Cryptanalyzing an image encryption algorithm based on autoblocking and electrocardiography

This paper performs a thorough security analysis of a chaotic image encryption algorithm based on autoblocking and electrocardiography from the view point of modern cryptography. The algorithm uses electrocardiography (ECG) signals to generate the initial key for a chaotic system and applies an autoblocking method to divide a plain image into blocks of certain sizes suitable for subsequent encryption. The designers claimed that the proposed algorithm is “strong and flexible enough for practical applications”. We find it is vulnerable to the known plaintext attack: based on one pair of a known plain-image and its corresponding cipher-image, an adversary is able to derive a mask image, which can be used as an equivalent secret key to successfully decrypt other cipher images encrypted under the same key with a non-negligible probability of 1/256. Using this as a typical counterexample, we summarize some security defects existing in many image encryption algorithms

Assessment of encryption and decryption schemes for secure data transmission in healthcare systems

Abstract: In the biomedical research community, transmitting a patient medical record via wireless means to an administrative centre or other medical centres is increasingly common. However, due to the open nature of wireless media, the security of such a system is a major concern, so, it is desirable to have a reliable security scheme. Amidst the numerous methods used to secure medical data, encryption schemes are becoming more popular due to their performance and relative simplicity. In this study, the performance of some data encryption and decryption schemes used to secure medical data is evaluated. These schemes are Blowfish, DES, AES, RC4, RSA, ECC, CBE, MTLM and CEC. The performance of these schemes was assessed through their execution time, throughput, average data rate and information entropy. For this performance assessment, some medical data were used for this task. The results showed that the performance of CBE, MTLM and CEC was better. CBE and MTLM offer a secure way to encrypt data with a significant reduction in the execution time. Moreover, if some of these schemes were combined to form a hybrid system, an enhancement in the security of medical data over wireless communication networks is guaranteed

AI-based Ethical Hacking for Health Information Systems (HIS): a simulation study

Background: Health Information systems (HIS) are continuously targeted by hackers, who aim to bring down the Health Critical Infrastructure. This study is motivated by recent attacks to healthcare organisations that have resulted in the compromise of the sensitive data held in HIS. Existing cyber security research in the healthcare domain places an imbalanced focus on protecting medical devices and data. There is a lack of a systematic way to investigate how attackers may breach a HIS and access healthcare records, with the view to improving cybersecurity in the future. Objective: This research aims to provide new insights regarding HIS cybersecurity protection. We propose a systematic and novel optimized (AI-based) ethical hacking method tailored specifically for HIS, and we compare it with traditional unoptimized ethical hacking method. It allows researchers and practitioners to identify the points and attack pathways of possible penetration attacks to HIS more efficiently. Methods: In this study, we propose a novel methodological approach to ethical hacking for HIS. We launched ethical hacking using both optimized and unoptimized methods in an experimental setting. Specifically, we set up an HIS simulation environment by implementing the OpenEMR (Open Electronic Medical Record) system and followed the National Institute of Standards and Technology's (NIST) ethical hacking framework to launch the attacks. In the experiment, we launched 50 rounds of attacks using both unoptimized and optimized ethical hacking methods. Results: Ethical hacking was successful using both optimized and unoptimized methods. The results show that the optimized ethical hacking method outperforms the unoptimized one in terms of average time used, average success rate of exploit, number of exploits launched, and number of successful exploits. We are able to identify the successful attack paths, and the exploits that are related to remote code execution, cross-site request forgery, improper authentication, vulnerability in the Oracle Business Intelligence Publisher, an elevation of privilege vulnerability (in MediaTek), and remote access backdoor (in the Web GUI for the Linux Virtual Server). Conclusions: This research demonstrates systematic ethical hacking against HIS using optimized and unoptimized methods together with a set of penetration testing tools to identify exploits and combining them to perform ethical hacking. The findings contribute to Health Information Systems (HIS) literature, ethical hacking methodology and mainstream AI-based ethical hacking method as it addresses some key weaknesses of these research fields. The findings also have great significance for the healthcare sector, as OpenEMR is widely adopted by healthcare organisations. Our findings offer novel insights for the protection of HIS and equips researchers toward conducting further research in the HIS cybersecurity domain

Towards Personalized Healthcare in Cardiac Population: The Development of a Wearable ECG Monitoring System, an ECG Lossy Compression Schema, and a ResNet-Based AF Detector

Cardiovascular diseases (CVDs) are the number one cause of death worldwide. While there is growing evidence that the atrial fibrillation (AF) has strong associations with various CVDs, this heart arrhythmia is usually diagnosed using electrocardiography (ECG) which is a risk-free, non-intrusive, and cost-efficient tool. Continuously and remotely monitoring the subjects' ECG information unlocks the potentials of prompt pre-diagnosis and timely pre-treatment of AF before the development of any life-threatening conditions/diseases. Ultimately, the CVDs associated mortality could be reduced. In this manuscript, the design and implementation of a personalized healthcare system embodying a wearable ECG device, a mobile application, and a back-end server are presented. This system continuously monitors the users' ECG information to provide personalized health warnings/feedbacks. The users are able to communicate with their paired health advisors through this system for remote diagnoses, interventions, etc. The implemented wearable ECG devices have been evaluated and showed excellent intra-consistency (CVRMS=5.5%), acceptable inter-consistency (CVRMS=12.1%), and negligible RR-interval errors (ARE<1.4%). To boost the battery life of the wearable devices, a lossy compression schema utilizing the quasi-periodic feature of ECG signals to achieve compression was proposed. Compared to the recognized schemata, it outperformed the others in terms of compression efficiency and distortion, and achieved at least 2x of CR at a certain PRD or RMSE for ECG signals from the MIT-BIH database. To enable automated AF diagnosis/screening in the proposed system, a ResNet-based AF detector was developed. For the ECG records from the 2017 PhysioNet CinC challenge, this AF detector obtained an average testing F1=85.10% and a best testing F1=87.31%, outperforming the state-of-the-art

Congestion control mechanism for sensor-cloud Infrastructure

&nbsp;This thesis has developed a sensor-Cloud system that integrates WBANs with Cloud computing to enable real-time sensor data collection, storage, processing, sharing and management. As the main contribution of this study, a congestion detection and control protocol is proposed to ensure acceptable data flows are maintained during the network lifetime

Assurance of Energy Efficiency and Data Security for ECG Transmission in BASNs

With the technological advancement in body area sensor networks (BASNs), low cost high quality electrocardiographic (ECG) diagnosis systems have become important equipment for healthcare service providers. However, energy consumption and data security with ECG systems in BASNs are still two major challenges to tackle. In this study, we investigate the properties of compressed ECG data for energy saving as an effort to devise a selective encryption mechanism and a two-rate unequal error protection (UEP) scheme. The proposed selective encryption mechanism provides a simple and yet effective security solution for an ECG sensor-based communication platform, where only one percent of data is encrypted without compromising ECG data security. This part of the encrypted data is essential to ECG data quality due to its unequally important contribution to distortion reduction. The two-rate UEP scheme achieves a significant additional energy saving due to its unequal investment of communication energy to the outcomes of the selective encryption, and thus, it maintains a high ECG data transmission quality. Our results show the improvements in communication energy saving of about 40%, and demonstrate a higher transmission quality and security measured in terms of wavelet-based weighted percent root-mean-squared difference