Securing communication by attribute-based authentication in HetNet used for medical applications

One of the major applications of the Heterogeneous Network (HetNet) is in the healthcare system. Deploying HetNet in healthcare systems enables patients, physicians, and other stakeholders to communicate easily with each other. Due to the large growth in the network’s subscribers, the security of the stored health data became one of the major concerns because unauthorized access to this data may lead to very serious complications, and unreliable transmission of data may lead to fatal risks to the patient’s life. Therefore, taking data integrity into consideration, user authentication has become one of the main factors. However, significant research work has been performed at HetNet’s physical layer to secure communication, but the result of this leads to an increase in hardware components. The increasing hardware components not only costs money but also power consumption. Therefore, this paper presents an alternate way of securing communication in HetNet at the network layer. However, resolving security problems at the network layer increases computational complexity. Nevertheless, earlier, some encryption techniques like identity-based encryption (IBE), symmetric key encryption (SKE), and public-key encryption (PKE) have been utilized for securing data. Due to their own disadvantages, this paper utilizes an attribute-based encryption (ABE) authentication scheme for securing health data in medical applications. With the help of this method, access to the intruders is denied which results in reduced communication overhead. This authentication scheme helps protect the essential information against attacks by the intruders. It includes a third party server that helps to authenticate and store patient’s information. The whole security technique has been written in the form of HLPSL (high-level protocol specification language) codes, and the results are then validated with the help of AVISPA (automated validation of Internet security protocols and applications) tool.


Introduction
Nowadays, wireless communication has developed its essence in wide solicitations of current advanced domain like safety, medical, rescue, and security purposes [1]. Due to the rise in the number of users, there is an increase in data traffic on the network, which results in increased latency. Therefore, next generation of mobile networks such as 5G and beyond is expected to tackle demands in a range of technological contexts such as Quality of Service (QoS), continuous large-transmission range, hot-spot high volume, throughput, and enormous connection [2]. This is where HetNets show a substantial role. HetNet helps in enhancing the coverage area and capacity of a network by deploying mini base stations (BS) called micro-BS, nano-BS, femto-BS, etc. [3]. HetNets also improve the QoS and throughput and decrease latency [4]. For the large deployment of these mini cells, there are high chances of interference that are key issues in HetNet [5]. Thus, communicated signal must be capable of carefully eliminating the interference. Energy usage is also growing owing to the installation of mini cells and substantial traffic, which cannot be allowed in low-power appliances such as WSN and IoT systems; thus, the emergence of technologies such as simultaneous wireless information and power transmission (SWIPT) came into existence [6].
Due to rapid development in IoT-based smart appliances, emerging wireless communication seems to have a much higher need for large data, nearly wide-reaching range, and efficient privacy performance [7]. With all of these considerations, HetNet has evolved a potential alternative by raising cell density for better reuse of spatial spectrum [8]. Communication in wireless networks is carried out via public channels, and since these channels are of broadcast nature, hence, protection of data in HetNets becomes a prime concern [9]. Consequently, information transmitted via wireless channels can be easily obtained inside the transmission range by an unintended user [10]. This leaves HetNets communication vulnerable to attacks by intruders, which can pose serious problems as users exchange sensitive information between them. Figure 1 presents an outline of the HetNet architecture in the healthcare domain. The circles shown denote the hospitals which are connected to smaller base stations, and boxes inside them are the various departments. All of them are connected to one macro base station (MBS). These hospitals can communicate with each other and also with users through small base stations and MBS in the presence of intruders.
In identifying the valid user, the physical layer attributes simplify the authentication procedure. But relying entirely on a single physical layer attribute is not considered a viable option, as the characteristic chosen might not have sufficient dynamic range for precise distinction [11]. Therefore, we need to look for alternate ways of authentication. For instance, end-to-end encryption is an example of network layer security, which prohibits data leakage to the attacker [12]. The identity-based encryption (IBE) is employed for securing health data of patients. But in the case of IBE, there is only one attribute that needs necessarily to be fulfilled to get access to the data; otherwise, authentication will fail. This means IBE does not provide a wide dynamic range for authentication; hence, it is less error-tolerant [13][14][15].
For the medical applications, HetNets can prove very useful in connecting various hospitals to each other, so that they can share necessary information between themselves. Therefore, the data is liable to attacks during the transmission on a network because intruders can manipulate a person's sensitive information and may pose a danger to one's life [16]. We have a wide variety of staff in hospitals, and the authentication scheme implemented must have a wide dynamic range to authenticate the users. The security problems can be resolved on multiple layers of the OSI model. The physical layer protection is also not a feasible choice here because it does not have a wide dynamic range. To increase the dynamic range of the physical layer, we will require a lot of hardware which increases cost as well as power consumption. That is why, this paper proposes attribute-based authentication for verifying the users as it has a wide dynamic range, and it also minimizes the hardware and power consumption constraints as it is employed on the network layer. The key concern is to secure health records of patients, particularly if they have been deposited on a third-party server that the public does not believe entirely [17]. Therefore, in medical applications, security of data is of main concern. For HetNets used in medical applications, an attribute-based authentication scheme is proposed in this article, so that only credible users can access patient's health records. An attribute-based authentication scheme provides a wide dynamic range for authentication and hence good error tolerance.

Motivation and contribution
The introduction of electronic health recorders to collect patient information in the healthcare system has various steps. It electronically stores patient medical records and uploads them to a database server [16]. From the perspective of the medical care system, patients see several doctors during their lives, from attending a primary health clinic to hospitals. Therefore, health records are created with every clinical meeting or emergency visits [17,18]. Keeping data integrity in view, safe routing is a very important issue within a given network (HetNet). For securing communication in HetNets, most of the research work is done at the physical layer [8,9]. In medical applications like hospitals where we have a wide variety of users, our authentication scheme needs to be robust with a wide dynamic range for authentication. If security issues are addressed at the physical layer, we need to increase its dynamic range, which requires a lot of hardware, hence further increase in cost and power consumption. Therefore for such applications, physical layer security is not a feasible option. Although few techniques were employed at the network layer, they had limitations like IBE has less dynamic range [19]; in symmetric key encryption, exchanging the key secretly between the users is a big problem [20]. Therefore, the key objective of this article is to address security issues at the network level by employing ABE authentication as it contains characteristics like efficient key management, error tolerance, privacy preservation, emergency data storage, and retrieval. The contribution of this paper is that the health data of patients have been successfully secured while routing it to the data requesters. This is possible by employing ABE authentication on the stored data.
The remaining article is oriented as current related work performed in the relevant field is discussed in Section 2. Section 3 addresses ABE's background. In addition, the recommended method is presented in division 4, Section 5 gives a brief introduction about AVISPA tool, Section 6 shows the formal validation of proposed scheme in AVISPA tool, Section 7 is regarding the results and discussion of the proposed approach, and finally, Section 8 comes up with the conclusion and future scope.

Related work
This section will be discussing different methods being employed for securing the communication within the HetNet and techniques being used in securing the health data.

Security-related work at physical layer on HetNet
Several accomplishments have been dedicated to security problems in HetNets for the past few years, such as Hu et al. [2] recently examined the PLS in HetNets backed by SWIPT to boost the safety issue. Further, they inserted artificial sound in the communicated beam together with the macrocell and femtocell base stations. Subsequently, authors in [5] realized that multi-tier structural design together with rigorous 5G latency requisites poses new security challenges due to possible repeated deliveries and validations in 5G mini cells and HetNets. Thus, introducing SDN in 5G will allow efficient authentication handovers and protection of privacy through its centralized control capability. In another research, authors of article [10] suggested a joint source allocation scheme that under fairness requirements simultaneously considers PLS, cross-level intervention, and joint power optimization and sub-carriers. Duan et al. [11] in another paper proposed SDN-supported fast validation approach utilizing weighted SCI handover to enhance authentication performance during handover and satisfy the 5G latency needs. In paper [21], authors have introduced FFFTM (Flooding Factor-based Framework for Trust Management) in MANETs for the secure transmission of data. The true flooding method is used to recognize intruder nodes depending on the evaluation of trust value. Makarfi et al. [22] presented the ordinary logarithmic expression for the system capability in a different form, to allow the study of the random variables describing the channel fading and interference in terms of the joint moment generating functions (MGF). In [23], an interference management method for PLS in a two-tier HetNet system to increase the user's secrecy rate under eavesdropping attack is proposed. Wang et al. [24] investigated the PHY layer security of a two-tier HetNet thru sub 6 GHz substantial MIMO macrocells and millimeter wave (mmWave) small cells. They evaluated the scope and secrecy efficiency using stochastic geometry by taking into account the pilot attacks from the spies.
Some of the work related to our proposed scheme is discussed in Table 1; it is quite evident that the ABE scheme has been used for securing data in networks like vehicular ad hoc network, Internet of things, and body sensor network. For securing communication in HetNet, various studies have been dedicated to the PHY layer, nevertheless, no effort is carried-out at network layer utilizing such approaches. Hence, this research article proposes an ABE authentication scheme to secure data in medical-dedicated HetNet.

Security-related work for medical application
Issues regarding protecting the privacy of patients and the security of medical details are two basic problems with the proper use of electronic medical services [33]. Different techniques are used to protect this healthcare data. The most commonly used techniques are validation, encryption, data masking, access control, monitoring, auditing, and so on [34]. In paper [35], the authentication at the physical layer is introduced by utilizing the time-varies CFO (carrier frequency offset) related through each couple of wireless communications systems. Encryption methods like IBE, SKE, and conventional PKE techniques may be utilized for securing the health data recorded by body sensors [14]. Sudarsono et al. [13] presented a secure sharing of data in the e-healthcare system utilizing IBE with signature. So that data can only be shared by authentic users based on specific public identity, and data exchanged is encrypted and authenticated such that only authorized users can exchange the data. Although IBE does not require a public key distribution infrastructure, it has a less dynamic range as it considers only one attribute that needs to be fulfilled necessarily [19]. Similarly, SKE is faster as it utilizes only one key for encryption and decryption, but exchanging this key secretly between the users is a big problem [20]. All these techniques are used for securing the essential health data of users at the network layer. The attacks on network layer capture information, modify it, and direct for re-communication [17]. Taking the above limitations into consideration, ABE authentication is taken into account to keep safe the health information from these kinds of attacks. Further, the comprehensive evaluation of the existing security protocols in the state-of-the-art is carried-out in Table 1.

Background
This portion provides a short-lived description with regards to ABE access control [15].

Bilinear maps
Assuming there are two multiplicative cyclic groups G 0 and G 1 of prime order p, let g be generator of G 0 , and e be a bilinear map, e: G 0 × G 0 → G 1 . The characteristics of bilinear map e are as given below: Massive MIMO deployment significantly increases secrecy performance.
• Spectrum efficiency improves due to densely installed BSs.
• BS having big array of antenna offers huge array gain to its authorized user.
Increasing security during transmission in wireless HetNet. SLS and BLS are two transmission schemes taken within such system to boost PLS by using content properties of cached files. • Artificial interference incorporated by SLS will resist Eve that may be removed by cache-enabled consumers.
• Without cached file, eves can decode nothing in BLS.
• SLS and BLS are successful in achieving huge security gain as compared to normal transmission.
To examine the average secrecy capacity of the system under consideration Two vehicular network system models are presented that are RISbased transmission: one is vehicleto-vehicle interaction with source using access point and other one is in form of VANET with RIS-based relay installed on building.
• RIS technologies evolved as an essential model for smart radio environments where vast numbers of small, low-cost, and passive components replicate the event signal with an adaptive phase shift deprived of the need for a dedicated energy source.
VANET [26] To enhance effectiveness of r escues with safety assurance.
Computational latency and communication overhead is minimized.
ABE access control scheme.
• Keeps communication private, avoids collision attacks, and enables fine grained access control.
• Privacy and reliability improved.
VANET [27] Collaborative transmission in VANET, when straight transmission between origin and target is not likely.
Make data transmission relays secure.
CP-ABE is utilized in proposed protocol as it offers encrypted access control approach.
• This approach depends on authentication of signature to guarantee the accuracy of delivered messages.
VANET [28] Secure billing protocol over ABE in vehicular cloud computing. vehicles and their required services.
• The suggested approach enables reliable billing attributes with lesser computational overhead for vehicular cloud computing.
MANET [29] To provide the DoS and intrusion detection system in MANETs that will be based on FSM.

DoS and intrusion issues in MANET.
ID-AODV protocol is suggested based on FSM. • Detection systems are developed using the FSM principle for both attacks: packet dropping and sequence number's duplication due to DoS and intrusion attack, respectively.
• ID-AODV's main technical features include network monitoring system, FSM, and attack detection model.
BSN [30] To guarantee the security and safety of information fused at the BSN coordinator.

Privacy of information.
KP-ABE is employed to guarantee privacy of information.
• KP-ABE offers easy and safe encryption over CP-ABE because KP-ABE is a lightweight encryption scheme.
IoT [31] To regulate the access to data.
Data protection in resourcelimited systems.
CP-ABE using efficient pre-computation methods. • The pre-computation method is extended to the CP-ABE encryption scheme that enables to reduce computational costs of encryption.
• Reduce practical challenges in deployment of CP-ABE on resource-limited systems.
Under-water wireless sensor network (UWSN) [32] Design routing protocol for proficient communication between sensors and sinks in UWSN.

Efficient communication between sensors in UWSN.
RE-PBR protocol for UWSNs is presented.
• RE-PBR takes into account three factors to balance energy usage and effective message delivery namely link quality, depth, and residual energy. Bilinearity: for all m, n ϵ G 0 , and x, y ϵ Z p , we have e (m x , n y ) = e (m, n) xy . Non-degeneracy: e(g, g) ≠ 1 G 0 is a bilinear group if the group operation in G 0 and the bilinear map e: G 0 × G 0 → G 1 are both competently computable. Notice that the depict e is symmetric since e (g x , g y ) = e (g, g) xy = e(g y , g x ).

Attribute-based encryption
There are many types of PKE, and ABE is one of them. ABE is also related to IBE, and the distinction between the two is that ABE scheme is one-to-many while IBE scheme is one-to-one [15,19]. In ABE, a group of features is taken into consideration, and according to that set, the message is encrypted, such that decryption of message can be performed by only those users meeting the attributes in the attribute set.

Setup
Firstly describe universe of attributes V = {1, 2, 3, …, n}. For each attribute i ϵ V, choose a number r i uniformly at random from Z p . Finally, choose f uniformly at random in Z p . The published public parameters are The master key is: We may also require a few cryptographic hash functions. Hash functions reduce the size of a large message to a fixed length; this is called a hash digest. Hash functions are always one-way functions, i.e., hash codes can be generated by applying hash functions on message, but vice versa is not possible.
Compared to symmetric key encryption, public-key encryption is costlier. Hence, certain hash functions are required to transform some random message of "k" bits to finite size of "w" bits.

Key generation (T, MK)
Here, algorithm generates an output key that makes client able to decode the data encrypted using attribute set "a" if Q(a) = 1. First of all, for every node "x" in the tree "Q", a polynomial "q x " is selected. Beginning with root node "p", polynomials are chosen in a top-down fashion. When polynomials for every leaf node "x" are determined, the user is given the following secret value: Decryption key "D" is the group of above secret values.

Encryption (PK, N)
Here, message N ϵ G 1 is encrypted using attribute set "a" by selecting a random value n ϵ Z p and distribute ciphertext as:

Decryption
To generate N, parameters like a private key (S i ) and ciphertext (C) are taken as input.
Decryption is going to succeed if the user's private key satisfies the access building present in C.

Proposed technique
ABE authentication scheme is used in the recommended system to make our health data accessible to those who meet the threshold amount of attributes. To get the required information from the memory servers by users, our routing will adhere to some access tree in order to avoid unnecessary data being routed to users. In this proposed scheme, the reliable equation model is implemented; the BS and the mini cells rely on whatever information comes from the registered users.
Knowledge of attackers is also taken into account during the authentication process. The attacker can attack the communication channel in many ways, such as eavesdrop, hijack, and modify. Utilizing attribute-based authentication for the stored health record will help to route data to the desired targets and it will also prevent data from being exploited by an attacker. The step by step process is explained here. In this process, the MBS acts as a trustworthy and reliable authority and manages the entire network by providing public-private keys. All of these keys are utilized for encryption and decryption algorithm. MBS authenticates users based on their credentials (S), and once they get authenticated, they receive their respective private keys (Si). Once attributes of user get matched with the attribute set (Z) of MBS, then confirmation information is directed to the owner of data that the consumer is authenticated to communicate. In the end, the owner of data must communicate safely with the intended user.
Suppose, doctor of oncology division of hospital 'A' wants to access a file (refer to Fig. 2). He requests to access to that particular file. The access is granted to the doctor for that specific file as soon as he satisfies the said attributes. It is mandatory that the file should not get routed to the unintended department. At the same time, if a doctor from the gynecology department from the same hospital also requests to access the same file, his request is denied because he does not satisfy the attributes required to access the file.
In Fig. 3, pictorial representation of the authentication process between the user and base station has been shown. The data requester has been granted its private key, i.e., "S R ", and the data owner is also granted the private key, i.e., "S O ". The data requester sends credentials for the verification process based on "S" value. On verification, an acknowledgement is provided to the message owner which indicates that message requester is allowed to interconnect. This ensures secure communication between the owner of the data and the data requester.

Advantage of attribute-based authentication
The advantage of using attribute-based authentication over identity-based authentication is that it is error-tolerant. That means if we have 10 attributes (say) in the attribute list we can set a threshold of 7 attributes. Anyone satisfying the said condition can get access the data while as in identity-based authentication of all the said identities needs to be fulfilled then only one can get access to the data. Therefore, it will make things difficult in our healthcare system.

Proposed algorithm
The significance of routing data in the healthcare organization employing attributebased authentication scheme is presented in Fig. 4, where the flowchart for the whole technique has been depicted. The data requester sends its credentials to the base station for authentication. If the credentials of the data requester get matched with the attribute list of the base station, then the authentication is successful and the base station sends a signal to the owner of the data that the user is verified. Now, the data requester gets access to the data; otherwise, it denies the request by detecting the intruder. Unsecure routing cannot be afforded in medical applications because the patient's health data is secret, and if it is not routed to desired users, it could cost somebody's life. Hence, our information essentials to be protected and routed to desired users. The following steps are taken to implement attribute-based authentication in HetNet and have been defined from Eqs. 1 to 6 in an algorithm manner. The prototype of HLPSL code is shown in the following steps: Base station (BS) sends a nonce number "N y " for authentication to data requester (R) and the whole message is encrypted using R's public key "K r ".
Data requester (R) receives nonce number "N y " from BS.
Data requester (R) sends request to base station (BS) for verification on attribute values (S) along with a nonce number "N y " and the whole message is encrypted using base station's (BS) public key K s .
Base station (BS) checks the nonce number sent by data requester's (R) along with attributes (S) in its attribute-trust list (Z). Data owner (O) sends back acknowledgement message (ok) to base station (BS) and says that it is ready to communicate. Now, in the above entire prototype, the key generation is done in two major steps: ➢ Step_1. Setup phase at MBS: During this phase, the private key generator (here MBS) generates a master secret key (M sk ) based on attributes defined in Z.
➢ Step_2. Key generation phase: The private key generator will distribute public keys (K i ) and secret keys (S i ) to the users connected to it using the master secret key.
Further, symbolizations using the above equations are specified in Table 2.

AVISPA tool
AVISPA examines network safety protocols and applications which are coded using HLPSL. HLPSL comprises of basic roles describing various candidates and configuration of characters that describe situations of essential roles. The roles are not dependent on one another, obtaining some preliminary data by parameters, interacting with other roles via channels [36]. AVISPA's output format is accessed through one of the four back-ends, i.e., OFMC, CL-AtSe, SATMC, and TA4SP [37]. Figure 5 shows the architecture of the AVISPA tool. AVISPA is a push- button tool that is used to automatically authenticate network security-sensitive protocols and their implementations. It offers a formal semantic that is roleoriented and expressive for validation. Every participant plays an individual role during execution of protocol [37].

Validation of proposed scheme in AVISPA
The proposed technique introduced in the HLPSL codes has been validated using the AVISPA tool. This validation helps to decide whether the proposed approach is suitable for use in real scenarios. Figure 6 shows the description of the role played by BS in HLPSL. The BS sends a nonce number (N y ) to the user that wants to communicate with it. This  nonce number is encrypted using the secret key of BS and public key (K r ) of that particular user (R) before transmitting it over the channel. Then the channel changes its state from 0 to 1 during this process. The channel (dy) implies that the channel is for "Dolev-Yao" threat model. Attributes are defined via variable "S". The BS hopes that it receives the same nonce number back along with attributes of R. Figure 7 displays the description of role played by data requester (R) in HLPSL. The data requester accepts the message and decrypts it via the secret key of R and the public key of base stations (K s ). After decrypting the message, R sends the same nonce number back along with credentials "S" and hopes to get authenticated on these values. Figure 8 expresses the description of role session, goal, and environment for the proposed scheme in HLPSL. Here, the session section presents the two basic roles base station (BS) and data requester (R) with valid arguments. The role environment comprises of all the global perpetual and the composition of two sessions where intruder knowledge is also given. The intruder also engages in the protocol execution. In this implementation, the following secrecy and authentication goals have been verified: (i) secrecy_of sec_1: means that the M sk

Results and discussion
To understand the outcome of the suggested ABE authentication scheme in a better way, three different cases have been taken: when no authentication scheme is used, authentication using single key "K s ", and attribute-based authentication.
7.1 Case 1: when no authentication scheme is used Figure 9 shows the protocol simulation, and Fig. 10 shows the intruder simulation when no authentication scheme is used. Here, Bob wants to communicate with Alice over the public channel without encrypting the data. This data is at the highest risk of being attacked by an intruder as the message is sent in plain-text. The intruder can easily receive all the data sent from Bob to Alice, and hence, intruders can modify the data. When this malicious data is received by Alice, it assumes that it is being sent by Bob, which is not true, and in a crucial application like healthcare, it can prove hazardous. From both Figs. 9 and 10, it is apparent that when two users communicate without using any authentication scheme intruder can easily attack the data, thereby putting the information at great risk. The simulation output under CL-AtSe back-end of this security protocol gives the "SUMMARY" if the protocol is "SAFE" or "UNSAFE" or whether the study is indeterminate. Here, this one is unsafe for this case. 7.2 Case 2: authentication using single key K s Figures 11 and 12 show the protocol and intruder simulation by using a single key, respectively. Here, the sender (data requester) first encrypts data using key "K s " and then sends it to the receiver (base station). The same key is used by the target user to decrypt data. If somehow intruder gets the knowledge of the secret key, an intruder could easily get access to data and modify it. Exchanging the key secretly between users is the problem in this case. So this is a weak authentication technique. The simulation output under CL-AtSe back-end of this security protocol shows that this protocol is safe.  Figure 13 demonstrates the protocol simulation of proposed security protocol in the AVISPA using CL-AtSe. Here, the proposed security protocol is simulated in the presence of intruders who can pose a threat to our information. Figure 14 shows intruder simulation of proposed work in the AVISPA using CL-AtSe in the presence of the intruder. The communication process is initiated by the base station. It acts as a private key generator (PKG) and provides public and private keys to all users connected to it, with the help of master secret key (M sk ). During the authentication process, the base station sends a nonce number to the user (data requester) encrypted with the public key (K R ) of that particular user. These nonce numbers are random numbers and are not the same for any two users. Data requester sends back this nonce number along with credentials (S) to the BS, encrypted via the public key of BS's (K S ). If the base station acknowledges that he received the same nonce number and the credentials of the user are present in the attribute trust list, then the base station authenticates the data requester. So here nonce number also becomes one of the attributes. The intruder may attempt to attack the crucial health data, yet the attacker is unable to violate the privacy of the entire network because of the implemented authentication scheme because it becomes difficult for an intruder to guess all the attributes on which authentication takes place. In addition to this, the nonce number that acts as one of the attributes is generated at the time of communication and is extremely difficult for an intruder to guess it. Therefore, due to this, communication inside the network is safe from attacks by adversaries. Under CL-AtSe back-end, simulation performance of this security protocol gives the "SUMMARY" if the protocol is "SAFE" or "UNSAFE" or whether the study is indeterminate. Here it is safe for this case. It is clear from case 1 that we need to secure the data from intruders before transmission. Our authentication scheme needs to be robust so that intruder cannot attack the data easily. As in case 2, a weak authentication scheme is used which does not provide a robust authentication against intruders. Case 3 provides an error-tolerant and robust authentication scheme with a wide dynamic range.

Conclusion and future scope
The research study performed in this article suggests a security protocol in HetNets to authenticate the data requesters. The HetNet employed in healthcare system must be protected against any form of malicious attack. Hence, the attribute-based authentication scheme is exploited to ensure that the user trying to access the health record of a patient is genuine. It contains characteristics like efficient key management, error tolerance, privacy preservation, emergency data storage and retrieval, and health data mining suitability. It offers authentication in which patients authenticate and store their own health data on the third-party server without any threat. Thus, by preventing the transfer of information to the attacker, we are not only satisfying the authentication requirements but also increasing the privacy of the data. Furthermore, it can also be used in other sensitive fields such as military surveillance and so on to enhance security. The suggested security protocol is written in HLPSL codes and is validated in the AVISPA. The findings suggest that the recommended protocol is secured from harmful intrusion attacks, and data security and privacy is achieved in the communication system. In attribute-based authentication scheme, we only need to meet the threshold amount of attributes for authentication, unlike in identity-based authentication where we need to meet all the parameters. Hence, in future work, we need to define some essential attributes in addition to other attributes which every user will need to fulfill. In this paper, communication between the users is happening through a third-party trusted authority. If somehow this third party becomes compromised, then the whole of the data becomes vulnerable to the malicious attacks. Therefore, in the future, some more can be done on making the third party more secure.