e-SAFE: Secure, Efficient and Forensics-Enabled Access to Implantable Medical Devices

To facilitate monitoring and management, modern Implantable Medical Devices (IMDs) are often equipped with wireless capabilities, which raise the risk of malicious access to IMDs. Although schemes are proposed to secure the IMD access, some issues are still open. First, pre-sharing a long-term key between a patient's IMD and a doctor's programmer is vulnerable since once the doctor's programmer is compromised, all of her patients suffer; establishing a temporary key by leveraging proximity gets rid of pre-shared keys, but as the approach lacks real authentication, it can be exploited by nearby adversaries or through man-in-the-middle attacks. Second, while prolonging the lifetime of IMDs is one of the most important design goals, few schemes explore to lower the communication and computation overhead all at once. Finally, how to safely record the commands issued by doctors for the purpose of forensics, which can be the last measure to protect the patients' rights, is commonly omitted in the existing literature. Motivated by these important yet open problems, we propose an innovative scheme e-SAFE, which significantly improves security and safety, reduces the communication overhead and enables IMD-access forensics. We present a novel lightweight compressive sensing based encryption algorithm to encrypt and compress the IMD data simultaneously, reducing the data transmission overhead by over 50% while ensuring high data confidentiality and usability. Furthermore, we provide a suite of protocols regarding device pairing, dual-factor authentication, and accountability-enabled access. The security analysis and performance evaluation show the validity and efficiency of the proposed scheme

A comprehensive survey of wireless body area networks on PHY, MAC, and network layers solutions

Recent advances in microelectronics and integrated circuits, system-on-chip design, wireless communication and intelligent low-power sensors have allowed the realization of a Wireless Body Area Network (WBAN). A WBAN is a collection of low-power, miniaturized, invasive/non-invasive lightweight wireless sensor nodes that monitor the human body functions and the surrounding environment. In addition, it supports a number of innovative and interesting applications such as ubiquitous healthcare, entertainment, interactive gaming, and military applications. In this paper, the fundamental mechanisms of WBAN including architecture and topology, wireless implant communication, low-power Medium Access Control (MAC) and routing protocols are reviewed. A comprehensive study of the proposed technologies for WBAN at Physical (PHY), MAC, and Network layers is presented and many useful solutions are discussed for each layer. Finally, numerous WBAN applications are highlighted

Discovering mHealth Users’ Privacy and Security Concerns through Social Media Mining

The purpose of this study is to explore the various privacy and security concerns conveyed by social media users in relation to the use of mHealth wearable technologies, using Grounded Theory and Text Mining methodologies. The results of the emerging theory explain that the concerns of users can be categorized as relating to data management, data surveillance, data invasion, technical safety, or legal & policy issues. The results show that over time, mHealth users are still concerned about areas such as security breaches, real-time data invasion, surveillance, and how companies use the data collected from these devices. Further, the results from the emotion and sentiment analyses revealed that users generally exhibited anger and fear, and sentiments that were negatively expressed. Theoretically, the results also support the literature on user acceptance of mHealth wearables as influenced by the distrust of companies and their utilization of personally harvested data

Discovering mHealth Users’ Privacy and Security Concerns through Social Media Mining

The purpose of this study is to explore the various privacy and security concerns conveyed by social media users in relation to the use of mHealth wearable technologies, using Grounded Theory and Text Mining methodologies. The results of the emerging theory explain that the concerns of users can be categorized as relating to data management, data surveillance, data invasion, technical safety, or legal & policy issues. The results show that over time, mHealth users are still concerned about areas such as security breaches, real-time data invasion, surveillance, and how companies use the data collected from these devices. Further, the results from the emotion and sentiment analyses revealed that users generally exhibited anger and fear, and sentiments that were negatively expressed. Theoretically, the results also support the literature on user acceptance of mHealth wearables as influenced by the distrust of companies and their utilization of personally harvested data

An investigation of electronic Protected Health Information (e-PHI) privacy policy legislation in California for seniors using in-home health monitoring systems

This study examined privacy legislation in California to identify those electronic Protected Health Information (e-PHI) privacy policies that are suited to seniors using in-home health monitoring systems. Personal freedom and independence are essential to a person\u27s physical and mental health, and mobile technology applications provide a convenient and economical method for monitoring personal health. Many of these apps are written by third parties, however, which poses serious risks to patient privacy. Current federal regulations only cover applications and systems developed for use by covered entities and their business partners. As a result, the responsibility for protecting the privacy of the individual using health monitoring apps obtained from the open market falls squarely on the states. The goal of this study was to conduct an exploratory study of existing legislation to learn what was being done at the legislative level to protect the security and privacy of users using in-home mobile health monitoring systems. Specifically, those developed and maintained by organizations or individuals not classified as covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The researcher chose California due to its reputation for groundbreaking privacy laws and high population of seniors. The researcher conducted a content analysis of California state legislation, federal and industry best practices, and extant literature to identify current and proposed legislation regarding the protection of e-PHI data of those using in-home health monitoring systems. The results revealed that in-home health monitoring systems show promise, but they are not without risk. The use of smartphones, home networks, and downloadable apps puts patient privacy at risk, and combining systems that were not initially intended to function together carries additional concerns. Factors such as different privacy-protection profiles, opt-in/opt-out defaults, and privacy policies that are difficult to read or are not adhered to by the application also put user data at risk. While this examination showed that there is legislative support governing the development of the technology of individual components of the in-home health monitoring systems, it appears that the in-home health monitoring system as a whole is an immature technology and not in wide enough use to warrant legislative attention. In addition – unlike the challenges posed by the development and maintenance of the technology of in-home health monitoring systems – there is ample legislation to protect user privacy in mobile in-home health monitoring systems developed and maintained by those not classified as covered entities under HIPAA. Indeed, the volume of privacy law covering the individual components of the system is sufficient to ensure that the privacy of the system as a whole would not be compromised if deployed as suggested in this study. Furthermore, the legislation evaluated over the course of this study demonstrated consistent balance between technical, theoretical, and legal stakeholders. This study contributes to the body of knowledge in this area by conducting an in-depth review of current and proposed legislation in the state of California for the past five years. The results will help provide future direction for researchers and developers as they struggle to meet the current and future needs of patients using this technology as it matures. There are practical applications for this study as well. The seven themes identified during this study can serve as a valuable starting point for state legislators to evaluate existing and proposed legislation within the context of medical data to identify the need for legislation to assist in protecting user data against fraud, identity theft, and other damaging consequences that occur because of a data breach

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Privacy and Security Concerns Associated with MHealth Technologies: A Social Media Mining Perspective

mHealth technologies seek to improve personal wellness; however, there are stillsignificant privacy and security challenges. With social networking sites serving as lens through which public sentiments and perspectives can be easily accessed, little has been done to investigate the privacy and security concerns of users, associated with mHealth technologies, through social media mining. Therefore, this study investigated various privacy and security concerns conveyed by social media users, in relation to the use of mHealth wearable technologies, using text mining and grounded theory. In addition, the study examined the general sentiments toward mHealth privacy and security related issues, while unearthing how the various issues have evolved over time. Our target social media platform for data collection was the microblogging platform Twitter, which was accessed through Brandwatch providing access to the “Twitter firehose” to extract English tweets. Triangulation was conducted on a representative sample to confirm the results of the Latent Dirichlet Allocation (LDA) Topic Modeling using manual coding through ATLAS.ti. By using the grounded theory analysis methodology, we developed the D-MIT Emergent Theoretical Model which explains that the concerns of users can be categorized as relating to data management, data invasion, or technical safety issues. This model claims that issues affecting data management of mHealth users through the misuse of their data by entities such as wearable companies and other third-party applications, negatively impact their adoption of these devices. Also, concerns of data invasion via real-time data, security breaches, and data surveillance inhibit the adoption of mHealth wearables, which is further impacted by technical safety issues. Further, when users perceived that they do not have full control over their wearables or patient applications, then their acceptance of these mHealth technologies is diminished. While a lack of data and privacy protection policies contribute negatively to users’ adoption of these devices, it also plays a pivotal role in the data management issues presented in this emergent model. Therefore, the importance of having robust legal and policy frameworks that can support mHealth users is desired. Theoretically, the results support the literature on user acceptance of mHealth wearables. These findings were compared with extant literature, and confirmations found across several studies. Further, the results show that over time, mHealth users are still concerned about areas such as security breaches, real-time data invasion, surveillance, and how companies use the data collected from these devices. The findings reveal that more than 75% of the posts analyzed were categorized as depicting anger, fear, or demonstrating levels of disgust. Additionally, 70% of the posts exhibited negative sentiments, whereas 26% were positive, which indicates that users are ambivalent concerning privacy and security, notwithstanding mentions of privacy or security issues in their posts