A Hybrid MCDM Approach of Selecting Lightweight Cryptographic Cipher Based on ISO and NIST Lightweight Cryptography Security Requirements for Internet of Health Things

Abstract

The most serious challenges currently faced by healthcare environment is the decision making related to the installation of the most suitable and appropriate lightweight authentication cipher that could provide solutions towards the authentication issues prevailing in IoHT devices. This decision making becomes more troublesome and tricky due to the number of factors that are taken into account such as availability of many existing ciphers, complex and multiple numbers of requirements involved and frequent changing of these requirements from one platform to another. This decision making is also hampered by the nature of IoT devices operating in healthcare environment as they come up with limited functionality, processing, bandwidth and memory. In this regard, we present an evaluation framework focuses upon the selection of best light weight cryptographic ciphers by considering the most important parameters or requirements of criteria. The proposed framework considers the requirements like performance, physical and security as suggested by widely accepted standards such as National Institute of Standards and Technology (NIST) and International Standard Organization standard such as ISO/IEC 29192 for building evaluation criteria. This framework evaluates and selects the best lightweight cryptographic among the 10 ciphers i.e. PRESENT-80, Scalable Encryption Algorithm (SEA), HIGHT, Lightweight Encryption Algorithm (LEA) Advanced Encryption Standard (AES-128), mCrypton, NOEKEON, Klein, Camellia and Tiny Encryption Algorithm (TEA) for the purpose of evaluation in IoHT environment. This framework uses two decision making methods such as Criteria Importance Through Inter criteria (CRITIC) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS). CRITIC assigns weights to alternatives and TOPSIS is used for evaluating alternatives (ciphers) against the defined criteria of evaluation. The proposed work is novel due to number of reasons such as the newly defined criteria adopted in this framework is the first attempt to use the security requirements of International Standard Organization (ISO) and National Institute of Standards and Technology (NIST). Secondly, this is first time that CRITIC and TOPSIS methods have been applied for assessment and decision making in healthcare environment. Similarly, the selected lightweight authentication cryptographic ciphers are used for the first time for assessment in IoHT environment. This approach addresses both hardware and software characteristics for selecting the best security option for lightweight cryptographic security.