50 research outputs found
Towards end-to-end security in internet of things based healthcare
Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system.
The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions.
The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely.
The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices.
The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation.
The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer.
Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system
Security and privacy services based on biosignals for implantable and wearable device
Mención Internacional en el título de doctorThe proliferation of wearable and implantable medical devices has given rise to an interest in developing security schemes suitable for these devices and the environment in which they operate. One area that has received much attention lately is the use of (human) biological signals as the basis for biometric authentication, identification and the generation of cryptographic keys. More concretely, in this dissertation we use the Electrocardiogram (ECG) to extract some fiducial points which are later used on crytographic protocols. The fiducial points are used to describe the points of interest which can be extracted from biological signals. Some examples of fiducials points of the ECG are P-wave, QRS complex,T-wave, R peaks or the RR-time-interval. In particular, we focus on the time difference between two consecutive heartbeats (R-peaks). These time intervals are referred to as Inter-Pulse Intervals (IPIs) and have been proven to contain entropy after applying some signal processing algorithms. This process is known as quantization algorithm. Theentropy that the heart signal has makes the ECG values an ideal candidate to generate tokens to be used on security protocols. Most of the proposed solutions in the literature rely on some questionable assumptions. For instance, it is commonly assumed that it possible to generate the same cryptographic token in at least two different devices that are sensing the same signal using the IPI of each cardiac signal without applying any synchronization algorithm; authors typically only measure the entropy of the LSB to determine whether the generated cryptographic values are random or not; authors usually pick the four LSBs assuming they are the best ones to create the best cryptographic tokens; the datasets used in these works are rather small and, therefore, possibly not significant enough, or; in general it is impossible to reproduce the experiments carried out by other researchers because the source code of such experiments is not usually available. In this Thesis, we overcome these weaknesses trying to systematically address most of the open research questions. That is why, in all the experiments carried out during this research we used a public database called PhysioNet which is available on Internet and stores a huge heart database named PhysioBank. This repository is constantly being up dated by medical researchers who share the sensitive information about patients and it also offers an open source software named PhysioToolkit which can be used to read and display these signals. All datasets we used contain ECG records obtained from a variety of real subjects with different heart-related pathologies as well as healthy people. The first chapter of this dissertation (Chapter 1) is entirely dedicated to present the research questions, introduce the main concepts used all along this document as well as settle down some medical and cryptographic definitions. Finally, the objectives that this dissertation tackles down are described together with the main motivations for this Thesis. In Chapter 2 we report the results of a large-scale statistical study to determine if heart signal is a good source of entropy. For this, we analyze 19 public datasets of heart signals from the Physionet repository, spanning electrocardiograms from multiple subjects sampled at different frequencies and lengths. We then apply both ENT and NIST STS standard battery of randomness tests to the extracted IPIs. The results we obtain through the analysis, clearly show that a short burst of bits derived from an ECG record may seem random, but large files derived from long ECG records should not be used for security purposes. In Chapter3, we carry out an análisis to check whether it is reasonable or not the assumption that two different sensors can generate the same cryptographic token. We systematically check if two sensors can agree on the same token without sharing any type of information. Similarly to other proposals, we include ECC algorithms like BCH to the token generation. We conclude that a fuzzy extractor (or another error correction technique) is not enough to correct the synchronization errors between the IPI values derived from two ECG signals captured via two sensors placed on different positions. We demonstrate that a pre-processing of the heart signal must be performed before the fuzzy extractor is applied. Going one step forward and, in order to generate the same token on different sensors, we propose a synchronization algorithm. To do so, we include a runtimemonitoralgorithm. Afterapplyingourproposedsolution,werun again the experiments with 19 public databases from the PhysioNet repository. The only constraint to pick those databases was that they need at least two measurements of heart signals (ECG1 and ECG2). As a conclusion, running the experiments, the same token can be dexix
rived on different sensors in most of the tested databases if and only if a pre-processing of the heart signal is performed before extracting the tokens. In Chapter 4, we analyze the entropy of the tokens extracted from a heart signal according to the NISTSTS recommendation (i.e.,SP80090B Recommendation for the Entropy Sources Used for Random Bit Generation). We downloaded 19 databases from the Physionet public repository and analyze, in terms of min-entropy, more than 160,000 files. Finally, we propose other combinations for extracting tokens by taking 2, 3, 4 and 5 bits different than the usual four LSBs. Also, we demonstrate that the four LSB are not the best bits to be used in cryptographic applications. We offer other alternative combinations for two (e.g., 87), three (e.g., 638), four (e.g., 2638) and five (e.g., 23758) bits which are, in general, much better than taking the four LSBs from the entropy point of view. Finally, the last Chapter of this dissertation (Chapter 5) summarizes the main conclusions arisen from this PhD Thesis and introduces some open questions.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alis.- Vocal: Jesús García López de la Call
Muscle activity-driven green-oriented random number generation mechanism to secure WBSN wearable device communications
Wireless body sensor networks (WBSNs) mostly consist of low-cost sensor nodes and implanted devices which generally have extremely limited capability of computations and energy capabilities. Hence, traditional security protocols and privacy enhancing technologies are not applicable to the WBSNs since their computations and cryptographic primitives are normally exceedingly complicated. Nowadays, mobile wearable and wireless muscle-computer interfaces have been integrated with the WBSN sensors for various applications such as rehabilitation, sports, entertainment, and healthcare. In this paper, we propose MGRNG, a novel muscle activity-driven green-oriented random number generation mechanism which uses the human muscle activity as green energy resource to generate random numbers (RNs). The RNs can be used to enhance the privacy of wearable device communications and secure WBSNs for rehabilitation purposes. The method was tested on 10 healthy subjects as well as 5 amputee subjects with 105 segments of simultaneously recorded surface electromyography signals from their forearm muscles. The proposed MGRNG requires only one second to generate a 128-bit RN, which is much more efficient when compared to the electrocardiography-based RN generation algorithms. Experimental results show that the RNs generated from human muscle activity signals can pass the entropy test and the NIST random test and thus can be used to secure the WBSN nodes
Cybersecurity in implantable medical devices
Mención Internacional en el título de doctorImplantable Medical Devices (IMDs) are electronic devices implanted within
the body to treat a medical condition, monitor the state or improve the
functioning of some body part, or just to provide the patient with a capability
that he did not possess before [86]. Current examples of IMDs
include pacemakers and defibrillators to monitor and treat cardiac conditions;
neurostimulators for deep brain stimulation in cases such as epilepsy
or Parkinson; drug delivery systems in the form of infusion pumps; and a
variety of biosensors to acquire and process different biosignals.
Some of the newest IMDs have started to incorporate numerous communication
and networking functions—usually known as “telemetry”—,
as well as increasingly more sophisticated computing capabilities. This
has provided implants with more intelligence and patients with more autonomy,
as medical personnel can access data and reconfigure the implant
remotely (i.e., without the patient being physically present in medical facilities).
Apart from a significant cost reduction, telemetry and computing
capabilities also allow healthcare providers to constantly monitor the patient’s
condition and to develop new diagnostic techniques based on an
Intra Body Network (IBN) of medical devices [25, 26, 201].
Evolving from a mere electromechanical IMD to one with more advanced
computing and communication capabilities has many benefits but
also entails numerous security and privacy risks for the patient. The majority
of such risks are relatively well known in classical computing scenarios,
though in many respects their repercussions are far more critical in the case
of implants. Attacks against an IMD can put at risk the safety of the patient
who carries it, with fatal consequences in certain cases. Causing an intentional
malfunction of an implant can lead to death and, as recognized by the
U.S. Food and Drug Administration (FDA), such deliberate attacks could
be far more difficult to detect than accidental ones [61]. Furthermore, these
devices store and transmit very sensitive medical information that requires
protection, as dictated by European (e.g., Directive 95/46/ECC) and U.S.
(e.g., CFR 164.312) Directives [94, 204].
The wireless communication capabilities present in many modern IMDs
are a major source of security risks, particularly while the patient is in open
(i.e., non-medical) environments. To begin with, the implant becomes no
longer “invisible”, as its presence could be remotely detected [48]. Furthermore,
it facilitates the access to transmitted data by eavesdroppers who
simply listen to the (insecure) channel [83]. This could result in a major privacy breach, as IMDs store sensitive information such as vital signals,
diagnosed conditions, therapies, and a variety of personal data (e.g., birth
date, name, and other medically relevant identifiers). A vulnerable communication
channel also makes it easier to attack the implant in ways similar
to those used against more common computing devices [118, 129, 156],
i.e., by forging, altering, or replying previously captured messages [82].
This could potentially allow an adversary to monitor and modify the implant
without necessarily being close to the victim [164]. In this regard,
the concerns of former U.S. vice-president Dick Cheney constitute an excellent
example: he had his Implantable Cardioverter Defibrillator (ICD)
replaced by another without WiFi capability [219].
While there are still no known real-world incidents, several attacks on
IMDs have been successfully demonstrated in the lab [83, 133, 143]. These
attacks have shown how an adversary can disable or reprogram therapies
on an ICD with wireless connectivity, and even inducing a shock state to
the patient [65]. Other attacks deplete the battery and render the device
inoperative [91], which often implies that the patient must undergo a surgical
procedure to have the IMD replaced. Moreover, in the case of cardiac
implants, they have a switch that can be turned off merely by applying a
magnetic field [149]. The existence of this mechanism is motivated by the
need to shield ICDs to electromagnetic fields, for instance when the patient
undergoes cardiac surgery using electrocautery devices [47]. However, this
could be easily exploited by an attacker, since activating such a primitive
mechanism does not require any kind of authentication.
In order to prevent attacks, it is imperative that the new generation of
IMDs will be equipped with strong mechanisms guaranteeing basic security
properties such as confidentiality, integrity, and availability. For example,
mutual authentication between the IMD and medical personnel is
essential, as both parties must be confident that the other end is who claims
to be. In the case of the IMD, only commands coming from authenticated
parties should be considered, while medical personnel should not trust any
message claiming to come from the IMD unless sufficient guarantees are
given.
Preserving the confidentiality of the information stored in and transmitted
by the IMD is another mandatory aspect. The device must implement
appropriate security policies that restrict what entities can reconfigure the
IMD or get access to the information stored in it, ensuring that only authorized
operations are executed. Similarly, security mechanisms have to
be implemented to protect the content of messages exchanged through an insecure wireless channel.
Integrity protection is equally important to ensure that information has
not been modified in transit. For example, if the information sent by the
implant to the Programmer is altered, the doctor might make a wrong decision.
Conversely, if a command sent to the implant is forged, modified,
or simply contains errors, its execution could result in a compromise of the
patient’s physical integrity.
Technical security mechanisms should be incorporated in the design
phase and complemented with appropriate legal and administrative measures.
Current legislation is rather permissive in this regard, allowing the
use of implants like ICDs that do not incorporate any security mechanisms.
Regulatory authorities like the FDA in the U.S or the EMA (European
Medicines Agency) in Europe should promote metrics and frameworks for
assessing the security of IMDs. These assessments should be mandatory
by law, requiring an adequate security level for an implant before approving
its use. Moreover, both the security measures supported on each IMD
and the security assessment results should be made public.
Prudent engineering practices well known in the safety and security domains
should be followed in the design of IMDs. If hardware errors are
detected, it often entails a replacement of the implant, with the associated
risks linked to a surgery. One of the main sources of failure when treating
or monitoring a patient is precisely malfunctions of the device itself.
These failures are known as “recalls” or “advisories”, and it is estimated
that they affect around 2.6% of patients carrying an implant. Furthermore,
the software running on the device should strictly support the functionalities
required to perform the medical and operational tasks for what it was
designed, and no more [66, 134, 213].
In Chapter 1, we present a survey of security and privacy issues in
IMDs, discuss the most relevant mechanisms proposed to address these
challenges, and analyze their suitability, advantages, and main drawbacks.
In Chapter 2, we show how the use of highly compressed electrocardiogram
(ECG) signals (only 24 coefficients of Hadamard Transform) is enough
to unequivocally identify individuals with a high performance (classification
accuracy of 97% and with identification system errors in the order of
10−2). In Chapter 3 we introduce a new Continuous Authentication scheme
that, contrarily to previous works in this area, considers ECG signals as
continuous data streams. The proposed ECG-based CA system is intended
for real-time applications and is able to offer an accuracy up to 96%, with
an almost perfect system performance (kappa statistic > 80%). In Chapter 4, we propose a distance bounding protocol to manage access control of
IMDs: ACIMD. ACIMD combines two features namely identity verification
(authentication) and proximity verification (distance checking). The
authentication mechanism we developed conforms to the ISO/IEC 9798-2
standard and is performed using the whole ECG signal of a device holder,
which is hardly replicable by a distant attacker. We evaluate the performance
of ACIMD using ECG signals of 199 individuals over 24 hours,
considering three adversary strategies. Results show that an accuracy of
87.07% in authentication can be achieved. Finally, in Chapter 5 we extract
some conclusions and summarize the published works (i.e., scientific
journals with high impact factor and prestigious international conferences).Los Dispositivos Médicos Implantables (DMIs) son dispositivos electrónicos
implantados dentro del cuerpo para tratar una enfermedad, controlar
el estado o mejorar el funcionamiento de alguna parte del cuerpo, o simplemente
para proporcionar al paciente una capacidad que no poseía antes
[86]. Ejemplos actuales de DMI incluyen marcapasos y desfibriladores
para monitorear y tratar afecciones cardíacas; neuroestimuladores para la
estimulación cerebral profunda en casos como la epilepsia o el Parkinson;
sistemas de administración de fármacos en forma de bombas de infusión; y
una variedad de biosensores para adquirir y procesar diferentes bioseñales.
Los DMIs más modernos han comenzado a incorporar numerosas funciones
de comunicación y redes (generalmente conocidas como telemetría)
así como capacidades de computación cada vez más sofisticadas. Esto
ha propiciado implantes con mayor inteligencia y pacientes con más autonomía,
ya que el personal médico puede acceder a los datos y reconfigurar
el implante de forma remota (es decir, sin que el paciente esté
físicamente presente en las instalaciones médicas). Aparte de una importante
reducción de costos, las capacidades de telemetría y cómputo también
permiten a los profesionales de la atención médica monitorear constantemente
la condición del paciente y desarrollar nuevas técnicas de diagnóstico
basadas en una Intra Body Network (IBN) de dispositivos médicos
[25, 26, 201].
Evolucionar desde un DMI electromecánico a uno con capacidades de
cómputo y de comunicación más avanzadas tiene muchos beneficios pero
también conlleva numerosos riesgos de seguridad y privacidad para el paciente.
La mayoría de estos riesgos son relativamente bien conocidos en los
escenarios clásicos de comunicaciones entre dispositivos, aunque en muchos
aspectos sus repercusiones son mucho más críticas en el caso de los
implantes. Los ataques contra un DMI pueden poner en riesgo la seguridad
del paciente que lo porta, con consecuencias fatales en ciertos casos.
Causar un mal funcionamiento intencionado en un implante puede causar
la muerte y, tal como lo reconoce la Food and Drug Administration (FDA)
de EE.UU, tales ataques deliberados podrían ser mucho más difíciles de
detectar que los ataques accidentales [61]. Además, estos dispositivos almacenan
y transmiten información médica muy delicada que requiere se
protegida, según lo dictado por las directivas europeas (por ejemplo, la Directiva 95/46/ECC) y estadunidenses (por ejemplo, la Directiva CFR
164.312) [94, 204].
Si bien todavía no se conocen incidentes reales, se han demostrado con
éxito varios ataques contra DMIs en el laboratorio [83, 133, 143]. Estos
ataques han demostrado cómo un adversario puede desactivar o reprogramar
terapias en un marcapasos con conectividad inalámbrica e incluso
inducir un estado de shock al paciente [65]. Otros ataques agotan
la batería y dejan al dispositivo inoperativo [91], lo que a menudo implica
que el paciente deba someterse a un procedimiento quirúrgico para reemplazar
la batería del DMI. Además, en el caso de los implantes cardíacos,
tienen un interruptor cuya posición de desconexión se consigue simplemente
aplicando un campo magnético intenso [149]. La existencia de este
mecanismo está motivada por la necesidad de proteger a los DMIs frete
a posibles campos electromagnéticos, por ejemplo, cuando el paciente se
somete a una cirugía cardíaca usando dispositivos de electrocauterización
[47]. Sin embargo, esto podría ser explotado fácilmente por un atacante,
ya que la activación de dicho mecanismo primitivo no requiere ningún tipo
de autenticación.
Garantizar la confidencialidad de la información almacenada y transmitida
por el DMI es otro aspecto obligatorio. El dispositivo debe implementar
políticas de seguridad apropiadas que restrinjan qué entidades
pueden reconfigurar el DMI o acceder a la información almacenada en él,
asegurando que sólo se ejecuten las operaciones autorizadas. De la misma
manera, mecanismos de seguridad deben ser implementados para proteger
el contenido de los mensajes intercambiados a través de un canal inalámbrico
no seguro.
La protección de la integridad es igualmente importante para garantizar
que la información no se haya modificado durante el tránsito. Por ejemplo,
si la información enviada por el implante al programador se altera, el
médico podría tomar una decisión equivocada. Por el contrario, si un comando
enviado al implante se falsifica, modifica o simplemente contiene
errores, su ejecución podría comprometer la integridad física del paciente.
Los mecanismos de seguridad deberían incorporarse en la fase de diseño
y complementarse con medidas legales y administrativas apropiadas.
La legislación actual es bastante permisiva a este respecto, lo que permite
el uso de implantes como marcapasos que no incorporen ningún mecanismo
de seguridad. Las autoridades reguladoras como la FDA en los Estados
Unidos o la EMA (Agencia Europea de Medicamentos) en Europa deberían
promover métricas y marcos para evaluar la seguridad de los DMIs.
Estas evaluaciones deberían ser obligatorias por ley, requiriendo un nivel
de seguridad adecuado para un implante antes de aprobar su uso. Además,
tanto las medidas de seguridad implementadas en cada DMI como los resultados
de la evaluación de su seguridad deberían hacerse públicos.
Buenas prácticas de ingeniería en los dominios de la protección y la
seguridad deberían seguirse en el diseño de los DMIs. Si se detectan errores
de hardware, a menudo esto implica un reemplazo del implante, con
los riesgos asociados y vinculados a una cirugía. Una de las principales
fuentes de fallo al tratar o monitorear a un paciente es precisamente el
mal funcionamiento del dispositivo. Estos fallos se conocen como “retiradas”,
y se estima que afectan a aproximadamente el 2,6 % de los pacientes
que llevan un implante. Además, el software que se ejecuta en el
dispositivo debe soportar estrictamente las funcionalidades requeridas para
realizar las tareas médicas y operativas para las que fue diseñado, y no más
[66, 134, 213].
En el Capítulo 1, presentamos un estado de la cuestión sobre cuestiones
de seguridad y privacidad en DMIs, discutimos los mecanismos más relevantes
propuestos para abordar estos desafíos y analizamos su idoneidad,
ventajas y principales inconvenientes. En el Capítulo 2, mostramos
cómo el uso de señales electrocardiográficas (ECGs) altamente comprimidas
(sólo 24 coeficientes de la Transformada Hadamard) es suficiente para
identificar inequívocamente individuos con un alto rendimiento (precisión
de clasificación del 97% y errores del sistema de identificación del orden
de 10−2). En el Capítulo 3 presentamos un nuevo esquema de Autenticación
Continua (AC) que, contrariamente a los trabajos previos en esta
área, considera las señales ECG como flujos de datos continuos. El sistema
propuesto de AC basado en señales cardíacas está diseñado para aplicaciones
en tiempo real y puede ofrecer una precisión de hasta el 96%,
con un rendimiento del sistema casi perfecto (estadístico kappa > 80 %).
En el Capítulo 4, proponemos un protocolo de verificación de la distancia
para gestionar el control de acceso al DMI: ACIMD. ACIMD combina
dos características, verificación de identidad (autenticación) y verificación
de la proximidad (comprobación de la distancia). El mecanismo de autenticación
es compatible con el estándar ISO/IEC 9798-2 y se realiza utilizando
la señal ECG con todas sus ondas, lo cual es difícilmente replicable
por un atacante que se encuentre distante. Hemos evaluado el rendimiento
de ACIMD usando señales ECG de 199 individuos durante 24 horas, y
hemos considerando tres estrategias posibles para el adversario. Los resultados
muestran que se puede lograr una precisión del 87.07% en la au tenticación. Finalmente, en el Capítulo 5 extraemos algunas conclusiones
y resumimos los trabajos publicados (es decir, revistas científicas con alto
factor de impacto y conferencias internacionales prestigiosas).Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús García López de Lacall
Application of 3D delaunay triangulation in fingerprint authentication system
Biometric security has found many applications in Internet of Things (IoT) security. Many mobile devices including smart phones have supplied fingerprint authentication function. However, the authentication performance in such restricted environment has been downgraded significantly. A number of methods based on Delaunay triangulation have been proposed for minutiae-based fingerprint matching, due to some favorable properties of the Delaunay triangulation under image distortion. However, all existing methods are based on 2D pattern, of which each unit, a Delaunay triangle, can only provide limited discrimination ability and could cause low matching performance. In this paper, we propose a 3D Delaunay triangulation based fingerprint authentication system as an improvement to improve the authentication performance without adding extra sensor data. Each unit in a 3D Delaunay triangulation is a Delaunay tetrahedron, which can provide higher discrimination than a Delaunay triangle. From the experimental results it is observed that the 3D Delaunay triangulation based fingerprint authentication system outperforms the 2D based system in terms of matching performance by using same feature representation, e.g., edge. Furthermore, some issues in applying 3D Delaunay triangulation in fingerprint authentication, have been discussed and solved. To the best of our knowledge, this is the first work in literature that deploys 3D Delaunay triangulation in fingerprint authentication research
Secure Data Collection and Analysis in Smart Health Monitoring
Smart health monitoring uses real-time monitored data to support diagnosis, treatment, and health decision-making in modern smart healthcare systems and benefit our daily life. The accurate health monitoring and prompt transmission of health data are facilitated by the ever-evolving on-body sensors, wireless communication technologies, and wireless sensing techniques. Although the users have witnessed the convenience of smart health monitoring, severe privacy and security concerns on the valuable and sensitive collected data come along with the merit. The data collection, transmission, and analysis are vulnerable to various attacks, e.g., eavesdropping, due to the open nature of wireless media, the resource constraints of sensing devices, and the lack of security protocols. These deficiencies not only make conventional cryptographic methods not applicable in smart health monitoring but also put many obstacles in the path of designing privacy protection mechanisms.
In this dissertation, we design dedicated schemes to achieve secure data collection and analysis in smart health monitoring. The first two works propose two robust and secure authentication schemes based on Electrocardiogram (ECG), which outperform traditional user identity authentication schemes in health monitoring, to restrict the access to collected data to legitimate users. To improve the practicality of ECG-based authentication, we address the nonuniformity and sensitivity of ECG signals, as well as the noise contamination issue. The next work investigates an extended authentication goal, denoted as wearable-user pair authentication. It simultaneously authenticates the user identity and device identity to provide further protection. We exploit the uniqueness of the interference between different wireless protocols, which is common in health monitoring due to devices\u27 varying sensing and transmission demands, and design a wearable-user pair authentication scheme based on the interference. However, the harm of this interference is also outstanding. Thus, in the fourth work, we use wireless human activity recognition in health monitoring as an example and analyze how this interference may jeopardize it. We identify a new attack that can produce false recognition result and discuss potential countermeasures against this attack. In the end, we move to a broader scenario and protect the statistics of distributed data reported in mobile crowd sensing, a common practice used in public health monitoring for data collection. We deploy differential privacy to enable the indistinguishability of workers\u27 locations and sensing data without the help of a trusted entity while meeting the accuracy demands of crowd sensing tasks
Recent Advances on Implantable Wireless Sensor Networks
Implantable electronic devices are undergoing a miniaturization age, becoming more efficient and yet more powerful as well. Biomedical sensors are used to monitor a multitude of physiological parameters, such as glucose levels, blood pressure and neural activity. A group of sensors working together in the human body is the main component of a body area network, which is a wireless sensor network applied to the human body. In this chapter, applications of wireless biomedical sensors are presented, along with state-of-the-art communication and powering mechanisms of these devices. Furthermore, recent integration methods that allow the sensors to become smaller and more suitable for implantation are summarized. For individual sensors to become a body area network (BAN), they must form a network and work together. Issues that must be addressed when developing these networks are detailed and, finally, mobility methods for implanted sensors are presented