A novel secure authentication protocol for eHealth records in cloud with a new key generation method and minimized key exchange

Abstract

In wake of covid19, many countries are shifting their paper-based health record management from manual processes to digital ones. The major benefit of digital health record is that data can be easily shared. As health data is sensitive, more security is to be provided to gain the trust of stakeholders. In this paper, a novel secure authentication protocol is planned for digitalizing personal health record that will be used by the user. While transacting data, a key is used to secure it. Many protocols used elliptic curve cryptography. In this proposed protocol, at an initial stage, an asymmetric and quantum-resistant crypto-algorithm, Kyber is used. In further stages, symmetric crypto-algorithm, Advanced Encryption Standard in Galois/Counter mode (AES-GCM) is used to secure transferred data. For every session, a new key is generated for secure transactions. The more interesting fact in this protocol is that transactions are secured without exchanging actual key and also minimized the key exchange. This protocol not only verified the authenticity of user but also checked rightful citizenship of user. This protocol is analyzed for various security traits using ProVerif tool and provided better results relating to security provisioning, cost of storage, and computation as opposed to related protocols.