https://doi.or g/10.31449/inf.v48i12.6047 Informatica 48 (2024) 65–80 65
Maintaining Security of Patient Data by E mploying Private Blockchain and
Fog Computing T echnologies based on Internet of Medical Things
Rasha Halim Razzaq and Mishall Al-Zubaidie
∗ Department of Computer Sciences, Education College for Pure Sciences, University of Thi-Qar , Nasiriyah, 64001, Iraq
E-mail: rashahalim.comp@utq.edu.iq, mishall_zubaidie@utq.edu.iq
∗ Corresponding author
Keywords: cryptoHSS, IoMT services, jellyfish algorithm, PBC, patient data, security procedures
Received: April 18, 2024
The Internet of Medical Things (IoMT) is a vital component of the Internet of Things (IoT), and its im-
portance lies in the ur gent need for it and its pr ovision of many medical services, such as examining and
monitoring patients in hospitals and their homes. Given the pr esence of huge amounts of data based on the
IoMT in the cloud system, data storage methods should witness a major r evolution, and given the exposur e
of IoMT systems to electr onic attacks, as r ecent studies have indicated, which makes them unsafe, data
must be pr otected with security systems. In our work, we pr opose a Cryptography Health Security Sys-
tem (CryptoHSS) to support medical IoT security . Our pr oposed CryptoHSS r elies on Decision T r ee (DT),
Naive Bayes (NB), T wo-Fish, and Jellyfish algorithms within Private Blockchain (PBC) and Fog Comput-
ing to build r obust security measur es. The T wo-Fish encryption algorithm is used to pr ovide anonymity of
medical information. In our pr oposed system, NB is used to quickly classify patient data, while DT is used
to make accurate medical decisions based on the collected data. The Jellyfish algorithm was used to detect
similarities between data and incr ease the security of data transmission within CryptoHSS. T wo-Fish, NB,
DT , and Jellyfish algorithms ar e designed to work in harmony with PBC. CryptoHSS distributes and man-
ages peer -to-peer data in IoMT . The benefit of Fog Computing (FC) is that it speeds up the decision-making
pr ocess without moving to distant clouds. W e analyzed our system in terms of performance and security .
Our r esults indicate that CryptoHSS pr ovides lightweight operations to support complex security measur es
that qualify it to support health or ganizations. In terms of security , our system pr ovides r eliable security
against attacks by keeping medical data encrypted and confidential, with the encryption and decryption
rate with the T wo-Fish algorithm r eaching mor e than 98%, in addition to pr oviding diagnosis of medical
conditions and making appr opriate medical decisions.
Povzetek: Prispevek raziskuje varnost pacientovih podatkov z uporabo zasebne verige blokov in tehnologij
megličenja, temelječih na Internetu medicinskih stvari (IoMT), ter pr edlaga sistem CryptoHSS za
izboljšanje zaščite podatkov in hitr ejše odločanje.
1 Intr oduction
IoMT has become one of the most powerful, durable, and
convenient applications available due to rapid technical ad-
vancements in big data collection, cloud computing, deep
learning, the IoT , and IoMT services. IoMT s are an in-
tegrated ecosystem consisting of interconnected medical
sensors, computer systems, and clinical systems [ 1 ], and
have received great attention in recent years due to signif-
icant challenges in the quality and ef ficiency of medical
and healthcare services [ 2 ]. Prediction accuracy is greatly
impacted by the quality , amount, and significance of data
gathered from medical IoT devices. FC provides a good
authentication method, it selects a section of data for veri-
fication and at the same time solves the requests submitted
in real-time, so one of the benefits of Fog Computing is the
use of time as it has priority in work [ 3 ]. IoMT systems
include homogeneous and heterogeneous networks, so it is
vulnerable to cyberattacks [ 4 ]. Patients and medical institu-
tions have embraced IoMT technology , permitting remote
patient monitoring, assessment, and treatment via telehealth
services [ 5 , 6 ]. Smart IoMT nodes are rapidly gaining pop-
ularity around the world, especially in pandemic situations,
and Figure 1 illustrates the advantages of IoMT .
FC provides a decentralized and scalable network that ad-
dresses security , identification, and authentication issues
in patient health data. Its operation is to collect process
data into blocks for validation and is similar in operation to
Blockchain technology . Blockchain is a technology used
to store lar ge amounts of data. Completed transactions
are recorded and stored in a common block distributed
throughout the dynamic systems of the Blockchain net-
work. Blockchain is a stable and reliable platform. W ith the
growing Internet of Healthcare T echnologies, which may
reach 75.44 billion by 2025, since the vast majority of these
devices are unprotected by nature or by powerful process-
66 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
Figure 1: IoMT advantages
ing, this sharp increase in quantity has raised privacy and
security issues. Among the attacks that these devices are
exposed to are identity theft, exploitation, database, Cloud
hacking, advanced phishing, ransomware, spoofing, pri-
vacy violations, and many others. T o protect these devices
from these attacks, it is necessary to identify algorithms
or systems that meet the needs of encryption and security
[ 7 , 8 ]. Our research aims to enhance the detection of secu-
rity threats and reduce the risk of hacking IoMT systems, as
well as increase the privacy and security of medical data. In
general, the most important contributions of the system are
as follows:
– Pr oposing CryptoHSS to impr ove the security and
privacy of patient data : Through the use of PBC and
FC procedures, it is possible to provide a safe and re-
liable manner to save and transmit patient informa-
tion, protecting them from potential security threats.
CryptoHSS uses PBC to distribute and transfer data
securely and FC for fast and secure storage.
– Pr oposing CryptoHSS to incr ease the accuracy of
medical diagnosis : Using the NB algorithm and med-
ical data analysis, by increasing the precision of es-
sential medical diagnosis prediction, CryptoHSS suc-
ceeded in enhancing patient care and making wise
medical judgments.
– Pr oposing CryptoHSS to r educe overly similar
data : CryptoHSS uses Jellyfish to reduce redundant
and useless replica data and thus reduce the burden on
the IoMT network before medical decisions are made
by DT .
– Pr oposing CryptoHSS to pr otect against security
vulnerabilities and data disclosur e : CryptoHSS
adopts reliable T wo-Fish encryption to completely
anonymize patient data and then store it in the PBC
blocks.
The following is the arrangement of the paper ’ s contents.
A topic introduction is given in Section 1 . Section 2
explores works related to our research topic. Section 3
provides preliminaries for e-health and employed security
techniques. Section 4 presents CryptoHSS methodology .
Section 5 presents CryptoHSS security and performance
analysis. The conclusion is described in Section 6 .
2 Related r esear ch of e-health and
Blockchain sec urity
This section briefly presents a collection of recent research
and its vulnerabilities related to the topic of IoMT security .
Rahman et al. [ 3 ] proposed a framework to protect the
privacy and security of IoMT data, where Dif ferential
Privacy (DP) and Federated Learning (FL) were proposed,
where private IoMT data can be trained at the owner ’ s
premises. Recent advances in graphics processing units
allow devices to run FL within terminals or smartphones
that have IoMT connected to their terminal nodes. They
presented a lightweight hybrid FL framework where
Blockchain smart contracts manage the trust management
scheme, edge training, authentication of participating
federated nodes, distribution of trained models locally and
globally , reputation of edge nodes, and uploaded datasets
or models. The test results show a high and strong poten-
tial for IoT -based health management to be more widely
adopted in a confidential and secure manner . However , it
needs to improve missing metrics and accuracy . Alzahrani
et al. [ 9 ] proposed a model for integrating healthcare
big data security with security verification concepts in
medical device design and development. Healthcare
data and device security are tested using the combined
AHP-T OPSIS method. While verifying the security of data
parameters, the algorithm is designed and implemented.
As a result, appropriate custom security controls are
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 67
required to thwart the attack. However , cyber -physical
system (CPS) in the healthcare environment faces issues
such as the suitability of medical equipment, software
reliability , privacy , security , data retrieval, technology
display architecture, and system feedback while storing,
processing, extracting, and returning data to CPS, and
advanced query processing. Muthanna et al. [ 10 ] proposed
a software-defined networking (SDN)-enabled hybrid
intelligence framework that leveraged the Cuda Long
Short-T erm Memory Unit (cuLSTMGRU) for ef fective
threat detection in IoT environments. A set of standard
evaluation metrics, modern data, and IoT -based metrics
were used. In terms of speed ef ficiency , detection accu-
racy , and accuracy methods in other standard evaluation
metrics, the researchers claimed that their proposed model
outperforms existing models. However , the dynamic
characteristics of these devices make the entire system and
IoT devices vulnerable to identity theft attacks, advanced
phishing, Cloud hacking, and ransomware attacks.
Dammak et al. [ 1 1 ] focused on providing security coun-
termeasures as well as a cost-ef fective solution to HCS
(HealthCare Monitoring Systems) by integrating IPFS
(Interplanetary File Systems) with a Blockchain-based
storage model. Blockchain technology is an emer ging
solution in the pharmaceutical industry that has been
implemented at HCS and allows healthcare providers to
control access to shared data and track connected devices,
thus protecting patient privacy . Also, the addition of
edge and FC has improved the HCS system for real-time
interaction and enhanced its reliability . However , the
autonomy of this system is extremely limited and does
not exceed one month. This system also needs better
improvement in terms of security and privacy . Bagga et al.
[ 12 ] provided a detailed description of IoT , its applications,
and its architecture. They also presented many security
issues, challenges, potential security attacks in the IoT ,
and countermeasures. They focused on Blockchain, its
workings, and how to develop it into the IoT . A detailed
description of existing consensus mechanisms and how
Blockchain can be used to overcome vulnerabilities in the
IoT is highlighted. They have provided a precise, inte-
grated, and comprehensive description of access control
protocols. It will not only allow readers to understand the
access mechanism but also clarify issues related to use
cases of IoT applications. However , the schemes are very
complex due to connections to modern schemes without
testing and calculation costs. Furthermore, researchers in
[ 13 ], [ 14 ], and [ 15 ] presented systems to protect IoMT
based on Blockchain, but their proposed systems were
not tested against attacks such as Cloud hacking and
Exploitation.
Ali et al. [ 16 ] proposed an approach to enhance pri-
vacy preservation in IoT -based healthcare applications us-
ing homomorphic encryption techniques combined with
Blockchain. Symmetric encryption makes it easy to per -
form calculations on encrypted data without the need for de-
cryption, thus protecting data privacy throughout the com-
putational process. This strategy provides a secure and
open environment for managing and sharing sensitive pa-
tient medical data, while at the same time maintaining the
confidentiality of the patients involved. However , when
data is stored and managed, data owners (DO) are sepa-
rated from direct control of their data, leading to privacy
violations and security risks. Also, service providers can-
not provide extended security confidence to their customers
through external data. Raj and Prakash [ 17 ] explored the
dimensions of Blockchain and its applicability in health-
care, making the innovative healthcare system more stable
and secure. They presented a comparative analysis of well-
known recent research on the security of IoT -based smart
healthcare systems using Blockchain based on dif ferent cri-
teria such as data integrity , architecture, medical informa-
tion sharing, patient encryption key , distributed electronic
health records, hardware implementation, and access con-
trol. They have developed a great abundance regarding the
ef fective way to serve and guide clinical medical services
to patients to keep up with patient information protection
and the most popular way to disseminate stable, accurate,
and reliable information to clinical experts. Nonetheless,
there are issues related to some attacks on patients’ encryp-
tion keys, as well as, with the security of patient informa-
tion. T able 1 provides a comparison between the previous
research approaches.
3 Pr eliminaries for e-health and
employed security techniques
This section will provide preliminaries about the techniques
used in the proposed CryptoHSS system.
3.1 Backgr ound
In this subsection, we will initially explain what the IoMT s
are, what are the requirements for their architecture, and the
work of each layer , in addition to clarifying the Blockchain
and FC technologies, the mechanism of each of them, and
how to include some algorithms within them.
3.1.1 IoMT
IoMT is an advanced technology that refers to the network
of medical devices and equipment connected to the Internet.
This connection allows them to exchange medical informa-
tion and data. The IoMT is considered part of the IoT s and
is a field that deals with a group of sensing, operating, and
connecting devices. The IoMT has developed significantly
due to rapid technological developments in medicine in ad-
dition to the development of medical things.
68 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
T able 1: Comparison of algorithms, results and gaps of previous research
Resear chers Y ear of publication Methods/algorithms Main r esults Identified gaps
Rahman et al. [ 3 ] 2020 Dif ferential Privacy (DP) and Federated
Learning (FL) with IoMT
High and strong potential for IoT -based
health management with a confidential and
secure manner
Missing metrics and low accuracy
Alzahrani et al. [ 9 ] 2022 Healthcare data security with AHP-
T OPSIS
Appropriate custom security controls and
thwart some attacks
CPS in the healthcare environment faces
security issues during storing, processing,
extracting, and returning data to CPS, and
advanced query processing
Muthanna et al.
[ 10 ]
2022 SDN-enabled hybrid intelligence frame-
work and cuLSTMGRU with IoT
Speed ef ficiency , detection accuracy , and
accuracy methods depending on a set of
standard evaluation metrics, modern data,
and IoT -based metrics
IoT devices vulnerable to identity theft at-
tacks, advanced phishing, Cloud hacking,
and ransomware attacks
Dammak et al. [ 1 1 ] 2022 HCS and IPFS with a Blockchain-based
storage model
Addition of edge and FC has improved the
HCS system for real-time i nteraction and
enhanced its reliability
Autonomy of this system is extremely lim-
ited and does not exceed one month and
needs better improvement in terms of secu-
rity and privacy
Bagga et al. [ 12 ] 2022 Blockchain and IoT Allowing readers to understand the access
mechanism and clarify issues related to use
cases of IoT applications
Extremely complex due to connections to
modern schemes without testing and calcu-
lation costs
Ali et al. [ 16 ] 2023 IoT -based healthcare applications and ho-
momorphic encryption with Blockchain
Providing a secure and open environment
for managing and sharing sensitive patient
medical data and maintaining the confiden-
tiality of the patient’ s data
Privacy violations and security risks during
storing and managing operations
Raj and Prakash
[ 17 ]
2023 Blockchain dimensions with IoT -based
smart healthcare systems
Abundance regarding the ef fective way to
serve and guide clinical medical services
and disseminate stable, accurate, and reli-
able information to clinical experts
Issues related to some attacks on patients’
encryption keys and the security of patient
information
3.1.2 Blockchain
Blockchain is a system of encrypted digital records
based on distributed technology and the public network.
Blockchain consists of a connected chain of blocks [ 2 ],
where information and transactions are stored in these
blocks securely and sequentially [ 18 ]. The operations per -
formed on the Blockchain are consistent and tamper -proof
since changes in data require the consent and consensus of
network participants. In other words, Blockchain provides
a secure and transparent way to record and share informa-
tion and transactions between participating parties without
the need for a central intermediary [ 19 ]. There are several
types of Blockchain technology , and these are some of the
common types:
1. Public Blockchain : These are types that are open and
available to everyone, as anyone can participate in the
process of verifying, recording, and confirming trans-
actions by joining the network. A famous example of
this is Bitcoin.
2. Private Blockchain : These are types that are limited
to a specific group of participants. These types are of-
ten used in companies and or ganizations to implement
internal systems and collaborative projects.
3. Hybrid Blockchain : It is a type of Blockchain that
combines private and public Blockchain elements.
Hybrids can be partly limited to a specific group of
participants and partly open to all.
4. Permitted Blockchain : It is a type of Blockchain that
requires approval or permission from a specific entity
to join the network and participate in the process of
verifying and recording transactions. These types are
used in cases of cooperation between institutions and
government agencies.
3.1.3 Fog computing
FC is a computing model that aims to extend computing,
storage, and networking capabilities to the edges or edges
near users and Internet-connected devices. Edges represent
users and devices used on the Internet, such as medical de-
vices, sensors, smart devices, and technologies related to
the IoT . FC provides storage, computing, and networking
capabilities at the edge and aims to provide rapid response
and improve the performance of services and applications.
3.2 Naïve Bayes algorithm
NB algorithm is used in data classification and machine
learning. It relies on Bayes’ classification rule and the con-
cept of probability theory . This algorithm is used in sev-
eral diverse fields, such as statistical learning, data analy-
sis, and machine learning. In it, a specific model of data is
trained using a data set that contains pre-defined features,
after which it calculates the compatibility probabilities and
prior probabilities between the independent features, and
this is between each category and the various other cate-
gories of data. These probabilities are used to classify new
data. The NB relies primarily on the Nevada hypothesis
or simplicity theory , by assuming that all variables are in-
dependent in the data and not related to each other . Thus,
the process of calculating classification and probability is
simplified [ 20 ].
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 69
3.3 T wo-Fish algorithm
This algorithm is used to secure digital data, and it is one
of the symmetric encryption algorithms. Designed by sci-
entist Bruce Schneier , it is one of the five final algorithms
in the advanced encryption standards competition [ 21 ]. It
has the advantage that its implementation is available to ev-
eryone. This algorithm divides the data into fixed blocks
of 128 bits and works on applying the FESTEL network,
where the F function is applied to half of the block, af-
ter which an XOR is performed between the two halves,
and this process is applied to the end of the plain text to
be encrypted. It divides the data into fixed 128-bit blocks
and applies encryption and decryption operations to these
blocks. However , it is possible that modifications or dif fer -
ent versions of the T wo-Fish will be developed in the future.
Modifications may include increasing the security level or
improving the performance of the algorithm. In addition,
these modifications may include methods for applying en-
cryption processes, changes to the data structure, or func-
tions used. Also, it should be noted that the popular and
widely used version is the original version of the T wo-Fish
[ 22 ].
3.4 Jellyfish algorithm
This optimization algorithm simulates the movement of Jel-
lyfish in searching for food, the phenomenon of Jellyfish
reproduction, and movement within the swarm. It is a
metaheuristic algorithm taken from the movements of Jel-
lyfish in the ocean. The algorithm is a recent innovation
and shows encouraging results compared to other biologi-
cally inspired optimization algorithms. The Jellyfish opti-
mization algorithm strikes a balance between exploration
and exploitation, combining exploratory and exploitative
aspects in the process of searching for optimal solutions.
The algorithm relies on a strategy that balances these two
processes to achieve balanced and ef fective performance in
solving problems [ 23 ].
3.5 Decision tr ee algorithm
DT is one of the supervised learning algorithms used in
classification and regression. DT gives a clear graphical
representation of all possible solutions. Their decisions are
based on specific circumstances, where each branch of the
tree represents a possible solution according to the data en-
tered into it. The tree contains the root node, which rep-
resents the highest decision, and carries the classification,
decision, or diagnosis, which are the internal nodes. Classi-
fication of a specific set of data using decision trees must be
under specific conditions so that the tree can determine the
required diagnoses and decisions. An integrated database
must be provided according to the required use so that the
decisions taken are correct and accurate [ 24 ].
3.6 Ethical Considerations and Data
Privacy
There are ethical and data privacy issues in healthcare
that must be considered when using fog computing and
Blockchain technologies, some of which are:
– Patient Consent: Patients are given explicit consent
and informed about how their personal health data
will be collected before any data is included in the
Blockchain and processed on fog computing nodes.
Patients retain the right to access their data and modify
it if needed or delete it.
– Regulatory Compliance: The proposed system is keen
to comply with the regulations that apply to healthcare
systems that use Blockchain and fog computing, such
as the General Data Protection Regulation (GDPR) in
the European Union and the Health Information Porta-
bility and Accountability Act (HIP AA) in the United
States.
– Access Controls: Access management is important
and crucial as is identity verification. Fine-grained
access controls are built into our proposed system so
that only authorized healthcare providers and relevant
parties can interact with and view patient data stored
on the Blockchain and processed using fog computing
technology .
– Auditability and transparency: Patients can audit how
their personal information is accessed and used within
the system, as the decentralized nature of Blockchain
provides transparency in data transactions.
– Security assurances: Any security breaches could re-
sult in sensitive medical data being subject to unau-
thorized modification or alteration, so in our proposed
system, we ensure that comprehensive security mea-
sures including access controls, encryption, and in-
trusion detection are continuously monitored and up-
graded to defend against cyber attacks.
By addressing these ethical considerations, our system can
leverage the benefits of fog computing and Blockchain.
4 Pr oposed system methodology
Our proposed system adopts FC which is a technology that
aims to provide computing, storage, and processing re-
sources at a decentralized level in IoMT networks. Also,
FC aims to improve the performance and responsiveness of
Internet applications that require real-time processing and
proximity of computational and storage resources to users
or connected devices. It is based on distributing tasks and
operations among connected devices in an IoMT network.
Instead of sending all the data and processing to the remote
cloud, some tasks are directed to local fog points located
in the vicinity . This reduces lag and improves application
70 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
responsiveness. The technology associated with FC in our
proposed system is the technology known as PBC, which
is a type of decentralized technology that allows data to
be stored and exchanged securely and transparently . PBC
technology works by recording and confirming transactions
in a series of interconnected blocks. These blocks carry
information about various transactions including the par -
ties involved, such as date and time, that are protected by
hashing and encryption. PBC and FC overlap in the con-
text of integration (IoMT). In our proposed system, we also
used Jellyfish, DT , NB, and T wo-Fish algorithms to pro-
vide security , transparency , accurate medical data tracking,
medical data match finding, and medical decision-making.
Overall, FC and PBC collaborate to provide reliable and
secure solutions in the healthcare industry . In general, the
relationship b etween FC technology and PBC is that we use
FC to provide resources and local processing to IoMT de-
vices and applications, while we use PBC technology to se-
cure and authenticate medical data and achieve security and
transparency . This integration led to CryptoHSS which has
helped us improve the quality of healthcare, providing con-
tinuous and ef ficient patient monitoring without the need
for expensive and limited human resources. Figure 2 shows
our methodology and flow of work steps.
4.1 Cryptography health security system
In this research, we propose a Cryptography Health
Security System (CryptoHSS). CryptoHSS has addressed
healthcare data security which has been improved after
studying many types of specialized research in Section 2 .
This system uses more than one algorithm (Jellyfish,
DT , NB, T wo-Fish, FC, and PBC) in dif ferent ways to
increase the quality and performance of IoMT s. Cryp-
toHSS analyzes and classifies medical data, predicts health
diagnoses, improves problem-solving, and quickly makes
appropriate medical decisions. Finally , powered by FC
technology , this system encrypts medical data to protect
it from cyberattacks (advanced phishing, ransomware
attacks, cloud hacking, identity theft attacks, user interface
attacks, and exploit attacks), then stores and secures it.
Below we of fer an explanation for our choice of algo-
rithms used in the CryptoHSS System:
1. W e used the decision T ree algorithm in our proposed
system in order to make sensitive and accurate medical
decisions based on the patient’ s data collected and an-
alyzed with the first two steps of the system, and since
it is a strong and spontaneous educational algorithm,
then it is able to take ef fective relationships in med-
ical data, This allows her to have accurate diagnoses
and treatment recommendations, as well as make the
decision to deal with digital data very suitable.
2. Naïve Bayes algorithm is used in the CryptoHSS sys-
tem to classify patients’ data at high speed, which is a
Algorithm 1 Collect the first set of data
Input: MedicalIoMTData (a reading list of healthcare-related IoMT devices)
Output: CollectedData (list of processed data)
1: Begin
2: Procedure CollectDataFromDevices (MedicalIoMTData):
3: CollectedData←− []
4: For reading in MedicalIoMTData
5: processed data←− ExtractUsefulInformation (reading)
6: CollectedData.append (processedData)
7: End
8: Return CollectedData
highly ef ficient algorithm and this makes it very suit-
able for the actual classification tasks in the Internet
of Medical Things Environment, as well as a high ca-
pacity and a variety of predictions of lost values, and
this is useful for filling the diverse and possible patient
data.
3. W e use the T wo-Fish algorithm in our suggested sys-
tem to provide privacy and secret medical information.
It is an algorithm that can achieve a rate of encryp-
tion and decomposition of more than 98%, as well as
ensure the ef fective protection of patients’ data from
unauthorized access or disclosure.
4. The jellyfish algorithm is used in the CryptoHSS sys-
tem for the purpose of detecting similarities between
data and increasing the safety of data transmission, it is
a strong algorithm that works to determine and remove
repeated and similar data, which can help reduce the
burden on the system and improve its ef ficiency and
enhance its safety and privacy by reducing the poten-
tial attack area.
In our research, the linking of the above algorithms in our
proposed system is well studied and chosen carefully to ad-
dress the main challenges of security and privacy in the In-
ternet of Medical Things.
4.2 CryptoHSS work steps and data
pr ocessing
At the beginning of the system, it collects medical data re-
lated to healthcare devices connected to the IoMT . It then
receives the list of readings of these devices as input, pro-
cesses this data, and stores it in the data processing list (Col-
lectedData). As shown in Algorithm 1 , this is the first step
of the proposed CryptoHSS system. This algorithm ex-
plains the data collection mechanism.
In the second step of the system, we will analyze the
data where we receive the processed data set (Collected-
Data) as input and analyze this data. The AnalyzedData
set is updated using the analyst information extracted from
each data point in the processed data set. Algorithm 2 de-
scribes the data analysis process. In the third step, we will
use t he Jellyfish algorithm, so we take the analyzed data
set (AnalyzedData) and implement the Qandil algorithm on
it. W e determine the degree of similarity between the ex-
tracted data using the Qandil algorithm and compare it with
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 71
Figure 2: Our system methodology and work steps
Algorithm 2 Data analysis
Input: CollectedData
Output: AnalyzedData
1: Begin
2: AnalyzedData←− []
3: For dataPoint in CollectedData
4: ExtractedInfo←− AnalyzeDataPoint (dataPoint)
5: UpdateAnalyzedData (AnalyzedData, EtractedInfo)←− AnalyzedData
6: End
7: Return AnalyzedData
the specified similarity criterion. If the similarity score ex-
ceeds the specified one, the matched pair of data is added
to the matched data list (MatchedData). Algorithm 3 de-
scribes this step of the system’ s operation for implement-
ing the Jellyfish algorithm. The fourth step (Algorithm 4 )
of our work is to build a decision tree model. W e take a list
of matched data (MatchedData) and build a decision tree
model. W e will use the results of the Jellyfish to build a de-
cision tree model. Based on the created model, a medical
decision is made. If the model is not empty , it is applied to
make the decision. If the form is empty , ”Unable to decide
due to insuf ficient data” is returned. After we designed the
decision-making model, the step of training the NB model
came. W e take the dataset patients (DB) and the medical
decision (MedicalDecision), put them as input, and train a
NB model. W e set up the probabilities of the categories
(P (C
i
)) and the probabilities of the explanatory variables
(P (X
j
|C
i
)) based on the data we provided to the model.
W e then apply a normalization process to these probabili-
ties. W e also generate a random secret key (K ) using the
NB algorithm, as shown in Algorithm 5 . Next comes the
Algorithm 3 Implementing Jellyfish algorithm
Input: AnalyzedData, similarity threshold
Output: MatchedData
1: Begin
2: MatchedData←− []
3: For each valuei from 1 to the length of AnalyzedData, do:
4: For each valuej fromi +1 to the length of AnalyzedData, do:
5: similarity score ←− JellyfishSimilarity(AnalyzedData[i ],
AnalyzedData[j ])
6: If similarity score similarity threshold, then:
7: Matched pair←− (AnalyzedData[i ], AnalyzedData[j ])
8: If the matched pair is not already in MatchedData, then:
9: MatchedData.append(matched pair)
10: End
1 1: Return MatchedData
Algorithm 4 Building a DT model
Input: MatchedData
Output: MedicalDecision
1: Begin
2: DecisionT reeModel←− BuildDecisionT reeModel(JellyfishResults)
3: MedicalDecision←− []
4: If DecisionT reeModel is not empty
5: MedicalDecision←− ApplyDecisionT reeModel(DecisionT reeModel)
6: Else:
7: MedicalDecision←− ”Unable to decide due to insuf ficient data”
8: End
9: Return MedicalDecision
step of using the T wo-Fish encryption, we take sorted data
to perform T wo-Fish procedures. The encryption process
includes steps such as Key Expansion, Input Whitening,
Feistel Network, and Output Whitening. Then we return
the encrypted data (E ), as shown in Algorithm 6 .
In CryptoHSS, we were able to use Blockchain technology
to store data. A Blockchain is a sequential data structure
consisting of a set of blocks linked together by a hash func-
tion. When we use Blockchain in CryptoHSS, we store the
processed data (CollectedData) in blocks. Each block con-
tained a set of data and its hash. The hash is then generated
by a hash function, which is a function that takes data as in-
put and generates a unique digital string that represents this
data. Blocks are linked together by their hash and the hash
of the previous block. Thus, a sequential chain of blocks
was created. Since the hash depends on the content of the
previous block, any change in the stored data will change
the hashes of all subsequent blocks, making them invalid.
In this way , we were able to rely on Blockchain technology
to provide transparency in the medical treatment system as
well as security . Devices participating in CryptoHSS can
verify the integrity of the data by examining the hashes and
comparing them with previous hashes. If any data within a
block is changed, its hash and the hashes of all subsequent
blocks will be changed, indicating unauthorized change or
tampering.
Also, PBC can be distributed across multiple members or
devices in the system, and this enhances resistance and se-
curity against malicious attacks and manipulation. By using
algorithms and or ganizing their work, we reach an agree-
ment about the stored data and the changes allowed in the
system. Consequently , a secure and reliable storage mech-
anism for medical data is provided in CryptoHSS, with the
ability to verify and track changes to the data. Finally , we
store the data in the PBC. Algorithm 7 describes store op-
72 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
Algorithm 5 NB training
Input: Dataset Patients_DB, MedicalDecision
Output:P(Ci),P (Xj|Ci) , andK
1: Begin
2: Initialize: P(Ci) and P(Xj|Ci) for each Ci and Xj provided
with zero
3: For each instance in Patients_DB:
4: Update counts forP(Ci) andP(Xj|Ci) using the instance
5: For each classCi
6: NormalizeP(Ci) andP(Xj|Ci)
7: End
8: Generating random secret key))←− K
9: End
10: ReturnP(Ci) ,P(Xj|Ci)
Algorithm 6 T wo-Fish cipher
Input: Sorted dataX from NB
Output:E
1: Begin
2: T wo-Fish_Key_Expansion(K
′ )←− Key Expansion:K
3: Input Whitening:X
′ ←− T wo-Fish_Input_Whitening(X )
4: For each block inX
′ 5: T wo-Fish_Feistel_Network (X
′ , K
′ ) ←− Perform Feistel
Network:Y
6: Output Whitening:E←− T wo-Fish_Output_Whitening(Y )
7: End For
8: End
9: ReturnE
erations in CryptoHSS blocks.
4.3 Autism and the steps for analyzing and
classifying the disease in CryptoHSS
W e will take a real example of applying the system for
Autism: Suppose the input data collected, analyzed, and
transformed into the Jellyfish algorithm includes the fol-
lowing sentence: ”Autism is a neurological disorder that
af fects communication and social behavior .” After apply-
ing the Jellyfish to determine similarity and matching,
the following words could be identified as most similar:
“Autism”, “Neurological disorder”, “Af fect”, “Sociabil-
ity”, and “Behaviour”. The next step in the system is the
DT algorithm. W e will use the DT to classify the input data,
determine its type, and make a medical decision based on
the data type. After identifying similar words using the Jel-
lyfish in the previous step, the DT can contain a question
such as: “Does the data contain terms related to Autism
symptoms?” If the answer is yes, we will classify the data
as textual data and a clinical decision will be made regard-
ing it as autism symptom data. But if the answer is no. W e
will then move to another question, for example, does the
entered data contain information about autistic behavior?
If the answer is yes, we will classify the data as behavioral
data, and then we will work to make an accurate medical
decision about autistic behavioral patterns. If the answer
is no, then we will also move to another question, and so
the medical questions will continue until this stage ends.
Then we move to the next stage in our proposed system,
which is the NB algorithm, in order to classify the types
of autism based on the outputs we obtained from the DT .
From these outputs, if the DT algorithm identifies the data
as autism data, the NB will classify the types of autism, for
Algorithm 7 Storing data in the Blockchain
Input:E , Current date and timeT
Output: Block
1: Begin
2: Create a block: Block←− E ,T
3: network_nodes←− get_all_nodes(Block)
4: If distribution_success←− false:
5: For each node in network_nodes:
6: Send Block to the node
7: End for
8: Else:
9: Ignore
10: End
1 1: Return Block
example, classifying it as high-spectrum autism or classic
autism, and so on. This leads to entering data containing
a number of characteristics associated with autism, such as
genetic factors, symptoms, family history , and other char -
acteristics of the patient. Our proposed system will ana-
lyze these features for each expected classification, such as
high-spectrum autism or classic autism. After our system
classifies the type of autism using the NB, it will move to
the next stage, which is the data encryption stage using the
T wo-Fish to secure and encrypt the personal and medical in-
formation of patients. At this stage in the system, we ensure
the protection of the confidential and accurate details of the
data and thus we obtain greatly improved transparency and
security . The system then moves to PBC to store autism
treatment steps and share information. As well as creat-
ing tamper -proof and encrypted records. The doctors re-
sponsible for the system, as well as the patients concerned
and who are allowed authorized access, can update patient
records, and the responsible doctors can also access patient
data confidentially and securely due to the decentralized na-
ture of PBC. This facilitates periodic and accurate checking
of patient data. This allows analyzes to discover new trends,
patterns, and relationships between symptoms, diagnoses,
and treatments. These insights contribute to improving pa-
tient care and making more ef fective treatment decisions.
4.4 V ariables and r esour ces
a- V ariables
– Patient information : These variables represent gen-
der , name, age, symptoms, previous diagnosis, medi-
cal history , etc.
– Medical device data : Such as blood pressure read-
ings, heart rate, blood sugar levels, and any other data
related to health status.
– Hospital or clinic data : Such as staf f, departments,
medical beds, and other available resources.
b- Resources
– Sensors : Such as blood pressure monitors, heart rate
sensors, blood sugar monitors, and any other devices
used to measure medical data.
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 73
– Communication Network : Provides telecommunica-
tions for data transmission between medical devices
and infrastructure.
– Database : Used to store and manage medical data re-
lated to patients and medical devices.
– Analysis and pr ocessing softwar e : Used to analyze
medical data and extract patterns and important infor -
mation.
4.5 Receiving data
Receiving medical data in IoMT requires sensors installed
on patients or medical equipment to measure health data.
There are several ways to receive medical data in the IoMT ,
and here are some examples:
– Direct wireless connection: W ireless communication
technologies such as W i-Fi or Bluetooth can be used to
transfer measured data directly from medical devices
to the designated wireless access point. This access
point can be a central device that collects data from
many medical devices and transmits it to the platform.
Data is received from the appropriate source. This
may be via the user interface or from an external data
source.
– Mobile network protocols: Mobile network protocols
such as MQTT (Message Queuing T elemetry T rans-
port) can be used to transfer medical data from med-
ical devices to the cloud or central server . Protocols
such as MQTT are used to communicate between de-
vices connected to the Internet and enable secure and
ef ficient data transfer .
– Smart Sensor Gateways: Smart sensor gateways can
be used as interfaces between medical devices and
IoMT infrastructure. These portals collect data from
various medical devices and convert it into a standard
protocol that can communicate with the platform.
– Smartphone technology: Dedicated smartphone appli-
cations can be used to collect medical data from con-
nected medical devices Bluetooth or NFC (near field
communication) technologies are used to receive the
measured data.
5 Analysis and r esults
This section investigates the security analyzes and perfor -
mance results of the proposed CryptoHSS system.
5.1 Cyberattacks analysis on CryptoHSS
1. Identity Theft attacks : An identity theft attack can
impact medical IoMT systems in several ways. When
it comes to Internet-connected medical devices, such
as blood pressure monitors or blood glucose monitors,
we must be wary of any attacks aimed at stealing pa-
tients’ identity data or tampering with medical devices
and their data. Or disabling medical devices to protect
Internet systems for medical objects from theft attacks.
Identity and strong security measures should be taken,
such as securing communications between medical de-
vices and back-end systems. Our proposed system
(CryptoHSS) maintained the confidentiality and secu-
rity of medical data by encrypting this data using the
T wo-Fish algorithm. Consequently , the level of secu-
rity provided by CryptoHSS is appropriate to resist this
attack.
2. Ransomwar e attacks : The W annaCry attack that oc-
curred in 2017 is a strong example of a ransomware
attack. Ransomware attacks are a type of malicious
cyberattack where attackers encrypt the victim’ s data
and demand a ransom payment in exchange for regain-
ing access to the data. These attacks can be devastat-
ing to individuals, companies, and institutions, as they
can lead to data loss, financial losses, and operational
disruptions. Our proposed system contributes to pro-
tecting patient data from these attacks by preserving
medical data encrypted in PBC and preventing attacks
from obtaining patient data. This gives a distinctive
security character to our proposed CryptoHSS system.
3. Advanced Phishing : Using advanced techniques to
create fraudulent messages or websites that represent
trustworthy companies or or ganizations intending to
steal users’ personal or financial data. Advanced
phishing refers to complex, tar geted phishing attacks
that aim to trick individuals or or ganizations into re-
vealing sensitive information, such as login creden-
tials, financial data, or personal information. These
attacks often use advanced techniques to make phish-
ing attempts more convincing and dif ficult to detect.
There are some issues and techniques associated with
advanced phishing attacks: spear phishing, spoofed
websites, email spoofing, social engineering, and mal-
ware delivery . Our proposed system contributes dy-
namically to preventing such attacks by classifying,
hashing, and storing data using high-performance al-
gorithms such as NB. Hashing and PBC, allow Cryp-
toHSS to protect entered medical data from theft and
fraud.
4. Cloud Hacking : T ar get data and authentications
stored in cloud computing services and attempt to gain
unauthorized access to sensitive information. Cloud
hacking refers to unauthorized access to or exploita-
tion of cloud computing resources, services, or infras-
tructure. Cloud environments are attractive tar gets for
hackers due to the huge amount of stored data and
the potential to obtain valuable information or com-
puting power . Here are some common cloud hacking
techniques account hijacking, data breaches, API vul-
nerabilities, and server -side attacks. T o prevent and
74 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
mitigate cloud piracy , CryptoHSS implements strong
access controls, updating and patching regularly , en-
crypting data, monitoring and recording activities, and
conducting regular security assessments. This is done
through the system’ s use of prediction, classification,
encryption, and storage algorithms, and these algo-
rithms work in concert to protect the data inside FC.
5. User Interface attacks : These attacks tar get the front
end of a Blockchain application, such as digital wallets
or web applications. Attackers aim to exploit vulner -
abilities in the user interface to steal private keys or
manipulate transactions. User interface (UI) attacks,
also known as UI-based attacks or UI spoofing attacks,
involve manipulating or spoofing the user interface of
an application or website to deceive users. T o carry
out unintended actions or disclose sensitive informa-
tion. These attacks exploit weaknesses in user inter -
face design or implementation to perform malicious
activities. This type includes some common types of
UI attacks: Clickjacking, UI Redressing, and UI In-
jection. T o protect against user interface attacks, the
CryptoHSS system contributes to providing security
and data protection by encrypting medical data before
storing it in the PBC blocks. This corrects the data o n
a regular basis as well as provides a strong authentica-
tion mechanism and secures encryption operations.
6. Database attacks : Database attacks refer to mali-
cious activities that endanger the integrity and secu-
rity of databases, as attackers can attempt to gain
unauthorized access to medical databases and manip-
ulate or steal the data contained therein. Attackers
may also attempt to delete sensitive medical data or
exploit vulnerabilities for personal or financial gain.
Some common types of database attacks are such as
brute force attacks, and database misconfiguration.
T o protect against database attacks, CryptoHSS takes
some security measures such as using hashing for
database records, complex encryption keys, and en-
forcing strong authentication by PBC and FC.
7. Exploitation attacks : Exploiting security vulnerabili-
ties in hardware and software in order to gain unautho-
rized access or process data. Exploitation attacks refer
to exploiting vulnerabilities or vulnerabilities in a sys-
tem, software, or network to gain unauthorized access
or perform malicious activities. These attacks exploit
known or unknown vulnerabilities to compromise the
tar get’ s security . There are several types of exploit at-
tacks, including remote code execution (RCE), SQL
injection, cross-site scripting (XSS), denial of ser -
vice (DoS), distributed denial of service (DDoS), and
zero-day attacks. T o protect against exploitation at-
tacks, CryptoHSS followed several security counter -
measures, such as matching data and discovering sim-
ilarities to prevent duplication using the Jellyfish, as
well as robust security encryption using the T wo-Fish
encryption algorithm, and implementing strong access
controls and authentication mechanisms.
T able 2 shows the comparison of the strength of the
system with similar security systems. The security of
the Cryptohss System has been evaluated intensively
for the purpose of making sure of its ef fectiveness
against various cyber attacks, and we clarify these as-
sessments as follows:
– The premature warning rate: The CryptoHSS
system and its ability to detect and monitor is
evaluated by monitoring abnormal behaviors.
Where legal operations were incorrectly recog-
nized as harmful, and the wrong warning rate
was very low , legitimate user activities were not
restricted as a result of strict security measures.
– The mission’ s success rate: Our proposed sys-
tem is subject to a set of threats, such as ex-
ploitation, stealing identity , data infiltration, ad-
vanced fraud, and ransom programs. The attacks
had a very low success rate, indicating the ef-
fectiveness of system safety mechanisms. Stop
time: Throughout the attack simulator , Cryp-
toHSS took very little time. This short stopping
time guarantees that health information remains
available and medical services continue even in
the event of a violation of security .
– Encryption power: T wo-Fish is analyzed in the
CryptoHSS system in terms of encryption power .
It turns out that the encryption and jaw rates ex-
ceed 98%, which provides a high level of se-
crecy for the patient’ s data even if the attacker
gets unauthorized access.
– Dragon resistance: Blockchain technology is
included in CryptoHSS that the patient’ s data
stored in COMPINQUES is resistant to manip-
ulation. Any attempts to modify data will be
discovered immediately and rejected it through
the compatibility mechanisms distributed on
Blockchain.
In general, the security analysis shows that the Cryp-
toHSS System is very ef fective in discovering and re-
ducing a wide range of electronic threats that tar get
Internet medical environments.
5.2 Security analysis using Scyther
Scyther is a powerful tool used to analyze and evaluate the
security of various protocols using the Python language.
The security requirements properties contain some authen-
tication information that this tool verifies, and these prop-
erties include Alive, Secret, W eakagree, and other proper -
ties. This tool also has some advanced capabilities, as it
tracks attack speed and is also at the forefront of verifica-
tion. It also ef ficiently verifies most protocols for any num-
ber of sessions. It also has an amazing feature to detect all
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 75
T able 2: Comparison of CryptoHSS with similar security systems
Attacks on System CryptoHSS PBFL-ADS [ 14 ] SECS/GEM [ 13 ] BIoMT [ 15 ]
User interface attacks Strong Strong Medium Medium
Identity theft attacks Strong Strong Strong Medium
Exploitation attacks Strong Medium W eak W eak
Database attacks Strong Medium Strong W eak
Cloud hacking Strong W eak Medium Medium
Advanced phishing Strong W eak Strong W eak
Ransomware attacks Strong W eak Strong Strong
real attacks on models without having to use approxima-
tion techniques [ 25 ]. Using Scyther , users can detect at-
tacks and perform unfettered verification. This tool is dis-
tinguished from similar protocol analysis tools by methods
based on open-ended verification or by its ability to com-
bine the strengths of theorem-proof and attack and termi-
nation analysis models. In addition, Scyther provides new
features not available in other tools, such as attack selec-
tion and full profiling. Scyther is used through a GUI or
command line interface as a backend for analysis programs
that use Python interface functions. Scyther is used to de-
tect attacks on information, meet dif ferent security require-
ments for a variety of protocols, and verify the confiden-
tiality and authenticity of this information, whether in com-
munications between companies and institutions, between
patients and doctors, or between hospitals.
5.2.1 CryptoHSS system summary in Scyther
In order to evaluate the ef fectiveness of the proposed Cryp-
toHSS, we use the Scyther tool, so we prepare CryptoHSS
roles for analysis and use the security protocol description
language (SPDL) within the Scyther tool. Here we use a set
of commands between the patient (SI) and the doctor (DR).
Our proposed system has been subjected to simulation be-
tween role events to facilitate communication between enti-
ties and verify security requirements. Events include tests:
Alive, W eak, and Secret. Using the send() and receive()
directives we can identify potential attacks or violations re-
sulting from the protocol design as well as evaluate the se-
curity and confidentiality of patient information. For the
system to be acceptable in health institutions, this system
should provide transaction ef ficiency (directness) and meet
confidentiality requirements, ensuring information privacy
and availability for all parties involved. Therefore, it is very
important to examine the proposed CryptoHSS system in
Scyther and verify the security of information transfer be-
tween patients and health institutions.
5.2.2 CryptoHSS system evaluation in Scyther
Here we present a test of the CryptoHSS protocol proposed
by Scyther . Figure 3 depicts the results of our protocol
testing based on the “Alive,” “W eakagree,” and “Secret”
events. The test displays the public key (k), the private key
(kir), the sending patient information (SI), and the receiving
physician’ s decisions (DR) as confidential. Our proposed
protocol resists attacks in our research topic area.
Figure 3: V alidation of the proposed security protocol using
the Scyther tool
5.3 CryptoHSS performance r esults
This section describes the performance analysis of our pro-
posed system and Figures 4 - 8 show the results of Cryp-
toHSS.
5.3.1 System performance analysis
T o verify the results, our system was implemented in an en-
vironment based on an Intel(R) Core(TM) i5 CPU, 8192MB
RAM, 64-bit Ubuntu Pro operating system, and the Java
programming language. An internal storage space with a
hard disk capacity of 500 GB, a Full HD screen with 15.6
inches, an integrated graphics card from Intel, three USB
ports, an HDMI port, and a memory card reader . All our
algorithms have been executed 100 times to verify the per -
formance of CryptoHSS.
Figure 4 shows the accuracy of medical data collection from
medical devices and sensors. Online object-based medical
datasets can be analyzed in the cloud, as shown in Figure
5. Moreover , Figure 6 shows the matching of similar data
through the use of the Jellyfish. Furthermore, decision trees
provide many benefits such as ease of understanding and
predictability . Ability to analyze, apply , examine, and doc-
ument. In the context of the current research, we used the
decision tree algorithm to improve the accuracy of medi-
cal diagnosis and reduce security threats in IoMT , and the
results were interesting. W e also obtained an increase in
the accuracy of medical diagnosis through the use of the
76 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
Figure 4: Medical data collection
Figure 5: Medical data analysis
NB algorithm. Additionally , medical data is classified ac-
cording to what data should be included in the medical di-
agnosis. IoMT applications suf fer from distinct homoge-
neous and heterogeneous parts and are therefore vulnerable
to cybersecurity attacks most of the time. Therefore, the
CryptoHSS system aims to find security solutions, preserve
patient data, and avoid hacking or providing false medical
data through the use of T wo-Fish encryption.
Figure 7 shows the consistency of the work of DT , NB, and
T wo-Fish. It also shows the (Frok Solution T ime) factor ,
which refers to the time it takes for the system to solve prob-
lems or conflicts that may arise in the system’ s structure,
and also the (Synchronization T ime) factor , which refers to
the time it takes for the system to be able to synchronize
data or operations between its elements. Figure 8 shows
the results of memory consumption and transmission rate.
From the results of Figures 4 - 8 , the proposed algorithms
and their procedures (data collection, data analysis, Jelly-
fish, DT , NB, T wo-Fish, Frok solution time, transfer rate,
synchronization time, and memory consumption) provide
high and consistent performance for IoMT applications in
e-Health or ganizations.
5.3.2 The most important parameters of the r esults
In this subsection, we explain the most important param-
eters used by the CryptoHSS system. W e have chosen
Figure 6: Matching of similar data in the Jellyfish
them from among many parameters because of their impor -
tance in the process of analyzing the system’ s performance,
which are as follows:
1. Frok Resolution T ime: This parameter indicates the
time it takes for the system to resolve problems or con-
flicts that may arise in the system structure. When a
conflict or problem occurs in the system, the system
may be unable to continue in the usual way or perform
operations correctly . Therefore, solving the problem
requires analyzing and examining the root cause of
the problem and applying changes or procedures to
solve it. The benefits of solving problems quickly in-
clude increasing system ef ficiency , improving its re-
sponsiveness, and avoiding negative ef fects on perfor -
mance. Frok resolution time for CryptoHSS ranges
between 88% and 94% as shown in Figure 7 .
2. Synchronization T ime: Synchronization means ensur -
ing that the data or processes related to the system are
consistent with each other in operation. The synchro-
nization time parameter refers to the time it takes for
the system to coordinate the work of data or processes
between its components. This parameter includes syn-
chronizing processes and updating data as well as co-
ordination between system elements. The benefits of
excellent synchronization include reducing errors, in-
creasing accuracy in operations, improving the overall
performance of the system, as well as improving data
coordination. The percentage of synchronization time
ranged from 96% to more than 99%, as shown in Fig-
ure 7 . This is the highest percentage reached compared
to the synchronization time in previous research [ 26 ],
which reached 77%.
3. Memory Consumption: Excessive memory consump-
tion can af fect the overall system performance, and
can also cause the system resources to slow down
and perform their work. This parameter indicates the
amount of memory that the system uses to store in-
formation and data in cache or random access mem-
ory (RAM). Memory consumption depends on the
size of the data stored in the system and the en-
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 77
Figure 7: Frok Resolution T ime, NB, DT , Synchronization
T ime and T wo-Fish
cryption and decryption processes used. In the pro-
posed CryptoHSS system, we used the T wo-Fish al-
gorithm to provide lightweight encryption and de-
cryption with small keys, and the encrypted data was
stored in a PBC. Also, using the Jellyfish algorithm
in CryptoHSS significantly reduced t he storage be-
cause we used this algorithm to detect similarities in
the aggregated database. This helped improve mem-
ory consumption, which reduced resource usage and
improved responsiveness and overall system perfor -
mance.
4. T ransmission Rate: Increasing the speed of transfer -
ring data between dif ferent devices or elements of the
system leads to increasing the ef ficiency of the sys-
tem, improving its response to carrying out operations,
and also increasing the ef ficiency of the system. As
for the transfer rate, it depends on the speed of data
transfer between the dif ferent medical Internet devices
in the system. FC is used to distribute and manage
data between devices connected to the Internet. W e
used the FC technique in CryptoHSS to speed up the
decision-making process without requiring access to
remote clouds. Hence, a higher transfer rate and lower
response time are achieved.
W e noted that the actual benefits and exact importance of
these parameters depend on the context of the proposed sys-
tem and its application. W e consider security factors, over -
all system performance, and application requirements be-
fore determining the exact benefits that can be achieved us-
ing these parameters in the CryptoHSS. The memory con-
sumption results reached approximately 80% and the trans-
fer rate reached 100% as shown in Figure 8 .
5.3.3 Discussion of performance r esults
In this section, we will discuss the results of our proposed
solution, CryptoHSS, with the results mentioned in the pre-
vious research abstract. W e will discuss the dif ferences
Figure 8: Memory Consumption and T ransmission Rate
observed between our results and the current state-of-the-
art methods in the field. W e will explain why these dif-
ferences arise and what they mean in the context of IoMT
security . First, CryptoHSS provides an integrated solution
for protecting patient data using Fog Computing and Private
Blockchain technologies, as well as encryption, classifica-
tion, and similarity detection algorithms. This harmonious
integration of these advanced technologies is a novelty in
the field of IoMT security , providing multi-level protection
of patient data in a cost-ef fective and performance-ef fective
manner . Compared to previous research, the contributions
of CryptoHSS stand out in several aspects:
1. Improving the accuracy of medical diagnosis using
NB algorithm and medical data analysis, leading to
improved patient care and informed medical decisions
compared with [ 3 ] and [ 9 ].
2. Reduce similar data using the Jellyfish algorithm,
which reduces the burden on the IoMT network be-
fore making medical decisions using the DT algorithm
compared with [ 1 1 ] and [ 12 ].
3. Provide reliable protection against security attacks by
encrypting patient data using the T wo-Fish algorithm
and storing it securely in private blockchain blocks
compared with [ 10 ], [ 16 ] and [ 17 ].
6 Conclusion
In this part of our research, we will explain the most
important conclusions that we obtained through our study ,
which are reducing the risks of hacking medical systems,
as well as enhancing the detection of security threats, and
also increasing the privacy and security of medical data
through our use of FC and PBC, to provide a safe and
reliable way to store/transfer patient data and protect it
from potential security threats.
78 Informatica 48 (2024) 65–80 R.H. Razzaq et al.
CryptoHSS is designed to support security in IoMT .
The system relies on data similarity matching (Jellyfish),
decision-making (DT), classification (NB), and encryp-
tion (T wo-Fish) to provide reliable protection of IoMT
data. The system uses medical classification and decision-
making algorithms to improve patient care and make ac-
curate medical decisions. It provides lightweight, power -
ful performance to support complex security measures in
healthcare or ganizations. When we combine the algorithms
PBC, FC, T wo-Fish, DT , Jellyfish, and NP into the pro-
posed system, CryptoHSS, we obtain protection for med-
ical data from tampering and hacking and also reduce the
risks of electronic attacks. The results of our study in Sec-
tion 5 show that our proposed CryptoHSS system provides
high performance, suf ficient security , and complete confi-
dentiality to protect medical data in IoMT . It also shows
that the performance of the encryption and decryption pro-
cess was higher than 98%. For future work, we intend to
develop CryptoHSS as follows:
– Protection mechanisms and encryption techniques can
be improved and developed to better ensure the pri-
vacy and security of patient data. Zero inference tech-
niques and emer ging technologies such as edge-to-
edge encryption may be explored to enhance protec-
tion.
– The cost and ef ficiency of using the CryptoHSS can
be improved, as resource consumption can be reduced
and system performance can be improved through the
use of quantum techniques.
– Support CryptoHSS security by including lightweight
signatures and a multi-criteria decision-making proce-
dure to prevent attackers from modifying patient data
as well as improve the accuracy of decision-making.
Conflict of inter est
The authors declare that they have no conflict of interest.
Data availability
Data sharing is not applicable to this article as no datasets
were generated or analyzed during the current study .
Refer ences
[1] M. Al-Zubaidie, Z. Zhang, and J. Zhang, “P AX: Us-
ing pseudonymization and anonymization to protect
patients’ identities and data in the healthcare system,”
International Journal of Envir onmental Resear ch and
Public Health , vol. 16, no. 9, p. 1490, 2019. https:
//doi.org/10.3390/ijerph16091490 .
[2] S. A. Y ousif f, R. A. Muhajjar , and M. H. Al-Zubaidie,
“Designing a Blockchain approach to secure firefight-
ing stations based Internet of Things,” Informatica ,
vol. 47, no. 10, pp. 09–26, 2023. https://doi.org/
10.31449/inf.v47i10.5395 .
[3] M. A. Rahman, M. S. Hossain, M. S. Islam,
N. A. Alrajeh, and G. Muhammad, “Secure
and provenance enhanced Internet of health
Things framework: A Blockchain managed
federated learning approach,” IEEE Access ,
vol. 8, pp. 205 071–205 087, 2020. https:
//doi.org/10.1109/ACCESS.2020.3037474 .
[4] M. Al-Hawawreh and M. S. Hossain, “A privacy-
aware framework for detecting cyber attacks on Inter -
net of medical Things systems using data fusion and
quantum deep learning,” Information Fusion , vol. 99,
p. 101889, 2023. https://doi.org/10.1016/j.
inffus.2023.101889 .
[5] M. Al-Zubaidie, Z. Zhang, and J. Zhang, “REISCH:
Incorporating lightweight and reliable algorithms into
healthcare applications of WSNs,” Applied Sciences ,
vol. 10, no. 6, p. 2007, 2020. https://doi.org/10.
3390/app10062007 .
[6] M. Al-Zubaidie, “Implication of lightweight and ro-
bust hash function to support key exchange in health
sensor networks,” Symmetry , vol. 15, no. 1, p. 152,
2023. https://doi.org/10.3390/sym15010152 .
[7] M. Al-Zubaidie, Z. Zhang, and J. Zhang, “Ef fi-
cient and secure ECDSA algorithm and its appli-
cations: A survey ,” International Journal of Com-
munication Networks and Information Security (IJC-
NIS) , vol. 1 1, pp. 7–35, 2019. https://doi.org/
10.17762/ijcnis.v11i1.3827 .
[8] M. Al-Zubaidie, Z. Zhang, and J. Zhang, “RAMHU:
A new robust lightweight scheme for mutual users au-
thentication in healthcare applications,” Security and
Communication Networks , vol. 2019, 2019. https:
//doi.org/10.1155/2019/3263902 .
[9] F . A. Alzahrani, M. Ahmad, and M. T . J. Ansari,
“T owards design and development of security assess-
ment framework for Internet of medical Things,” Ap-
plied Sciences , vol. 12, no. 16, p. 8148, 2022. https:
//doi.org/10.3390/app12168148 .
[10] M. S. A. Muthanna, R. Alkanhel, A. Muthanna,
A. Rafiq, and W . A. M. Abdullah, “T owards SDN-
enabled, intelligent intrusion detection system for In-
ternet of Things (IoT),” IEEE Access , vol. 10, pp.
22 756–22 768, 2022. https://doi.org/10.1109/
ACCESS.2022.3153716 .
[1 1] B. Dammak, M. T urki, S. Cheikhrouhou, M. Baklouti,
R. Mars, and A. Dhahbi, “LoRaChainCare: An IoT
architecture integrating Blockchain and LoRa net-
work for personal health care data monitoring,” Sen-
sors , vol. 22, no. 4, p. 1497, 2022. https://doi.
org/10.3390/s22041497 .
[12] P . Bagga, A. K. Das, V . Chamola, and M. Guizani,
“Blockchain-envisioned access control for Internet of
Things applications: A comprehensive survey and fu-
ture directions,” T elecommunication Systems , vol. 81,
Maintaining Security of Patient Data… Informatica 48 (2024) 65–80 79
no. 1, pp. 125–173, 2022. https://doi.org/10.
1007/s11235- 022- 00938- 7 .
[13] S. U. A. Laghari, S. Manickam, A. K. Al-Ani,
M. A. Al-Shareeda, and S. Karuppayah, “ES-
SECS/GEM: An ef ficient security mechanism for
SECS/GEM communications,” IEEE Access , vol. 1 1,
pp. 31 813–31 828, 2023. https://doi.org/10.
1109/ACCESS.2023.3262310 .
[14] T . M. Ghazal, M. K. Hasan, S. N. H. Abdallah, and
K. A. Abubakkar , “Secure IoMT pattern recognition
and exploitation for multimedia information process-
ing using private Blockchain and fuzzy logic,” T rans-
actions on Asian and Low-Resour ce Language Infor -
mation Pr ocessing , 2022. http://dx.doi.org/10.
1145/3523283 .
[15] A. Lakhan, M. A. Mohammed, K. H. Abdulkareem,
M. khanapi Abd Ghani, H. A. Marhoon, J. Ne-
doma, R. Martinek, and B. Garcia-Zapirain, “Secure
Blockchain assisted Internet of medical Things archi-
tecture for data fusion enabled cancer workflow ,” In-
ternet of Things , vol. 24, p. 1 00928, 2023. https:
//doi.org/10.1016/j.iot.2023.100928 .
[16] A. Ali, B. A. S. Al-Rimy , F . S. Alsubaei, A. A.
Almazroi, and A. A. Almazroi, “Healthlock:
Blockchain-based privacy preservation using homo-
morphic encryption in Internet of Things healthcare
applications,” Sensors , vol. 23, no. 15, p. 6762, 2023.
https://doi.org/10.3390/s23156762 .
[17] A. Raj and S. Prakash, “Privacy preservation of
the Internet of medical Things using Blockchain,”
Health Services and Outcomes Resear ch Methodol-
ogy , pp. 1–28, 2023. https://doi.org/10.1007/
s10742- 023- 00306- 1 .
[18] A. Djeddai and R. Khemaissia, “Privykg: Security
and privacy preservation of knowledge graphs us-
ing Blockchain technology ,” Informatica , vol. 47,
no. 5, 2023. https://doi.org/10.31449/inf.
v47i5.4698 .
[19] S. Ahamad, P . Gupta, P . B. Acharjee, K. P . Ki-
ran, Z. Khan, and M. F . Hasan, “The role of block
chain technology and Internet of Things (IoT) to pro-
tect financial transactions in crypto currency mar -
ket,” Materials T oday: Pr oceedings , vol. 56, pp.
2070–2074, 2022. https://doi.org/10.1016/j.
matpr.2021.11.405 .
[20] B. Gbadamosi, R. O. Ogundokun, E. A. Adeniyi,
S. Misra, and N. F . Stephens, “Medical data analy-
sis for IoT -based datasets in the cloud using Naïve
Bayes classifier for prediction of heart disease,” in
New fr ontiers in cloud computing and Internet of
Things . Springer , 2022, pp. 365–386, ISBN: 978-
3-031-05527-0.
[21] G. S. Shyaa and M. Al-Zubaidie, “Utilizing trusted
lightweight ciphers to support electronic-commerce
transaction cryptography ,” Applied Sciences , vol. 13,
no. 12, p. 7085, 2023. https://doi.org/10.3390/
app13127085 .
[22] W . Haryono, “Comparison encryption of how to work
caesar cipher , hill cipher , Blowfish and T wofish,”
Data Science: Journal of Computing and Applied In-
formatics , vol. 4, no. 2, pp. 100–1 10, 2020. https:
//doi.org/10.32734/jocai.v4.i2- 4004 .
[23] A. Khare, G. M. Kakandikar , and O. K. Kulkarni, “An
insight review on Jellyfish optimization algorithm
and its application in engineering,” Journal home-
page: http://iieta. or g/journals/r ces , vol. 9, no. 1, pp.
31–40, 2022. https://doi.org/10.18280/rces.
090103 .
[24] F . E. Botchey , Z. Qin, and K. Hughes-Lartey , “Mo-
bile money fraud prediction–a cross-case analysis on
the ef ficiency of support vector machines, gradient
boosted decision trees, and Naïve Bayes algorithms,”
Information , vol. 1 1, no. 8, p. 383, 2020. https:
//doi.org/10.3390/info11080383 .
[25] M. Al-Zubaidie and G. S. Shyaa, “Applying detec-
tion leakage on hybrid cryptography to secure transac-
tion information in e-commerce apps,” Futur e Inter -
net , vol. 15, no. 8, p. 262, 2023. https://doi.org/
10.3390/fi15080262 .
[26] R. Matzutt, B. Kalde, J. Pennekamp, A. Drichel,
M. Henze, and K. W ehrle, “Coinprune: Shrinking
bitcoin’ s Blockchain retrospectively ,” IEEE T ransac-
tions on Network and Service Management , vol. 18,
no. 3, pp. 3064–3078, 2021. https://doi.org/10.
1109/TNSM.2021.3073270 .
80 Informatica 48 (2024) 65–80 R.H. Razzaq et al.