Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications

Abstract Wireless Body Area Network (WBAN) is a new trend in the technology that provides remote mechanism to monitor and collect patient's health record data using wearable sensors. It is widely recognized that a high level of system security and privacy play a key role in protecting these data when being used by the healthcare professionals and during storage to ensure that patient's records are kept safe from intruder's danger. It is therefore of great interest to discuss security and privacy issues in WBANs. In this paper, we reviewed WBAN communication architecture, security and privacy requirements and security threats and the primary challenges in WBANs to these systems based on the latest standards and publications. This paper also covers the state-of-art security measures and research in WBAN. Finally, open areas for future research and enhancements are explored

A review of Bluetooth and NFC for financial applications

Abstract: Bluetooth and near field communications (NFC) are two of the most recently emerging wireless technologies [1] [2], largely because of the integral role they play in the Internet of everything (IoE). In this paper, the security aspect is evaluated for these two wireless technologies for potential applications in financial systems. Their frame size is also analyzed. This is done by reviewing their characteristics based on the state of the art and on the standards governing their deployment. It is found that Bluetooth has good security mechanisms when compared to NFC, which requires developers to implement their own security features at application level; however, NFC’s short range and its requirement for intentional communication between devices makes it inherently secure. It is also found that NFC has a larger message size, however, the classic Bluetooth message size is not that far below that of NFC data exchange format (NDEF) short records (SR) message size

State of the art in RFID technology [in libraries]

RFID technology is beginning to be used for keeping track of traditional library materials, whether they be printed, audio-visual, CDs, DVDs, etc. RFID technology has been used for many years for identifying livestock, tagging children in theme parks in case they are separated from their guardians and for identifying equipment enclosed in boxes. Now it is being used for security and stock control in the retail world and also in the library world. The RFID chip or tag as it is called can hold substantial amount of data, which will normally include an identifier of the kind which is currently found as a barcode. Additionally it can contain data for unique identification in an inter-library loan scenario; data such as ISBN, class mark and title which can make stock control easier. The latest chips can be written to dynamically so that the data model can be updated as the state of the art in data models advances. Standards need to be developed specifically for use in the library world and appropriate ISO Committees have begun to develop these. The Danish Standards institution has published a data model and in the UK a joint Book Industry Communication / Chartered Institute of Library and Information Professionals working group has been set up to feed into any international standards work to contribute to the development of an international standard. Unfortunately it is proving difficult to getting international agreement because the Danish Standard which is in extensive use in Denmark has features which countries beginning now do not wish to implement in the same way

Trusted Artificial Intelligence in Manufacturing; Trusted Artificial Intelligence in Manufacturing

The successful deployment of AI solutions in manufacturing environments hinges on their security, safety and reliability which becomes more challenging in settings where multiple AI systems (e.g., industrial robots, robotic cells, Deep Neural Networks (DNNs)) interact as atomic systems and with humans. To guarantee the safe and reliable operation of AI systems in the shopfloor, there is a need to address many challenges in the scope of complex, heterogeneous, dynamic and unpredictable environments. Specifically, data reliability, human machine interaction, security, transparency and explainability challenges need to be addressed at the same time. Recent advances in AI research (e.g., in deep neural networks security and explainable AI (XAI) systems), coupled with novel research outcomes in the formal specification and verification of AI systems provide a sound basis for safe and reliable AI deployments in production lines. Moreover, the legal and regulatory dimension of safe and reliable AI solutions in production lines must be considered as well. To address some of the above listed challenges, fifteen European Organizations collaborate in the scope of the STAR project, a research initiative funded by the European Commission in the scope of its H2020 program (Grant Agreement Number: 956573). STAR researches, develops, and validates novel technologies that enable AI systems to acquire knowledge in order to take timely and safe decisions in dynamic and unpredictable environments. Moreover, the project researches and delivers approaches that enable AI systems to confront sophisticated adversaries and to remain robust against security attacks. This book is co-authored by the STAR consortium members and provides a review of technologies, techniques and systems for trusted, ethical, and secure AI in manufacturing. The different chapters of the book cover systems and technologies for industrial data reliability, responsible and transparent artificial intelligence systems, human centered manufacturing systems such as human-centred digital twins, cyber-defence in AI systems, simulated reality systems, human robot collaboration systems, as well as automated mobile robots for manufacturing environments. A variety of cutting-edge AI technologies are employed by these systems including deep neural networks, reinforcement learning systems, and explainable artificial intelligence systems. Furthermore, relevant standards and applicable regulations are discussed. Beyond reviewing state of the art standards and technologies, the book illustrates how the STAR research goes beyond the state of the art, towards enabling and showcasing human-centred technologies in production lines. Emphasis is put on dynamic human in the loop scenarios, where ethical, transparent, and trusted AI systems co-exist with human workers. The book is made available as an open access publication, which could make it broadly and freely available to the AI and smart manufacturing communities

Security and Privacy for IoT Ecosystems

Smart devices have become an integral part of our everyday life. In contrast to smartphones and laptops, Internet of Things (IoT) devices are typically managed by the vendor. They allow little or no user-driven customization. Users need to use and trust IoT devices as they are, including the ecosystems involved in the processing and sharing of personal data. Ensuring that an IoT device does not leak private data is imperative. This thesis analyzes security practices in popular IoT ecosystems across several price segments. Our results show a gap between real-world implementations and state-of-the-art security measures. The process of responsible disclosure with the vendors revealed further practical challenges. Do they want to support backward compatibility with the same app and infrastructure over multiple IoT device generations? To which extent can they trust their supply chains in rolling out keys? Mature vendors have a budget for security and are aware of its demands. Despite this goodwill, developers sometimes fail at securing the concrete implementations in those complex ecosystems. Our analysis of real-world products reveals the actual efforts made by vendors to secure their products. Our responsible disclosure processes and publications of design recommendations not only increase security in existing products but also help connected ecosystem manufacturers to develop secure products. Moreover, we enable users to take control of their connected devices with firmware binary patching. If a vendor decides to no longer offer cloud services, bootstrapping a vendor-independent ecosystem is the only way to revive bricked devices. Binary patching is not only useful in the IoT context but also opens up these devices as research platforms. We are the first to publish tools for Bluetooth firmware and lower-layer analysis and uncover a security issue in Broadcom chips affecting hundreds of millions of devices manufactured by Apple, Samsung, Google, and more. Although we informed Broadcom and customers of their technologies of the weaknesses identified, some of these devices no longer receive official updates. For these, our binary patching framework is capable of building vendor-independent patches and retrofit security. Connected device vendors depend on standards; they rarely implement lower-layer communication schemes from scratch. Standards enable communication between devices of different vendors, which is crucial in many IoT setups. Secure standards help making products secure by design and, thus, need to be analyzed as early as possible. One possibility to integrate security into a lower-layer standard is Physical-Layer Security (PLS). PLS establishes security on the Physical Layer (PHY) of wireless transmissions. With new wireless technologies emerging, physical properties change. We analyze how suitable PLS techniques are in the domain of mmWave and Visible Light Communication (VLC). Despite VLC being commonly believed to be very secure due to its limited range, we show that using VLC instead for PLS is less secure than using it with Radio Frequency (RF) communication. The work in this thesis is applied to mature products as well as upcoming standards. We consider security for the whole product life cycle to make connected devices and IoT ecosystems more secure in the long term

Integration of blockchain and collaborative intrusion detection for secure data transactions in industrial IoT: a survey

The advent of the Industrial Internet of Things (IIoT) integrates all manners of computing technologies, from tiny actuators to process-intensive servers. The distributed network of IoT devices relies on centralized architecture to compensate for their lack of resources. Within this complex network, it is crucial to ensure the security and privacy of data in the IIoT systems as they involve real-time functions that manage people’s movement and industrial materials like chemicals, radio-active goods, and large equipment. Intrusion Detection Systems (IDS) have been widely used to detect and thwart cyber-attacks on such systems. However, these are inefficient for the multi-layered IIoT networks which include heterogeneous protocol standards and topologies. With the need for a novel security method, the integration of collaborative IDS (CIDS) and blockchain has become a disruptive technology to ensure secure and trustable network transactions. Which detection methodology is suitable for this integration, and IIoT? Will blockchain render IIoT completely immune to cyber-attacks? In this paper, we provide a comprehensive review of the state of the art, analyze, and classify the integration approaches of CIDS and blockchain, and discuss suitable approaches for securing IIoT systems. We also categorize the major blockchain vulnerabilities with their potential losses to expose significant gaps for future research directions

Comprehensive user requirements engineering methodology for secure and interoperable health data exchange

Background: Increased digitalization of healthcare comes along with the cost of cybercrime proliferation. This results to patients' and healthcare providers' skepticism to adopt Health Information Technologies (HIT). In Europe, this shortcoming hampers efficient cross-border health data exchange, which requires a holistic, secure and interoperable framework. This study aimed to provide the foundations for designing a secure and interoperable toolkit for cross-border health data exchange within the European Union (EU), conducted in the scope of the KONFIDO project. Particularly, we present our user requirements engineering methodology and the obtained results, driving the technical design of the KONFIDO toolkit. Methods: Our methodology relied on four pillars: (a) a gap analysis study, reviewing a range of relevant projects/initiatives, technologies as well as cybersecurity strategies for HIT interoperability and cybersecurity; (b) the definition of user scenarios with major focus on cross-border health data exchange in the three pilot countries of the project; (c) a user requirements elicitation phase containing a threat analysis of the business processes entailed in the user scenarios, and (d) surveying and discussing with key stakeholders, aiming to validate the obtained outcomes and identify barriers and facilitators for HIT adoption linked with cybersecurity and interoperability. Results: According to the gap analysis outcomes, full adherence with information security standards is currently not universally met. Sustainability plans shall be defined for adapting existing/evolving frameworks to the state-of-the-art. Overall, lack of integration in a holistic security approach was clearly identified. For each user scenario, we concluded with a comprehensive workflow, highlighting challenges and open issues for their application in our pilot sites. The threat analysis resulted in a set of 30 user goals in total, documented in detail. Finally, indicative barriers of HIT acceptance include lack of awareness regarding HIT risks and legislations, lack of a security-oriented culture and management commitment, as well as usability constraints, while important facilitators concern the adoption of standards and current efforts for a common EU legislation framework. Conclusions: Our study provides important insights to address secure and interoperable health data exchange, while our methodological framework constitutes a paradigm for investigating diverse cybersecurity-related risks in the health sector

Federated Learning for Medical Applications: A Taxonomy, Current Trends, Challenges, and Future Research Directions

With the advent of the IoT, AI, ML, and DL algorithms, the landscape of data-driven medical applications has emerged as a promising avenue for designing robust and scalable diagnostic and prognostic models from medical data. This has gained a lot of attention from both academia and industry, leading to significant improvements in healthcare quality. However, the adoption of AI-driven medical applications still faces tough challenges, including meeting security, privacy, and quality of service (QoS) standards. Recent developments in \ac{FL} have made it possible to train complex machine-learned models in a distributed manner and have become an active research domain, particularly processing the medical data at the edge of the network in a decentralized way to preserve privacy and address security concerns. To this end, in this paper, we explore the present and future of FL technology in medical applications where data sharing is a significant challenge. We delve into the current research trends and their outcomes, unravelling the complexities of designing reliable and scalable \ac{FL} models. Our paper outlines the fundamental statistical issues in FL, tackles device-related problems, addresses security challenges, and navigates the complexity of privacy concerns, all while highlighting its transformative potential in the medical field. Our study primarily focuses on medical applications of \ac{FL}, particularly in the context of global cancer diagnosis. We highlight the potential of FL to enable computer-aided diagnosis tools that address this challenge with greater effectiveness than traditional data-driven methods. We hope that this comprehensive review will serve as a checkpoint for the field, summarizing the current state-of-the-art and identifying open problems and future research directions.Comment: Accepted at IEEE Internet of Things Journa

A Novel Architectural Framework on IoT Ecosystem, Security Aspects and Mechanisms: A Comprehensive Survey

For the past few years, the Internet of Things (IoT) technology continues to not only gain popularity and importance, but also witnesses the true realization of everything being smart. With the advent of the concept of smart everything, IoT has emerged as an area of great potential and incredible growth. An IoT ecosystem centers around innovation perspective which is considered as its fundamental core. Accordingly, IoT enabling technologies such as hardware and software platforms as well as standards become the core of the IoT ecosystem. However, any large-scale technological integration such as the IoT development poses the challenge to ensure secure data transmission. Perhaps, the ubiquitous and the resource-constrained nature of IoT devices and the sensitive and private data being generated by IoT systems make them highly vulnerable to physical and cyber threats. In this paper, we re-define an IoT ecosystem from the core technologies view point. We propose a modified three layer IoT architecture by dividing the perception layer into elementary blocks based on their attributed functions. Enabling technologies, attacks and security countermeasures are classified under each layer of the proposed architecture. Additionally, to give the readers a broader perspective of the research area, we discuss the role of various state-of-the-art emerging technologies in the IoT security. We present the security aspects of the most prominent standards and other recently developed technologies for IoT which might have the potential to form the yet undefined IoT architecture. Among the technologies presented in this article, we give a special interest to one recent technology in IoT domain. This technology is named IQRF that stands for Intelligent Connectivity using Radio Frequency. It is an emerging technology for wireless packet-oriented communication that operates in sub-GHz ISM band (868 MHz) and which is intended for general use where wireless connectivity is needed, either in a mesh network or point-to-point (P2P) configuration. We also highlighted the security aspects implemented in this technology and we compare it with the other already known technologies. Moreover, a detailed discussion on the possible attacks is presented. These attacks are projected on the IoT technologies presented in this article including IQRF. In addition, lightweight security solutions, implemented in these technologies, to counter these threats in the proposed IoT ecosystem architecture are also presented. Lastly, we summarize the survey by listing out some common challenges and the future research directions in this field.publishedVersio