Fog Computing in Medical Internet-of-Things: Architecture, Implementation, and Applications

In the era when the market segment of Internet of Things (IoT) tops the chart in various business reports, it is apparently envisioned that the field of medicine expects to gain a large benefit from the explosion of wearables and internet-connected sensors that surround us to acquire and communicate unprecedented data on symptoms, medication, food intake, and daily-life activities impacting one's health and wellness. However, IoT-driven healthcare would have to overcome many barriers, such as: 1) There is an increasing demand for data storage on cloud servers where the analysis of the medical big data becomes increasingly complex, 2) The data, when communicated, are vulnerable to security and privacy issues, 3) The communication of the continuously collected data is not only costly but also energy hungry, 4) Operating and maintaining the sensors directly from the cloud servers are non-trial tasks. This book chapter defined Fog Computing in the context of medical IoT. Conceptually, Fog Computing is a service-oriented intermediate layer in IoT, providing the interfaces between the sensors and cloud servers for facilitating connectivity, data transfer, and queryable local database. The centerpiece of Fog computing is a low-power, intelligent, wireless, embedded computing node that carries out signal conditioning and data analytics on raw data collected from wearables or other medical sensors and offers efficient means to serve telehealth interventions. We implemented and tested an fog computing system using the Intel Edison and Raspberry Pi that allows acquisition, computing, storage and communication of the various medical data such as pathological speech data of individuals with speech disorders, Phonocardiogram (PCG) signal for heart rate estimation, and Electrocardiogram (ECG)-based Q, R, S detection.Comment: 29 pages, 30 figures, 5 tables. Keywords: Big Data, Body Area Network, Body Sensor Network, Edge Computing, Fog Computing, Medical Cyberphysical Systems, Medical Internet-of-Things, Telecare, Tele-treatment, Wearable Devices, Chapter in Handbook of Large-Scale Distributed Computing in Smart Healthcare (2017), Springe

Effective Identity Management on Mobile Devices Using Multi-Sensor Measurements

Due to the dramatic increase in popularity of mobile devices in the past decade, sensitive user information is stored and accessed on these devices every day. Securing sensitive data stored and accessed from mobile devices, makes user-identity management a problem of paramount importance. The tension between security and usability renders the task of user-identity verification on mobile devices challenging. Meanwhile, an appropriate identity management approach is missing since most existing technologies for user-identity verification are either one-shot user verification or only work in restricted controlled environments. To solve the aforementioned problems, we investigated and sought approaches from the sensor data generated by human-mobile interactions. The data are collected from the on-board sensors, including voice data from microphone, acceleration data from accelerometer, angular acceleration data from gyroscope, magnetic force data from magnetometer, and multi-touch gesture input data from touchscreen. We studied the feasibility of extracting biometric and behaviour features from the on-board sensor data and how to efficiently employ the features extracted to perform user-identity verification on the smartphone device. Based on the experimental results of the single-sensor modalities, we further investigated how to integrate them with hardware such as fingerprint and Trust Zone to practically fulfill a usable identity management system for both local application and remote services control. User studies and on-device testing sessions were held for privacy and usability evaluation.Computer Science, Department o

Design a WLAN mini access point in the android platform

Mobile as a computing platform is becoming more and more popular. The amount of such devices shipped every year is growing rapidly, more than 1.2 billion in 2009. At the same time the WLAN is being widely adapted at various locations like campuses, meeting rooms, stations, etc. Currently almost all smart phones come with the support for the WLAN. However, most the mobile devices can only behavior as a client in the WLAN. It would be a remarkable feature if the mobile device is able to function as an Access Point (AP) and a modem which forwards data between the 3G network and the WLAN. Android designed for handheld devices has become a popular and powerful platform in both the industry and amateur developer community. Presently there is no WLAN AP mode supported in the Android platform, therefore it’s an interesting task for us to implement such a function. We start with studying the software AP hostapd. We set up a WLAN with hostapd running in a Ubuntu Linux platform, instead of a hardware AP. By doing this we figure out the elements needed to achieve the software AP functionality. Next we explore the Android building system, understand the mechanism the building system works, and learn the way add new modules that we prepare to add into the platform. With these basics we take all the elements needed into Android source code hierarchy and build them into the final executables. Testing cases are given both in Ubuntu Linux platform and the Android platform. To make the user experience better we design an application in the Android platform for controlling the AP built from hostapd and other components. Through the process we have done many experiments and have gained rich experience and knowledge in the Linux operating system, Linux wireless implementation, wireless drivers, Android building system, and Android application development. Some of them are enhancement to the existing knowledge in various websites, and some are new to all the members in the development community. These are all recorded in the thesis. For the final testing we succeed in both steps. First, the peripheral stations can discover the AP in the Android platform and all stations are able to connect to it. There is no difference between connection to the AP in the Android platform and connection to a normal hardware AP device. Secondly, the data packets are successfully transmitted between stations, which means there is no barrier in the AP in the Android platform for providing data service. From the view of networking layering, we conclude that we succeed in both link layer and application layer

Security attacks taxonomy on bring your own devices (BYOD) model

Mobile devices, specifically smartphones, have become ubiquitous. For this reason, businesses are starting to develop “Bring Your Own Device” policies to allow their employees to use their owned devices in the workplace. BYOD offers many potential advantages: enhanced productivity, increased revenues, reduced mobile costs and IT efficiencies. However, due to emerging attacks and limitations on device resources, it is difficult to trust these devices with access to critical proprietary information. Therefore, in this paper, the potential attacks of BYOD and taxonomy of BYOD attacks are presented. Advanced persistent threat (APT) and malware attack are discussed in depth in this paper. Next, the proposed solution to mitigate the attacks of BYOD is discussed. Lastly, the evaluations of the proposed solutions based on the X. 800 security architecture are presented

FINE-GRAINED ACCESS CONTROL ON ANDROID COMPONENT

The pervasiveness of Android devices in today’s interconnected world emphasizes the importance of mobile security in protecting user privacy and digital assets. Android’s current security model primarily enforces application-level mechanisms, which fail to address component-level (e.g., Activity, Service, and Content Provider) security concerns. Consequently, third-party code may exploit an application’s permissions, and security features like MDM or BYOD face limitations in their implementation. To address these concerns, we propose a novel Android component context-aware access control mechanism that enforces layered security at multiple Exception Levels (ELs), including EL0, EL1, and EL3. This approach effectively restricts component privileges and controls resource access as needed. Our solution comprises Flasa at EL0, extending SELinux policies for inter-component interactions and SQLite content control; Compac, spanning EL0 and EL1, which enforces component-level permission controls through Android runtime and kernel modifications; and TzNfc, leveraging TrustZone technologies to secure third-party services and limit system privileges via Trusted Execution Environment (TEE). Our evaluations demonstrate the effectiveness of our proposed solution in containing component privileges, controlling inter-component interactions and protecting component level resource access. This enhanced solution, complementing Android’s existing security architecture, provides a more comprehensive approach to Android security, benefiting users, developers, and the broader mobile ecosystem