Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Data fusion of multi-sensor for IOT precise measurement based on improved PSO algorithms

AbstractThis work proposes an improved particle swarm optimization (PSO) method to increase the measurement precision of multi-sensors data fusion in the Internet of Things (IOT) system. Critical IOT technologies consist of a wireless sensor network, RFID, various sensors and an embedded system. For multi-sensor data fusion computing systems, data aggregation is a main concern and can be formulated as a multiple dimensional based on particle swarm optimization approaches. The proposed improved PSO method can locate the minimizing solution to the objective cost function in multiple dimensional assignment themes, which are considered in particle swarm initiation, cross rules and mutation rules. The optimum seclusion can be searched for efficiently with respect to reducing the search range through validated candidate measures. Experimental results demonstrate that the proposed improved PSO method for multi-sensor data fusion is highly feasible for IOT system applications

Design and implementation of an opportunistic network based on IEEE 802.15.4

Les xarxes de sensors sense fils constitueixen un dels principals àmbits on s'han focalitzat els esforços dels entorns acadèmics i de la indústria. Les xarxes de sensors sense fils possibiliten un ampli ventall d'aplicacions de control i monitorització, que permeten l'automatització de tasques i donen pas a nous paradigmes, com l'anomenada "intel·ligència ambiental", o "La Internet de les coses". Un dels escenaris d'interès dins de les xarxes de sensors, i també en altres tipus de xarxes, és el de les xarxes formades per dispositius que es mouen i que realitzen algun tipus de trajectòria repetitiva. Un exemple és el dels autobusos municipals, que segueixen una ruta preestablerta. Es pot aprofitar el fet que l'autobús passa tard o d'hora per tota la ruta, per recollir i transportar dades dels punts pels quals ha passat. En aquest tipus d'escenaris, es pot fer servir un encaminament anomenat oportunístic, que es basa en aprofitar la connectivitat entre els nodes en aquells moments en dos o més nodes són prou a prop. Aquest projecte proposa el disseny i implementació en dispositius reals IEEE 802.15.4 d'un sistema de xarxa oportunística per a la recollida de dades ambientals

Assessing Coexistence of IEEE 802.15.4 Networks and IEEE 802.11b/g/n Networks - A Study of Interference Effects

The study of the coexistence capabilities of networks based on the IEEE 802.11 and IEEE 802.15.4 standards has long been of interest to researchers owing to the individual success of these two technologies in various applications of Internet of Things (IoT). Operating in the same Industrial-Scientific-Medical (ISM) band, their coexistence does not always yield satisfactory results. The performance of a network based on IEEE 802.15.4 standard has been shown to be significantly lowered in the presence of a strong IEEE 802.11 based network (Wireless LAN) to the extent that communication based on the IEEE 802.15.4 standard can be rendered impossible in certain scenarios. This work is an effort towards analyzing interference caused by the three non-overlapping channels 1, 6 and 11 of IEEE 802.11b/g/n on the usable 2.4GHz spectrum of IEEE 802.15.4 standard. Recommendations of plausible scenarios for successful coexistence of these two networking technologies have been made. Assessment of the performance of an IEEE 802.15.4 standard based network through the Packet Delivery Ratio (PDR) on various channels of operation has yielded valuable insights. The experiments carried out in real-world environment stand as datapoints in predicting and understanding the interference behavior in real-life applications

Secure Data Collection and Analysis in Smart Health Monitoring

Smart health monitoring uses real-time monitored data to support diagnosis, treatment, and health decision-making in modern smart healthcare systems and benefit our daily life. The accurate health monitoring and prompt transmission of health data are facilitated by the ever-evolving on-body sensors, wireless communication technologies, and wireless sensing techniques. Although the users have witnessed the convenience of smart health monitoring, severe privacy and security concerns on the valuable and sensitive collected data come along with the merit. The data collection, transmission, and analysis are vulnerable to various attacks, e.g., eavesdropping, due to the open nature of wireless media, the resource constraints of sensing devices, and the lack of security protocols. These deficiencies not only make conventional cryptographic methods not applicable in smart health monitoring but also put many obstacles in the path of designing privacy protection mechanisms. In this dissertation, we design dedicated schemes to achieve secure data collection and analysis in smart health monitoring. The first two works propose two robust and secure authentication schemes based on Electrocardiogram (ECG), which outperform traditional user identity authentication schemes in health monitoring, to restrict the access to collected data to legitimate users. To improve the practicality of ECG-based authentication, we address the nonuniformity and sensitivity of ECG signals, as well as the noise contamination issue. The next work investigates an extended authentication goal, denoted as wearable-user pair authentication. It simultaneously authenticates the user identity and device identity to provide further protection. We exploit the uniqueness of the interference between different wireless protocols, which is common in health monitoring due to devices\u27 varying sensing and transmission demands, and design a wearable-user pair authentication scheme based on the interference. However, the harm of this interference is also outstanding. Thus, in the fourth work, we use wireless human activity recognition in health monitoring as an example and analyze how this interference may jeopardize it. We identify a new attack that can produce false recognition result and discuss potential countermeasures against this attack. In the end, we move to a broader scenario and protect the statistics of distributed data reported in mobile crowd sensing, a common practice used in public health monitoring for data collection. We deploy differential privacy to enable the indistinguishability of workers\u27 locations and sensing data without the help of a trusted entity while meeting the accuracy demands of crowd sensing tasks