Challenges of Mobile Healthcare Application Security

Healthcare information technology has overcome many of the Web application security challenges in the past decade. We can now access information more securely and incidents of unintentional data loss are on the decline. However, more must be done to ensure the confidentiality, integrity, and availability of mobile applications in the healthcare field. Whether it is physicians using iPads to access treatment histories or patients managing healthcare options via smart phones, the proposed CAP framework (checks, assurances, protection) adds additional security and privacy layers to our modern mobile medical needs

Domino: exploring mobile collaborative software adaptation

Social Proximity Applications (SPAs) are a promising new area for ubicomp software that exploits the everyday changes in the proximity of mobile users. While a number of applications facilitate simple file sharing between co–present users, this paper explores opportunities for recommending and sharing software between users. We describe an architecture that allows the recommendation of new system components from systems with similar histories of use. Software components and usage histories are exchanged between mobile users who are in proximity with each other. We apply this architecture in a mobile strategy game in which players adapt and upgrade their game using components from other players, progressing through the game through sharing tools and history. More broadly, we discuss the general application of this technique as well as the security and privacy challenges to such an approach

Improving Security for SCADA Sensor Networks with Reputation Systems and Self-Organizing Maps

The reliable operation of modern infrastructures depends on computerized systems and Supervisory Control and Data Acquisition (SCADA) systems, which are also based on the data obtained from sensor networks. The inherent limitations of the sensor devices make them extremely vulnerable to cyberwarfare/cyberterrorism attacks. In this paper, we propose a reputation system enhanced with distributed agents, based on unsupervised learning algorithms (self-organizing maps), in order to achieve fault tolerance and enhanced resistance to previously unknown attacks. This approach has been extensively simulated and compared with previous proposals

Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes - Fairness In Dynamic Ad-hoc NeTworks)

Mobile ad-hoc networking works properly only if the par- ticipating nodes cooperate in routing and forwarding. How- ever, it may be advantageous for individual nodes not to cooperate. We propose a protocol, called CONFIDANT, for making misbehavior unattractiv

Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks

In mobile ad hoc networks, it is usually assumed that all the nodes belong to the same authority; therefore, they are expected to cooperate in order to support the basic functions of the network such as routing. In this paper, we consider the case in which each node is its own authority and tries to maximize the benefits it gets from the network. In order to stimulate cooperation, we introduce a virtual currency and detail the way it can be protected against theft and forgery. We show that this mechanism fulfills our expectations without significantly decreasing the performance of the network

Is electronic cash possible?

Cash-like payments in electronic commerce and at the traditional point of sale are expected to be beneficial, e.g., because of privacy protection, low transaction costs, and irrevocability. Therefore, we discuss how to design electronic cash in a way that it both mirrors the most important characteristics of raditional cash, but also fulfils the expectations which arise towards electronic means of payment. We analyse the problems and trade-offs between the different characteristics to be implemented. This analysis is based on a user survey and a review of existing technologies for electronic payment systems. Finally we argue why existing systems do not fulfil the critical requirements, and point out future work towards electronic cash which will meet more requirements

Distributed mobile platforms and applications for intelligent transportation systems

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (p. 70-75).Smartphones are pervasive, and possess powerful processors, multi-faceted sensing, and multiple radios. However, networked mobile apps still typically use a client-server programming model, sending all shared data queries and uploads through the cellular network, incurring bandwidth consumption and unpredictable latencies. Leveraging the local compute power and device-to-device communications of modern smartphones can mitigate demand on cellular networks and improve response times. This thesis presents two systems towards this vision. First, we present DIPLOMA, which aids developers in achieving this vision by providing a programming layer to easily program a collection of smartphones connected over adhoc wireless. It presents a familiar shared data model to developers, while underneath, it implements a distributed shared memory system that provides coherent relaxed-consistency access to data across different smartphones and addresses the issues that device mobility and unreliable networking pose against consistency and coherence. We evaluated our prototype on 10 Android phones on both 3G (HSPA) and 4G (LTE) networks with a representative location-based photo-sharing service and a synthetic benchmark. We also simulated large scale scenarios up to 160 nodes on the ns-2 network simulator. Compared to a client-server baseline, our system shows response time improvements of 10x over 3G and 2x over 4G. We also observe cellular bandwidth reductions of 96%, comparable energy consumption, and a 95.3% request completion rate with coherent caching. With RoadRunner, we apply our vision to Intelligent Transportation Systems (ITS). RoadRunner implements vehicular congestion control as an in-vehicle smartphone app that judiciously harnesses onboard sensing, local computation, and short-range communications, enabling large-scale traffic congestion control without the need for physical infrastructure, at higher penetration across road networks, and at finer granularity. RoadRunner enforces a quota on the number of cars on a road by requiring vehicles to possess a token for entry. Tokens are circulated and reused among multiple vehicles as they move between regions. We implemented RoadRunner as an Android application, deployed it on 10 vehicles using 4G (LTE), 802.11p DSRC and 802.11n adhoc WiFi, and measured cellular access reductions up to 84%, response time improvements up to 80%, and effectiveness of the system in enforcing congestion control policies. We also simulated large-scale scenarios using actual traffic loop-detector counts from Singapore.by Jason Hao Gao.S.M

Contextual mobile adaptation

Ubiquitous computing (ubicomp) involves systems that attempt to fit in with users’ context and interaction. Researchers agree that system adaptation is a key issue in ubicomp because it can be hard to predict changes in contexts, needs and uses. Even with the best planning, it is impossible to foresee all uses of software at the design stage. In order for software to continue to be helpful and appropriate it should, ideally, be as dynamic as the environment in which it operates. Changes in user requirements, contexts of use and system resources mean software should also adapt to better support these changes. An area in which adaptation is clearly lacking is in ubicomp systems, especially those designed for mobile devices. By improving techniques and infrastructure to support adaptation it is possible for ubicomp systems to not only sense and adapt to the environments they are running in, but also retrieve and install new functionality so as to better support the dynamic context and needs of users in such environments. Dynamic adaptation of software refers to the act of changing the structure of some part of a software system as it executes, without stopping or restarting it. One of the core goals of this thesis is to discover if such adaptation is feasible, useful and appropriate in the mobile environment, and how designers can create more adaptive and flexible ubicomp systems and associated user experiences. Through a detailed study of existing literature and experience of several early systems, this thesis presents design issues and requirements for adaptive ubicomp systems. This thesis presents the Domino framework, and demonstrates that a mobile collaborative software adaptation framework is achievable. This system can recommend future adaptations based on a history of use. The framework demonstrates that wireless network connections between mobile devices can be used to transport usage logs and software components, with such connections made either in chance encounters or in designed multi–user interactions. Another aim of the thesis is to discover if users can comprehend and smoothly interact with systems that are adapting. To evaluate Domino, a multiplayer game called Castles has been developed, in which game buildings are in fact software modules that are recommended and transferred between players. This evaluation showed that people are comfortable receiving semi–automated software recommendations; these complement traditional recommendation methods such as word of mouth and online forums, with the system’s support freeing users to discuss more in–depth aspects of the system, such as tactics and strategies for use, rather than forcing them to discover, acquire and integrate software by themselves

The Second International Conference on Health Information Technology Advancement

TABLE OF CONTENTS I. Message from the Conference Co-Chairs B. Han and S. Falan …………………………....….……………. 5 II. Message from the Transactions Editor H. Lee …...………..………….......………….……….………….... 7 III. Referred Papers A. Emerging Health Information Technology and Applications The Role of Mobile Technology in Enhancing the Use of Personal Health Records Mohamed Abouzahra and Joseph Tan………………….……………. 9 Mobile Health Information Technology and Patient Care: Methods, Themes, and Research Gaps Bahae Samhan, Majid Dadgar, and K. D. Joshi…………..…. 18 A Balanced Perspective to Perioperative Process Management Jim Ryan, Barbara Doster, Sandra Daily, and Carmen Lewis…..….…………… 30 The Impact of Big Data on the Healthcare Information Systems Kuo Lane Chen and Huei Lee………….…………… 43 B. Health Care Communication, Literacy, and Patient Care Quality Digital Illness Narratives: A New Form of Health Communication Jofen Han and Jo Wiley…..….……..…. 47 Relationships, Caring, and Near Misses: Michael’s Story Sharie Falan and Bernard Han……………….…..…. 53 What is Your Informatics Skills Level? -- The Reliability of an Informatics Competency Measurement Tool Xiaomeng Sun and Sharie Falan.….….….….….….…. 61 C. Health Information Standardization and Interoperability Standardization Needs for Effective Interoperability Marilyn Skrocki…………………….…….………….… 76 Data Interoperability and Information Security in Healthcare Reid Berryman, Nathan Yost, Nicholas Dunn, and Christopher Edwards.…. 84 Michigan Health Information Network (MiHIN) Shared Services vs. the HIE Shared Services in Other States Devon O’Toole, Sean O’Toole, and Logan Steely…..……….…… 94 D. Health information Security and Regulation A Threat Table Based Approach to Telemedicine Security John C. Pendergrass, Karen Heart, C. Ranganathan, and V.N. Venkatakrishnan …. 104 Managing Government Regulatory Requirements for Security and Privacy Using Existing Standard Models Gregory Schymik and Dan Shoemaker…….…….….….… 112 Challenges of Mobile Healthcare Application Security Alan Rea………………………….……………. 118 E. Healthcare Management and Administration Analytical Methods for Planning and Scheduling Daily Work in Inpatient Care Settings: Opportunities for Research and Practice Laila Cure….….……………..….….….….… 121 Predictive Modeling in Post-reform Marketplace Wu-Chyuan Gau, Andrew France, Maria E. Moutinho, Carl D. Smith, and Morgan C. Wang…………...…. 131 A Study on Generic Prescription Substitution Policy as a Cost Containment Approach for Michigan’s Medicaid System Khandaker Nayeemul Islam…….…...……...………………….… 140 F. Health Information Technology Quality Assessment and Medical Service Delivery Theoretical, Methodological and Practical Challenges in Designing Formative Evaluations of Personal eHealth Tools Michael S. Dohan and Joseph Tan……………….……. 150 The Principles of Good Health Care in the U.S. in the 2010s Andrew Targowski…………………….……. 161 Health Information Technology in American Medicine: A Historical Perspective Kenneth A. Fisher………………….……. 171 G. Health Information Technology and Medical Practice Monitoring and Assisting Maternity-Infant Care in Rural Areas (MAMICare) Juan C. Lavariega, Gustavo Córdova, Lorena G Gómez, Alfonso Avila….… 175 An Empirical Study of Home Healthcare Robots Adoption Using the UTUAT Model Ahmad Alaiad, Lina Zhou, and Gunes Koru.…………………….….………. 185 HDQM2: Healthcare Data Quality Maturity Model Javier Mauricio Pinto-Valverde, Miguel Ángel Pérez-Guardado, Lorena Gomez-Martinez, Martha Corrales-Estrada, and Juan Carlos Lavariega-Jarquín.… 199 IV. A List of Reviewers …………………………..…….………………………208 V. WMU – IT Forum 2014 Call for Papers …..…….…………………20

Kooperative Angriffserkennung in drahtlosen Ad-hoc- und Infrastrukturnetzen: Anforderungsanalyse, Systementwurf und Umsetzung

Mit der zunehmenden Verbreitung mobiler Endgeräte und Dienste ergeben sich auch neue Herausforderungen für ihre Sicherheit. Diese lassen sich nur teilweise mit herkömmlichen Sicherheitsparadigmen und -mechanismen meistern. Die Gründe hierfür sind in den veränderten Voraussetzungen durch die inhärenten Eigenschaften mobiler Systeme zu suchen. Die vorliegende Arbeit thematisiert am Beispiel von Wireless LANs die Entwicklung von Sicherheitsmechanismen für drahtlose Ad-hoc- und Infrastrukturnetze. Sie stellt dabei den umfassenden Schutz der einzelnen Endgeräte in den Vordergrund, die zur Kompensation fehlender infrastruktureller Sicherheitsmaßnahmen miteinander kooperieren. Den Ausgangspunkt der Arbeit bildet eine Analyse der Charakteristika mobiler Umgebungen, um grundlegende Anforderungen an eine Sicherheitslösung zu identifizieren. Anhand dieser werden existierende Lösungen bewertet und miteinander verglichen. Der so gewonnene Einblick in die Vor- und Nachteile präventiver, reaktiver und angriffstoleranter Mechanismen führt zu der Konzeption einer hybriden universellen Rahmenarchitektur zur Integration beliebiger Sicherheitsmechanismen in einem kooperativen Verbund. Die Validierung des Systementwurfs erfolgt anhand einer zweigeteilten prototypischen Implementierung. Den ersten Teil bildet die Realisierung eines verteilten Network Intrusion Detection Systems als Beispiel für einen Sicherheitsmechanismus. Hierzu wird eine Methodik beschrieben, um anomalie- und missbrauchserkennende Strategien auf beliebige Netzprotokolle anzuwenden. Die Machbarkeit des geschilderten Ansatzes wird am Beispiel von infrastrukturellem WLAN nach IEEE 802.11 demonstriert. Den zweiten Teil der Validierung bildet der Prototyp einer Kooperations-Middleware auf Basis von Peer-to-Peer-Technologien für die gemeinsame Angriffserkennung lose gekoppelter Endgeräte. Dieser kompensiert bisher fehlende Mechanismen zur optimierten Abbildung des Overlay-Netzes auf die physische Struktur drahtloser Netze, indem er nachträglich die räumliche Position mobiler Knoten in die Auswahl eines Kooperationspartners einbezieht. Die zusätzlich definierte Schnittstelle zu einem Vertrauensmanagementsystem ermöglicht die Etablierung von Vertrauensbeziehungen auf Kooperationsebene als wichtige Voraussetzung für den Einsatz in realen Umgebungen. Als Beispiel für ein Vertrauensmanagementsystem wird der Einsatz von Reputationssystemen zur Bewertung der Verlässlichkeit eines mobilen Knotens diskutiert. Neben einem kurzen Abriss zum Stand der Forschung in diesem Gebiet werden dazu zwei Vorschläge für die Gestaltung eines solchen Systems für mobile Ad-hoc-Netze gemacht.The increasing deployment of mobile devices and accompanying services leads to new security challenges. Due to the changed premises caused by particular features of mobile systems, these obstacles cannot be solved solely by traditional security paradigms and mechanisms. Drawing on the example of wireless LANs, this thesis examines the development of security mechanisms for wireless ad hoc and infrastructural networks. It places special emphasis on the comprehensive protection of each single device as well as compensating missing infrastructural security means by cooperation. As a starting point this thesis analyses the characteristics of mobile environments to identify basic requirements for a security solution. Based on these requirements existing preventive, reactive and intrusion tolerant approaches are evaluated. This leads to the conception of a hybrid and universal framework to integrate arbitrary security mechanisms within cooperative formations. The resulting system design is then validated by a twofold prototype implementation. The first part consists of a distributed network intrusion detection system as an example for a security mechanism. After describing a methodology for applying anomaly- as well as misuse-based detection strategies to arbitrary network protocols, the feasibility of this approach is demonstrated for IEEE 802.11 infrastructural wireless LAN. The second part of the validation is represented by the prototype of a P2P-based cooperation middleware for collaborative intrusion detection by loosely coupled devices. Missing mechanisms for the improved mapping of overlay and physical network structures are compensated by subsequently considering the spatial position of a mobile node when choosing a cooperation partner. Furthermore, an additional interface to an external trust management system enables the establishment of trust relationships as a prerequisite for a deployment in real world scenarios. Reputation systems serve as an example of such a trust management system that can be used to estimate the reliability of a mobile node. After outlining the state of the art, two design patterns of a reputation system for mobile ad hoc networks are presented