A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

Monitorování hrozeb Wi-Fi sítí za pomocí honeypot

The increase in the use of mobile devices and IoT have made wireless technologies to become a significant part of our life today to access information from anywhere and anytime mainly due to ease of use, improved mobility, freedom and flexibility. The greatly evolving 802.11 wireless standard has also brought about security issues. The wireless networks face attacks and intrusion attempts that are different than that of a wired network. This thesis aims to implement a modern honeypot for the wireless network to understand the state of wireless hacking in the real-world and in a controlled environment. The results will be subsequently analysed to determine the threats and attacks faced by the devices in the wireless network and will also compare the existing countermeasures that would reduce or eliminate these attacks.Nárůst využívání mobilních zařízení a internetu věcí způsobil, že bezdrátové technologie se dnes staly významnou součástí našeho života pro přístup k informacím odkudkoli a kdykoli a to převážně díky snadnému použití, lepší mobilitě, volnosti a flexibilitě. Vyvoj v oblasti bezdrátového standardu 802.11 však sebou nese také problémy se zabezpečením. Bezdrátové sítě čelí útokům a pokusům o narušení, které jsou jiné než u kabelových sítí. Tato práce si klade za cíl implementovat moderní honeypot pro bezdrátovou síť k pochopení současných metod pro vedení útoků na bezdrátové sítě a to jednak v reálném světě a v laboratorním prostředí. Výsledky budou následně analyzovány, aby se určily hrozby a útoky, kterým čelí zařízení v bezdrátových sítích, a budou uvedeny také protiopatření, která jsou vhodná pro minimalizaci a eliminaci uvedených hrozeb.460 - Katedra informatikyvelmi dobř

Access control and availability aspects using wireless solutions based on IEEE 802.11 technologies, providing access to classified networks

Wireless networking is among the fastest growing trends in technology. For military objectives wireless networks are effective and flexible ways of communicating, and important elements in operating quick, accurate and independent. Over the last year’s commercial technology, based on the wireless IEEE 802.11 standard has grown to be low-cost products offering cheap and easy ways to establish rapid communication services. For all that, lacking elements of security, increased availability, weak mechanisms and capabilities in order to protect and safeguard private wireless networking, concerns costumers which require high assurance communication facilities. To comply with physical security, high-end wireless security requirements and protection mechanisms are required to fully ensure the wireless environment and control the enterprise. Wireless networks has not been considered secure enough to be implemented as part of high assurance communication systems which have access to classified information networks. This thesis considers security aspects of wireless networking related to access control and availability, which means that a wide range of security issues will be discussed. Based on availability, the thesis will focus on requirements and mechanisms related to authentication, confidentiality, integrity and authenticity. The thesis has indicated through two problem scenarios that high-end requirements signifies complexity and that security mechanisms must be implemented through adoption and adjustment of the available security protocols IEEE 802.1X and IEEE 802.11i. Still, the thesis has shown that security protocols such as IEEE 802.1X and 802.11i does not solve all security problems. Additional wireless protection systems are required to supervise and control state security in order to protect the wireless network environment. In addition, network-layer security is required to oblige end-to-end security control. The conclusion brings security in wireless network into comprehensive challenges that require fully control to analyze data and operations to consolidate the wireless environment. Considering wireless protection systems which operate as integrated parts of high assurance wireless system, the thesis has investigated mechanisms and ways to actively protect the wireless network environment. The thesis has shown that wireless monitor and honeypot networks introduce potential solutions to meet availability aspects in turns of automatic detection, protection and preventio

Optimisation of Traffic Steering for Heterogeneous Mobile Networks

Mobile networks have changed from circuit switched to IP-based mobile wireless packet switched networks. This paradigm shift led to new possibilities and challenges. The development of new capabilities based on IP-based networks is ongoing and raises new problems that have to be tackled, for example, the heterogeneity of current radio access networks and the wide range of data rates, coupled with user requirements and behaviour. A typical example of this shift is the nature of traffic, which is currently mostly data-based; further, forecasts based on market and usage trends indicate a data traffic increase of nearly 11 times between 2013 and 2018. The majority of this data traffic is predicted to be multimedia traffic, such as video streaming and live video streaming combined with voice traffic, all prone to delay, jitter, and packet loss and demanding high data rates and a high Quality of Service (QoS) to enable the provision of valuable service to the end-user. While the demands on the network are increasing, the end-user devices become more mobile and end-user demand for the capability of being always on, anytime and anywhere. The combination of end-user devices mobility, the required services, and the significant traffic loads generated by all the end-users leads to a pressing demand for adequate measures to enable the fulfilment of these requirements. The aim of this research is to propose an architecture which provides smart, intelligent and per end-user device individualised traffic steering for heterogeneous mobile networks to cope with the traffic volume and to fulfil the new requirements on QoS, mobility, and real-time capabilities. The proposed architecture provides traffic steering mechanisms based on individual context data per end-user device enabling the generation of individual commands and recommendations. In order to provide valuable services for the end-user, the commands and recommendations are distributed to the end-user devices in real-time. The proposed architecture does not require any proprietary protocols to facilitate its integration into the existing network infrastructure of a mobile network operator. The proposed architecture has been evaluated through a number of use cases. A proof-of-concept of the proposed architecture, including its core functionality, was implemented using the ns-3 network simulator. The simulation results have shown that the proposed architecture achieves improvements for traffic steering including traffic offload and handover. Further use cases have demonstrated that it is possible to achieve benefits in multiple other areas, such as for example improving the energy efficiency, improving frequency interference management, and providing additional or more accurate data to 3rd party to improve their services

Toward Authentication Mechanisms for Wi-Fi Mesh Networks

>Magister Scientiae - MScWi-Fi authentication mechanisms include central authentication, dynamic and distributed authentication and some encryption methods. Most of the existing authentication methods were designed for single-hop networks, as opposed to multihop Wi-Fi mesh networks. This research endeavors to characterize and compare existing Wi-Fi authentication mechanisms to find the best secure connection mechanism associated with Wi-Fi mesh network fragmentation and distributed authentication. The methodology is experimental and empirical, based on actual network testing. This thesis characterizes five different types of Wrt54gl firmware, three types of Wi-Fi routing protocols, and besides the eight Wi-Fi mesh network authentication protocols related to this research, it also characterizes and compares 14 existing authentication protocols. Most existing authentication protocols are not applicable to Wi-Fi mesh networks since they are based on Layer 2 of the OSI model and are not designed for Wi-Fi mesh networks. We propose using TincVPN which provides distributed authentication, fragmentation, and can provide secure connections for backbone Wi-Fi mesh networks

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

MedLAN: Compact mobile computing system for wireless information access in emergency hospital wards

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.As the need for faster, safer and more efficient healthcare delivery increases, medical consultants seek new ways of implementing a high quality telemedical system, using innovative technology. Until today, teleconsultation (the most common application of Telemedicine) was performed by transferring the patient from the Accidents and Emergency ward, to a specially equipped room, or by moving large and heavy machinery to the place where the patient resided. Both these solutions were unpractical, uneconomical and potentially dangerous. At the same time wireless networks became increasingly useful in point-of-care areas such as hospitals, because of their ease of use, low cost of installation and increased flexibility. This thesis presents an integrated system called MedLAN dedicated for use inside the A&E hospital wards. Its purpose is to wirelessly support high-quality live video, audio, high-resolution still images and networks support from anywhere there is WLAN coverage. It is capable of transmitting all of the above to a consultant residing either inside or outside the hospital, or even to an external place, thorough the use of the Internet. To implement that, it makes use of the existing IEEE 802.11b wireless technology. Initially, this thesis demonstrates that for specific scenarios (such as when using WLANs), DICOM specifications should be adjusted to accommodate for the reduced WLAN bandwidth. Near lossless compression has been used to send still images through the WLANs and the results have been evaluated by a number of consultants to decide whether they retain their diagnostic value. The thesis further suggests improvements on the existing 802.11b protocol. In particular, as the typical hospital environment suffers from heavy RF reflections, it suggests that an alternative method of modulation (OFDM) can be embedded in the 802.11b hardware to reduce the multipath effect, increase the throughput and thus the video quality sent by the MedLAN system. Finally, realising that the trust between a patient and a doctor is fundamental this thesis proposes a series of simple actions aiming at securing the MedLAN system. Additionally, a concrete security system is suggested, that encapsulates the existing WEP security protocol, over IPSec