Security for networked smart healthcare systems: A systematic review

Background and Objectives Smart healthcare systems use technologies such as wearable devices, Internet of Medical Things and mobile internet technologies to dynamically access health information, connect patients to health professionals and health institutions, and to actively manage and respond intelligently to the medical ecosystem's needs. However, smart healthcare systems are affected by many challenges in their implementation and maintenance. Key among these are ensuring the security and privacy of patient health information. To address this challenge, several mitigation measures have been proposed and some have been implemented. Techniques that have been used include data encryption and biometric access. In addition, blockchain is an emerging security technology that is expected to address the security issues due to its distributed and decentralized architecture which is similar to that of smart healthcare systems. This study reviewed articles that identified security requirements and risks, proposed potential solutions, and explained the effectiveness of these solutions in addressing security problems in smart healthcare systems. Methods This review adhered to the Preferred Reporting Items for Systematic Reviews and Meta-analysis (PRISMA) guidelines and was framed using the Problem, Intervention, Comparator, and Outcome (PICO) approach to investigate and analyse the concepts of interest. However, the comparator is not applicable because this review focuses on the security measures available and in this case no comparable solutions were considered since the concept of smart healthcare systems is an emerging one and there are therefore, no existing security solutions that have been used before. The search strategy involved the identification of studies from several databases including the Cumulative Index of Nursing and Allied Health Literature (CINAL), Scopus, PubMed, Web of Science, Medline, Excerpta Medical database (EMBASE), Ebscohost and the Cochrane Library for articles that focused on the security for smart healthcare systems. The selection process involved removing duplicate studies, and excluding studies after reading the titles, abstracts, and full texts. Studies whose records could not be retrieved using a predefined selection criterion for inclusion and exclusion were excluded. The remaining articles were then screened for eligibility. A data extraction form was used to capture details of the screened studies after reading the full text. Of the searched databases, only three yielded results when the search strategy was applied, i.e., Scopus, Web of science and Medline, giving a total of 1742 articles. 436 duplicate studies were removed. Of the remaining articles, 801 were excluded after reading the title, after which 342 after were excluded after reading the abstract, leaving 163, of which 4 studies could not be retrieved. 159 articles were therefore screened for eligibility after reading the full text. Of these, 14 studies were included for detailed review using the formulated research questions and the PICO framework. Each of the 14 included articles presented a description of a smart healthcare system and identified the security requirements, risks and solutions to mitigate the risks. Each article also summarized the effectiveness of the proposed security solution. Results The key security requirements reported were data confidentiality, integrity and availability of data within the system, with authorisation and authentication used to support these key security requirements. The identified security risks include loss of data confidentiality due to eavesdropping in wireless communication mediums, authentication vulnerabilities in user devices and storage servers, data fabrication and message modification attacks during transmission as well as while the data is at rest in databases and other storage devices. The proposed mitigation measures included the use of biometric accessing devices; data encryption for protecting the confidentiality and integrity of data; blockchain technology to address confidentiality, integrity, and availability of data; network slicing techniques to provide isolation of patient health data in 5G mobile systems; and multi-factor authentication when accessing IoT devices, servers, and other components of the smart healthcare systems. The effectiveness of the proposed solutions was demonstrated through their ability to provide a high level of data security in smart healthcare systems. For example, proposed encryption algorithms demonstrated better energy efficiency, and improved operational speed; reduced computational overhead, better scalability, efficiency in data processing, and better ease of deployment. Conclusion This systematic review has shown that the use of blockchain technology, biometrics (fingerprints), data encryption techniques, multifactor authentication and network slicing in the case of 5G smart healthcare systems has the potential to alleviate possible security risks in smart healthcare systems. The benefits of these solutions include a high level of security and privacy for Electronic Health Records (EHRs) systems; improved speed of data transaction without the need for a decentralized third party, enabled by the use of blockchain. However, the proposed solutions do not address data protection in cases where an intruder has already accessed the system. This may be potential avenues for further research and inquiry

Efficient and Secure Key Management and Authentication Scheme for WBSNs Using CP-ABE and Consortium Blockchain

publishedVersio

Towards Security and Privacy in Networked Medical Devices and Electronic Healthcare Systems

E-health is a growing eld which utilizes wireless sensor networks to enable access to effective and efficient healthcare services and provide patient monitoring to enable early detection and treatment of health conditions. Due to the proliferation of e-health systems, security and privacy have become critical issues in preventing data falsification, unauthorized access to the system, or eavesdropping on sensitive health data. Furthermore, due to the intrinsic limitations of many wireless medical devices, including low power and limited computational resources, security and device performance can be difficult to balance. Therefore, many current networked medical devices operate without basic security services such as authentication, authorization, and encryption. In this work, we survey recent work on e-health security, including biometric approaches, proximity-based approaches, key management techniques, audit mechanisms, anomaly detection, external device methods, and lightweight encryption and key management protocols. We also survey the state-of-the art in e-health privacy, including techniques such as obfuscation, secret sharing, distributed data mining, authentication, access control, blockchain, anonymization, and cryptography. We then propose a comprehensive system model for e-health applications with consideration of battery capacity and computational ability of medical devices. A case study is presented to show that the proposed system model can support heterogeneous medical devices with varying power and resource constraints. The case study demonstrates that it is possible to signicantly reduce the overhead for security on power-constrained devices based on the proposed system model

Developing a comprehensive information security framework for mHealth: a detailed analysis

It has been clearly shown that mHealth solutions, which is the use of mobile devices and other wireless technology to provide healthcare services, deliver more patient-focused healthcare, and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the aging populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are several challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of cloud computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the cloud raises serious concerns. This paper investigates how data are managed both on mHealth devices as well as in the cloud. Firstly, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of security requirements are identified in order to develop a new information security framework. It then examines individual information security frameworks for mHealth devices and the cloud, noting similarities and differences. Furthermore, key mechanisms to implement the new framework are discussed and the new framework is then presented. Finally, the paper presents how the new framework could be implemented in order to develop an Advanced Digital Medical Platform

Developing a comprehensive information security framework for mHealth: a detailed analysis

It has been clearly shown that mHealth solutions, which is the use of mobile devices and other wireless technology to provide healthcare services, deliver more patient-focused healthcare, and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the aging populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are several challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of cloud computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the cloud raises serious concerns. This paper investigates how data are managed both on mHealth devices as well as in the cloud. Firstly, a detailed analysis of the entire mHealth domain is undertaken to determine domain-specific features and a taxonomy for mHealth, from which a set of security requirements are identified in order to develop a new information security framework. It then examines individual information security frameworks for mHealth devices and the cloud, noting similarities and differences. Furthermore, key mechanisms to implement the new framework are discussed and the new framework is then presented. Finally, the paper presents how the new framework could be implemented in order to develop an Advanced Digital Medical Platform

Performance Analysis of Blockchain-Enabled Security and Privacy Algorithms in Connected and Autonomous Vehicles: A Comprehensive Review

Strategic investment(s) in vehicle automation technologies led to the rapid development of technology that revolutionised transport services and reduced fatalities on a scale never seen before. Technological advancements and their integration in Connected Autonomous Vehicles (CAVs) increased uptake and adoption and pushed firmly for the development of highly supportive legal and regulatory and testing environments. However, systemic threats to the security and privacy of technologies and lack of data transparency have created a dynamic threat landscape within which the establishment and verification of security and privacy requirements proved to be an arduous task. In CAVs security and privacy issues can affect the resilience of these systems and hinder the safety of the passengers. Existing research efforts have been placed to investigate the security issues in CAVs and propose solutions across the whole spectrum of cyber resilience. This paper examines the state-of-the-art in security and privacy solutions for CAVs. It investigates their integration challenges, drawbacks and efficiencies when coupled with distributed technologies such as Blockchain. It has also listed different cyber-attacks being investigated while designing security and privacy mechanism for CAVs

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph