Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Cloud-assisted body area networks: state-of-the-art and future challenges

Body area networks (BANs) are emerging as enabling technology for many human-centered application domains such as health-care, sport, fitness, wellness, ergonomics, emergency, safety, security, and sociality. A BAN, which basically consists of wireless wearable sensor nodes usually coordinated by a static or mobile device, is mainly exploited to monitor single assisted livings. Data generated by a BAN can be processed in real-time by the BAN coordinator and/or transmitted to a server-side for online/offline processing and long-term storing. A network of BANs worn by a community of people produces large amount of contextual data that require a scalable and efficient approach for elaboration and storage. Cloud computing can provide a flexible storage and processing infrastructure to perform both online and offline analysis of body sensor data streams. In this paper, we motivate the introduction of Cloud-assisted BANs along with the main challenges that need to be addressed for their development and management. The current state-of-the-art is overviewed and framed according to the main requirements for effective Cloud-assisted BAN architectures. Finally, relevant open research issues in terms of efficiency, scalability, security, interoperability, prototyping, dynamic deployment and management, are discussed

Remote patient monitoring using safe and secure WBAN technology

In the recent years, we have witnessed a tremendous growth and development in the field of wireless communication technology and sensors. Resulting into opening new dimensions in various research fields. The integration of Nano scale devices with low power consumption circuits brought a new evolution in wireless networks. This blend of technologies led to the formation of a new field in WSN (Wireless Sensor Networks) known as WBAN (Wireless Body Area Network). WBAN is based on small sensors designed to operate and function mainly on the human body. As we are dealing with human lives, security and privacy are major concerns as patients’ data is at the stakes. Authentication is an important factor in securing information from unauthorized usage. Now-a-days a lot of research has been done in order to improve the overall authentication mechanisms in WBAN. In this poster, we are surveying the security challenges in WBAN with a focus on the authentication phase. A list of several methods along with their schemes has been studied and recapitulated. ECG is one the most popular schemes used in WBAN, benefiting from its uniqueness. However, it comes with challenges as creating an extract trait could get complicated. ECG could be aided by the help of combining fingerprint which will result in a non-destructive method of biometric authentication compared with single ECG trait

Body Area Networks

Recent technological advances in integrated circuits, wireless networks, and physiological sensing have enabled miniature, lightweight, low power, intelligent monitoring devices to be integrated into a Body Area Network (BAN). This new type of technology hold much promise for future patient health monitoring. BANs promise inexpensive, unobtrusive, and unsupervised ambulatory monitoring during normal daily activities for long periods of time. However, in order for BANs to become ubiquitous and affordable, a number of challenging issues must be resolved, such as integration, standardisation, system design, customisation, security and privacy, and social issues. This paper presents an overview of many of these issues and indeed the background and rationale of body area networks

Towards fast and robust authentication schemes in Body Area Networks

The emergence of Body Area Networks (BANs) has paved the way for real-time sensing of human biometrics in addition to remote control of smart medical devices, which in turn is beginning to revolutionise the smart healthcare industry. However, due to their limited power and computational capabilities they are vulnerable to myriad of security attacks, thus securing BANs is paramount to their success and wider adoption in the medical and nonmedical domain. Achieving the desired security level for BANs while adhering to their strict constraints imposed by the limited resources available is an ongoing challenge. Solving such a challenge will be the focus of my thesis. In particular, my thesis will develop a novel, fast and robust authentication mechanisms amongst BAN devices while exploring new potential vulnerabilities that may threaten the existing approaches. To accomplish this goal the thesis provides a review of the state-of-the-art literature exploring authentication protocols that focus on biometrics, physical channel characters or other approaches, before proceeding to introduce three novel works. Firstly, identifying a concerning vulnerability within existing Electrocardiogram (ECG) based schemes, secondly, a solution to mitigate this exploit and finally a strategy which aims to reduce the time taken to complete the authentication process

A survey on wireless body area networks: architecture, security challenges and research opportunities.

In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues

Recent Advances on Implantable Wireless Sensor Networks

Implantable electronic devices are undergoing a miniaturization age, becoming more efficient and yet more powerful as well. Biomedical sensors are used to monitor a multitude of physiological parameters, such as glucose levels, blood pressure and neural activity. A group of sensors working together in the human body is the main component of a body area network, which is a wireless sensor network applied to the human body. In this chapter, applications of wireless biomedical sensors are presented, along with state-of-the-art communication and powering mechanisms of these devices. Furthermore, recent integration methods that allow the sensors to become smaller and more suitable for implantation are summarized. For individual sensors to become a body area network (BAN), they must form a network and work together. Issues that must be addressed when developing these networks are detailed and, finally, mobility methods for implanted sensors are presented

A New Attack Method Against ECG-based Key Generation and Agreement Schemes in Body Area Networks

Body Area Networks (BAN) are wireless networks designed for deployment on or within the human body. These networks are primarily intended for application within the medical domain due to their capabilities for enabling wireless monitoring of physiological signals, and remote administration of medical devices. Due to their intended use case, securing these devices is paramount. In recent years, several key generation and agreement schemes that rely upon physiological signals of the wearer are developed. However, we have found that the application of Electrocardiogram (ECG) signals in this context may not be appropriate due to a potential vulnerability, wherein previously recorded ECG signals could be used against current and future key agreement attempts to compromise their security. This is a violation of temporal variance which is one of a few properties that make ECG signals suitable for use in key agreement schemes. By extracting the QRS complex from prior recordings and distributing them apart from one another we can construct synthetic signals that have a high level of coherence, and thus allow for the key to be intercepted. Based on the conducted experiments we have found that the proposed attack method yields a 0.7 coherence level regardless of how far away the adversary is from the target. This makes the success of such an attack extremely likely and is therefore a real threat to the security of these schemes