Modeling security evaluation framework for IoHT-driven systems using integrated decision-making methodology

The intensification of the Internet of Health Things devices created security concerns due to the limitations of these devices and the nature of the healthcare data. While dealing with the security challenges, several authentication schemes, protocols, processes, and standards have been adopted. Consequently, making the right decision regarding the installation of a secure authentication solution or procedure becomes tricky and challenging due to the large number of security protocols, complexity, and lack of understanding. The major objective of this study is to propose an IoHT-based assessment framework for evaluating and prioritizing authentication schemes in the healthcare domain. Initially, in the proposed work, the security issues related to authentication are collected from the literature and consulting experts’ groups. In the second step, features of various authentication schemes are collected under the supervision of an Internet of Things security expert using the Delphi approach. The collected features are used to design suitable criteria for assessment and then Graph Theory and Matrix approach applies for the evaluation of authentication alternatives. Finally, the proposed framework is tested and validated to ensure the results are consistent and accurate by using other multi-criteria decision-making methods. The framework produces promising results such as 93%, 94%, and 95% for precision, accuracy, and recall, respectively in comparison to the existing approaches in this area. The proposed framework can be picked as a guideline by healthcare security experts and stakeholders for the evaluation and decision-making related to authentication issues in IoHT systems

• A feature-based assessment framework is presented to overcome the challenges involved during the decision- making process of installing the most ideal authentication scheme in the healthcare environment.This is the first kind of framework of its nature to present a feature-based assessment framework for authentication schemes in the IoT environment.The proposed methodology is supported by multi-methods as it uses a variety of methods, like the GTM approach, which has been applied to the evaluation and quantification of alternatives.The Delphi method has been applied for feature identification and analysis.The integrated methods, such as AHP-TOPSIS, have been applied for the validity and verification of the proposed model.
A survey-driven case study has also been conducted to validate and verify the results of the given evaluation framework.The previous assessment frameworks were based on one or two methods.Testing and validating mechanisms are also missing in the existing methods in the current literature.• This framework evaluates the authentication solution/schemes based on their core security features.It is the first type of work to address the authentication issues of IoT devices in the healthcare environment by taking into account the most important authentication features like mutual authentication, key agreement, forward security, confidentiality, privacy protection, password change, integrity, availability, and scalability.Although many authentication evaluation frameworks have been proposed, the most essential features have not been addressed.The assessment criteria defined with these features cover all aspects of authentication as suggested by the expert's panel.The selected features were collected from a literature-based study and a comprehensive survey-based study.However, the features or attributes used by previously presented models are only based on literature.Furthermore, a feature analysis is conducted by applying a well-known Delphi method based on conducting extensive questioning and answering sessions.• The proposed assessment framework uses a novel technique, i.e., graph theory and matrix (GTM), for assess- ment and decision-making related to authentication solutions in the medical care environment.Whereas, the existing evaluation models are based on traditional decision-making approaches such as AHP, TOPSIS, ANP, etc., which suffer from different limitations in their application.In the literature study, it has come to the observation of the authors that all the decision-driven systems or evaluation models are using the AHP or www.nature.com/scientificreports/TOPSIS approaches for security assessment.But these methodologies will be acceptable whenever the features depend upon each other.The AHP method has been applied by several authors but according to Munier et al. 6 , it does not work well where the number of criteria and sub-criteria are many and show complexity.This method also lacks visualization of the interrelationships among the features.The majority of previous evaluation models lack sensitivity analysis and validation.In comparison to the proposed study, all the current methods are based on using old methods in the case of evaluating the authentication solutions.However, the suggested evaluation method presents a new approach to evaluation by supporting both hierarchy and feature visualization.It adopts logical and mathematical procedures for analyzing, evaluating, and making decisions 7 .The proposed evaluation framework removes the evaluation limitations in the currently available methods.
The remaining sections of this paper are organized as: Section "Related work" is about discussing the related work.Section "Methodlogy of the proposed assessment framework" describes the methodology of the proposed IoHT authentication assessment framework.Section "Results and discussion" is related is elaborating the results and discussion, Section "Practical implications" discusses the practical implication of this work, and Section "Conclusion and future work" brings the conclusion of this work.

Related work
The security evaluation of the IoT-based healthcare system has been a continuous process in the last few years.A comprehensive literature study is conducted to identify the research gaps.Although there are many evaluation models intended for the security of IoT devices in different fields, the central emphasis in the proposed study is to investigate the existing literature only for the evaluation frameworks, models, and methods employed for the IoT-based systems in the healthcare area.These models often use MCDM-driven methods [8][9][10][11][12] and Artificial intelligent approaches 13,14 for the assessment purpose.However, the literature study is restricted to highlighting only those research works that are targeted to perform security assessments in healthcare environments using multi-criteria decision-making (MCDM) techniques.In this section, the comparison of the proposed evaluation framework in terms of features and evaluation methods with similar works in the literature is described.
Haghparast et al. 15 introduced a security-based evaluation framework to provide security solutions within the healthcare system.The authors applied fuzzy-ANP for the evaluation based on using five (5) features such as networking, services, interoperability, privacy, and dependability.This study addresses the security of IoT devices in terms of layers in the healthcare environment.
Al-Zahrani et al. 16 the study is focused on evaluating the usable security of healthcare technologies by using a unified technique.The evaluation procedure is conducted by using ANP, TOPSIS, and fuzzy logic.The criteria of evaluation are using four (4) different evaluation features.The evaluation features include confidentiality, satisfaction, integrity, and availability.
Zarour et al. 17 evaluated the effect of the Blockchain models on maintaining the security of electronic health records (EHR).The adopted fuzzy ANP-TOPSIS approach for evaluation for eight alternatives (8) based on six (6) evaluation parameters such as identity, data security, data monitoring, immutability, consensus, and value.
Enaizan et al. 18 built a decision-driven system for the security and privacy of electronic medical records (EMR).The proposed framework adopts AHP-TOPSIS techniques with the support of K-means clustering to identify the critical factors.This research study covers five (5) different hospitals in Malaysia.Privacy and security evaluation are the main factors used in their study and sub-factors include authentication, integrity, availability, non-repudiation, and unauthorized access.
Algarni et al. 19 also applied fuzzy AHP-TOPSIS approaches for checking the security level related to the web-based medical image processing systems.They designed the evaluation criteria based on confidentiality, authentication, authorization, availability, integrity, utility, procession, and resilience.The key motivation of this study is to investigate and evaluate the different aspects of MRI devices like Computed Tomography (CT) scans, ultrasound, and X-ray machines based on respective criteria and goals.
Ansari et al. 20 study is aimed to put forward a quantification model for the assessment and selection of the best security requirement engineering technology in the healthcare environment.The major idea behind their work is to select the best SRE method based on criteria features.The major components of their proposed criteria are security goals, security requirements, threats, risks, assets, vulnerability, stakeholders, and stakeholders.
Kumar et al. 21presented a hybrid-based symmetrical methodology based on AHP-TOPSIS approaches for evaluating the factors that are impacting information security in healthcare.According to their study, the major factors that are contributing to healthcare information security are social engineering, malware, and low access control management.human error, outdated information technology infrastructure, and med-jacking.
Ahmad et al. 22 conducted empirical analysis using computational methodology for choosing the best security technique for healthcare devices.Their study uses AHP, Hesitant Fuzzy, and TOPSIS methods for evaluation by using security features such as encryption, biometrics, authentication, security token, password, access control, backup, software recovery, error detection, and version control.
Huang et al. 23 applied the ANP method to evaluate the IoHT systems.It combines the different kinds of features from the literature and well-known security standard ISO/IEC 27,002 (ISO 27,002.The main evaluation parameters in this study are confidentiality, availability, authentication, safety, continuity, trustworthiness, auditing, network monitoring, secure key, non-repudiation, and secure key management. Hussain Seh1 et al. 24 worked on forwarding an efficient and effective security assessment framework for webbased healthcare applications.The proposed computational model works on two well-known MCDM approaches such as AHP cum TOPSIS.The criteria consisted of features such as authentication, data validation, encryption, limit access, robustness, revoke access, and audit by evaluating ten (10) healthcare web applications.Similarly, In

Methodlogy of the proposed assessment framework
The main objective of this framework is to evaluate the authentication solutions or schemes based on designed criteria which consist of different authentication features.The features of the criteria are intended to provide a holistic security solution, as the IoHT architecture is composed of various layers such as the application layer, support layer, network layer, and perception layer.Security needs to be incorporated at each layer, and this can only be done by considering all the required security attributes of an IoHT-based system.At the very first layer, the perception layer of IoHT architecture, different IoT devices, nodes, and sensors are operating such that they deal with the physical design of the network.The major threats and attacks at this layer are eavesdropping, node capture, malicious and fake nodes, replay, and timing attacks 30 .This is the main target of hackers to utilize or use their sensors.A proper evaluation mechanism is required at this layer to check the devices for security and choose the most secure authentication solution that is to be employed in these sensors, nodes, and IoT devices in the healthcare domain.The selection of a rational authentication scheme for devices in the IoT is very important, as they are used for monitoring and analyzing fragile data related to patients.The devices participating in the network are required to be thoroughly authenticated by using a robust and efficient assessment method.In this research work, the main focus is to evaluate and make decisions about the authentication solution for IoT devices in a healthcare environment by using various features related to authentication.This framework works based on the principle of collecting features from literature, and then these features are used for the selection of feature-based authentication solutions intended for IoHT devices.The central agenda of the suggested framework is to consider the importance of features in authentication and to determine the value of each feature.This mathematical framework provides the foundation for incorporating the features in authentication and helps determine which features are to be included and why they are important for the authentication of IoT devices.The complete structure of the proposed IoHT assessment authentication framework for IoT devices is given in Fig. 1.
The IoHT authentication assessment framework is completed in four different stages.Authentication issues are identified, and data related to the authentication features is collected from an expert panel in the first step.A vigorous and complete case study is conducted to get a deep understanding of the authentication issues and challenges.In the second step, the highlighted issues are analyzed and features are categorized.The features are selected by considering the issues prevailing in the authentication of IoT devices.The complete procedure is depicted in the second step of the recommended assessment framework.In the third step, the GTM approach was applied for the assessment and selection of the best devices based on the collected features, and finally, the ranking was performed by accompanying the mathematical procedure.
In this research work, a case study is performed to understand the authentication issues and to provide solutions in terms of features targeted towards authentication.In the first case study, the challenges and issues related to authentication are identified by the medical personnel, and in the second case, a meeting with the expert in IoT security is arranged to provide solutions to the authenticating issues and challenges based on features.The complete and comprehensive details of all steps involved in the proposed research framework are given below.

Identifying authentication issues
The major purpose of the proposed evaluation model is to identify authentication-related issues and provide a solution based on the development of this model.A comprehensive literature study is conducted to know about the nature of problems existing in the current authentication methods applied to the security of the healthcare system.Among the security challenges, patient authentication is a major concern for healthcare departments 31 .The existing authentication scheme in healthcare suffers from insufficient passwords and secure data storage 32 .Similarly, the anonymity and security against mobile device theft attacks are also not addressed by the existing authentication schemes.For instance, the authentication schemes presented by Chen et al. 33 provide better authentication but suffer from patient anonymity, stolen mobile device resistance, and impersonation attack resistance.Similarly, the authentication protocol suffers from message authentication, patient anonymity, and stolen mobile device resistance 34 .Chiou et al. 35 authentication protocol also has the same limitations of stolen mobile device resistance and patient anonymity.Mohit et al. 36 presented a better security protocol but it lacks the features of non-repudiation.Additionally, medical text data is transmitted over an open communication medium, and it is highly susceptible to security and privacy attacks 37 .According to the literature, many challenges faced by the healthcare system are related to the software's usability as well.After investigating various studies, it is observed that the existing authentication schemes can be improved or a new authentication scheme can be designed by eliminating the existing shortcomings or adding more features to meet all the security requirements.A survey is systematically conducted to identify and highlight the authentication issues in the medical care environment.The staff operating in this area want easy-to-use software security mechanisms.Similarly, the existing authentication schemes employed for the security of IoHT are properly examined to find out the security loopholes.In this regard, open-ended interview questions are asked of the medical personnel in the first phase of the case study to get a deep insight into the authentication problems in the IoHT domain.The responses collected from the expert's group are analyzed, and a complete catalog is created.From this observation, it comes to light that it is imperative to build an evaluation framework for the selection of authentication schemes due to the lack of understandable and technical knowledge.These issues are divided into different categories and www.nature.com/scientificreports/translated into features.Based on the literature and survey, the major security issues prevailing in the IoHT-based system are given in Fig. 2.

Procedure of selecting features
After identifying issues in the healthcare department related to authentication, the second step is about analyzing and categorizing issues to build feature taxonomies.For this purpose, a case study was conducted to select ten (10) information and network security experts.The identified issues were analyzed, and features were selected based on the security requirements of the medical care environment.The medical IoT network engineers were given security-related questions to deeply understand the nature of authentication problems.The current authentication solutions employed in the literature were also investigated based on the features and limitations of the www.nature.com/scientificreports/existing evaluation models.An organized and systematic procedure for the analysis of features is conducted.
The feature selection process involves several steps in the first step, features related to authentication are identified based on a literature study and survey.Some features are used by more than one author, so duplication is removed and a final list of features is selected.A questionnaire consisting of forty-four (44) questions is prepared for the collection of data from the medical IT staff working in different hospitals in Pakistan and Qatar.Questions related to authentication issues and their classification into different features are depicted in Table 2.A feature analysis is conducted to learn about the authentication challenges and to reflect on the authentication issues in the authentication method or scheme for future purposes.Security experts rated the importance of features in authentication schemes based on their expert opinions.The responses of the experts about the authentication features were obtained by using a well-known scale Saaty's scale.According to experts and literature studies, the most important features of authentication are mutual authentication, availability, integrity, privacy protection, key agreement, password change, confidentiality, forward security, and scalability.The method of data collection is based on the application of the Delphi method.This process is completed in two different rounds.The detail of using the Delphi method is given in Fig. 3.The security evaluation criteria are created according to the collected features.These security requirements are essential for healthcare-related data 38 .
The selected features of the proposed evaluation framework are discussed below.
• Mutual authentication (C 1 ) Mutual authentication involves the procedure of verifying the identities of two parties or entities involved in the secure authentication.Robust mutual authentication is vital to thwart man-in-the-middle attacks in a medical environment.
• Privacy Protection(C 2 ) It is important to keep secret sensitive data about patients or medical records from outside the world like hackers, companies, third parties, or other groups.
• Key agreement (C 3 ) It is an implicit authentication process where two or more two communication parties based on using similar keys achieve secure communication.
• Password change(C 4 ) The client needs to change their old credential in the scenario when a security breach is encountered in the network.

Ransomware attacks
Illegal access to EHR

Use of legacy devices
Non-trained personnal for data handling   Integrity means data should not be altered by unlawful modifications.The patients' data need to be in correct and complete form in the healthcare environment 39 .
• Availability(C 6 ) It specifies that all the important services and information need to be available to authentic users in a timely and effective way.Availability ensures that when data or devices are to be accessed, it will not malfunction or access will not be denied 40 .
• Confidentiality (C 7 ) Confidentiality ensures that an authorized entity or procedure has access to the information resources and network 41 .It is mandatory to secure the sensitive data related to the patients from outside access during the procedure of transmitting data to the processing system via communication link like Wi-Fi or cellular network Forward security is the most important security attribute for key exchange and authentication schemes.Forward security provides a strong defense against the file-injection type attacks.Modern authentication protocols or schemes are based on forward security 42,43 .
• Scalability(C 9 ) The scalability of authentication is also an important feature and it is dependent on the key-block size as the key-block size increases then scalability is also increased exponentially 44 .In the latest introduced authentication protocol scalability and efficiency are the most prominent features 45,46 .The selected features are collected according to the frequency of occurrence and commonality in the literature.following authentication features from the literature sources are collected as shown in Table 3.
The detail of each feature based on the literature occurrence is given in Fig. 4.

• Variable selection
This is the initial and very crucial step, where the major focus is to select the most relevant and important variable regarding the research survey questions.The prevalent and unimportant variables were discarded by adopting the features selection method.

• Data cleaning
The data cleaning is very important before inputting the data for analysis.The outliners in the collected data are removed by following the well-known approaches such Winsorization, imputation methods and sensitivity analysis.During the data formatting step, the collected data were divided into numerical and categorical ways to perform the data analysis and visualization.

• Data coding
As the survey has been carried out by presenting the open-ended questions to the expert panel.The collected responses were given numerical codes by following the manual procedure of coding.

Graph theory and matrix approach
The Graph Theory & Matrix (GTM) approach follows a mathematical operation for analysis, evaluation, and decision-making 7 .GTM models variable relationships using graph theory, with nodes representing variables and edges representing interactions.This graphical depiction helps with the visual study and interpretation of complicated systems.By comparing the GTM approach with similar approaches like Bayesian networks and Structural Equation Modeling (SEM), GTM has several advantages.In contrast to these methodologies, GTM emphasizes visual depiction and intuitive exploration of system dynamics using graph-theoretic principles.It provides a novel perspective that complements established quantitative methods, making it ideal for modeling complex systems with interrelated components.Bayesian networks model interactions between variables, but they use probabilistic graphical models to depict dependencies and infer causal linkages from observable data.SEM is a method of analyzing the links between observable and latent variables using a system of equations.This allows complex theoretical models to be tested.The GTM approach consists of the following phases after finalizing the alternatives and security features 71,72 .
Phase-1: This method represents the data items in a digraph fashion which is very beneficial for modeling and analysing the various types of systems in the area of science and technology.A digraph is the type of graph denoted by the directed edges which are connecting the nodes.A digraph involves different nodes and edges.
Definition: Digraph is an ordered pair of sets "G".This graph can be mathematically written by using Eq. ( 1): (1) G = (V , E)  www.nature.com/scientificreports/In Eq. ( 1), the set of vertices/nodes and edges/arcs are denoted by "V" and "E", respectively.The set of nodes and edges are given below mathematically.
Phase 2: In the second step, the GTM approach represents the performance of attributes digraph into oneto-one matrix form.This matrix is called the performance attributes matrix (PAM), it is very helpful during the analysis of digraph expeditiously to derive the system functions.It is a M × N matrix that considers all of the attributes and their relative importance.The PAM is given by Eq. (3).
Phase 3: In this step, the permanent matrix is a standard matrix function that has wider applications in combinatorial mathematics.The permanent function is calculated in a similar procedure as the determinant of a matrix is obtained but has all positive signs.It is very helpful as it produces better results, and no information is lost due to the involvement of positive signs of the permutations.The permanent of the matrix (P m ) is given in Eq. ( 4).
The permanent performance index among the attributes is obtained by finding the relative importance.The relative importance (a ji ) is given based on the scale ranges between 0 and 1.The value of relative importance is calculated by Eq. ( 5).
The GTM approach consists of the following steps for the assessment and selection of a secure authentication method or solution.

Step-1: Identifying features and alternatives
The main purpose of using the GTM approach is to evaluate the authentication solutions for IoT devices based on the identified features in the medical care system.For the evaluation, this study assumes ten (10) authentication protocols for IoT devices concerning identified authentication features.As mentioned earlier, nine ( 9) authentication features i.e. mutual authentication, key agreement, password change, integrity, privacy protection, confidentiality, forward security, scalability, and availability are selected.In this proposed authentication evaluation framework, the selected features are written concerning ten (10) selected authentication alternatives due to the number of security experts involved.
Step 2: Graph representation of authentication features In this step, security features or attributes are represented in the form of digraphs.All attributes are written in nodes and edges are shown the interdependencies among the security features.The digraph authentication features are shown in Fig. 5.

Step 3: Building decision matrix and Permanent function
The decision matrix is built by performing a well-organized case study and interviewing the IoT security expert.Data is collected based on the importance of these features for IoT devices, which features are important and how they affect the authentication mechanism or scheme, which features to include, and which ones to less important under different circumstances in the healthcare environment.The expert described these features in linguistic terms.Saaty's scale is used for converting linguistic terms into integer values.Data related to different authentication features is presented in the form of an input matrix by experts.The data collected from experts is arranged in the form of authentication alternatives which are denoted by (A 1 , A 2 , A A normalized decision Matrix (N dm ) is obtained to remove the element of biases as data in this matrix come from the different expert's opinions.This matrix is built with the help of an expert panel as shown below.To obtain the permanent matrix, the values of the normalized decision matrix are determined.The permanent functions calculated for every alternative are listed in Table 4. Based on the value of permanent functions the alternatives ranking is performed.
From the results of Table 4, it is evident that the A 6 alternative has achieved the higher values among the list of selected authentication solution alternatives.So, it is considered the best security solution alternative for IoT devices in the IoHT environment in terms of defined feature-based criteria.Now, it is important to know about the input values provided against the higher-ranked alternative.From this, it is concluded that features are affecting the assessment and ranking process of selection and ranking authentication schemes in the healthcare environment.

Results and discussion
The recommended framework is validated by using hybrid MCDM techniques such as AHP and TOPSIS.This method is presented by Hwang &Yoon 73 which is making decisions based on using the ideal solution, for instance, if a particular alternative is closer to the positive ideal solution then it will be reckoned as the best and most appropriate solution.It follows a simple computation procedure supported by reliability and well-establishment characteristics 73 .According to the TOPSIS method, the selected choice should have the minimum distance from the positive ideal solution and the maximum distance from the negative ideal solution.TOPSIS and AHP are more idealistic in situations, where the features and alternatives are interdependent.In the proposed model, the hierarchical relationships between alternatives and features are given in Fig. 6.
The detail of all symbol parameters is given in Table 5. TOPSIS method adopts the following procedure as shown in Table 6 73,74 .
The TOSIS method has been applied to check the validity of the proposed IoHT assessment authentication framework based on the authentication features.This method validates the results obtained from the GTM approach.The previously collected data has been provided as input in the form of a decision matrix for the TOPSIS method.The decision matrix is composed of the values assigned by the expert panel against the features.The weights are assigned to the authentication feature by the expert panel in qualitative form, and then they are converted to numeric form by using Saaty's scale.The values are assigned based on Saaty's scale, starting from 0 to 10, for each alternative against the security features by the experts.The details of the values assigned by a group of ten (10) expert panels to the alternatives and features are depicted in the matrix (Dm), given as.After creating the decision matrix which represents criteria and features.The next step is to apply the algorithm as given in Table 5.The weights of the criteria features are the most important step.To avoid the element of subjectivity and biases, AHP is applied which is a well-known technique.Finally, with the help of the TOPSIS approach, the Relative closeness values are determined which is very effective in prioritizing the alternatives.The results of the application of the TOPSIS approach are given in Table 7.
Finally, the ranking or prioritization of alternatives is given in Table 8.In Table 8, the A6 alternative has a higher value and is first in rank among all other alternatives based on authentication security features, so it can be described as the most reliable and secure IoT solution for an IoT-based healthcare environment.
The flowchart diagram of the integrated approach AHP-TOPSIS to validate the proposed evaluation framework is given in Fig. 7.The recommended framework is validated by using an integrated approach of AHP-TOPSIS techniques.The major purpose is to check the accuracy and consistency of results obtained from the previously applied method (GTM).Among the assumed alternatives, A 6 has the higher value among the alternatives.Hence, the assessment and ranking done by the GTM approach is validated and results are precise and accurate based on the validation of TOPSIS.The results comparison of both GTM and TOPSIS approaches are graphically given in Table 9.
According to both methods, the same alternative is selected and ranked first.Among the list of assumed alternatives, the A 6 authentication alternative is considered as best choice or solution in terms of features related to authentication in the IoT environment.The results comparison of proposed methods such as GTM and TOPSIS approach are visually represented in Fig. 8a and b.
From the results of this research, it is observed that the A 6 authentication alternative is ranked first among the list of alternatives.The input values provided to the features for the high-ranked alternative (A6) and all the selected authentication alternatives are given in Fig. 9.Among the list of criteria features, the most important features that should be given high preference for designing an authentication scheme in healthcare are password change, availability, confidentiality, privacy protection, and mutual authentication.The suggested assessment framework can be adopted to make rational decisions about the selection of an authentication scheme in realworld situations, especially in the healthcare domain.The results of this study will enable researchers to provide better security by adding more security to the existing authentication schemes.\As this is the first framework of its type it is necessary to evaluate the process and results by using evaluation methods.Therefore, the framework presented in this study is also tested and verified by using two survey-based methods i.e. evaluation by experts and evaluation by surveying.The complete details about both evaluation methods are given below.

Features/parameters evaluation
As already mentioned, performed two case studies were performed by consulting security experts.After building this framework, it was essential to evaluate the proposed framework by experts because of its theoretical and newbie nature, particularly in this domain.The proposed authentication evaluation framework is evaluated and tested for accuracy, precision, and recall.Decisions about the selection of relevant, irrelevant, not-recommended, and recommended authentication features are very important to keep the framework working correctly in terms   75 which is used usually for the assessment of context-based recommendation systems.The following Eqs.( 6), (7), and ( 8) are used for obtaining the evaluating parameters.
The complete details of evaluation parameters obtained from each expert panel in comparison to the proposed evaluation criteria are listed in Table 10.
In this research, an assessment model supported by integrated assessment methods is presented.It is compared with the previously applied methods in this area such as AHP and AHP-TOPSIS.As the number of criteria affects the AHP method working procedure and results can be affected.This method attempts to minimize these problems by providing a more sophisticated assessment based on the application of Delphi, GTM, and AHP-TOPSIS methods.The comparison of the features in the proposed model with the other methods is given in Fig. 10.The proposed methodology produces better results for the evaluation metrics used for feature assessment.

Evaluation by survey
It is also indispensable to evaluate the proposed framework by conducting an expert survey.This survey is conducted with three groups of participants.The participants of this survey belong to the network security domain and are currently pursuing MS and Ph.D. degrees.The number of experts in the first, second, and third groups are respectively 8, 13, and 9.They evaluated the framework based on a 5-point scale.A 5-point scale is used for survey questions, according to scale 5 numeric value represents strongly agreed and 1 indicates strongly disagreed.In this survey, 27 questions are divided into different categories.These categories are security, usability, information knowledge, and effectiveness.The complete procedure of evaluating the suggested evaluation framework by the experts' groups according to the evaluation metrics given in Table 11.
This evaluation procedure has made it significantly clear that the average values of all the numbers are above 4.It indicates that the suggested evaluation system has received positive feedback from every expert panel.Positive input has been received from every group member, and they all support the recommendation of this evaluation framework for authentication systems in the healthcare sector due to its effective outcomes and procedure.

Practical implications
The majority of the existing approaches employed for the decision-making purpose are leveraging the AHP-TOPSIS models however the proposed model uses a novel approach i.e.GTM (AHP-TOPSIS).This model has practical utility in the healthcare sector where sensitive data about the patients are captured and handled.Thus the decision about the most appropriate security algorithms is vital for the security personnel in the healthcare sector.It is This model can be very effective in making the right and informed decision regarding the deployment of secure security protocols to deal with healthcare vulnerabilities.TOPSIS model may recommend the use of adaptive authentication measures and constant monitoring of real-time healthcare data.
The model proposed will help the stakeholders such as network engineers or network administrators to determine the most optimal security solutions for their healthcare security requirements.This model has the www.nature.com/scientificreports/potential to evaluate the security alternatives based on ideal point distance by leveraging TOPSIS.Thus this information allows stakeholders to understand why certain solutions are preferred over others.Consequently, the most suitable and informed decisions driven by empirical analysis are made.TOPSIS offers visualization such that the relative weights of criteria are depicted visually.This visualization makes it easier for decision-makers to grasp the significance of each criterion and helps in understanding the overall evaluation process.
TOPSIS offers sensitivity analysis which is very helpful for the decision-makers in the healthcare sector to check the robustness and efficiency of the recommended model.The model changes its results according to the criteria weights or importance.Thus it helps the healthcare decision-maker to get a full understanding of the uncertain rendering in the evaluation model.
As the people working in the healthcare sector have very little technical knowledge and training experience about network security awareness this model driven by GTM (AHP-TOPSIS) can be more effective in evaluating the effectiveness of security algorithms to be employed.

Conclusion and future work
The security of IoT devices has always been a major concern, especially in the healthcare domain.To address the security issues of IoT devices, many authentication schemes are presented.The selective installation of the right authentication scheme to meet the security requirements remains an open issue.Therefore, in this research work, the prime focus is to identify and choose the most ideal choice of authentication solution/scheme for IoT devices based on the features of authentication.For this purpose, a feature-based authentication framework is

Figure 2 .
Figure 2. Major security issues in IoHT-based system.
confidentiality is important for the authentication of IoT devices?Q2: How confidentiality can achieve maximum security related to authentication?Q3: Rate the role of confidentiality for IoT devices in the healthcare environment Q4: How does confidentiality add to the security of IoHT?Feature: Integrity Q5: Does the integrity is essential for IoHT system?Q6: Does integrity protect unauthorized access in healthcare?Q7: How does integrity maintain access to IoHT nodes and servers?Q8: Do the medical devices exhibit enough integrity of data?Q9: How integrity is important for security criteria?Q10: Scale the importance of the integrity of data for IoT devices Feature: Availability Q11: What is data availability of data in the healthcare environment?Q12: Does availability affect the security of IoT devices?Q13: How does availability provide a shielding effect against DoS/DDoS attacks in IoHT?Q14: How it is important for security criteria defined by this research?Q15: What is the impact availability on IoT vertical applications related to the healthcare sector? Feature: Key agreement Q16: What will be the impact of a key agreement on authentication in IoHT?Q17: How session key will affect the authentication?Q18: How does it add to the security of IoT devices in the healthcare industry?Q19: What are the current encryption schemes for IoHT devices?Feature: Password change Q20: What are the password-based authentication methods employed?Q21: What are the limitations of using passwords as authentication options?Q22: Is password-based authentication sufficient to meet the needs of security?Q23: Do IoHT applications support multi-factor authentication?Q24: How do IoHT applications authenticate every time they connect?Q25: Does the password of every IoHT device is unique?Q26: What is password expiry duration?Q27: What is the complexity of passwords?Feature: Scalability Q28: What is the number of users authenticated by the IoHT application?Q29: How quickly the number of IoT devices are changing?Q30: Are the existing techniques enough to satisfy the authentication or not?Q31: Are the existing authentication methods supporting the scaling up of new devices or applications?Feature: Mutual authentication Q32: What are the procedures employed for mutual authentication?Q33: What are the issues related to mutual authentication?Q34: Do all the devices are mutually authenticated with other devices?Q35: What are existing mutual authentication schemes?Feature: Privacy protection Q36: What is the level of privacy in the healthcare environment for existing IoT applications?Q37: Do the IoHT applications provide identity information?Q38: Do the healthcare devices ensure the privacy of data related to patients?Q39: What is the level of privacy protection furnished by existing IoHT applications?Q40: Rate the privacy protection features in overall authentication processes Feature: Forward security Q41: What is the role of forward security in exposing the session key?Q42: How previous sessions are protected from future threats?Q43: How does this feature provide resilience against different attacks?https://doi.org/10.1038/s41598-024-62066-3www.nature.com/scientificreports/• Integrity (C 5 )

Figure 3 .
Figure 3. Application of the Delphi method for data collection.

Figure 4 .
Figure 4. Criteria features in the existing literature.
jk d kl d li + d il d lk d kj d ji � (d lm d ml )D m D n D O . . ....D t D m jk d kl d lm d mi + d im d ml d lk d kj d ji � D n D O . . . . . ..D t D m jk d kl d li + d il d lk d kj d ji � (d mn d nm )D O . . ...D t D m jk d ki + d ik d kj d kj d ji � (d lm d mn d nl + d ln d nm d ml )D O . . . . . ..D t D m + M−5

Table 1 .
Comparison of proposed work with the existing methodologies.

Table 2 .
Features-based data collection questions.

Table 3 .
Criteria features and citations.
12 d 13 d 14 d 15 d 16 d 17 d 17 d 18 d 21 D 2 d 23 d 24 d 25 d 26 d 27 d 28 d 29 d 31 d 32 D 3 d 34 d 35 d 36 d 37 d 38 d 39 d 41 d 42 d 43 D 4 d 45 d 46 d 47 d 48 d 49 d 51 d 52 d 53 d 54 D 5 d 56 d 57 d 58 d 59 d 61 d 62 d 63 d 64 d 65 D 6 d 67 d 68 d 69 d 71 d 72 d 73 d 74 d 75 d 76 D 7 d 78 d 79 d 81 d 82 d 83 d 84 d 85 d 86 d 87 D 8 d 89 d 91 d 92 d 93 d 94 d 95 d 96 d 97 d 98 D 9 jk d kl d lm d mn d ni + d in d nm d ml d lk d kj d ji )D O D t D m Vol:.(1234567890) Scientific Reports | (2024) 14:12233 | https://doi.org/10.1038/s41598-024-62066-3 3, A 4, A 5, A 6, A 7, A 8, A 9, and A 10 ).The security features are coded for simplicity such as mutual authentication, privacy protection, key agreement, password change, integrity, confidentiality, forward security, scalability, and availability are coded as C 1 , C 2 , C 3 , C 4 , C 5 , C 6 , C 7 , C 8, and C 9 respectively.Data is provided in the decision matrix by the expert panel against the features given.

Table 7 .
Ideal separation measures and relative closeness.
Figure 7. Flowchart of validation approach.

Table 9 .
Comparison of proposed work with other techniques.

Table 10 .
Results of recommendation evaluation parameters.www.nature.com/scientificreports/ of methodology and results.For this purpose, this framework is validated by an expert group in the field of IoT security.To do so, four variables were taken to denote the classification purpose.The results obtained from the expert group are divided into relevant, irrelevant, recommended, and not-recommended features.Similarly, the number of features suggested by experts and the proposed evaluation framework is represented by "a" and "b" represents the number of evaluations only suggested by the proposed evaluation framework.Features only proposed by the expert panel are represented by "c" and features not proposed by the proposed evaluation framework nor by the expert panel are denoted by "d."This framework is also evaluated by evaluation metrics such as accuracy, precision, and recall by surveying the security expert.The evaluation procedure employed in this research is inspired by the method suggested in Vol:.(1234567890) Scientific Reports | (2024) 14:12233 | https://doi.org/10.1038/s41598-024-62066-3

Table 11 .
Evaluation metrics and feedback from the expert groups.