Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Watermarking techniques for genuine fingerprint authentication.

Fingerprints have been used to authenticate people remotely and allow them access to a system. However, the fingerprint-capture sensor is cracked easily using false fingerprint features constructed from a glass surface. Fake fingerprints, which can be easily obtained by attackers, could cheat the system and this issue remains a challenge in fingerprint-based authentication systems. Thus, a mechanism that can validate the originality of fingerprint samples is desired. Watermarking techniques have been used to enhance the fingerprint-based authentication process, however, none of them have been found to satisfy genuine person verification requirements. This thesis focuses on improving the verification of the genuine fingerprint owner using watermarking techniques. Four research issues are being addressed to achieve the main aim of this thesis. The first research task was to embed watermark into fingerprint images collected from different angles. In verification systems, an acquired fingerprint image is compared with another image, which was stored in the database at the time of enrolment. The displacements and rotations of fingerprint images collected from different angles lead to different sets of minutiae. In this case, the fingerprint-based authentication system operates on the ‘close enough’ matching principle between samples and template. A rejection of genuine samples can occur erroneously in such cases. The process of embedding watermarks into fingerprint samples could make this worse by adding spurious minutiae or corrupting correct minutiae. Therefore, a watermarking method for fingerprint images collected from different angles is proposed. Second, embedding high payload of watermark into fingerprint image and preserving the features of the fingerprint from being affected by the embedded watermark is challenging. In this scenario, embedding multiple watermarks that can be used with fingerprint to authenticate the person is proposed. In the developed multi-watermarks schema, two watermark images of high payloads are embedded into fingerprints without significantly affecting minutiae. Third, the robustness of the watermarking approach against image processing operations is important. The implemented fingerprint watermarking algorithms have been proposed to verify the origin of the fingerprint image; however, they are vulnerable to several modes of image operations that can affect the security level of the authentication system. The embedded watermarks, and the fingerprint features that are used subsequently for authentication purposes, can be damaged. Therefore, the current study has evaluated in detail the robustness of the proposed watermarking methods to the most common image operations. Fourth, mobile biometrics are expected to link the genuine user to a claimed identity in ubiquitous applications, which is a great challenge. Touch-based sensors for capturing fingerprints have been incorporated into mobile phones for user identity authentication. However, an individual fake fingerprint cracking the sensor on the iPhone 5S is a warning that biometrics are only a representation of a person, and are not secure. To make thing worse, the ubiquity of mobile devices leaves much room for adversaries to clone, impersonate or fabricate fake biometric identities and/or mobile devices to defraud systems. Therefore, the integration of multiple identifiers for both the capturing device and its owner into one unique entity is proposed

Process Mining Workshops

This open access book constitutes revised selected papers from the International Workshops held at the Third International Conference on Process Mining, ICPM 2021, which took place in Eindhoven, The Netherlands, during October 31–November 4, 2021. The conference focuses on the area of process mining research and practice, including theory, algorithmic challenges, and applications. The co-located workshops provided a forum for novel research ideas. The 28 papers included in this volume were carefully reviewed and selected from 65 submissions. They stem from the following workshops: 2nd International Workshop on Event Data and Behavioral Analytics (EDBA) 2nd International Workshop on Leveraging Machine Learning in Process Mining (ML4PM) 2nd International Workshop on Streaming Analytics for Process Mining (SA4PM) 6th International Workshop on Process Querying, Manipulation, and Intelligence (PQMI) 4th International Workshop on Process-Oriented Data Science for Healthcare (PODS4H) 2nd International Workshop on Trust, Privacy, and Security in Process Analytics (TPSA) One survey paper on the results of the XES 2.0 Workshop is included

Cybersecurity in implantable medical devices

Mención Internacional en el título de doctorImplantable Medical Devices (IMDs) are electronic devices implanted within the body to treat a medical condition, monitor the state or improve the functioning of some body part, or just to provide the patient with a capability that he did not possess before [86]. Current examples of IMDs include pacemakers and defibrillators to monitor and treat cardiac conditions; neurostimulators for deep brain stimulation in cases such as epilepsy or Parkinson; drug delivery systems in the form of infusion pumps; and a variety of biosensors to acquire and process different biosignals. Some of the newest IMDs have started to incorporate numerous communication and networking functions—usually known as “telemetry”—, as well as increasingly more sophisticated computing capabilities. This has provided implants with more intelligence and patients with more autonomy, as medical personnel can access data and reconfigure the implant remotely (i.e., without the patient being physically present in medical facilities). Apart from a significant cost reduction, telemetry and computing capabilities also allow healthcare providers to constantly monitor the patient’s condition and to develop new diagnostic techniques based on an Intra Body Network (IBN) of medical devices [25, 26, 201]. Evolving from a mere electromechanical IMD to one with more advanced computing and communication capabilities has many benefits but also entails numerous security and privacy risks for the patient. The majority of such risks are relatively well known in classical computing scenarios, though in many respects their repercussions are far more critical in the case of implants. Attacks against an IMD can put at risk the safety of the patient who carries it, with fatal consequences in certain cases. Causing an intentional malfunction of an implant can lead to death and, as recognized by the U.S. Food and Drug Administration (FDA), such deliberate attacks could be far more difficult to detect than accidental ones [61]. Furthermore, these devices store and transmit very sensitive medical information that requires protection, as dictated by European (e.g., Directive 95/46/ECC) and U.S. (e.g., CFR 164.312) Directives [94, 204]. The wireless communication capabilities present in many modern IMDs are a major source of security risks, particularly while the patient is in open (i.e., non-medical) environments. To begin with, the implant becomes no longer “invisible”, as its presence could be remotely detected [48]. Furthermore, it facilitates the access to transmitted data by eavesdroppers who simply listen to the (insecure) channel [83]. This could result in a major privacy breach, as IMDs store sensitive information such as vital signals, diagnosed conditions, therapies, and a variety of personal data (e.g., birth date, name, and other medically relevant identifiers). A vulnerable communication channel also makes it easier to attack the implant in ways similar to those used against more common computing devices [118, 129, 156], i.e., by forging, altering, or replying previously captured messages [82]. This could potentially allow an adversary to monitor and modify the implant without necessarily being close to the victim [164]. In this regard, the concerns of former U.S. vice-president Dick Cheney constitute an excellent example: he had his Implantable Cardioverter Defibrillator (ICD) replaced by another without WiFi capability [219]. While there are still no known real-world incidents, several attacks on IMDs have been successfully demonstrated in the lab [83, 133, 143]. These attacks have shown how an adversary can disable or reprogram therapies on an ICD with wireless connectivity, and even inducing a shock state to the patient [65]. Other attacks deplete the battery and render the device inoperative [91], which often implies that the patient must undergo a surgical procedure to have the IMD replaced. Moreover, in the case of cardiac implants, they have a switch that can be turned off merely by applying a magnetic field [149]. The existence of this mechanism is motivated by the need to shield ICDs to electromagnetic fields, for instance when the patient undergoes cardiac surgery using electrocautery devices [47]. However, this could be easily exploited by an attacker, since activating such a primitive mechanism does not require any kind of authentication. In order to prevent attacks, it is imperative that the new generation of IMDs will be equipped with strong mechanisms guaranteeing basic security properties such as confidentiality, integrity, and availability. For example, mutual authentication between the IMD and medical personnel is essential, as both parties must be confident that the other end is who claims to be. In the case of the IMD, only commands coming from authenticated parties should be considered, while medical personnel should not trust any message claiming to come from the IMD unless sufficient guarantees are given. Preserving the confidentiality of the information stored in and transmitted by the IMD is another mandatory aspect. The device must implement appropriate security policies that restrict what entities can reconfigure the IMD or get access to the information stored in it, ensuring that only authorized operations are executed. Similarly, security mechanisms have to be implemented to protect the content of messages exchanged through an insecure wireless channel. Integrity protection is equally important to ensure that information has not been modified in transit. For example, if the information sent by the implant to the Programmer is altered, the doctor might make a wrong decision. Conversely, if a command sent to the implant is forged, modified, or simply contains errors, its execution could result in a compromise of the patient’s physical integrity. Technical security mechanisms should be incorporated in the design phase and complemented with appropriate legal and administrative measures. Current legislation is rather permissive in this regard, allowing the use of implants like ICDs that do not incorporate any security mechanisms. Regulatory authorities like the FDA in the U.S or the EMA (European Medicines Agency) in Europe should promote metrics and frameworks for assessing the security of IMDs. These assessments should be mandatory by law, requiring an adequate security level for an implant before approving its use. Moreover, both the security measures supported on each IMD and the security assessment results should be made public. Prudent engineering practices well known in the safety and security domains should be followed in the design of IMDs. If hardware errors are detected, it often entails a replacement of the implant, with the associated risks linked to a surgery. One of the main sources of failure when treating or monitoring a patient is precisely malfunctions of the device itself. These failures are known as “recalls” or “advisories”, and it is estimated that they affect around 2.6% of patients carrying an implant. Furthermore, the software running on the device should strictly support the functionalities required to perform the medical and operational tasks for what it was designed, and no more [66, 134, 213]. In Chapter 1, we present a survey of security and privacy issues in IMDs, discuss the most relevant mechanisms proposed to address these challenges, and analyze their suitability, advantages, and main drawbacks. In Chapter 2, we show how the use of highly compressed electrocardiogram (ECG) signals (only 24 coefficients of Hadamard Transform) is enough to unequivocally identify individuals with a high performance (classification accuracy of 97% and with identification system errors in the order of 10−2). In Chapter 3 we introduce a new Continuous Authentication scheme that, contrarily to previous works in this area, considers ECG signals as continuous data streams. The proposed ECG-based CA system is intended for real-time applications and is able to offer an accuracy up to 96%, with an almost perfect system performance (kappa statistic > 80%). In Chapter 4, we propose a distance bounding protocol to manage access control of IMDs: ACIMD. ACIMD combines two features namely identity verification (authentication) and proximity verification (distance checking). The authentication mechanism we developed conforms to the ISO/IEC 9798-2 standard and is performed using the whole ECG signal of a device holder, which is hardly replicable by a distant attacker. We evaluate the performance of ACIMD using ECG signals of 199 individuals over 24 hours, considering three adversary strategies. Results show that an accuracy of 87.07% in authentication can be achieved. Finally, in Chapter 5 we extract some conclusions and summarize the published works (i.e., scientific journals with high impact factor and prestigious international conferences).Los Dispositivos Médicos Implantables (DMIs) son dispositivos electrónicos implantados dentro del cuerpo para tratar una enfermedad, controlar el estado o mejorar el funcionamiento de alguna parte del cuerpo, o simplemente para proporcionar al paciente una capacidad que no poseía antes [86]. Ejemplos actuales de DMI incluyen marcapasos y desfibriladores para monitorear y tratar afecciones cardíacas; neuroestimuladores para la estimulación cerebral profunda en casos como la epilepsia o el Parkinson; sistemas de administración de fármacos en forma de bombas de infusión; y una variedad de biosensores para adquirir y procesar diferentes bioseñales. Los DMIs más modernos han comenzado a incorporar numerosas funciones de comunicación y redes (generalmente conocidas como telemetría) así como capacidades de computación cada vez más sofisticadas. Esto ha propiciado implantes con mayor inteligencia y pacientes con más autonomía, ya que el personal médico puede acceder a los datos y reconfigurar el implante de forma remota (es decir, sin que el paciente esté físicamente presente en las instalaciones médicas). Aparte de una importante reducción de costos, las capacidades de telemetría y cómputo también permiten a los profesionales de la atención médica monitorear constantemente la condición del paciente y desarrollar nuevas técnicas de diagnóstico basadas en una Intra Body Network (IBN) de dispositivos médicos [25, 26, 201]. Evolucionar desde un DMI electromecánico a uno con capacidades de cómputo y de comunicación más avanzadas tiene muchos beneficios pero también conlleva numerosos riesgos de seguridad y privacidad para el paciente. La mayoría de estos riesgos son relativamente bien conocidos en los escenarios clásicos de comunicaciones entre dispositivos, aunque en muchos aspectos sus repercusiones son mucho más críticas en el caso de los implantes. Los ataques contra un DMI pueden poner en riesgo la seguridad del paciente que lo porta, con consecuencias fatales en ciertos casos. Causar un mal funcionamiento intencionado en un implante puede causar la muerte y, tal como lo reconoce la Food and Drug Administration (FDA) de EE.UU, tales ataques deliberados podrían ser mucho más difíciles de detectar que los ataques accidentales [61]. Además, estos dispositivos almacenan y transmiten información médica muy delicada que requiere se protegida, según lo dictado por las directivas europeas (por ejemplo, la Directiva 95/46/ECC) y estadunidenses (por ejemplo, la Directiva CFR 164.312) [94, 204]. Si bien todavía no se conocen incidentes reales, se han demostrado con éxito varios ataques contra DMIs en el laboratorio [83, 133, 143]. Estos ataques han demostrado cómo un adversario puede desactivar o reprogramar terapias en un marcapasos con conectividad inalámbrica e incluso inducir un estado de shock al paciente [65]. Otros ataques agotan la batería y dejan al dispositivo inoperativo [91], lo que a menudo implica que el paciente deba someterse a un procedimiento quirúrgico para reemplazar la batería del DMI. Además, en el caso de los implantes cardíacos, tienen un interruptor cuya posición de desconexión se consigue simplemente aplicando un campo magnético intenso [149]. La existencia de este mecanismo está motivada por la necesidad de proteger a los DMIs frete a posibles campos electromagnéticos, por ejemplo, cuando el paciente se somete a una cirugía cardíaca usando dispositivos de electrocauterización [47]. Sin embargo, esto podría ser explotado fácilmente por un atacante, ya que la activación de dicho mecanismo primitivo no requiere ningún tipo de autenticación. Garantizar la confidencialidad de la información almacenada y transmitida por el DMI es otro aspecto obligatorio. El dispositivo debe implementar políticas de seguridad apropiadas que restrinjan qué entidades pueden reconfigurar el DMI o acceder a la información almacenada en él, asegurando que sólo se ejecuten las operaciones autorizadas. De la misma manera, mecanismos de seguridad deben ser implementados para proteger el contenido de los mensajes intercambiados a través de un canal inalámbrico no seguro. La protección de la integridad es igualmente importante para garantizar que la información no se haya modificado durante el tránsito. Por ejemplo, si la información enviada por el implante al programador se altera, el médico podría tomar una decisión equivocada. Por el contrario, si un comando enviado al implante se falsifica, modifica o simplemente contiene errores, su ejecución podría comprometer la integridad física del paciente. Los mecanismos de seguridad deberían incorporarse en la fase de diseño y complementarse con medidas legales y administrativas apropiadas. La legislación actual es bastante permisiva a este respecto, lo que permite el uso de implantes como marcapasos que no incorporen ningún mecanismo de seguridad. Las autoridades reguladoras como la FDA en los Estados Unidos o la EMA (Agencia Europea de Medicamentos) en Europa deberían promover métricas y marcos para evaluar la seguridad de los DMIs. Estas evaluaciones deberían ser obligatorias por ley, requiriendo un nivel de seguridad adecuado para un implante antes de aprobar su uso. Además, tanto las medidas de seguridad implementadas en cada DMI como los resultados de la evaluación de su seguridad deberían hacerse públicos. Buenas prácticas de ingeniería en los dominios de la protección y la seguridad deberían seguirse en el diseño de los DMIs. Si se detectan errores de hardware, a menudo esto implica un reemplazo del implante, con los riesgos asociados y vinculados a una cirugía. Una de las principales fuentes de fallo al tratar o monitorear a un paciente es precisamente el mal funcionamiento del dispositivo. Estos fallos se conocen como “retiradas”, y se estima que afectan a aproximadamente el 2,6 % de los pacientes que llevan un implante. Además, el software que se ejecuta en el dispositivo debe soportar estrictamente las funcionalidades requeridas para realizar las tareas médicas y operativas para las que fue diseñado, y no más [66, 134, 213]. En el Capítulo 1, presentamos un estado de la cuestión sobre cuestiones de seguridad y privacidad en DMIs, discutimos los mecanismos más relevantes propuestos para abordar estos desafíos y analizamos su idoneidad, ventajas y principales inconvenientes. En el Capítulo 2, mostramos cómo el uso de señales electrocardiográficas (ECGs) altamente comprimidas (sólo 24 coeficientes de la Transformada Hadamard) es suficiente para identificar inequívocamente individuos con un alto rendimiento (precisión de clasificación del 97% y errores del sistema de identificación del orden de 10−2). En el Capítulo 3 presentamos un nuevo esquema de Autenticación Continua (AC) que, contrariamente a los trabajos previos en esta área, considera las señales ECG como flujos de datos continuos. El sistema propuesto de AC basado en señales cardíacas está diseñado para aplicaciones en tiempo real y puede ofrecer una precisión de hasta el 96%, con un rendimiento del sistema casi perfecto (estadístico kappa > 80 %). En el Capítulo 4, proponemos un protocolo de verificación de la distancia para gestionar el control de acceso al DMI: ACIMD. ACIMD combina dos características, verificación de identidad (autenticación) y verificación de la proximidad (comprobación de la distancia). El mecanismo de autenticación es compatible con el estándar ISO/IEC 9798-2 y se realiza utilizando la señal ECG con todas sus ondas, lo cual es difícilmente replicable por un atacante que se encuentre distante. Hemos evaluado el rendimiento de ACIMD usando señales ECG de 199 individuos durante 24 horas, y hemos considerando tres estrategias posibles para el adversario. Los resultados muestran que se puede lograr una precisión del 87.07% en la au tenticación. Finalmente, en el Capítulo 5 extraemos algunas conclusiones y resumimos los trabajos publicados (es decir, revistas científicas con alto factor de impacto y conferencias internacionales prestigiosas).Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús García López de Lacall

Process Mining Workshops

This open access book constitutes revised selected papers from the International Workshops held at the Third International Conference on Process Mining, ICPM 2021, which took place in Eindhoven, The Netherlands, during October 31–November 4, 2021. The conference focuses on the area of process mining research and practice, including theory, algorithmic challenges, and applications. The co-located workshops provided a forum for novel research ideas. The 28 papers included in this volume were carefully reviewed and selected from 65 submissions. They stem from the following workshops: 2nd International Workshop on Event Data and Behavioral Analytics (EDBA) 2nd International Workshop on Leveraging Machine Learning in Process Mining (ML4PM) 2nd International Workshop on Streaming Analytics for Process Mining (SA4PM) 6th International Workshop on Process Querying, Manipulation, and Intelligence (PQMI) 4th International Workshop on Process-Oriented Data Science for Healthcare (PODS4H) 2nd International Workshop on Trust, Privacy, and Security in Process Analytics (TPSA) One survey paper on the results of the XES 2.0 Workshop is included

An Empirical Analysis of Security and Privacy in Health and Medical Systems

Healthcare reform, regulation, and adoption of technology such as wearables are substantially changing both the quality of care and how we receive it. For example, health and fitness devices contain sensors that collect data, wireless interfaces to transmit data, and cloud infrastructures to aggregate, analyze, and share data. FDA-defined class III devices such as pacemakers will soon share these capabilities. While technological growth in health care is clearly beneficial, it also brings new security and privacy challenges for systems, users, and regulators. We group these concepts under health and medical systems to connect and emphasize their importance to healthcare. Challenges include how to keep user health data private, how to limit and protect access to data, and how to securely store and transmit data while maintaining interoperability with other systems. The most critical challenge unique to healthcare is how to balance security and privacy with safety and utility concerns. Specifically, a life-critical medical device must fail-open (i.e., work regardless) in the event of an active threat or attack. This dissertation examines some of these challenges and introduces new systems that not only improve security and privacy but also enhance workflow and usability. Usability is important in this context because a secure system that inhibits workflow is often improperly used or circumvented. We present this concern and our solution in its respective chapter. Each chapter of this dissertation presents a unique challenge, or unanswered question, and solution based on empirical analysis. We present a survey of related work in embedded health and medical systems. The academic and regulatory communities greatly scrutinize the security and privacy of these devices because of their primary function of providing critical care. What we find is that securing embedded health and medical systems is hard, done incorrectly, and is analogous to non-embedded health and medical systems such as hospital servers, terminals, and personally owned mobile devices. A policy called bring your own device (BYOD) allows the use and integration of mobile devices in the workplace. We perform an analysis of Apple iMessage which both implicates BYOD in healthcare and secure messaging protocols used by health and medical systems. We analyze direct memory access engines, a special-purpose piece of hardware to transfer data into and out of main memory, and show that we can chain together memory transfers to perform arbitrary computation. This result potentially affects all computing systems used for healthcare. We also examine HTML5 web workers as they provide stealthy computation and covert communication. This finding is relevant to web applications such as personal and electronic health record portals. We design and implement two novel and secure health and medical systems. One is a wearable device that addresses the problem of authenticating a user (e.g., physician) to a terminal in a usable way. The other is a light-weight and low-cost wireless device we call Beacon+. This device extends the design of Apple's iBeacon specification with unspoofable, temporal, and authenticated advertisements; of which, enables secure location sensing applications that could improve numerous healthcare processes

Recent Application in Biometrics

In the recent years, a number of recognition and authentication systems based on biometric measurements have been proposed. Algorithms and sensors have been developed to acquire and process many different biometric traits. Moreover, the biometric technology is being used in novel ways, with potential commercial and practical implications to our daily activities. The key objective of the book is to provide a collection of comprehensive references on some recent theoretical development as well as novel applications in biometrics. The topics covered in this book reflect well both aspects of development. They include biometric sample quality, privacy preserving and cancellable biometrics, contactless biometrics, novel and unconventional biometrics, and the technical challenges in implementing the technology in portable devices. The book consists of 15 chapters. It is divided into four sections, namely, biometric applications on mobile platforms, cancelable biometrics, biometric encryption, and other applications. The book was reviewed by editors Dr. Jucheng Yang and Dr. Norman Poh. We deeply appreciate the efforts of our guest editors: Dr. Girija Chetty, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park and Dr. Sook Yoon, as well as a number of anonymous reviewers

Security on Medical Wireless Sensor Networks

Wireless technology is fast becoming a very important tool for all aspects of communication. An area that lacks a strong implementation for wireless communication is the medical field. Wireless systems could be used by clinicians to be better able to diagnose and monitor patients. The reason behind the lack of adoption in healthcare is due to the need to meet the legislated and perceived requirements of security and privacy when dealing with clinical information. The current methods of wireless authentication are investigated and an existing issue in mobile networks is described and solved with two novel solutions; one solution within GSM and the other within UMTS. Strong authentication protocols are developed based on the existing wireless protocols, while using minimal messages and symmetric operations to limit resource utilization to meet the needs of the healthcare environment. To ensure the quality of the protocol a BAN (Burrows-Abadi-Needham logic) analysis is performed which verifies that the desired goals of the protocols are appropriately met within the results analysis. The developed security protocol is shown to be secure, uses minimal messages to maintain efficiency and meets the legal requirements to be used in medical wireless sensor networks

Design of a Controlled Language for Critical Infrastructures Protection

We describe a project for the construction of controlled language for critical infrastructures protection (CIP). This project originates from the need to coordinate and categorize the communications on CIP at the European level. These communications can be physically represented by official documents, reports on incidents, informal communications and plain e-mail. We explore the application of traditional library science tools for the construction of controlled languages in order to achieve our goal. Our starting point is an analogous work done during the sixties in the field of nuclear science known as the Euratom Thesaurus.JRC.G.6-Security technology assessmen

Contextual Analysis of Variation and Quality in Human-curated Gene Ontology Annotations

Two prospective randomized controlled studies of scientific curators of model organism databases (MODs) were conducted using common document collections to investigate the origins, nature, and extent of variation in curators' Gene Ontology (GO) annotations. Additional contextual data about curators' backgrounds, experience, personal annotation behaviors, and work practices were also collected to provide additional means of explaining variation. A corpus of nearly 4,000 new GO annotations covering 5 organisms was generated by 31 curators and analyzed at the paper, instance, and GO element levels. Variation was observed by organism expertise, by group assignment, and between individual and consensus annotations. Years of GO curation experience was found to not be a predictor of annotation instance quantities. Five facets of GO annotation quality (Consistency, Specificity, Completeness, Validity, and Reliability) were evaluated for utility, and showed promise for use in training novice curators. Pairwise matching and comparison of instances was found to be difficult and atypical, limiting the usefulness of the quality measures. Content analysis was performed on more than 600 pages of curators' hand-annotated paper journal articles used in GO annotation, yielding six types of common notations