smart lamp, and then the smart lamp transmits a signal to the nearest medical institute. Another way for the smart lamp to send an emergency signal is for other Once an emergency occurs to the patient, an emergency signal is sent by the wearable device(s) to a nearby smart lamp, and then the smart lamp transmits a signal to the nearest medical institute. Another way for the smart lamp to send an emergency signal is for other passersby nearby the patient to press the emergency button on the smart lamp, as in Figure 2. After receiving the signal, a medical institute resolves the location of the patient, transmits related information to EMS staff, and assigns an ambulance to the site. After EMS staff move the patient into the ambulance, EMS can send information about the patient, including status and prehospital treatments to the destination medical institute. The staff of the emergency department at the destination medical institute can provide proper treatment according to the information on the prehospital treatments after receiving the patient. The interaction between 5G links and a core network should be secure, which may be guaranteed by functions in the core network, but secure communication between 5G links and a core network is not discussed in the proposed scheme. passersby nearby the patient to press the emergency button on the smart lamp, as in Figure 2. After receiving the signal, a medical institute resolves the location of the patient, transmits related information to EMS staff, and assigns an ambulance to the site. After EMS staff move the patient into the ambulance, EMS can send information about the patient, including status and prehospital treatments to the destination medical institute. The staff of the emergency department at the destination medical institute can provide proper treatment according to the information on the prehospital treatments after receiving the patient. The interaction between 5G links and a core network should be secure, which may be guaranteed by functions in the core network, but secure communication between 5G links and a core network is not discussed in the proposed scheme. The proposed scheme has five phases: system initialization phase, registration phase, key update phase, emergency signal sending phase, and secure ambulance communication phase. In the system initialization phase, the server of the medical institute (MS) generates essential parameters and functions. The patient (Pa i ), smart lamp (SL j ), and ambulance (A ij ) become legitimate parties through a registration phase. In the key update phase, a patient's (Pa i 's) smartphone can help a patient (Pa i ) update keys and secure a component in the smart lamp that can help the smart lamp (SL j ) update keys. In the secure ambulance communication phase, the ambulance (A ij ) and the smart lamp (SL j ) authenticate each other and establish a session key for symmetric encryption for communication and transmitted information on the status and prehospital treatments. Notations are defined in Table 2.

Notations
Definitions A symmetric encryption/decryption algorithm with secret key k.

S j
Private key of smart lamp SL j .

S ij
Private key of ambulance A ij .
Session key of smart lamp SL j and ambulance A ij . p, p j , q j Large random prime numbers.
x, j , d j Random numbers. The proposed scheme has five phases: system initialization phase, registration phase, key update phase, emergency signal sending phase, and secure ambulance communication phase. In the system initialization phase, the server of the medical institute (MS) generates essential parameters and functions. The patient (Pa i ), smart lamp (SL j ), and ambulance (A ij ) become legitimate parties through a registration phase. In the key update phase, a patient's (Pa i 's) smartphone can help a patient (Pa i ) update keys and secure a component in the smart lamp that can help the smart lamp (SL j ) update keys. In the secure ambulance communication phase, the ambulance (A ij ) and the smart lamp (SL j ) authenticate each other and establish a session key for symmetric encryption for communication and transmitted information on the status and prehospital treatments. Notations are defined in Table 2. Table 2. Notations of proposed scheme.

Notations
Definitions A symmetric encryption/decryption algorithm with secret key k.

S j
Private key of smart lamp SL j .

S ij
Private key of ambulance A ij .
Session key of smart lamp SL j and ambulance A ij . p, p j , q j Large random prime numbers.
Collision-resistance secure one-way keyed chaotic hash function.
The secrete values of server of medical institute (MS).
Checking if value A is equal to B or not.

MAC A
The message authentication code algorithm of A. Certificate HCA→MS Certification issued by healthcare certification authority to a server of a medical institute (MS). Certificate MS→SL j Certification issued by a server of a medical institute (MS) to a smart lamp SL j that is generated from Certificate HCA→MS . Certificate SL j →A ij Certification issued by a smart lamp SL j to an ambulance A ij that is generated from Certificate MS→SL j .
Number of key update time. EM i Emergency signal.

System Initialization Phase
In the system initialization phase, a server of a medical institute (MS), which provides telemedicine services and is certified by a healthcare certification authority, sets up parameters by performing the following steps. Step 1: The healthcare certification authority issues a certificate Certificate HCA→MS to the server of a medical institute (MS) that provides telemedicine services and is certified by a healthcare certification authority.
Step 2: The server of a medical institute (MS) generates secret values ( s MS , ω MS ) ∈ Z * p , a big prime p, and a random number x ∈ (− ∞, +∞) and computes P MS and P HA according to mathematical definitions of extended Chebyshev polynomials in Table 1.
Step 5: The smart lamp (SL j ) generates two large random primes (p j , q j ), and ϕ j . Then, the smart lamp (SL j ) selects a random integer e j , where 1 < e j < ϕ j and gcd(e j , ϕ j ) = 1, and makes it public. After that, the smart lamp (SL j ) computes d j , where 1 < d j < ϕ j and e j d j ≡ 1 (mod ϕ j and keeps d j secretly.

Registration Phase
In this phase, the patient (Pa i ) and the smart lamp (SL j ) interact with the server of a medical institute (MS) for registration, and the ambulance (A ij ) interacts with the smart lamp (SL j ) for registration via a secure channel. To deal with the registration request submitted by the patient (Pa i ) and the smart lamp (SL j ), the server of a medical institute (MS) validates the legitimacy of the patient Pa I and the smart lamp SL j . After that, the server of a medical institute (MS) issues a private key (S j ) and a certificate Certificate MS→SL j via a secure channel while computing and sending σ I to the patient (Pa i ). The ambulance (A ij ) submits registration information to the smart lamp (SL j ), and the smart lamp (SL j ) verifies the ambulance's (A ij ) legitimacy then issues private key (S ij ) and certificate Certificate SL j →A ij . Detailed descriptions are stated as follows and illustrated in Figure 3.  Step 1: The patient, Pa i , chooses an identifier, PID i , and a random number, r i ∈Z p * , and computes α i . After that, the patient, Pa i , sends (PID i , α i ) to the server of a medical institute (MS). Meanwhile, the smart lamp, SL j , chooses an identifier, SLID j , and submits to the server of a medical institute (MS). Step 1: The patient, Pa i , chooses an identifier, PID i , and a random number, r i ∈ Z * p , and computes α i . After that, the patient, Pa i , sends (PID i , α i ) to the server of a medical institute (MS). Meanwhile, the smart lamp, SL j , chooses an identifier, SLID j , and submits to the server of a medical institute (MS).
Step 2: After receiving (PID i , α i ) from the patient (Pa i ) and SLID j from the smart lamp (SL j ), the server of a medical institute (MS) computes the elements below. Then, the server of a medical institute (MS) returns (S i, 0 , σ i ) to the patient (Pa i ) and S j with Certificate MS→SL j , which is generated by the server of a medical institute (MS), to the smart lamp (SL j ).
Step 3: The smart lamp (SL j ) chooses a random number s j ∈ Z * q as a secret value and computed W j and stores Certificate MS→SL j .
Step 4: The ambulance (A ij ) chooses an identifier (AID ij ) and a random number (s ij ∈ Z * p ) as a secret value, computes W ij , and sends (AID ij , W ij ) to the smart lamp (SL j ).
Step 5: After receiving AID ij from the ambulance (A ij ), the smart lamp (SL j ) checks the format of AID ij . If AID ij is valid, the smart lamp SL j computes a private key S ij corresponding to the AID ij , then generates the Certificate SL j →A ij from the Certificate MS→SL j , and sends (S ij , Certificate SL j →A ij ) to the ambulance (A ij ) via a secure channel.
Step 6: The ambulance (A ij ) stores (S ij , Certificate SL j →A ij ).

Key Update Phase
The patient's (Pa i 's) smartphone can help the patient (Pa i ) update keys through following the steps as illustrated in Figure 4. Step 4: The ambulance (A ij ) chooses an identifier (AID ij ) and a random number (s ij ∈ Z p * ) as a secret value, computes W ij , and sends (AID ij , W ij ) to the smart lamp (SL j ).
Step 5: After receiving AID ij from the ambulance (A ij ), the smart lamp (SL j ) checks the format of AID ij . If AID ij is valid, the smart lamp SL j computes a private key S ij corresponding to the AID ij , then generates the Certificate SL j →A ij from the Certificate MS→SL j , and sends (S ij , Certificate SL j →A ij ) to the ambulance (A ij ) via a secure channel.
Step 6: The ambulance (A ij ) stores (S ij , Certificate SL j →A ij ).

Key Update Phase
The patient's (Pa i 's) smartphone can help the patient (Pa i ) update keys through following the steps as illustrated in Figure 4. Step 1: The smartphone computes and sends the helper key HK Pa i , b i as below.
Step 2: After receiving HK Pa i , b i , the patient (Pa i ) computes S Pa i , b i to update the key.

Emergency Signal Sending Phase
When an emergency happens to a patient (Pa i ) outdoors, the patient (Pa i ) can com- Step 1: The smartphone computes and sends the helper key HK Pa i , b i as below.
Step 2: After receiving HK Pa i , b i , the patient (Pa i ) computes S Pa i , b i to update the key.

Emergency Signal Sending Phase
When an emergency happens to a patient (Pa i ) outdoors, the patient (Pa i ) can commission a nearby smart lamp (SL j ) to sign and send an emergency signal (EM i ) to a server of a medical institute (MS). The server of the medical institute (MS) can verify the message from patient (Pa i ) through the following steps as illustrated in Figure 5.
Step 1: The smartphone computes and sends the helper key HK Pa i , b i as below.
Step 2: After receiving HK Pa i , b i , the patient (Pa i ) computes S Pa i , b i to update the key.

Emergency Signal Sending Phase
When an emergency happens to a patient (Pa i ) outdoors, the patient (Pa i ) can commission a nearby smart lamp (SL j ) to sign and send an emergency signal (EM i ) to a server of a medical institute (MS). The server of the medical institute (MS) can verify the message from patient (Pa i ) through the following steps as illustrated in Figure 5. Step 1: The patient generates a signed emergency signal. The patient (Pa i ) computes (σ Pa i 1 , σ Pa i 2 ) as below and sends (σ Pa i , w) to the smart lamp (SL j ) that w is a warrant including delegation information generated by patient (Pa i ). Step 1: The patient generates a signed emergency signal. The patient (Pa i ) computes (σ Pa i 1 , σ Pa i 2 ) as below and sends (σ Pa i , w) to the smart lamp (SL j ) that w is a warrant including delegation information generated by patient (Pa i ).
Step 2: The smart lamp transmits a signed emergency signal. After receiving (σ Pa i , w), the smart lamp (SL j ) computes (σ SL j 1 , σ SL j 2 , σ SL j 3 ) as below and sends (σ SL j , w) to the server of the medical institute (MS).
Step 3: The server of the medical institute verifies the signed emergency signal. After receiving (σ SL j , w), the server of the medical institute (MS) verifies the message as below. If it holds, the server of the medical institute (MS) can confirm that the message was sent from the patient (Pa i ). The server of the medical institute (MS) utilizes information from the smart lamp (σ SL j 1 , σ SL j 2 , σ SL j 3 , EM i , b j ) to compute verification parameters (ν 1 , ν 2 , ν 4 , ν 5 , ν 6 , ν 7 ). In addition, the smart lamp (SL j ) sends information of the owner of the emergency signal patient Pa i and b i , so the medical institute (MS) is able to compute the verification parameter, ν 3 . Finally, the medical institute (MS) verifies the validity of the emergency signal by checking the equality between ν 1 and (ν 2 , ν 3 , ν 4 , ν 5 , ν 6 , ν 7 ) with P MS and P HA . The process of verification can be referred to in [35], which has been proven.

Secure Ambulance Communication Phase
After the ambulance (A ij ) picks up the patient (Pa i ), the ambulance (A ij ) can initiate communication with the server of the medical institute (MS) through the smart lamp (SL t ). The smart lamp (SL t ) and the ambulance (A ij ) will execute mutual authentication to ensure further interaction between the smart lamp (SL t ) and the ambulance (A ij ). Detailed descriptions are stated as follows and illustrated in Figure 6. Step 1: The ambulance requests for communication. The ambulance (A ij ) chooses a random number (a ij ), computes µ ij and C t , and sends (C t , AID ij ) to the smart lamp (SL t ).
Step 2: The smart lamp verifies the request. After receiving (C t , AID ij ), the smart lamp ( SL t ) obtains (µ ij ||a ij ||Certificate SL j →A ij ) by decrypting P t and verifies if the Certificate SL j →A ij is valid. If the Certificate SL j →A ij is valid, the smart lamp (SL t ) progresses to the steps below, or the smart lamp (SL t ) abandons the request.
Step 3: The smart lamp establishes a session key. The smart lamp (SL t ) computes ( t , sk SL t ↔A ij , P j , P ij , P t , k, MAC SL t ) and sends (MAC SL t , t ) to the ambulance (A ij ).
Step 4: The ambulance verifies the session key. After receiving (MAC SL t , t ), the ambulance (A ij ) computes (sk' SL t ↔A ij , k') and verifies MAC SL t . If the result of the verification Step 1: The ambulance requests for communication. The ambulance (A ij ) chooses a random number (a ij ), computes µ ij and C t , and sends (C t , AID ij ) to the smart lamp (SL t ).
Step 2: The smart lamp verifies the request. After receiving (C t , AID ij ), the smart lamp (SL t ) obtains (µ ij ||a ij ||Certificate SL j →A ij ) by decrypting P t and verifies if the Certificate SL j →A ij is valid. If the Certificate SL j →A ij is valid, the smart lamp (SL t ) progresses to the steps below, or the smart lamp (SL t ) abandons the request.
Step 3: The smart lamp establishes a session key. The smart lamp (SL t ) computes (ω t , sk SL t ↔A ij , P j , P ij , P t , k, MAC SL t ) and sends (MAC SL t , ω t ) to the ambulance (A ij ).
Step 4: The ambulance verifies the session key. After receiving (MAC SL t , ω t ), the ambulance (A ij ) computes (sk SL t ↔A ij , k ) and verifies MAC SL t . If the result of the verification is true, the ambulance (A ij ) computes MAC A ij and sends MAC A ij to the smart lamp (SL t ).
Step 5: The smart lamp confirms the session key. After receiving MAC A ij , the smart lamp (SL t ) verifies MAC A ij . If the result of the verification is true, a mutual authentication and key agreement is completed.

Security Analysis
This paper applies the random oracle model [36] and BAN logic [37] for formal security proof. The random oracle model [36] is used to prove the security of the emergency signal sending phase, and BAN logic [37] is used to prove the secure authentication of the secure ambulance communication phase. Note that the process of the random oracle model proof [36] can refer to other works using the random oracle model, including Liu's work [38], because of a similar process of proof that aims to prove that the schemes can against eavesdropping attack to the Diffie-Hellman key exchange scheme. In addition, the process of BAN logic [37] can refer to other works using BAN logic, including Lee et al.'s [32] and Lin and Hsu's [13] works, because of a similar process of proof that aims to prove that principals in schemes can believe established session keys. This paper will not describe the random oracle model and the BAN logic proof in detail. Informal security presents theoretical analyses that are present for proof of fulfillment of the security requirements of the proposed scheme.

Security of Secret Key
Assume an adversary wants to obtain the master secret key obtained by the server of the medical institute (MS), the smart lamp (SL j ), and the ambulance (A ij ), such that P MS = T s MS (x) mod p and W j = T s j (x) mod p. The adversary must have to solve the question based on CMDLP. If the adversary wants to obtain the smart lamp's (SL j 's) secret key, the adversary is required to solve the question based on CMDLP. On the other hand, the smart lamp (SL j ) generates the secret key for the ambulance (A ij ) by performing S ij = S j T s j (V ij ) mod p. The smart lamp (SL j ) uses a private key (S j ) and a secret key (s j ) in the computing process, hence only the smart lamp (SL j ) is able to know the ambulance's (A ij 's) secret key.

Key Confirmation and Security of Session Key
The ambulance (A ij ) can check the session key (sk SL t ↔A ij ) by MAC SL t ? = h k (P t , P ij , µ ij ), and the smart lamp (SL t ) can also check the session key (sk SL t ↔A ij ) through MAC A ij ? = h sk SL t ↔A ij P ij , P t , ω t in the proposed scheme. If the adversary wants to obtain the session key (sk SL t ↔A ij ), the adversary has to solve CMDHP. Moreover, the session key (sk SL t ↔A ij ) is not the same every time because of the random number (a ij ). As a result, the proposed scheme achieves key confirmation while securing the session key.

Preventing Key-Compromise Impersonation Attacks
The ambulance's (A ij 's) random number (s ij ) can be stored in the onboard unit of the ambulance, which is hard to obtain information. On the other hand, the adversary cannot obtain k due to not knowing s t , and afterwards, the process cannot be completed by the adversary. As a result, the proposed scheme can prevent key-compromise impersonation attacks.

Mutual Authentication
In the secure ambulance communication phase, the ambulance (A ij ) and the smart lamp (SL t ) compute their session key k by public parameters (SLID t , AID ij , W ij , SLID j ). In addition, each party generates a message authentication code (MAC SL t ) and MAC A ij by k and sk SL t ↔A ij respectively to verify each other's validity. Moreover, because of the feature of HIDC, the smart lamp (SL t ) can realize that the ambulance (A ij ) comes from the cloud services provider by public parameter AID ij .

Preventing MITM Attack
In order to prevent an MITM attack in the secure ambulance communication phase, the ambulance (A ij ) and the smart lamp (SL t ) can confirm whether the message is resent, modified, and replaced, by checking the information through message authentication codes MAC SL t and MAC A ij . This means that the adversary cannot modify the message authentication codes MAC SL t and MAC A ij without the session key sk SL t ↔A ij . Thus, the proposed scheme can prevent an MITM attack.

Unforgeability
If the adversary wants to forge a validated anonymous identity, the adversary has to acquire smart lamp's (SL j 's) secret (s j ) and private key (S j ). The adversary has to solve CMDLP if the adversary wants to compute the smart lamp's (SL j 's) secret (s j ) and private key (S j ) from public parameter (W j ).

Without Assistance of Registration Center
The registration center (RC) is a third party for both sides of communication after the registration phase. A privilege or malicious insider attack may occur if the adversary is in the RC, and some risks may be led to, such as message leakage, verifications stolen, etc. If a privilege or malicious insider attack occurs in a telemedicine system, the patient's privacy and security may be damaged. Although works related to the security of the 5G networks have been proposed recently [3,4], the RC is included in the system structure of these works, which is no different from conventional networks. In the proposed scheme, the hierarchical system structure was introduced, which is suitable for 5G networks without a RC or a trusted third party.

Resistant to Bergamo et al.'s Attack
Bergamo et al. proposed an attack on Chebyshev chaotic maps-based cryptosystems based on two reasons as below [39]. First, an adversary is able to obtain related elements (x, a ij , µ ij , ω j ). Second, several Chebyshev polynomials go through the same point due to the periodicity of the cosine function. In the proposed scheme, an adversary is unable to obtain any related elements (x, a ij , µ ij , ω j ) because of being encrypted in transmitted messages where only the ambulance (A ij ) and the smart lamp (SL j ) can retrieve the decryption key. Moreover, the proposed scheme utilizes extended Chebyshev polynomials proposed by Zhang [34], in which the periodicity of the cosine function can be avoided. As a result, the proposed scheme can resist attack proposed by Bergamo et al. [39].

Computational Complexity Analysis
According to previous research that uses MIRACL Library and Ubuntu 16.0 operating system with 4 GB RAM and 2.7 GHz processor and get execution time [3,4,13], the time of performing a one-way hash function operation (T h ) is about 0.006 milliseconds (ms), and time for performing a Chebyshev chaotic maps operation (T ch ) is approximately equal with 42.04 times of performing a one-way hash function operation that is about 0.252 ms and using Chebyshev chaotic maps can be more efficient than using elliptic-curve cryptography. The time taken for computing XOR operations is ignored because the value is too low to influence the result. The results of computational complexity and performing time of the proposed scheme are presented and shown in Table 3. In the emergency signal sending phase, the patient will take 0.006 ms, the smart lamp will take 0.012 ms, and the server of the medical institute will take 1.8 ms after receiving a message from the patient. The ambulance does not exist in the emergency signal sending phase. Performing the emergency signal sending phase will take at least 1.818 ms, according to the results above. In the secure ambulance communication phase, the ambulance will take 0.792 ms, and each smart lamp will take 0.774 ms after receiving a message from the ambulance. The patient and server of the medical institute do not exist in the secure ambulance communication phase. Performing the secure ambulance communication phase will take at least 1.566 ms, according to the results above. Although there are no requirements or standards about the recommendation of time to perform a cryptographic module, the proposed scheme has proven that is more efficient than the previous studies. For example, the time to perform the emergency signal sending phase is better than Abdel-Malek et al.'s work [40]; the process of the secure ambulance communication phase is similar to Lin and Hsu's [13] work so that the results can be referred to Lin and Hsu's [13] work.

Conclusions
5G networks provide high-speed network, big capacity, and scalability, which has an efficient effect on energy consumption and provides quality of experience and amount of devices communication, and 5G can provide connection massive IoT. IoT with 5G environments provides solutions of the network layer, including enhancing the quality of service, to solve challenges of smart medical healthcare. EMS has become a complex network of all types of professionals, including care in an ambulance. 5G network with EMS can simplify the medical treatment process and improve the efficiency of patient treatment. The importance of healthcare-related privacy preservation is rising. If the work of privacy preservation fails, not only will medical institutes have economic and credibility losses but also property losses and even the lives of patients will be harmed. This paper proposes a privacy-preserved ID-based secure communication scheme in 5G-IoT telemedicine systems that can achieve the features below. The proposed scheme allows the emergency signal to be transmitted immediately with decreasing risk of secret key leakage. Information about the patient and their prehospital treatments can be transmitted securely while transferring the patient to the destination medical institute, and the quality of healthcare services can be assured while preserving the privacy of the patient through the proposed scheme. The proposed scheme supports not only normal situations but also emergencies. The proposed scheme applies key insulation to prevent key exposure problems on wearable devices and provides federated identity management, which can manage the identity of ambulances in a hierarchical structure efficiently. Finally, the proposed scheme can resist potential attacks and has been proven secure enough using the random oracle model [36] and BAN logic [37].