Secure-user sign-in authentication for IoT-based eHealth systems

Sustainable Computing has advanced the technological evolution of the Internet and information-based communication technology. It is nowadays emerging in the form of the Cloud of Medical Things (CoMT) to develop smart healthcare systems. The academic community has lately made great strides for the development of security for the CoMT based application systems, such as e-healthcare systems, industrial automation systems, military surveillance systems, and so on. To the architecture of CoMT based Smart Environment, Chebyshev Chaotic-Map based single-user sign-in (S-USI) is found as a significant security-control mechanism. To ensure the fidelity, the S-USI assigns a unary-token to the legal users to access the various services, provided by a service provider over an IP-enabled distributed networks. Numerous authentication mechanisms have been presented for the cloud-based distributed networks. However, most of the schemes are still persuasible to security threats, such as user-anonymity, privileged-insider, mutual authentication, and replay type of attacks. This paper applies a sensor/sensor-tag based smart healthcare environment that uses S-USI to provide security and privacy. To strengthen the authentication process, a robust secure based S-USI mechanism and a well-formed coexistence protocol proof for pervasive services in the cloud are proposed. Using the formal security analysis, the prominence of the proposed strategies is proven to show the security efficiency of proposed S-USI. From the formal verification, the comparison results demonstrate that the proposed S-USI consumes less computation overhead; and thus it can be more suitable for the telecare medical information systems.


Introduction
Of late, smart sustainable cities have been engaged in the recreation activities of the individual. It is nowadays converging the technological aspects of IoT and its associated big data applications to develop intelligent computing systems [1]. This is underlying as the technological core in the construction of numerous transformations. To exhibit the data characteristics, the state of the attributes such as monitoring, collecting, processing, and analyzing are explicitly regenerated that controls the environmental condition of smart cities. Various intelligent systems such as energy, automation, infrastructure, and transport utilize the core developments of IoT and big data applications to build sustainable environs. Smart sustainable cities typically meet the standard requirements of pervasive and mobile intelligence [2]. It uses distributed computing to establish communication between the IoT objects that offer informational services to the urbanites [3]. A technological change characterizes the significance of disruptive technologies that embed the techniques of ICT to address the complexities of technourban systems.
The urban domains may apply ICT technologies to implicate the environment features [1]. The technological evolution emerges the ICT visions to develop sustainable computing systems including infrastructure, facilities, services, resources, design, etc. The pervasive intelligence may integrate these important features to manage environmental issues [2]. A computing paradigm may use big data analytics to realize the key factors of novel applications that stimulate the development of sustainable systems. In the past, the ICT has dramatically changed for the maximization of service connectivity that closely associates with the cloud computing systems as a platform to enable environmental services. Most of the information services integrate PaaS to operate computing services through centralized systems. According to Statista, the cloud market is expected to grow $163billion in 2021 that increases the connectivity of IoT devices to improve communication efficiency [4].
The convergence technologies such as augmented reality, autonomous driving, and smart cities are continuously being transformed to meet the standard requirements such as communication speed, bandwidth, and low-latency. It may synergize with IoT technology to improve service efficiency, which unifies the network structures to manage the high-level services. However, it has three major perspectives to address security issues: (1) drive the network traffic to examine the device connectivity; (2) increase the service connection over a cloud platform; (3) integrate the heterogeneous network to identify security issues. In the advancement of cloud computing technologies, the cloud assistive electronic healthcare systems are growing rapidly for remote e-healthcare services. Various security solutions with different application aspects [5,6] shave been proposed for cloudcomputing systems that are very much suitable to build a secure e-healthcare system.
A popular domain, known as TMIS [7,8] has been one of the more suitable applications for remote electronic healthcare systems. However, the TMIS application can be emerged with a cloud assistive cognitive aware e-healthcare system to facilitate the medical diagnosis and the storage of healthcare records. The medical entities such as medi-expert, patient, and server-database are preferred to transmit the medi-data over insecure public networks. The data fabrication may lead to severe hazards; and thus it should be kept secret to provide patient's privacy and convenient access. Therefore, a secure data transmission in TMIS has become a hot issue for wireless channel access. For the protection of information access over public networks [9], a method such as AKA has been chosen i.e. for the communication processes [10,11].
Moreover, a secret password and a data storage like a smartcard or smart device comprising of secret-data possessed by the authentic-user is applied in the remote user authentication system. This communication device is distributed as a trustworthy server that wants the user to submit his/her information such as patient identity and string preprocessor to the registration server. As the networkbased application system exists with various malicious activities, they may even forge or overhear the data transmission to disrupt the legal communication access. Most dangerous attacks such as server spoofing, key impersonation, and offline guessing have been addressed by various existing authentication schemes [12][13][14]. In urban cities, hospital management systems are growing rapidly to offer emergency services that meet the medical demands of the common people.
CoMT uses distributed networks that provide legal user access to disseminate the private user information, whereby less power computation is achieved with the available devices [15]. In general, the public or private service provider is nominated to distribute the authentic accesses, which deliver the application services to gain the network resources more efficiently. Generally speaking, the application should obtain a reliable transmission region to gain network access of the service provider. It has different users with distinct identities/secret key pairs to gain the exclusive rights of resource usage [16]. Figure 1 shows the electronic healthcare architecture using a CoMT. The biological sensors estimate the physiological conditions of the patient to feed the patients' information i.e. to the smart computing devices whereby the data are transmitted through the knowledge of healthcare service providers over public Internet access.
Upon the information access, the data storage server accommodates the PHI of patients that gains the user access to grant the implementation policy governed by the policy certification server. After the successful authentication, the authentication server shows the data blocks comprising of patient info, medi-expert, authentic server, and TMIS. In electronic healthcare systems, the patients acquire the PHI to monitor the patient's health condition that is very much useful to provide a medical prescription. In an emergency, a smart ambulance service can be initiated to offer timely user access to extend medi-service to the casualty before they reach the hospital. Importantly, the research and 1 3 development process intensively analyzes the sensor input/ output to envisage the critical condition of the patient.
Various key authentication mechanisms have been presented using the two-factor and three-factor authentication protocol that was introduced in [17]. As the Lamport scheme was very generic to access the remote-server i.e. user name and password, it could not provide user privacy and anonymity to address the major concern of the electronic healthcare system. In 1990, Hwang has initially presented the twofactor authentication, whereas, in the early 21st century, the three-factor authentication and key agreement protocol was proposed. Commonly, the electronic healthcare system initiates the system registration phase to gain remote user access with TMIS. Upon successful registration, the user gains the authentication to grant access to TMIS. Generally speaking, the one-factor authentication was much easier to remember as the user tries to provide the user name and password to obtain the desirable authentication process, whereas the twofactor additionally incorporates the entities known as smartcard that could subdue the user comforts. In the three-factor, the user may involve biometric information in addition to the real-time entities namely smartcard, username, and password to process the service authentication.
The authentication process comprises of four system phases that are as follows: System registration In registration, the user wishes to provide the credentials with TMIS such as personal identities and information. Upon which they may choose a secret password at the registration or later phase. Moreover, it is subjected to alter their secret password after the successful login.
System login and authentication In login and authentication, the user may gain the service access provided by TMIS upon the verification of user credentials.
Session key update This phase is employed to change the user credentials secretly that reduces the attack vulnerabilities owing to the use of identical secret-key.
Key revocation This phase is employed to revoke the user credentials in case of key compromising.
Though the user terminal or device has a valid secret key to gain the medical services of the network, the massive data access may be prone to severe network risk, Fig. 1 Electronic healthcare architecture using cloud of things communication, and storage overhead. Therefore, the recent authentication mechanisms have constructed a strategy of control access using advanced mobile computing systems. Of late, three-party authentication and key agreement schemes have been proposed for WMSNs using a smartcard [18,19]. The design objectives of their system were to provide an effective security mechanism in WSNs. Though their schemes cannot be practically implemented to exercise a time-synchronization mechanism. Moreover, it can be preferred to annul the clock time regulation between the communication parties. Therefore, the S-USI is proposed, which applies a mechanism of unary control access to monitor the device activities. This proposed mechanism annuls the clock synchronization problem for pervasive services in the cloud. In addition, a smart S-USI mechanism demands the multimedia medical sensor network to sense, monitor, and analyze the patient's information effectively. The major contributions are as follows: 1. Design a robust secure based S-USI mechanism to annul the clock synchronization in a pervasive computing environment. 2. Apply unary control access to infer the activities of the medical sensor networks that provide service-level agreement to mitigate the cost of the communication device. 3. Perform the formal analysis using AKE session-key security and BAN logic to prove the security efficiencies of the proposed S-USI including session-key protection. 4. Analyze the key factors including computation, communication, and storage to guarantee the system features of the computing paradigms.
The rest of the sections are devised follows: "Research background" discusses related authentication schemes, important notation, assumption of Chebyshev chaotic maps, and the attacker model. "Proposed single user sign-in (S-USI) mechanism" presents a proposed S-USI mechanism that is completely based on the extended Chebyshev chaotic-map. "Security analysis" demonstrates the security analysis of the proposed S-USI mechanism using AKE session-key security and BAN logic. "Discussions" discusses the challenges of user authentication protocols. "Conclusion" concludes the research work.

Research background
This section summarizes the related authentication schemes, important notation, assumption of Chebyshev chaotic maps, and attacker model.

Emerging computing paradigm
The computing paradigm becomes more prevalent to standardize the parallel and distributed system that consists of visualized and interconnected devices to offer unified computing resources [20]. It is provisionally based on servicelevel agreement to negotiate the resources between the consumers and the service providers. Moreover, it has an intelligent model to enable on-demand network access to share a pool of computing resources. It can be provisionally released to manage the resources with minimal efforts or over service provider interaction [21]. Senyo et al. [22] outlined cloud computing as 'IT infrastructure, application service, and resource delivery coexist to meet the demands of the individual or organization over a dedicated Internet platform'. The definition can hardly integrate the feature characteristics to consider the subsets of visualized computing systems. Hence, the NIST asserts three different service models such as IaaS, PaaS, and SaaS to claim a variant of security as a service. It is specifically considered for the development of IT infrastructure and application services. It has new phenomena as anything as a service or XaaS to offer minimal interaction with service providers including a pay-per-use basis.
In spite of its pervasiveness, emerging technologies are still active in the area of cloud computing. It has technological convergence to cover the performance aspects such as service automation, service provision, dynamic workloads, resource sharing, multiple tenancies, energy management, virtual machine migration, etc. [23]. The other direction includes benchmark evaluation, reliability, efficiency, scalability, and elasticity to meet the decision supports of cloud computing services. In addition, it has some computing factors namely trustworthiness, readiness, security, privacy, cost, pricing, etc. to adopt the management benefits [24]. Of late, it has emerged several research directions including e-government, e-learning, eHealth, big-data, data processing, and analytics for the prevalence of mobile computing platforms. It refers to smart devices, which are portable, programmable, and scalable to achieve convenient access. These device features are considered as an essential part to meet the service demands including voice communication, data storage, and social interactivity. It is nowadays converging in some specific domains such as m-Health, m-Learning, m-Commerce, etc. that typically focus on drug discovery, online learning, and commercial transaction. The smart device integrates the sensor packages and hardware components to extract the context features. As a result, several context-aware applications have been developed for significant services such as location tracking, proximity measurement, service rating, prediction, etc. [25].
The computing paradigms including mobile, cloud, and IoT emerge as the future dominants to consider the pairwise 1 3 intersections. It has several areas such as mobile edge computing, web of things, mobile cloud, semantic web of things, cloudlet computing, etc. to explore the property of seamless connectivity [26]. Figure 2 shows the intersection areas of emerging computing paradigms. The convergence technologies such as IoT, cloud, and mobile envision to obtain the human-centric data that differentiates the evolution of pervasive and ubiquitous computing to provide seamless connectivity and human interaction. The interconnected things use sensors and actuators to integrate low-power wireless devices such as IoMT, IoNT, and IoUT to develop an IoTenabled platform. The futuristic IoT-based healthcare scenarios include remote monitoring, service availability, accessibility, drug management, to offer seamless connectivity via wireless technologies such as Bluetooth, Zigbee, Infrared, and 4G/5G. Since the eHealth data is open to access in the public network, it is highly demanding a secure cryptography protocol to achieve distinct features such as immutable, timestamped, and decentralized. In eHealth, various sensory technologies are integrated to provide an effective solution including end-to-end connectivity, data analysis, tracking, medical alerts, and assistance.
The IoT-based computing systems leverage the automation process, workflow management, and risk deduction to save human life. However, it has several open challenges such as device integration, security, privacy, and data overloading to degrade the efficiency of the healthcare systems. To address the issues, computing paradigms such as fog, edge, cloudlet, and crowdsensing are preferred. It can apply the cryptography protocol to analyze the cloud data via dedicated gateways that address the security challenges among the mobile devices and hubs. The major significances are as follows: 1. Edge computing is an avenue to resolve the issues of low latency and user proximity to the existing IoT users. 2. The other computing solves the research perspectives including location-aware, user-centric, and provisional access to eHealth domains. 3. Scalability is a specific feature to improve the efficiency of the sensory system that integrates the sensor platform to meet the requirements of distributed networks. 4. QoS is more significant to improve the service efficiency of the healthcare systems. Table 1 summarises the key challenges of the existing works. The personalized healthcare system has some major significances such as reliability, interoperability, and scalability to meet the challenges of IoT [27] that emerges the application requirements of eHealth. Balli et al. [28] reviewed the service features of the electronic devices that materialize the demands of the system design. Chandhuri et al. [29] studied different types of healthcare data and management techniques. Suguna et al. [30] discussed several diagnostic mechanisms under the strategies of IoT protection. Gandhi et al. [31] introduced healthcare intelligence to examine the process of IoT framework. Khan et al. [32] studied various healthcare mechanisms to analyze security  features. Darshan et al. [33] examined the novel frameworks and challenges to investigate the challenges. Deebak et al. [34] designed a smart mutual authentication protocol for cloud-based medical healthcare. Deebak et al. [35] introduced a lightweight authentication framework for smart IoT system. Deebak et al. [36] presented a seamless authentication mechanism for edge computing systems. Al-Turjman et al. [6] proposed an intelligent authentication for smart industrial system.

Related works
A theory, known as Chebyshev chaotic map is widely employed for cryptography systems i.e. for S-boxes and hashing function. Lately, the client-server authentication protocols have been adopted using TMIS [37]. In 2010, Guo and Zhang [38] proven that Xiao et al. [39] is still susceptible to server-spoofing attack. In 2012, Xue et al. [40] presented an extended version of the authentication protocol using a chaotic map. Tan [41] [47] discovered that schemes such as Jiang et al. [44] and Lee [45] were found to be insecure in the user authentication process. In 2014, Lin proposed a  [28] IoT, electronic healthcare design Partial It has a processing system to analyze the sensory features It does not have any futuristic concepts to design an effective system Chandhuri et al. [29] IoT, healthcare management No It has a strong analysis to examine data management systems It does not have any security aspects to infer the difficulties of medical sensors Suguna et al. [30] IoT, healthcare diagnostics No It provides a substantial idea to analyze the cloud-based Io It does not have any specific sensors to analyze the features of smart securities Gandhi et al. [31] IoT, intelligent healthcare No It has an intelligent healthcare system to study the integrity issues of IoT It does not have any specific analysis to analyze the weakness of healthcare systems Khan et al. [32] IoT, elderly healthcare No It discusses the practical issues of IoT healthcare systems It does not have any specific integration to examine the performance efficiency Darshan et al. [33] Healthcare IoT No It has a framework, design strategy, and challenges to discuss the application scenario of IoT It does not have any valuable aspects to leverage the challenges of smart healthcare Deebak et al. [34] IoT, cloud, healthcare Yes It has a smart authentication framework to verify security features It has some challenges to address such as privacy preservation Deebak et al. [35] Smart IoT, mobile-sink Yes It has a lightweight authentication model to examine features of IoT assisted systems It has some security challenges such as user anonymity and privilegedinsider Deebak et al. [36] IoT, cloud, edge computing Yes It has a seamless authentication framework to meet the objectives of mobile edge computing It has some performance efficiencies including computation and storage Al-Turjman et al. [6] IoT, big-data, industrial systems Yes It has a seamless framework to examine the challenges of smart industrial applications It does not have any specific strategy to meet the objectives of big-data technologies dynamic-identity based authentication protocol using a chaotic-map. Unfortunately, Wang et al. [48] demonstrated that the Li et al. scheme is still insecure to provide user anonymity and key impersonation attack. Subsequently, they presented an extended version using mobile-device and chaotic-map for the TMIS. However, Bergamo et al. [49] are vulnerable to offline guessing, key impersonation, and desynchronization attack. Moreover, the Wang et al. scheme cannot provide session-key agreement and user anonymity.
In 2015, Lee [50] cannot be resisting the offline key guessing attack. In 2016, Islam et al. [51] demonstrated the security weakness of user anonymity, key impersonation, and forward secrecy existing in Lin scheme [52]. Also, Liu and Xue [53] projected that the Lee scheme [50] was complex to design asymmetric encryption. However, the Liu and Xue scheme has a security weakness containing no password friendliness and user anonymity.
To administrate the service providers and service access, medical applications should maintain a reliable database system. It applies two-factor or three-factor authentication mechanisms to offer a systematic registration procedure that allows smart devices to acquire system access from the available network providers. As a result, data redundancy or duplication may be prevented to improve system performance. Deebak et al. [7] designed a dynamic identity-based authentication for TMIS, which preserves the medical data and avoids the clock un-synchronization to prevent potential threats. Of late, several dynamic authentication mechanisms [7,52] have been considered for the improvisation of security efficiencies and minimization of system computation cost. However, their schemes cannot support multi-server architecture to improve system performance.
Madhusudhan et al. [54] and Biswas et al. [55] have presented static and dynamic identity-based authentication for the enrichment of security efficiencies. The former strategy prevents data leakage, whereas the latter applies a two-factor strategy including device identity and secret key to provide to serve remote-server authentication. As a consequence, several dynamic-identity based authentication mechanisms have been presented for the preclusion of client anonymity [56]. These schemes frequently change client identities using the login and authentication phase to prevent data disclosure and stolen-verifier. However, the remote-server cannot employ password-based authentication to preserve user identities and passwords during the login phase. Since the application and its related services may grow exponentially in real-time, a suitable dynamic identity-based authentication is considered to improve the efficiency factors of the server. It has a service provider that uses a multi-server environment to provide seamless connectivity [26]. In the client registration, each phase executes the authentication module to improve the security efficiencies.
As the application device repetitively invokes the login phase, it can easily be prone to data duplication and information leakage. Most importantly, cloud servers offer IoT services to real-time users over an insecure wireless channel that highly demands data confidentiality to authenticate the service access in IoT-based cloud computing systems. It uses trusted third parties to authorize the user access that obtains the IoT services through the knowledge of the cloud server. It has a registration center to restrict the service access between the cloud server and smart device. It may achieve a proper mutual authentication to secure the communication channel to acquire: (1) the device or user terminal should be legal to gain the server access; (2) the service provider should authenticate the application services to improve system efficiencies; and (3) the client device has a common session key to preserve data confidentiality and user privacy [57].
In eHealth, the IoT-based cloud computing systems should have essential characteristics of the security framework to analyze the vulnerabilities and threats [58]. It has a robust security mechanism to protect network access. The system layer handles the privacy issues proactively to enhance the feature of privacy protection. The eHealth has medical experts and service providers to store the sensitive information of the patients on the local system [59]. It demands an effective infrastructure to exchange the medical data between a patient and medical experts while patient privacy is guarded. The system deployment measures privacy awareness to classify the nature of potential risks, which comply with industrial standards, framework, regulation, and ethical requirements. To provide an effective design, the IoT applications integrate the privacy framework. It can apply the technical strategies including identification, authentication, and authorization to improve the property of data privacy. Most of the healthcare applications integrate IoT and cloud computing to signify the purpose of state definition, cluster formation, device category, and dimensional access [60]. The general security and privacy concerns are as follows: 1. In accordance with the rules and regulations, the patient data should be gathered and processed promptly to ensure device safety and liveliness. 2. Without proper privacy protection and adequate security strength, the patient data cannot be accessible over any public or private network. 3. The IoT device should process data transmission over any network access without compromising the data integrity and reliability. 4. The communication network and application devices should provide comprehensive protection to prevent unauthorized access.

3
5. The authorized applications should employ defined data protocols to restrict data collection and transmission.

Important key notations
The important key parameters of the proposed single user sign-in (S-USI) are illustrated in Table 2. The tabulation is as follows:

Mathematical assumption of Chebyshev Chaotic-Map
This assumption defines the Chebyshev chaotic-map that represents a Chebyshev polynomial T n (x) , where ⟨x⟩ is a degree of ⟨n⟩ . It can be defined as: This assumption also defines the recurrence relation T n (x) , which can be expressed as: This assumption also defines the semi-group property of Chebyshev polynomial to satisfy the given expression: This assumption also defines the chaotic property of Chebyshev polynomial, where n > 1 represents a polynomial map , for an exponent of Lyapunov i.e. ln n > 0 [61].
Zhang [63] improved the authentication protocol using Chebyshev chaotic-map to prevent the security weakness demonstrated by Bergamo et al. [49]. To strengthen the security mechanism, the Bergamo et al. extended the Chebyshev polynomial to satisfy the properties of semi-group and commutative i.e. in the interval of ⟨−∞, ∞⟩ [62]. The expression is as follows: where n ≥ 2, ∀x ∈ ⟨−∞, ∞⟩ and p is a large prime integer. It can be further defined as: This improved Chebyshev chaotic-map shows the assumptions of discrete logarithm and Diffie Hellman [63]. The basic mathematical assumptions are as follows: Extended Chebyshev chaotic-map based discrete-logarithm problem (DLP) : Assume that x , y and p are the integers to determine the parameter ⟨r⟩ that is much helpful to satisfy y = T r (x) mod p i.e. computationally infeasible. The major advantage is that the adversary A DLP dv may try to solve the extended Chebyshev chaotic-map-based DLP i.e. computationally negligible.
Extended Chebyshev chaotic-map based Computational Diffie Hellman problem (CDHP) : Assume that T r (x) , T s (x) , T(.) , x and p where r, s ≥ 2 , x ∈ ⟨−∞, ∞⟩ and p is a large prime integer to calculate: which is computationally infeasible to solve the extended Chebyshev chaoticmap based Computational Diffie Hellman problem, denoted as A CDHP dv . Therefore, it is considered to be insignificant. Extended Chebyshev chaotic-map based decisional Diffie Hellman problem (DDHP) : Assume that the parameters such as T r (x) , T s (x) , T(.) , x and p are considered to decide: T rs (x) ≡ T z (x) mod p , which is considered to hold or impracticable. The benefit is that A dv can solve the problem of extended Chebyshev chaotic-map based decisional Diffie-Hellman problem, denoted as A DDHP dv . Therefore, it is computationally negligible.
A remote server holds the registration of U sr TS 1 User timestamp Apply encryption and decryption algorithm to secure the session with secret-key s k Generation of Session key between U sr and R S l g Size of the secure parameter h(.) One-way hash function, which is h∶{0, Transmission message M sg1 concatenates the another message M sg2

Attacker model
As referred to [64], an adversary A dv is supposed to have the following essential abilities informally. This is to note that this paper does not primly focus on how A dv can achieve the security goals, but the examination is only assumed to results analysis, which can be: 1. A dv may try to overhear or eavesdrop the data transmission over public channel access i.e. between the legal user and remote server under the three-factor system environment. 2. A dv may wish to steal the user's particulars e.g. smartcard or mobile-device to retrieve the confidential information from the stolen device [65]. 3. A dv cannot infer the confidential parameters such as random integer, hash function, and private secret-key s k from the remote server R S within the execution of polynomial time. It is presumed that the above computation could at least achieve a minimum-security length [66]. 4. A dv may deduce the communication parameters such as secret password and user identity from the two finite sets. Therefore, A dv has the possibility to perceive the above information in the given polynomial time. 5. A dv may try to deceive the remote server R S to know the confidential information i.e. specifically to enact or behave as a genuine user [67]. 6. A dv may try to perceive or guess a low entropy i.e. identity or password apart from others. However, the rules of the polynomial equation may not be violated to reveal the confidential data i.e. identity or secret password at the same execution time. Assume that the user identity length and secret password has n for each parameter to derive the probability 1∕2 6n [68] i.e. for n character longstring. 7. To achieve the property of forward secrecy demonstrated in [69], A dv may try to collect the long-term information including user identity, secret password, storage data, and a remote server. Though A dv perceives the above confidential data, he/she cannot compute the previous session. Thus, this proposed mechanism satisfies the property of forward secrecy.

Proposed single user sign-in (S-USI) mechanism
This section presents a proposed S-USI mechanism that is completely based on the extended Chebyshev chaotic-map.
As the secret session-key is constructed using CDHP , none of adversary A dv can precompute the secret session-key. In other words, as the proposed scheme is based on Chebyshev's chaotic-map, a malicious adversary cannot compute a shared session-key to establish secure communication between the user and the remote server to forge a valid request message or impersonate as a legal user. Moreover, in the secret-key update phase of S-USI, the timestamp always guarantees the data freshness to validate the data from the remote server. Thus, the proposed S-USI can prevent privileged-insider, redirection, and a data forgery attack. This proposed scheme comprises of five communication phases, such as system initialization, registration, login and authentication, secret key update, and smartcard revocation. The initialization phase uses Chebyshev chaotic-map to invoke a parameter of ⟨x⟩ on the given interval (−∞, ∞) that wants a large prime integer ⟨p⟩ to perform a modular arithmetic operation to maintain a smartcard revocation during the system initialization phase. Assume G, g and q are defined to the parameters of the cyclic group. It has a public key encryption PE k , securesession key SS k , PE ′ k (Conjugate of PE k ), SS ′ k (Conjugate of SS k ) and multimedia server M S . Moreover, it maintains a long-term secret key S k with a random string length k . Let H ∶ {0, 1} * → {0, 1} k represents a one-way hash function to prevent target collision, whereas PRF S k ∶ {0, 1} k → {0, 1} k denotes a pseudo-random function key. Also a one-way hash (conjugate) function H � ∶ {0, 1} * → {0, 1} k is defined to preserve client identities. In S-USI, H � (S k ) assumes S k as an input key to initiate the authentication procedure.
System initialization phase Remote-server R S builds a system communication parameters to perform the following execution steps: Step 1 R S chooses a random integer p k to define a private secret-key that has a random computation parameter x ∈ ⟨−1, +1⟩.
Step 2 R S generates a master secret-key m sk that applies a secure symmetric encryption and decryption algorithm, which is E k (.)∕D k (.) and one-way hash operation function h(.).
System registration phase R S issues a secure communication gateway to the multimedia device M d /medical sensor M s to guarantee key security and data privacy.
Step 1 M d ∕M s arbitrarily chooses an identity of unarytoken I d along with user identity U id and secret password P wd and then sends the identity I d to R S over public access networks.
Step 2 In pursuit of receiving I d , ) using m sk where S k 0 is a session key to validate whether it is newly generated or not to authorize user access.
Step 3 R S connects an authentic gateway, which has the system parameters as I d , Key, R, D, h(.), E k (.) to setup a connection. In practice, the system parameters are predefined to exclude any additional key exchanges to secure gateway access. As a result, the gateway is equipped to configure with any M d ∕M s to store the communication parameters in the smartcard S C .
Step 4 Upon the successful configuration, the client devices namely M d ∕M s setup a session-key to confirm the user privacy to R S over a secure gateway.
System login and key-authentication phase user namely M d ∕M s enters a secret session-key to access the private information of patients. A secure gateway retrieves the value of the secret session-key Key verif = Key 1 ⊕ H � (S k ) . Then, the users' and M s use Key verif as the secret-key to perform the following computation (Fig. 3): Step 1 U sr inserts his/her S C to provide an input P wd to compute H = h(P wd ∥ t) and R = (R ⊕ H) ⊕ H . The above computation is used to generate a random integer m that computes P 1 = T m (x) mod p , K = T m (T r (x)) mod p , Q = h(I d ∥ U id ∥ H ∥ TS 1 ) and P 2 = E k (Q ∥ R) , where TS 1 is the current timestamp. Finally, the communication parameters M sg1 = ⟨P 1 , P 2 , TS 1 ⟩ are dispatched to R S .
Step 2 Upon receiving the message transmission M sg1 , R S checks whether (TS � − TS 1 ) ≤ Δ TS is valid or not. If the message transmission is unsuccessful, then R S aborts the service request. Otherwise, R S determines K = T r (P 1 ) mod p to obtain (Q ∥ R) by the decryption process P 2 with K . In addition, it obtains (U id ∥ H ∥ C NT ) by the process of decryption with m sk . Then, R S verifies whether (U id , C NT ) is stored in the revocation table or not to examine . If the verification is unsuccessful, then R S simply rejects the service authentication request. Otherwise, R S generates a random integer n to compute Q 1 = T n (x) mod p to obtain = T n (T m (x)) mod p and where TS 2 is the current server Fig. 3 Flow mechanism of proposed S-USI during system login and authentication timestamp. Finally, R S dispatches M sg2 = ⟨Q 1 , Q 2 , TS 2 ⟩ to U sr .
Step 3 After receiving the message transmission M sg2 , U sr validates whether (TS �� − TS 2 ) ≤ Δ TS is valid or not. If the validation was unsuccessful, then U sr terminates the user authentication request. Otherwise, U sr determines a secure session-key = T m (Q 1 ) mod p to verify whether is valid or not. If unsuccessful, U sr terminates the user authentication request. System secret-key update phase In this secret-key update phase, a legitimate user U sr inserts his/her S C to enter the old secret-password P wd to change or modify into new secret-password P * wd . The execution steps are as follows: Step 1 S C performs a computation of H = h(P wd ∥ t) and H * = h(P * wd ∥ t) to generate a random integer m to recalculate Step 2 Upon receiving the message transmission M sg1 , R S verifies whether (TS � − TS 1 ) ≤ Δ TS is valid or not. If the message transmission is unsuccessful, then R S aborts the service request. Otherwise, R S determines K = T r (P 1 ) mod p to obtain (Q ∥ R) by the decryption process P 2 with K . In addition, it obtains (U id ∥ H ∥ C NT ) by the process of decryption with m sk . Then, R S verifies whether (U id , C NT ) is stored in the revocation table or not to examine Q = ?h(I d ∥ U id ∥ H ∥ TS 1 ) . If the verification is unsuccessful, then R S simply rejects the service authentication request. If the authentication is successful, then Step 3 After receiving M sg2 , S C computes R * = (Q ⊕ Q 1 ) to verify whether Q 2 = ?h(K ∥ H * ∥ R * ∥ TS 1 ) is valid to compute Update key = Key 1 ⊕ H � (S k ) ⊕ H � (S � k ) , where S k is the old secret key. If the validation is successful, then S C replaces Key 1 with Update key and (R ⊕ H) with (R * ⊕ H * ).
Smartcard revocation phase In this phase, a legitimate user wishes to revoke his/her S C to obtain a new S C . The execution steps are as follows: Step1: U sr enters his/her user identity U id and secret password P wd to choose a random integer t New to compute H New = h(P wd ∥ t New ) that is finally dispatched the communication parameters ⟨U id , H New , SC Revocation ⟩ to R S over a public access network.
Step 2 R S tries to determine ⟨U id , C NT ⟩ from the revocation table to compute C New NT = C NT + 1 and R new = E S (U id ∥ H New ∥ C New NT ) using a master secret-key m sk . Finally, the computation parameters ⟨ U id , C New NT ⟩ is stored in its revocation table.
Step 3 R S records ⟨R new , h(.), E k (.), x, T r (x)⟩ into S C that issues S C to U sr over a public access network.
Step 4 Upon receiving S C , U sr inserts t New to perform the smartcard revocation phase.

Security analysis
This section demonstrates the security analysis of the proposed S-USI mechanism using AKE session-key security and BAN logic. That not only complies with key properties such as mutual authentication and session key agreement but also resilient to the potential attacks such as redirection, replay, forgery, and privileged-insider.

Providing AKE session-key security
The proposed S-USI mechanism reveals that it could provide better session-key security to adopt the models namely real-or-random (RoR) and sequence of the game (SoG) [70,71]. A Difference Lemma [72] is employed for the game sequence that is as follows:

Lemma 1 (Difference Lemma) Assume that X , Y and F be the sequence of events that defines the distribution probability. It is supposed that X ∧ ¬F ⇔ B ∧ ¬F . It can be expressed as:
Therefore, the above theorem shows that the proposed S-USI mechanism has the AKE session-key security if the extended Chebyshev chaotic-map based DDHP adheres.

Theorem 1
The distribution probability D P demonstrates that A dv may wish to terminate the AKE session key security of proposed S-USI to satisfy: , where AD DDHP represents the advantage factor that the extended Chebyshev chaotic-map based DDHP wishes to solve the defined size of P wd list and secure parameter l.

Proof GM AKE
i is a game probability to define the concurrent events E i that represents the adversary to win the game. GM AKE 0 signifies the starting of the game to denote a real-time attack opposed to the proposed S-USI mechanism and GM AKE 1 indicates the end of the game to gain or break the AKE Session-Key Security of the proposed S-USI mechanism.
GameGM AKE 0 This game represents the real-time attack that is defined as:

|Pr[X] − Pr[Y]| ≤ Pr[F]
GameGM AKE 1 This game corresponds to the parallelguessing attack. Assume that each P 2 = E k (Q ∥ R) is completely dissimilar where Q = h(I d ∥ U id ∥ H ∥ TS 1 ) , H = h(P wd ∥ t) and K = T m (T r (x)) mod p to select the random integers t and m provided by U sr and the current timestamp TS 1 . Therefore, A dv has no U sr information to guess the P wd . This analysis proves that the resilient to the password-guessing attack is evaluated by the given probability that defines the message transmission P 2 = E k (Q ∥ R) to indicate whether the password-guessing is correct. Thus, it is said to be: Eventually, it claims that no information message about unbiased coin bit ⟨c⟩ is disclosed to infer the secret session-key including random and independent variables of the proposed S-USI scheme. It is defined as: Using Lemma 1, the above Eqs. (1) to (6) can be combined to yield: Hence, the proof is resolved. Providing a property of session-key agreement The proposed S-USI scheme adheres with the property of proper session-key agreement.
Proof By the above Theorem 1, the security of session-key agreement is completely based on extended Chebyshev chaotic-map based DDHP to avoid the security weaknesses provided in Bergamo et al. [49]. Thus, it can be neither U sr nor R S to determine a session-key S k to satisfy the property of the session-key agreement.
Resilient to replay attack The proposed S-USI scheme provides a secret-key update phase to resist the replay attack.
Proof In the S-USI scheme, a secret-key update phase uses S C to transmit the message transmission M sg1 = ⟨P 1 , P 2 , TS 1 ⟩ i.e. to R S , where TS 1 is the current timestamp, P 1 = T m (x) mod p , K = T m (T r (x)) mod p and Q = h(I d ∥ U id ∥ H ∥ TS 1 ) . From the verification of timestamp TS 1 and Q = ?h(I d ∥ U id ∥ H ∥ TS 1 ) , the key freshness of message transmission can be obtained. Thus, the proposed S-USI mechanism can restrict the replay attack.
Resilient to denial-of-service attack The proposed S-USI scheme provides a secret-key update phase to resist the denial-of-service (DoS) attack.
Proof Since S C verifies the updated data R * by validating on . It is claimed that none of the A dv can modify the response message M sg1 = ⟨P 1 , P 2 , TS 1 ⟩ . Hence, the proposed S-USI mechanism can prevent the denial-ofservice attack.

Resilient to privileged-insider attack
The proposed S-USI scheme provides a secret-key update phase to resist the privileged-insider attack.
Proof In S-USI, each legitimate user has (x, T r (x)) in S C that is based on extended Chebyshev chaotic-map based DDHP that strengthen the session-key agreement. Therefore, A dv could not derive a secret key s k and a session-key S k which is mutually communicated between another U sr and R S during authenticated and key agreement and secret-key update phase. The analysis proves that none of the A dv can receive (Q ∥ R) and (U id ∥ H ∥ C NT ) during the authentication and key agreement phase; (H * ∥ Q ∥ R) and (U id ∥ H ∥ C NT ) during the secret-key update phase. It is claimed that U sr has much difficult to forge a valid request message to impersonate as a legitimate user. Therefore, the proposed S-USI mechanism is resilient to privileged-insider attack.
Client anonymity and identity protection For any devices M d ∕M s , the proposed S-USI substitutes I d instead of client identities U id ∕S id . As it applies a pseudonym identity for the client devices, A dv may not compute a real identity of any communication devices until the unary identity verification is successfully passed.
Moreover, the pseudonym identities generate a valid session key for both server and clients M d ∕M s , neither the client nor server may compute the real identities to establish a secure session of each other. This strategy is applied to restrict the information leakage between the client devices and server to A dv . Thus, the proposed S-USI can adhere to the properties of client anonymity and identity protection.
Traceability The existing authentication protocols [16,19,20] cannot offer a reliable feature of traceability as the pseudo-identities are known to the communication network. However, the proposed S-USI can compute the real identities of client/server to protect the pseudonym identities when M d ∕M s derives the anonymity function using key = PRF S k (H(I d )) ⊕ H � (S k 0 ) . Hence, the proposed S-USI mechanism offers the feature of traceability to verify the genuineness of application service. Mutual authenticity Using system authentication, the proposed S-USI claims that it can offer a property mutual authentication between the client devices M d ∕M s . To confirm the legitimacy, Key verif = Key 1 ⊕ H � (S k ) is utilized. Besides, the key derivatives namely and Key PE � k (Key verif , U id , S id , g S k ) are executed to achieve a process of key validation. Thus, the proposed S-USI offers a feature of mutual authentication to gain legitimacy access.
Secret session key agreement To offer data protection between the devices and servers, the proposed S-USI determines Q 2 = h( ∥ U id ∥ Q 1 ∥ TS 2 ) over a public network. It uses a valid secret key to be shared between the devices remotely. As a result, the proposed S-USI embeds a tightly coupled hashing key = PRF S k (H(I d )) ⊕ H � (S k 0 ) to protect the end-to-end connectivity. Hence, the proposed S-USI achieves secret session key agreement with firmness between the devices M d ∕M s .
Secret key update/change In the phase of secret-key update/change, the users may change his/her secret key by the execution of Update key = Key 1 ⊕ H � (S k ) ⊕ H � (S � k ) . It will later affect the parameters, such as PE k , PE ′ k , I d , Key, p, g, q to verify and validate the data transmission of the users. Thus, the proposed S-USI mechanism claims that the secret key update/change to the users is safe.
Resilient to forgery and insider attack The proposed S-USI protects the device identities, whereby A dv cannot tamper the device identities or credentials to check the data integrity. Moreover, the proposed S-USI derives the expression key = PRF S k (H(I d )) ⊕ H � (S k 0 ) to verify the secret key of the communication devices. It is noted that I d is incorporated to protect the device access. Thus, the proposed S-USI claims that the device identities can be embedded tightly to protect the system privileges from the threats including data forgery and insider.
Resilient to Eavesdropping attack A dv cannot infer deduce the device confidential as it may not be able to overhear/ eavesdrop the device communication over a public channel. Since I d often changes for the devices M d ∕M s , the device secret key key = PRF S k (H(I d )) ⊕ H � (S k 0 ) changes dynamically over some time during the login request.
Thus, the proposed S-USI asserts that A dv cannot collect any previous details to interfere/eavesdrop on the public networks. Besides, A dv cannot obtain neither key = PRF S k (H(I d )) ⊕ H � (S k 0 ) nor Update key = Key 1 ⊕ H � (S k ) ⊕ H � (S � k ) to achieve transmission efficiency and data confidentiality. Hence, the proposed S-USI can resist the eavesdropping attack.
Resilient to Masquerade attack A dv cannot infer or derive the legal credential of the device as the device identities are strongly integrated using unary identity I d . Moreover, the communication devices verify the network access using Key verif = Key 1 ⊕ H � (S k ) to derive the logic system executions including key computation, verification, and communication to establish the services between the devices via the proposed S-USI over a public network. Thus, the proposed S-USI can protect the network from a masquerade attack.
Resilient to offline password guessing attack Suppose A dv infers the user identities U id from the previous session M Old sg1 and M Old sg2 . Then, he/she may try to collect or guess a user password and identity such as U * id and P * wd respectively through the computation of H = h(P wd ∥ t) and H * = h(P * wd ∥ t) to generate a random integer m to recalcul a t e P 1 = T m (x) mod p , where TS 1 is the current timestamp. However, the parameters known as ⟨P 1 , K, Q, R, P 2 ⟩ cannot be guessed without the proper occurrence of timestamp TS 1 .

3
Therefore, the proposed S-USI mechanism can be resilient to an offline password guessing attack. This is also to note that after the successful inference of P * wd , A dv may try to perform a computation of H * = h(P * wd ∥ t) to examine Q = ?h(I d ∥ U id ∥ H ∥ TS 1 ) . If the verification is unsuccessful, then R S simply rejects the service authentication request. If the authentication is successful, then R S determines to provide authentic service access to an adversary.
Resilient to user impersonation attack To act as a legal user, A dv performs a valid computation that provides an input P wd to compute H = h(P wd ∥ t) and R = (R ⊕ H) ⊕ H . The above computation is used to generate a random integer m that computes where TS 1 is the current timestamp. However, A dv cannot perform a valid computation for the given expression P 1 , Q, P 2 to pretend as a legal user. Thus, the proposed S-USI scheme claims that it can be resilient to user impersonation attack. This is also to note that A dv may infer a proper timestamp TS i and random integer x to compute: . Finally, a legal message transmission for U sr can be determined to generate a secure session-key = T m (Q 1 ) mod p to verify whether Q 2 = ? ( ∥ U id ∥ Q 1 ∥ TS 2 ) is valid or not to process the service request to a remote server R S .
Resilient to server-spoofing attack To act as a remote server R S and forge a valid user authentic request M sg2 , A dv may infer a random integer p k as a private secret-key and a master secret-key m sk to perform a computation of key = PRF S k (H(I d )) ⊕ H � (S k 0 ) , R = E S (I d ∥ H) and D = H ⊕ (x ∥ T r (x)) using m sk where S k 0 is a session key newly generated to validate the users' identity. Thus, the proposed S-USI scheme can be free from a server-spoofing attack.
Free password selection A critical element of system login is password or user secret-key that can only be selected or updated through the authentication property of the proposed S-USI scheme by any U ser . In S-USI scheme, each U ser can opt for his/her password or secret-key without any limitation. However, a long-term secret key could be employed without the use of an input element when any U ser tries to access the system login as referred to [71].
Construction of session-key In the execution of the system authentication phase, the proposed S-USI scheme provides access to the communication parties such as U ser and R S through the establishment of a secret session key. However, there would not be any secret-session key constructed for both the parties during the system authentication phase [5]. Thus, without the incorporation of session key encryption, no secure communication can be established to guarantee secure communication sessions.
Strong forward secrecy Even if A dv infers the confidential information of communication parties such as U ser and R S , he/ she could not compute key = PRF S k (H(I d )) ⊕ H � (S k 0 ) without the knowledge of the previous timestamp TS 1 and TS 2 . According to extended Chebyshev chaotic-map based DDHP , it is very hard to calculate a valid secret session-key. Table 3 shows the comparison of proposed S-USI and other related schemes with AKA security properties.
From Table 3, it is observed that various AKA security properties are cross-examined with the proposed S-USI and existing authentication scheme. Nikooghadam et al. [52] achieve the properties of session-key agreement and secret-key update and withstand the replay attack; Chaudhry et al. [53] offer the properties of session-key agreement and secret-key update; Arshad et al. [50] provide session-key agreement, secret-key update, privileged-insider, Traceability, and User Impersonation; Lu et al. [7] make available for a replay attack, privileged-insider attack, Traceability, Secret Key Update/Change, and Offline Password Guessing; Amin and Biswas [54] allow for a replay attack, Secret Key Update/Change, Offline Password Guessing Attack and Strong Forward Secrecy; and Chandrakar et al. [55] cause to achieve replay attack, privileged-insider attack, traceability, secret key update/change, offline password guessing attack, user impersonation attack, and strong forward secrecy. However, the proposed S-USI scheme can fulfill the important security properties of the AKA protocol in comparison with other authentication schemes [7,50,[52][53][54][55].

Analysis using BAN logic
This subsection discusses a logical analysis of the proposed S-USI scheme that uses a logical tool to examine the security efficiency of cryptography protocol. Burrows et al. [76] and Buttyan et al. [77] presents a formal method to validate the mutual authentication and session-key agreement of the proposed scheme. Assume that X and Y define the principal range to determine the essential quality of a communication channel C and message transmission i.e. A and B . Table 4 shows the important notation used in the BAN logic tool.
The proposed S-USI scheme is logically described as follows: Table 3 Comparison of AKE security properties with proposed S-USI and other existing schemes S 1 Providing a property of session-key agreement, S 2 resilient to replay attack, S 3 resilient to denial-ofservice attack, S 4 resilient to privileged-insider attack, S 5 user anonymity and identity protection, S 6 traceability, S 7 mutual authenticity, S 8 session secret-key agreement, S 9 secret key update/change, S 10 resilient to forgery and insider attack, S 11 resilient to eavesdropping attack, S 12 resilient to masquerade attack, S 13 resilient to offline password guessing attack, S 14 resilient to user impersonation attack, S 15 resilient to serverspoofing attack, S 16 free password selection, S 17 construction of session-key, S 18 strong forward secrecy ⟨a⟩ is said to be an extended Chebyshev chaotic-map based decisional Diffie Hellman ⟨Secret⟩ and T a (x) mod p is the extended Chebyshev chaotic-map based decisional Diffie Hellman ⟨Component⟩ from ⟨Secret⟩ , then T ab (x) mod p is a symmetric key encryption technique to share between the communication parties i.e. P and Q.
〈A Rule of Key Freshness〉 I R6 ∶ P�≡#X P�≡#⟨X,Y⟩ , if P ascertains that a part of message transmission ⟨X⟩ is fresh, then it is assumed that the complete data message ⟨X, Y⟩ to provide a rule of key freshness.
, if P ascertains that Q obtains X and also believes X to gain a factor of key freshness, then P assures that Q has acquired the information of X. 〈A Rule of Rationality〉 , if P assures that ∅ 1 entails ∅ 2 and P assures that ∅ 1 is true, then P be certain of ∅ 2 is true.

Initial BAN Logic Assumption
The following assumptions are made to analyze and prove the mutual authentication property of the proposed S-USI scheme.
Step2 decisional Diffie Hellman problem to prove its secrecy.

Security goals
The following goals are considered to validate the mutual authentication property of the proposed S-USI scheme.
⟷ R S ∶ U ser ascertains that = T ab (x) mod p is a symmetric key encryption technique to share between the communication parties i.e. U ser and R S .
⟷ R S ∶ R S ascertains that = T ab (x) mod p is a symmetric key encryption technique to share between the communication parties i.e. U ser and R S .
⟷ R S ∶ U ser ascertains that R S is agreed with = T ab (x) mod p as a symmetric key encryption technique to share between the communication parties i.e. U ser and R S .
⟷ R S ∶ Remote server R S ascertains that R S is agreed with = T ab (x) mod p as a symmetric key encryption technique to share between the communication parties i.e. U ser and R S .
To accomplish ⟨Goal⟩ 1 , the below analysis is made: The Eqs. (5) and (6) should adhere owing to Interpretation Rule I R3 and BAN Logic Assumption ⟨A⟩ 5 . To strengthen security efficiency, the Eq. (6) has: The Eqs. (7) and (8) should adhere owing to BAN Logic Assumption ⟨A⟩ 3 and Rule of Rationality I R8 . To extend the robustness of the proposed S-USI scheme, the Eq. (8) has: The Eq. (9) holds because of A Rule of Key Freshness ⟨I R6 , I R7 ⟩ and BAN Logic Assumption ⟨A⟩ 4 . It has: The Eqs. (10), (11) and (12) hold owing to Interpretation Rule I R1 , I R2 and I R3 and BAN Logic Assumption ⟨A⟩ 1 and ⟨A⟩ 2 . Using Interpretation Rule I R5 , the proposed S-USI scheme realizes: Correspondingly, the proposed S-USI scheme derives: to satisfy its conditional derivation with ⟨Goal⟩ 1 . To execute the security goal Goal 3 , it has: The Eqs. (13) and (14) hold owing to the Rule of Rationality I R8 and BAN Logic Assumption ⟨A⟩ 3 . To accomplish the security goal, the Eq. (14) has: The Eqs. (15) and (16)  Similarly, the proposed S-USI scheme derives ⟨Goal⟩ 3 to satisfy its conditional derivation with ⟨Goal⟩ 3 . To execute the security goal Goal 4 , it has: Eventually, the proposed S-USI scheme gains the Goal 1 , Goal 2 , Goal 3 and Goal 4 to satisfy the property of mutual authentication between U ser and R S .

Comparison of communication and storage cost
Assume that length of the identity of U sr U id and password P wd , random-integer and hash-function are set to 160 bits, whereas the elliptic-curve considers 320 bits and the symmetric key encryption/decryption carries a size of 512 bits [75]. In the S-USI scheme, three message rounds are considered such as M sg1 = ⟨P 1 , P 2 , TS 1 ⟩ , M sg2 = ⟨Q 1 , Q 2 , TS 2 ⟩ and ⟨R, H⟩ to transmit between U ser and R S . Thus, the total communication cost of the proposed S-USI scheme is carefully computed: ⟨320 + 320 + 160 + 160⟩ = 960 bits in comparison with other existing authentication schemes (16) and  Table 5. From Table 5, the performance analysis can also be observed in terms of the execution time of hash operation ⟨ET H ⟩, chaotic-map operation ⟨ET CM ⟩ , symmetric encryption/decryption ⟨ET SED ⟩ , squaring operation ⟨ET SO ⟩ , squareroot solving operation ⟨ET SRS ⟩ , division/multiplication operation ⟨ET DM ⟩ and modular-exponential computation ⟨ET ME ⟩ in comparison with other existing schemes [64-67, 69, 75].
While comparing the computation costs of various system phases, it is observed that the proposed S-USI scheme consumes 3ET H + 2ET ME for registration and 8ET H + 1ET ME + 1ET SED for login and authentication, whereas Nikooghadam et al. [64] have 2ET H + 1ET SED for registration and 6ET H + 6ET SED for login and authentication; Chaudhry et al. [65] acquire 4ET H + 2ET SED + 1ET DM for registration and 14ET H + 6ET SED + 7ET DM for login and authentication; Arshad et al. [66] hold 3ET H for registration and 14ET H + 6ET DM for login and authentication; Lu et al. [67] possess 3ET H for registration and 11ET H + 4ET DM for login and authentication; Amin and Biswas [69] experience 3ET H + 1ET DM for registration and 9ET H + 5ET DM + 2ET SED for login and authentication; Chandrakar et al. [75] have 6ET H + 4ET DM for registration and 18ET H + 8ET DM for login and authentication. The above analysis proves that the proposed S-USI scheme uses less computation cost over the execution of registration, login, and authentication phases as compared to other existing schemes [64-67, 69, 75] except Nikooghadam et al. [64]. However, Nikooghadam et al. [64] could not withstand most of the vulnerable attacks shown in Table 2. Therefore, the other existing schemes [64-67, 69, 75] cannot be recommended for cloud-based TMIS as they could not be resistant to various susceptibilities.
F o u r c r y p t o g r a p h i c o p e r a t i o n s s u c h a s ⟨ET H ⟩, ⟨ET SED ⟩, ⟨ET DM ⟩ and ⟨ET ME ⟩ are considered to determine the execution time of authentication protocol. To effectively analyze the execution cost, the system login and authentication are deliberately chosen as the communication happens only between U ser and R S to-do any intercommunication. As referred to [26], the approximate execution time of the cryptographic operation was done in the configuration of Intel ® Core ™ i5-7200 CPU @ 2.7 GHz, 16.0 GB RAM, and OS: Win 10 64-bit along with Visual Studio 2008 software using MIRACL C/C++ library. Also, the algorithms such 1024-bit Rivest-Shamir-Adleman (RSA) algorithm, 320-bits elliptic-curve (EC) cryptosystem, 128-bit advanced-encryption standard (AES), and 160 -bit secure-hash algorithm 1 (SHA-1) were employed to experiment the given assumption time that is as follows: ET H ≈ 0.0004 ms, ET SED ≈ 0.1303 ms, ET DM ≈ 1.8269 ms and ET ME ≈ 1.6003 ms in the given order [8]. From Table 3, the estimated execution time of the proposed S-USI scheme and other related schemes such as Nikooghadam et al. [64], Chaudhry et al. [65], Arshad et al. [66], Lu et al. [67], Amin and Biswas [69], and Chandrakar et al. [75] were carefully examined to determine the execution time. The result of the proposed S-USI was 0.0689 ms, whereas the other related schemes were 0.0649 s, 0.5832 s, 0.3869 s, 0.2593 s, 0.3474 s, and 0.7689 s respectively. It is also shown that the proposed S-USI scheme is minimum in comparison with other related authentication except for Nikooghadam et al. However, Nikooghadam et al. [64] could not be much reliable for cloud-based TMIS as it was dissatisfying most of the security vulnerabilities such as denial-of-service, privilegedinsider, user anonymity, identity protection, forgery, masquerade and user impersonation attack.  [69] 3ET H + 1ET DM 9ET H + 5ET DM + 2ET SED 12ET H + 6ET DM + 2ET SED 1984 1472 0.3474 Chandrakar et al. [75] 6ET H + 4ET DM 18ET H + 8ET DM 24ET H + 12ET DM 1120 1440 0.7689 Proposed S-USI scheme 3ET H + 2ET ME 8ET H + 1ET ME + 1ET SED 11ET H + 3ET ME + 1ET SED 960 896 0.0689

Discussions
In the past, several user authentication schemes have been proposed for the support of system efficiencies such as communication, computation, and storage. Specifically, in sensor technologies, the specific area of key agreement (KA) schemes [61][62][63][64][65][66][67][68] has often been chosen, though they are not suitable to provide better energy utilization and environment adaptability. In [69], the KA scheme is generally classified into traditional, physiological value, secret-key generation, and hybrid-key that tries to provide a secret session-key to authorize the data transmission between the real-time entities. The hybrid-key authentication scheme incorporates either traditional, physiological value or secret-key generation to employ symmetric or public-key cryptosystems to minimize the computation, communication, or storage cost. However, the above classification techniques are still addressing the challenges of security and privacy as the communication between the sensor network and the device is typically taking place over insecure public networks. Generally speaking, key agreement using elliptic-curve cryptography becomes more appealing to achieve less computation overhead. However, it is still computationally expensive [57]. The traditional scheme literally suffers from unresponsive network change, whereby the performance efficiency would be deliberately degraded. Fortunately, the scheme with the pre-deployment key phase always improves communication efficiency as they use lightweight operations. In literature, various user authentication protocols have been designed for telecare medical information systems that address several challenges such as (1) most of the authentication schemes are completed relied on password and smartcard; (2) some authentication schemes could not resist identity and password-guessing attacks; (3) the majority of the schemes could not provide session key agreement and proper mutual authentication; (4) very few user authentication protocols have been verified formally using a random-oracle model, automated validation of internet security protocol and application (AVISPA), cryptographic protocol verifier known as Pro-Verif, and Burrows Abadi Needham (BAN) logic; (5) relatively more authentication schemes do not comply with forward secrecy; and (6) almost all the authentication scheme does not provide better performance efficiencies namely computation, communication, and storage. To resolve the above addressing issues, an authentication scheme known as single-user sign-in authentication (S-USI) mechanism is proposed i.e. specifically for cloud-based TMIS using extended Chebyshev chaotic-map based decisional Diffie Hellman problem (DDHP).

Conclusion
For cloud-based TMIS, a key element known as information security has played a significant role. To provide a corrective approach, a strategy of single-user sign-in authentication (S-USI) mechanism has been proposed using extended Chebyshev chaotic-map based decisional Diffie Hellman problem (DDHP) . To meet the current demands of sensor intelligence networks, this mechanism practices on a strategy of unary-token to access the service that annuls the clock synchronization problem. As the proposed S-USI is based on DDHP , the formal and informal security analysis proves that the malicious user or any adversary cannot logically deduce any confidential parameter to derive a session-key authorized between U ser and R S . In addition, this proposed mechanism claims that no malicious user can forge a valid user authentication request or personate as a legitimate user as it is based on Chebyshev chaotic-map. The formal verification using AKE Session-Key Security and BAN logic demonstrates that the proposed S-USI mechanism can be resilient to various potential attacks such as replay, denialof-service, privileged-inside, etc. Also, the comparative analysis shows that the proposed S-USI mechanism mitigates the computation, communication, and storage cost to improve the performance efficiency of pervasive services in the cloud. In the future, the proposed S-USI will be evaluated using NS-3 to analyze the quality metrics such as transmission delay, throughput rate, and routing overhead. Based on the experimental analysis, the proposed S-USI will be optimized further to meet the standard requirements of the computing paradigms. In addition, an energy consumption model will be built to make the proposed mechanism to be more dynamic in cloud-IoT environments.

Compliance with ethical standards
Conflict of interest We declare that we do not have any commercial or associative interest that represents a conflict of interest in connection with the work submitted.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creat iveco mmons .org/licen ses/by/4.0/.