A Cloud-based Healthcare Framework for Security and Patients’ Data Privacy Using Wireless Body Area Networks

AbstractThe recent developments in remote healthcare systems have witnessed significant interests from IT industry (Microsoft, Google, VMware etc) that provide ubiquitous and easily deployable healthcare systems. These systems provide a platform to share medical information, applications, and infrastructure in a ubiquitous and fully automated manner. Communication security and patients’ data privacy are the aspects that would increase the confidence of users in such remote healthcare systems. This paper presents a secure cloud-based mobile healthcare framework using wireless body area networks (WBANs). The research work presented here is twofold: first, it attempts to secure the inter-sensor communication by multi-biometric based key generation scheme in WBANs; and secondly, the electronic medical records (EMRs) are securely stored in the hospital community cloud and privacy of the patients’ data is preserved. The evaluation and analysis shows that the proposed multi-biometric based mechanism provides significant security measures due to its highly efficient key generation mechanism

Balancing Security and Utility in Medical Devices?

ABSTRACT Implantable Medical Devices (IMDs) are being embedded increasingly often in patients' bodies to monitor and help treat medical conditions. To facilitate monitoring and control, IMDs are often equipped with wireless interfaces. While convenient, wireless connectivity raises the risk of malicious access to an IMD that can potentially infringe patients' privacy and even endanger their lives. Thus, while ease of access to IMDs can be vital for timely medical intervention, too much ease is dangerous. Obvious approaches, such as passwords and certificates, are unworkable at large scale given the lack of central authorities and frequent emergencies in medical settings. Additionally, IMDs are heavily constrained in their power consumption and computational capabilities. Designing access-control mechanisms for IMDs that can meet the many constraints of real-world deployment is an important research challenge. In this paper, we review proposed approaches to the accesscontrol problem for IMDs, including the problem of secure pairing (and key distribution) between an IMD and another device, such as a programmer. (We also treat related technologies, such as bodyarea networks.) We describe some limitations of well-conceived proposals and reveal security weaknesses in two proposed cryptographic pairing schemes. Our intention is to stimulate yet more inventive and rigorous research in the intriguing and challenging areas of IMD security and medical-device security in general

Sok: Security and privacy in implantable medical devices and body area networks.

Abstract-Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and identify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required