SFTSDH: Applying Spring Security Framework with TSD-Based OAuth2 to Protect Microservice Architecture APIs

The Internet of Medical Things (IoMT) combines medical devices and applications that use network technologies to connect healthcare information systems (HIS). IoMT is reforming the medical industry by adopting information and communication technologies (ICTs). Identity verification, secure collection, and exchange of medical data are essential in health applications. In this study, we implemented a hybrid security solution to secure the collection and management of personal health data using Spring Framework (SF), Services for Sensitive Data (TSD) as a service platform, and Hyper-Text-Transfer-Protocol (HTTP (H)) security methods. The adopted solution (SFTSDH = SF + TSD + H) instigated the following security features: identity brokering, OAuth2, multifactor authentication, and access control to protect the Microservices Architecture Application Programming Interfaces (APIs), following the General Data Protection Regulation (GDPR). Moreover, we extended the adopted security solution to develop a digital infrastructure to facilitate the research and innovation work in the electronic health (eHealth) section, focusing on solution validation with theoretical evaluation and experimental testing. We used a web engineering security methodology to achieve and explain the adopted security solution. As a case study, we designed and implemented electronic coaching (eCoaching) prototype system and deployed the same in the developed infrastructure to securely record and share personal health data. Furthermore, we compared the test results with related studies qualitatively for the efficient evaluation of the implemented security solution. The SFTSDH implementation and configuration in the prototype system have effectively secured the eCoach APIs from an attack in all the considered scenarios. The eCoach prototype with the SFTSDH solution effectively sustained a load of (≈) 1000 concurrent users in the developed digital health infrastructure. In addition, we performed a qualitative comparison among the following security solutions: SF security, third-party security, and SFTSDH, where SFTSDH showed a promising outcome.publishedVersio

A Proposed Access Control-Based Privacy Preservation Model to Share Healthcare Data in Cloud

Healthcare data in cloud computing facilitates the treatment of patients efficiently by sharing information about personal health data between the healthcare providers for medical consultation. Furthermore, retaining the confidentiality of data and patients' identity is a another challenging task. This paper presents the concept of an access control-based (AC) privacy preservation model for the mutual authentication of users and data owners in the proposed digital system. The proposed model offers a high-security guarantee and high efficiency. The proposed digital system consists of four different entities, user, data owner, cloud server, and key generation center (KGC). This approach makes the system more robust and highly secure, which has been verified with multiple scenarios. Besides, the proposed model consisted of the setup phase, key generation phase, encryption phase, validation phase, access control phase, and data sharing phase. The setup phases are run by the data owner, which takes input as a security parameter and generates the system master key and security parameter. Then, in the key generation phase, the private key is generated by KGC and is stored in the cloud server. After that, the generated private key is encrypted. Then, the session key is generated by KGC and granted to the user and cloud server for storing, and then, the results are verified in the validation phase using validation messages. Finally, the data is shared with the user and decrypted at the user-end. The proposed model outperforms other methods with a maximal genuine data rate of 0.91

SecHealth: enhancing EHR security in digital health transformation.

In the contemporary wave of digital transformation, the implementation of electronic health records (EHRs) has become a pivotal undertaking for numerous nations. However, amidst this technological advancement, a critical facet deserving heightened attention is the security and privacy of these electronic health systems. Regrettably, this crucial concern often finds itself eclipsed by other aspects of digitalization. Consequently, these oversight lapses create vulnerabilities within the EHR framework, leaving them open and exposed to an array of malicious cyber intrusions. In response to this pressing issue, our study delves into a comprehensive evaluation of security measures within the ambit of African digital health strategies. Remarkably, among the number of approximately 42 nations that have embarked on digital health strategy formulation, a mere 2 countries have taken cognizance of the imperative to integrate robust security and privacy policies into their healthcare-oriented digital transformation initiatives. In light of this disconcerting revelation, we present an actionable roadmap that endeavours to fortify EHR security, aligning with the progressive "shift-left" paradigm. By advocating for the proactive integration of security measures from the inception of EHR development, we strive to curtail vulnerabilities and enhance the overall resilience of these systems. Our proposed roadmap stands as a clarion call for governments, healthcare authorities, and technology stakeholders to collectively prioritize security in tandem with digital health advancement, thereby fostering a safeguarded and privacy-respecting electronic healthcare landscape

EFaR 2023: Efficient Face Recognition Competition

This paper presents the summary of the Efficient Face Recognition Competition (EFaR) held at the 2023 International Joint Conference on Biometrics (IJCB 2023). The competition received 17 submissions from 6 different teams. To drive further development of efficient face recognition models, the submitted solutions are ranked based on a weighted score of the achieved verification accuracies on a diverse set of benchmarks, as well as the deployability given by the number of floating-point operations and model size. The evaluation of submissions is extended to bias, cross-quality, and large-scale recognition benchmarks. Overall, the paper gives an overview of the achieved performance values of the submitted solutions as well as a diverse set of baselines. The submitted solutions use small, efficient network architectures to reduce the computational cost, some solutions apply model quantization. An outlook on possible techniques that are underrepresented in current solutions is given as well.Comment: Accepted at IJCB 202

E-Health : A smartphone-based e-health application for enhancing rural healthcare with the integration of medical sensor devices

Master's thesis Information- and communication technology IKT590 - University of Agder 2019The purpose of this research is to develop a smartphone or tablet based eHealth applica-tion to assist health workers in remote regions of different parts of the world with record-ing medical information and with the provision of basic health services to the patients.Health applications are becoming more popular day by day, and the use of technologyalong with these applications helps to improve the healthcare system. In this project,”mTeleHealth-UiA”, a smartphone-based application, was developed to address this chal-lenge. The application was implemented for the Android platform in the Android studiodevelopment environment, using XML and Java programming language. The app wasdesigned to meet the identified requirements. It allows to create a health worker profile,under which new patient information can be collected and stored, the patients’ vital signscan be measured with medical sensor devices, a score based on the vital parameters canbe calculated to give recommendations for further follow-up, and the medical history canbe checked to analyze the symptoms and support the diagnosis. Due to time limitations,we could not test this application in a real world scenario with real health workers andpatients. Instead, after the implementation of the project, we tested the application withsome test participants, using a questionnaire to obtain feedback based on their experience.The test result was analyzed, and most of the participants found it to be user-friendlyand useful. Overall, they were satisfied with the process of information collection andsuggestions provided to the patient. Feedback and proposals from the participants areessential and will be adopted in future work, and some are also proposed as part of furtherdevelopment in the near future.

E-Health : A smartphone-based e-health application for enhancing rural healthcare with the integration of medical sensor devices

The purpose of this research is to develop a smartphone or tablet based eHealth applica-tion to assist health workers in remote regions of different parts of the world with record-ing medical information and with the provision of basic health services to the patients.Health applications are becoming more popular day by day, and the use of technologyalong with these applications helps to improve the healthcare system. In this project,”mTeleHealth-UiA”, a smartphone-based application, was developed to address this chal-lenge. The application was implemented for the Android platform in the Android studiodevelopment environment, using XML and Java programming language. The app wasdesigned to meet the identified requirements. It allows to create a health worker profile,under which new patient information can be collected and stored, the patients’ vital signscan be measured with medical sensor devices, a score based on the vital parameters canbe calculated to give recommendations for further follow-up, and the medical history canbe checked to analyze the symptoms and support the diagnosis. Due to time limitations,we could not test this application in a real world scenario with real health workers andpatients. Instead, after the implementation of the project, we tested the application withsome test participants, using a questionnaire to obtain feedback based on their experience.The test result was analyzed, and most of the participants found it to be user-friendlyand useful. Overall, they were satisfied with the process of information collection andsuggestions provided to the patient. Feedback and proposals from the participants areessential and will be adopted in future work, and some are also proposed as part of furtherdevelopment in the near future.

SFTSDH: Applying Spring Security Framework with TSD-Based OAuth2 to Protect Microservice Architecture APIs

The Internet of Medical Things (IoMT) combines medical devices and applications that use network technologies to connect healthcare information systems (HIS). IoMT is reforming the medical industry by adopting information and communication technologies (ICTs). Identity verification, secure collection, and exchange of medical data are essential in health applications. In this study, we implemented a hybrid security solution to secure the collection and management of personal health data using Spring Framework (SF), Services for Sensitive Data (TSD) as a service platform, and Hyper-Text-Transfer-Protocol (HTTP (H)) security methods. The adopted solution (SFTSDH = SF + TSD + H) instigated the following security features: identity brokering, OAuth2, multifactor authentication, and access control to protect the Microservices Architecture Application Programming Interfaces (APIs), following the General Data Protection Regulation (GDPR). Moreover, we extended the adopted security solution to develop a digital infrastructure to facilitate the research and innovation work in the electronic health (eHealth) section, focusing on solution validation with theoretical evaluation and experimental testing. We used a web engineering security methodology to achieve and explain the adopted security solution. As a case study, we designed and implemented electronic coaching (eCoaching) prototype system and deployed the same in the developed infrastructure to securely record and share personal health data. Furthermore, we compared the test results with related studies qualitatively for the efficient evaluation of the implemented security solution. The SFTSDH implementation and configuration in the prototype system have effectively secured the eCoach APIs from an attack in all the considered scenarios. The eCoach prototype with the SFTSDH solution effectively sustained a load of (≈) 1000 concurrent users in the developed digital health infrastructure. In addition, we performed a qualitative comparison among the following security solutions: SF security, third-party security, and SFTSDH, where SFTSDH showed a promising outcome