FAIDM for Medical Privacy Protection in 5G Telemedicine Systems

Featured Application: This work can be applied in 5G telemedicine systems which can remote monitor health condition of patients and provide medical related data to medical professional. Devices on patients, which are IoT devices, should be managed properly, and proposed scheme can achieve the purpose while preserving privacy. Abstract: 5G networks have an efﬁcient effect in energy consumption and provide a quality experience to many communication devices. Device-to-device communication is one of the key technologies of 5G networks. Internet of Things (IoT) applying 5G infrastructure changes the application scenario in many ﬁelds especially real-time communication between machines, data, and people. The 5G network has expanded rapidly around the world including in healthcare. Telemedicine provides long-distance medical communication and services. Patient can get help with ambulatory care or other medical services in remote areas. 5G and IoT will become important parts of next generation smart medical healthcare. Telemedicine is a technology of electronic message and telecommunication related to healthcare, which is implemented in public networks. Privacy issue of transmitted information in telemedicine is important because the information is sensitive and private. In this paper, 5G-based federated anonymous identity management for medical privacy protection is proposed, and it can provide a secure way to protect medical privacy. There are some properties below. (i) The proposed scheme provides federated identity management which can manage identity of devices in a hierarchical structure efﬁciently. (ii) Identity authentication will be achieved by mutual authentication. (iii) The proposed scheme provides session key to secure transmitted data which is related to privacy of patients. (iv) The proposed scheme provides anonymous identities for devices in order to reduce the possibility of leaking transmitted medical data and real information of device and its owner. (v) If one of devices transmit abnormal data, proposed scheme provides traceability for servers of medical institute. (vi) Proposed scheme provides signature for non-repudiation.


Introduction
5G (the fifth generation) networks, also known as next generation of 4G, is the newest standard of mobile telecommunication from 3GPP which is being deployed, providing highspeed network, big capacity, and scalability [1,2]. 5G networks have an efficient effect in energy consumption and provide a quality experience via a large number of communication devices [3]. End point devices transmit data and request for services through a small base station (SBS) and major base station (MBS) [1,4,5]. A device connects with SBS by using a high-band spectrum (5G mmWave) technology and device-to-device (D2D) communication, which is one of the key technologies of 5G networks [1,4,5]. Moreover, 5G combines and shev chaotic maps, and chaotic maps-based signature which we apply in our scheme. In Section 3, we describe the proposed scheme. We discuss the security and performance analysis of proposed scheme in Sections 4 and 5, respectively. Finally, some concluding remarks are presented.

Related Works
In this section, we introduce telemedicine, Chebyshev chaotic maps, healthcare certificate, chaotic maps-based signature, and some related works.

Telemedicine
Telemedicine is a technology of electronic message and telecommunication related to healthcare [20,21]. The patient will send healthcare related information, which is important, sensitive, and private, to healthcare services through public networks when using telemedicine technology [21]. Medical professionals can know users' health condition if they are able to view the information immediately [21]. Data transmission security will be discussed, such as eavesdropping, man-in-the-middle attack, data tempering attack, message modification attack, and data interception attack [22]. Technical support is not enough though Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and Safe Harbor Laws have been made which provide personal information privacy [22][23][24]. A general telemedicine system can be divided to three levels [25]. Level 1 (primary healthcare unit) consist of users with webcam, smart phone, or wearable devices; Level 2 (city or district hospital) is clinic or local hospital which patient may visit before being transferred to large hospital or medical center; Level 3 (specialty center) will take part in telemedicine in case of rare disease or incurable disease [25]. Figure 1 illustrates a remote patient monitoring system in 5G IoT architecture which can assist medical professional to monitor remote patient's biodata through specific devices [2,25,26]. Mobile health plays an important role on medical healthcare monitoring and alarm system and clinical data storage and maintenance system. In remote patient monitoring systems, wearable devices and mobile phones belong to a sensor layer which is responsible for gathering measured data. Measured data is transmitted to network layer, IoT gateway for example, through small base station (SBS) communication. After that, data will be transmitted out of the local area network to major base station (MBS), such as 5G link, through MBS communication. Both the network layer and communication layer are responsible for data processing. Finally, data will be transmitted to a medical services servers of clinic or local hospital called architecture layer, such as an electronic health records (EHR) system, cloud storage, and analytics. Authorized medical professionals in the main hospital can access medical services servers to monitor a patient. Authorized medical professionals in specialty center will involve and observe measured data in case of rare disease or incurable disease.
In this paper, we introduced a cryptographic protocol which can be applied in asynchronous telemedicine and synchronous telemedicine and provide communication security and user anonymity to protect patient's privacy.

Healthcare Certificate
Medical and healthcare devices nowadays are required certifications under safety and functional requirements [27]. Meanwhile, healthcare service providers should go through a certification procedure based on ISO 27000 and 20000 series in order to process healthcare data [27]. However, different kinds of healthcare devices have different safety and privacy requirements [27]. Establishing a general certification for all healthcare sectors is difficult [27]. One of the solutions to the problem would be to design segregated schemes with links between them, such as a healthcare certificate issued by a trusted institution [27]. All medical and healthcare devices should be issued certificates to proof that they are qualified in safety and functional requirements [27]. In other words, using certified components can be a requirement in medical and healthcare field.

ID-Based Cryptosystem
In 1985, Shamir introduced the concept of identity-based (ID-based) cryptosystem [28]. The main difference from traditional public key cryptosystem is that it derives the user's public key from public information that uniquely identifies the user. Since it is meaningful information, we do not need any certificate to prove the validity of the corresponding public key. In 2002, Gentry et al. proposed hierarchical ID-based cryptography, also called HIDC [29]. The major purpose of Gentry et al.'s scheme is reducing the loading of private key generation (called PKG) and the risk of key escrow [29]. In the structure of HIDC, there is a key generation center at each level, and the one at the top level is root PKG. The root PKG is the third trusted center, and there will be legal sub-level key generation centers where users under the same domain register to. In 2009, Yan et al. discovered that HIDC was suitable for cloud computing and improved the register phase in order to achieve federated identity management because as more and more cloud service providers provide various cloud services via different interfaces, federal identity management becomes a rising issue [30]. The cloud service providers in Yan et al.'s scheme can compose an alliance, and users can sign on with one account and use various cloud services [30]. However, Yan et al.'s scheme [30] only proposed mutual authentication for security except for rules of identity authentication code, and it did not mention the possible security problems of cloud computing. Nevertheless, Yan et al.'s scheme [30] does not provide user anonymity. Park et al. [31] proposed an HIDC scheme for VANETs which provided vehicle user anonymity, but it is not suitable for cloud computing. Shen et al. introduced an HIDC scheme with time-bound and key management for multicast systems [32]. Fremantle and Aziz [33] proposed a cloud-based federal identity management mechanism for IoT, and Maria et al. [34] proposed a lightweight federal identity management mechanism for IoT. However, federal identity management in 5G IoT environment is still lack of discussions, not to mention telemedicine in a 5G IoT environment.

Chebyshev Chaotic Maps
The chaotic system is characterized by a sensitive dependence on initial conditions, pseudo-randomness, and ergodicity [35][36][37]. These features have the excellent properties of diffusion and confusion, which are important in cryptography [35,36]. Researchers have proposed image encryption in chaotic maps [38,39]. Definitions of Chebyshev chaotic maps are introduced below. Definition 1. The Chebyshev polynomial T n (x) : [−1, 1] → [−1, 1] is a polynomial in x of degree n, defined as T n (x) = cos(ncos −1 (x)).

Definition 2.
The recurrent relation of T n (x) is defined as T n (x) = 2xT n−1 (x) − T n−2 (x) for any n ≥ 2, T 0 (x) = 1, and T 1 (x) = x. Definition 3. One of the most important properties of Chebyshev polynomials is semi-group property which establishes T r (T s (x)) = T rs (x) = T s (T r (x)) for any (s, r) ∈ Z and s ∈ [−1, 1]. The interval [−1, 1] is invariant under the action of the map T n (x) : [ − 1, 1] → [− 1, 1] . Therefore, the Chebyshev polynomial restricted to the interval [−1, 1] is a well-known chaotic map for all n > 1. It has a unique continuous invariant measure with positive Lyapunov exponent ln n. For n = 2, Chebyshev maps reduces to well-known logistic maps.

Definition 4.
In order to enhance property of Chebyshev chaotic maps, Zhang [40] proved that the semi-group property holds for Chebyshev polynomials defined on interval [− ∞, +∞]. This paper utilizes the following enhanced Chebyshev polynomials. +∞), and N is a large prime number. According to the equations, the semi-group property still holds, and the enhanced Chebyshev polynomials also commute.
Chaotic maps-based discrete logarithm problem (CMDLP). Given two elements x and y, it is computationally infeasible to find the integer n such that T n (x) mod N = y. Definition 6. Chaotic maps-based Diffie-Hellman problem (CMDHP). Given three elements x, T r (x) mod N, and T s (x) mod N, it is computationally infeasible to compute T rs (x) mod N.

Chaotic Maps-Based Signature
Chebyshev chaotic maps has been utilized not only in authentication, key agreement schemes but signature schemes. Chain and Kuo first proposed a digital signature scheme based on chaotic maps [41]. Several signature schemes based on chaotic maps have been proposed recently. For example, Tahat and Hijazi [42] proposed an enhanced signature scheme to improve Chain and Kuo's [41]; Tahat et al. proposed an ID-based cryptographic model for Chebyshev chaotic maps to demonstrate the transformation model of ID-based schemes [43]; Tahat et al. proposed an ID-based blind signature based on chaotic maps [44]. Meshram et al. focused on online/offline short signature schemes and proposed schemes using chaotic maps [45], such as ID-based short signature scheme and subtree-based short signature scheme for wireless sensor network [46]. In this paper, we apply Meshram et al.'s ID-based online short signature scheme [45].

Proposed Scheme
In this paper, we proposed a FAIDM for medical privacy protection in 5G telemedicine systems. The notations of the scheme are shown as Table 1. The system structure of proposed scheme includes remote server node, gateway node (GW i ), and constrained node (CN ij ). A constrained node is in a sensor layer of a proposed 5G IoT remote patient monitoring system structure and can be in devices which gather measured data, such as sensors or wearable devices that can be carried by a human. The role of these devices consists of monitoring or sensing the environment, so they collect and transmit data to gateway nodes. For example, in a healthcare application, sensors can be planted in or on a human's body in order to collect health-related data. Gateway nodes, which are SBSs/MBSs, are in the network or communication layers of the proposed 5G IoT remote patient monitoring system structure, and it can be assumed that the gateway nodes have enough energy resources, performance processors, and memory. Gateway nodes process received data collected by the different constrained nodes and forward the to the remote server node. Remote server node is in architecture layer of proposed 5G IoT remote patient monitoring system structure and can be assumed that remote server node has no limitations of computing resource. Medical professionals in the architecture layer can continuously follow a patient's health status based on data received. Note that the interaction between communication and the architecture layer should be secure which may be guaranteed by functions in the core network, such as authentication server function (AUSF), authentication credential repository and processing function (ARPF), subscription identifier de-concealing function (SIDF), and security anchor function (SEAF) [47,48], but secure communication between these two layers is not discussed in our scheme. The remote server node takes part in the system initialization and generating system parameters. A constrained node has to register to any legitimate gateway node for becoming legitimate. A gateway node has to register to the remote server node for becoming legitimate. When a patient wears a wearable healthcare device and goes home from hospital, the device transmits measured data through an IoT gateway (GW t ) at home which is in different domain from hospital. The system structure is show as Figure 2. Table 1. Notations of the proposed scheme.

Notations Definitions
s 0 The secrete value of remote server node S s i The secrete value of ith gateway node (GW i ) s ij The secrete value of ijth constrained node (CN ij ) S i Private key of GW i after registering to remote server node S ij Private key of CN ij after registering to GW i aS ij CN ij 's anonymous private key issued by GW i ID i , ID ij , aID ij Identity of GW i , CN ij , and CN ij 's anonymous identity Q 0 , Q i , Q ij , Q aID ij Public parameters of generated by secrete values The session key of CN ij and GW i H 1 (.), H 2 (.), H 3 (.) Collision-resistance one-way hash functions h K (.) Collision-resistance secure one-way chaotic hash function using K as the key The symmetric encryption and decryption using k as the key The message authentication code algorithm of GW i and CN ij Cert HCA→S The certification issued by healthcare certification authority to remote server node S.
The certification issued by remote server node S to GW i which is generate from Cert HCA→S .
The certification issued by GW i to CN ij which is generate from Cert S→GW i .
The proposed scheme consists of seven phases: System initialization phase, gateway node registration phase, constrained node registration phase, mutual authentication and key agreement phase, anonymous identity distribution phase, and anonymous signature and verification phase. The notations of proposed scheme are shown in Table 1.
Before system initialization phase, the healthcare services provider needs to apply for certificates Cert HCA→S from healthcare certification authority before providing healthcare services. The healthcare certification authority should be a credible and dependent institute, such as National Health Service Business Services Authority (NHSBSA) of United Kingdom [49], European Federation Gateway Service (EFGS) of European Commission [50], American Hospital Association Certification Center (AHA-CC) of USA [51], Pharmaceuticals and Medical Devices Agency (PMDA) of Ministry of Health, Labor and Welfare, Japan [52], or Healthcare Certification Authority (HCA) of Ministry of Health and Welfare, Taiwan [53]. The certificate Cert HCA→S is regarded as the root certificate in the system, and only certified healthcare services provider can obtain Cert HCA→S .

System Initialization Phase
In the remote server node initial phase, the remote server node S, which provides telemedicine services and is certified by healthcare certification authority, sets up parameters by performing following steps.
Step 1: The healthcare certification authority issues a certificate Cert HCA→S to remote server node S which provides telemedicine services and is certified by healthcare certification authority.
Step 2: The remote server node S generates a secret value s 0 , a big prime p, and random number x ∈ (−∞, +∞) and computes Q 0 = T s 0 (x) mod p.
Step 4: The remote server node S outputs public Step 5: The gateway node GW i generates two large random primes (p i , q i ), N i , and ϕ i as follows. Then, the gateway node GW i selects a random integer e i , where 1 < e i < ϕ i and gcd (e i , ϕ i ) = 1, and makes it public. After that, the gateway node GW i computes d i , where 1 < d i < ϕ i and e i d i ≡ 1 (mod ϕ t ) and keeps it secretly.

Gateway Node Registration Phase
In this phase, gateway node GW i interacts with remote server node S for registration. To deal with the registration request submitted by the gateway node GW i , the remote server node S validates the gateway node GW i 's legitimacy then issues the private key S i and certificate Cert S→GW i via a secure channel. Note that remote server node S computes a private key by gateway node GW i 's registration information. Figure 3. illustrates process of gateway node registration phase. Detailed descriptions are stated as follows: Step 1: The gateway node GW i chooses an identifier ID i and submits to remote server node S.
Step 2: Upon receiving ID i from gateway node GW i , remote server node checks the format of ID i . If ID i is valid, remote server node S computes S i correspond to ID i , generates Cert S→GW i from Cert HCA→S , and sends (S i , Cert S→GW i ) via secure channel to the gateway node GW i .
Step 3: The gateway node GW i chooses a random number s i as secret value and computed Q i and stores Cert S→GW i to complete gateway node registration phase.

Constrained Node Registration Phase
The constrained node CN ij submits registration information to gateway node GW i in this phase. The gateway node GW i verifies the constrained node CN ij 's legitimacy then issues private key S ij and certificate Cert GW i →CN ij to complete this phase. Note that the gateway node GW i computes private key S ij by constrained node CN ij 's registration information. Figure 4. illustrates process of constrained node registration phase. Detailed descriptions are stated as follows: Step 1: Constrained node CN ij chooses an identifier ID ij and a random number s ij as his own secret, computes Q ij , and sends (ID ij , Q ij ) to gateway node GW i .
Step 2: Upon receiving ID ij from constrained node CN ij , gateway node GW i checks the format of ID ij . If ID ij is valid, gateway node GW i computes private key S ij correspond to ID ij , generates Cert GW i →CN ij from Cert S→GW i , and sends (S ij , Cert GW i →CN ij ) to constrained node CN ij via secure channel.
Step 3: The constrained node CN ij stores (S ij , Cert GW i →CN ij ) to complete the constrained node registration phase.

Mutual Authentication and Key Agreement Phase
After the constrained node joins the remote server node alliance as a remote server node member, it can use the services not only provided by the registered services provider but also other services provider in the same remote server node alliance. When the constrained node applies for remote server node services, the gateway node and constrained node will executive mutual authentication to ensure the further interaction between the gateway node and constrained node is secure and validated. Figure 5. illustrates process of mutual authentication and key agreement phase. Detailed descriptions are stated as follows: Step 1 Constrained node CN ij chooses a random number a ij , computes µ ij and C t , and sends (C t , ID ij ) to gateway node GW t .
Step 2: Upon receiving (C t , ID ij ), gateway node GW t obtains (µ ij ||a ij ||Cert GW i →CN ij ) by decrypting P t and verifies Cert GW i →CN ij is valid. If Cert GW i →CN ij is valid, gateway node GW t progresses to steps below, or gateway node GW t abandons request.
Step 3: Gateway node GW t computes (ω t , sk GW t ↔CN ij , P i , P ij , P t , K, MAC GW t ) and sends (MAC GW t , ω t ) to the constrained node CN ij .
Step 4: Upon receiving (MAC GW t , ω t ), constrained node CN ij computes (sk GW t ↔CN ij , K ) and verifies MAC GW t . If result of verification is true, constrained node CN ij computes MAC CN ij and sends MAC CN ij to gateway node GW t .
Step 5: Upon receiving MAC CN ij , gateway node GW t verifies MAC CN ij . If the result of verification is true, mutual authentication and key agreement is completed.

Anonymous Identity Distribution Phase
If the constrained node needs an anonymous identity for some remote server node services, the gateway node will generate an anonymous identity and the corresponding private key for constrained node according to the registration information. Note that anonymous identity will compute by adding constrained node's ID to ensure their connection. Figure 6. illustrates process of anonymous identity distribution phase. Detailed descriptions are stated as follows: Step 1: Gateway node GW t generates a random number t t , uses session key sk GW t ↔CN ij to encrypt ID ij and t t , and generates and sends pseudonym aID ij to constrained node CN ij .
Step 2: Upon receiving aID ij , constrained node CN ij computes P aID ij and Q aID ij and sends Q aID ij to gateway node GW t . Figure 6. Anonymous identity distribution phase of proposed scheme.
Step 3: After receiving Q aID ij , gateway node GW t decrypts Q aID ij with sk GW t ↔CN ij and checks P aID ij using ID t and aID ij . If it holds, gateway node GW t computes aS ij and encrypts aS ij with sk GW t ↔CN ij . Then, gateway node GW t encrypts (C, P t ) to MAC GW t and sends MAC GW t to constrained node CN ij .
Step 4: Upon receiving MAC GW t , gateway node GW t verifies MAC CN ij . If result of verification is true, gateway node GW t obtain aS ij by decrypting C, and anonymous identity distribution phase is completed.

Anonymous Signature and Verification Phase
Gateway node GW t (verifier) receives and verifies message with signature generated by anonymous private key aS ij using verification function. Figure 7. illustrates process of anonymous signature and verification phase. Detailed descriptions are stated as follows: Step 1: Constrained node CN ij chooses a random number R ij ∈ Z * q , computes (W ij , V ij , t ij ) for further computation.
Step 2: Constrained node CN ij chooses a random number L ij ∈ Z * p so that L ij_g is the gth bit of L ij . Then, constrained node CN ij computes (O ij , b ij ) to obtain Y ij and η ij , generates signature with signature σ ij , and sends σ ij to gateway node GW t .
Step 3: Upon receiving signature σ ij , gateway node GW t verifies signature σ ij . If η ij holds, signature is accepted.

Security Analysis
We present formal verification using BAN logic [54] and theoretical analyses to prove that proposed scheme can achieve security properties and resist potential common attacks.

Formal Verification Using BAN Logic
BAN logic has become a widely accepted and well-known logical methodology for analyzing security of schemes [54][55][56][57][58][59][60][61][62][63][64][65]. The goal of BAN logic is to verify the exchanged information and the belief relationship among communicating parties and analyze protocols by deriving beliefs to proof that honest and legitimate parties can correctly execute and complete a protocol [54,[66][67][68]. We apply BAN logic [54] to prove the authenticity of our scheme. The notations used in BAN logic [54] analysis are defined as follows. P and Q are principles, X and Y are statements, C is channel, r and w are set of readers and writers respectively, and K is encryption key. P|≡X denotes that P believes X; P|~X denotes that P once said X; C(X) means that X is transited via channel C; r(C) and w(C) denotes as the set of readers and writers of C respectively. P C(X) means that P sees C(X). X is transited via C and can be observed by P, and P must be a reader of C to read X. P X|C means that P sees X via C. (X) K denotes that X is encrypted with the key K. P K ↔Q means that P and Q can establish a secure communication channel by using K. The logical postulates in BAN logic [54] are described using rules below. Rule 1.

P C(X), P∈r(C)
P |≡(P X |C), P X : If P receives and reads X via C, then P believes that X has arrived on C and P sees X.
P C(X, Y) P X, P Y : If P sees a hybrid message (X, Y), then P sees X and Y separately. Rule 3. P |≡(w(C) = {P, Q}) P |≡(P X |C) → Q | ∼X : If P believes that C can only be written by P and Q, then P believes that if P receives X via C, then Q said X.
P |≡ (Q| ∼(X, Y)) P |≡ (Q| ∼X), P≡ (Q| ∼Y) : If P believes that Q said a hybrid message (X, Y), then P believes that Q has said X and Y separately. : If P believes that s ij is its extended chaotic maps-based Diffie-Hellman secret and that ω t is the extended chaotic maps-based Diffie-Hellman component from Q, then P believes that sk GW t ↔CN ij is the symmetric key shared between P and Q. Rule 6.
P |≡ (Q| ∼ X), P|≡#(X) P |≡ (Q| ∼X) : If P believes that another Q said X and P also believes that X is fresh, then P believes that Q has recently said X.
P |≡#(X) P |≡#(X, Y) : If P believes that a part of a mixed message X is fresh, then it believes that the whole message (X, Y) is fresh.
: If P believes that Φ 1 implies Φ 2 and P believes that Φ 1 is true, then P believes that Φ 2 is true.
The proposed scheme is described in logic as below. Step , ω t ) Table 2 lists used assumptions, where A and B are CN ij and GW t , but A = B. Based on to the assumptions and logical analyses, the proposed scheme must realize goals in Table 3. Table 3. Goals of the proposed scheme.

Goals Definitions
is a symmetric key shared between participants CN ij and GW t .
is a symmetric key shared between participants CN ij and GW t .
Constrained node CN ij believes that S j is convinced of . is a symmetric key shared between CN ij and GW t Gateway node GW t believes that U is convinced of sk GW t ↔CN ij = H 3 (T s t (µ ij ) mod p) is a symmetric key shared between CN ij and GW t .
Next, we have Equations (44) and (45) that must hold because of A3 and Rule 8 to accomplish Equation (43).
We have Equation (46) which must hold because of Rule 6 and 7 and A4 to accomplish Equation (45).
We have the proposed scheme realizes that G1 is achieved by using Rule 5. Similarly, we have that the proposed scheme realizes G2 by using the same arguments of G1.
We have Equations (50) and (51) which must hold because of Rule 3 and A3 to accomplish G3.
We have Equations (51) and (52) which must hold because of Rule 6 and 7 and A4 to accomplish Equation (51).
Thus, the proposed scheme realizes G3 is achieved. Similarly, using the same arguments of G3, the proposed scheme realizes G4. Therefore, the proposed scheme realizes G1, G2, G3, and G4.

Theoretical Analyses
We present theoretical analyses to prove that proposed scheme can achieve security properties and resist potential common attacks.

Security of Secret Key
We assume that adversary wants to get the master secret key obtained by remote server node, gateway node GW i and constrained node CN ij , such like Q 0 = T s 0 (x) mod p and Q i = T s i (x) mod p. The adversary must have to solve the question based on CMDLP. If an adversary wants to get the gateway node GW i 's secret key by compute S i = T s 0 (P i ) mod p = T s 0 (H 1 (ID i )) mod p, adversary needs to solve the question based on CMDLP. On the other hand, the gateway node GW i generates the secret key for the constrained node CN ij . by performing The gateway node GW i use private key S i and its own secret s i in the computing process, hence only gateway node GW i . can know the constrained node CN ij 's secret key.

Session Key Confirmation and Security of Session Key
We provide session key confirmation which can guarantee the correctness of the encryption key in the session through message authentication code MAC GW t and MAC CN ij . If the adversary wants to obtain a session key sk GW t ↔CN ij , the adversary has to solve CMDHP even with knowledge of ω t . Moreover, session key sk GW t ↔CN ij is not the same every time because of random number a ij .

Mutual Authentication
In the authentication process, constrained node CN ij and gateway node GW i compute their session key K by public parameters (ID i , ID ij , Q ij , X, ID t , Y). In addition, each party generates message authentication code MAC GW t and MAC CN ij by K and sk GW t ↔CN ij respectively to verify their validity. Moreover, because the feature of HIDC, gateway node GW t can realize constrained node CN ij comes from which cloud services provider by public parameter ID ij .

Device Anonymity
After mutual authentication phase, constrained node CN ij can obtain pseudonym private key aS ij corresponding to pseudonym identity aID ij from supplier gateway node GW t . The pseudonym identity aID ij involve not only constrained node CN ij 's ID ij but also time stamp t s , that is to ensure every time the constrained node can obtain different pseudonym identity to avoid attack by remove the linkage between the real identity and pseudonym identity. Besides, aID ij is computed by a supplier with its own secret. That is, only the supplier who gave aID ij to the constrained node CN ij can recover the constrained node's real identity.

Traceability of Anonymity
Server node S can audit transmission history by recovering anonymous ID aID ij . The gateway node GW t decrypts aID ij with secret s i to recover anonymous real identity by performing (ID ij ||t t ) = D sk GW t ↔CN ij (aID ij ).

Unforgeability
If the adversary wants to forge validated anonymous identity, adversary has to acquire gateway node GW i 's secret s i and private key S i . The adversary has to solve CMDLP if adversary wants to compute gateway node GW i 's secret s i and private key S i from public parameter Q i .

Without Assistance of Registration Center
Ying and Nayak [4] and Ul Haq et al. [5] proposed scheme for multi-server 5G networks which included a registration center (RC) in their system structures. RC is a third party for both sides of communication, and two parties have to go through registration phase to RC before communication. Privilege attack or malicious insider attack may occur if the adversary is in RC, and risk of message leakage may happen. If privilege attack or malicious insider attack happen in telemedicine system, patience privacy may be damaged. Moreover, system structure including RC in 5G networks is no difference from the one in conventional networks. In proposed scheme, we introduced hierarchical system structure which is suitable for 5G networks without RC or trusted third party.

Non-Repudiation and Security of Signature
When constrained node CN ij executes signature function based on Chebyshev chaotic maps with anonymous private key aS ij to generate signature σ ij . Gateway node GW t can verify η ij . As the result, non-repudiation can be achieved. We apply signature Meshram et al.'s ID-based online short signature scheme [45] in anonymous signature and verification phase, and security of signature has been proven using Bellar et al.'s method [69].

Resistant to Bergamo et al.'s Attack
Bergamo et al.'s attack [70] is based on two conditions: Attackers can obtain related elements (x, a ij , µ ij , ω t ) or several Chebyshev polynomials pass through the same point due to the periodicity of cosine function. In the authenticated key exchange phase of the proposed scheme, attackers cannot obtain any of the related elements (x, a ij , µ ij , ω t ) because they are encrypted in transmitted messages and only the user and server can retrieve the decryption key. Moreover, the proposed protocol utilizes the extended Chebyshev polynomials, in which the periodicity of the cosine function is avoided by extending the interval of x to (−∞, +∞) [40]. As a result, our scheme can resist the attack proposed by Bergamo et al. [70].

Performance Analysis
We present comparisons of Yan [5], and proposed schemes concerning security requirements and computational complexity comparison.

Security Requirements Comparison
As shown in Table 4, proposed scheme provides all listed security requirements. Yan [5] scheme achieves mutual authentication, session key confirmation, and anonymity. None of mentioned previous schemes achieve traceability of anonymity, unforgeability, and non-repudiation except proposed scheme.

Computational Complexity Comparison
We present a computational complexity comparison of our scheme with Yan [5] schemes perform more not only one-way hash function operations but elliptic curve point multiplications. The results have proven that performing an elliptic curve point multiplication takes more time than a Chebyshev chaotic maps operation, and, compared to RSA and ECC, Chebyshev polynomials can offer smaller key size and faster computation [42,43,[72][73][74]. However, Yan et al.'s scheme [30] performs only two elliptic curve point multiplications in total while our scheme performs six Chebyshev chaotic maps operations. For the above reason, Yan et al.'s scheme [30] takes less time than our scheme. Although Yan et al.'s scheme [30] is more efficient than our scheme by a narrow margin, Yan et al.'s scheme [30] cannot provide key confirmation because of lacking session key agreement, and neither can Ying and Nayak's scheme [4]. Moreover, Yan et al.'s scheme [30] cannot provide mutual authentication, anonymity, traceability of anonymity, unforgeability, and non-repudiation. Figure 8. illustrates computational complexity of receiver/gateway node with varying number of devices.

Conclusions
5G networks has an efficient effect in energy consumption and provides quality of experience and amount of devices communication, and 5G will change connected services and devices through higher reliability, connectivity, and cloud storage. IoT applying 5G infrastructure changes application scenario in many fields especially real-time communication between machines, data, and people. IoT with 5G environment provides solutions of network layer, including enhancing quality of service, router and jamming control, and resource optimization, to solve challenges of smart medical healthcare. Medical privacy is important in smart medical healthcare because data leaking brings potential harm to patients and hospital. We propose a FAIDM for medical privacy protection in 5G telemedicine systems which provides federated identity management which provide a secure way to protect medical privacy. To achieve privacy preservation, we provide anonymous identity to constrained nodes for reducing exposure of personal private data. Our scheme provides features below. (i) Proposed scheme provides federated identity management which can manage identity of devices in a hierarchical structure efficiently. (ii) Identity authentication will be achieved by mutual authentication between devices and SBSs/MBSs. (iii) The proposed scheme provides session key to secure transmitted data which is related to privacy of patients. (iv) The proposed scheme provides anonymous identities for devices in order to reduce the possibility of leaking transmitted medical data and real information of device and its owner. (v) If one of devices transmit abnormal data, the proposed scheme provides traceability of anonymous identities for servers of medical institute to check specific device. (vi) the proposed scheme provides anonymous signature for non-repudiation of devices, and records of signatures can be used for periodical audit of medical institute.  Data Availability Statement: This study did not report any data.