Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

A Lightweight Blockchain and Fog-enabled Secure Remote Patient Monitoring System

IoT has enabled the rapid growth of smart remote healthcare applications. These IoT-based remote healthcare applications deliver fast and preventive medical services to patients at risk or with chronic diseases. However, ensuring data security and patient privacy while exchanging sensitive medical data among medical IoT devices is still a significant concern in remote healthcare applications. Altered or corrupted medical data may cause wrong treatment and create grave health issues for patients. Moreover, current remote medical applications' efficiency and response time need to be addressed and improved. Considering the need for secure and efficient patient care, this paper proposes a lightweight Blockchain-based and Fog-enabled remote patient monitoring system that provides a high level of security and efficient response time. Simulation results and security analysis show that the proposed lightweight blockchain architecture fits the resource-constrained IoT devices well and is secure against attacks. Moreover, the augmentation of Fog computing improved the responsiveness of the remote patient monitoring system by 40%.Comment: 32 pages, 13 figures, 5 tables, accepted by Elsevier "Internet of Things; Engineering Cyber Physical Human Systems" journal on January 9, 202

The 9th International Conference on Ambient Systems, Networks and Technologies (ANT 2018)

In this paper, we analyze the performance of the state-of-the-art end-to-end security schemes in healthcare Internet of Things (IoT) systems. We identify that the essential requirements of robust security solutions for healthcare IoT systems comprise of (i) low-latency secure key generation approach using patients’ Electrocardiogram (ECG) signals, (ii) secure and efficient authentication and authorization for healthcare IoT devices based on the certificate-based datagram Transport Layer Security (DTLS), and (iii) robust and secure mobility-enabled end-to-end communication based on DTLS session resumption. The performance of the state-of-the-art security solutions including our end-to-end security scheme is tested by developing a prototype healthcare IoT system. The prototype is built of a Pandaboard, a TI SmartRF06 board and WiSMotes. The Pandaboard along with the CC2538 module acts as a smart gateway and the WisMotes act as medical sensor nodes. Based on the analysis, we found out that our solution has the most extensive set of performance features in comparison to related approaches found in the literature. The performance evaluation results show that compared to the existing approaches, the cryptographic key generation approach proposed in our end-to-end security scheme is on average 1.8 times faster than existing key generation approaches while being more energy-efficient. In addition, the scheme reduces the communication overhead by 26% and the communication latency between smart gateways and end users by 16%. Our scheme is also approximately 97% faster than certificate based and 10% faster that symmetric key-based DTLS. Certificate based DTLS requires about 2.9 times more ROM and 2.2 times more RAM resources. On the other hand, the ROM and RAM requirements of our scheme are almost as low as in symmetric key-based DTLS.</p

SEA : A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways

In this paper, a secure and efficient authentication and authorization architecture for IoT-based healthcare is developed. Security and privacy of patients’ medical data are crucial for the acceptance and ubiquitous use of IoT in healthcare. Secure authentication and authorization of a remote healthcare professional is the main focus of this work. Due to resource constraints of medical sensors, it is infeasible to utilize conventional cryptography in IoT-based healthcare. In addition, gateways in existing IoTs focus only on trivial tasks without alleviating the authentication and authorization challenges. In the presented architecture, authentication and authorization of a remote end-user is done by distributed smart e-health gateways to unburden the medical sensors from performing these tasks. The proposed architecture relies on the certificate-based DTLS handshake protocol as it is the main IP security solution for IoT. The proposed authentication and authorization architecture is tested by developing a prototype IoT-based healthcare system. The prototype is built of a Pandaboard, a TI SmartRF06 board and WiSMotes. The CC2538 module integrated into the TI board acts as a smart gateway and the WisMotes act as medical sensor nodes. The proposed architecture is more secure than a state-of-the-art centralized delegation-based architecture because it uses a more secure key management scheme between sensor nodes and the smart gateway. Furthermore, the impact of DoS attacks is reduced due to the distributed nature of the architecture. Our performance evaluation results show that compared to the delegation-based architecture, the proposed architecture reduces communication overhead by 26% and communication latency from the smart gateway to the end-user by 16%.QC 20150618</p

SEA : A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways

In this paper, a secure and efficient authentication and authorization architecture for IoT-based healthcare is developed. Security and privacy of patients’ medical data are crucial for the acceptance and ubiquitous use of IoT in healthcare. Secure authentication and authorization of a remote healthcare professional is the main focus of this work. Due to resource constraints of medical sensors, it is infeasible to utilize conventional cryptography in IoT-based healthcare. In addition, gateways in existing IoTs focus only on trivial tasks without alleviating the authentication and authorization challenges. In the presented architecture, authentication and authorization of a remote end-user is done by distributed smart e-health gateways to unburden the medical sensors from performing these tasks. The proposed architecture relies on the certificate-based DTLS handshake protocol as it is the main IP security solution for IoT. The proposed authentication and authorization architecture is tested by developing a prototype IoT-based healthcare system. The prototype is built of a Pandaboard, a TI SmartRF06 board and WiSMotes. The CC2538 module integrated into the TI board acts as a smart gateway and the WisMotes act as medical sensor nodes. The proposed architecture is more secure than a state-of-the-art centralized delegation-based architecture because it uses a more secure key management scheme between sensor nodes and the smart gateway. Furthermore, the impact of DoS attacks is reduced due to the distributed nature of the architecture. Our performance evaluation results show that compared to the delegation-based architecture, the proposed architecture reduces communication overhead by 26% and communication latency from the smart gateway to the end-user by 16%.QC 20150618</p

An Efficient History-Based Routing Algorithm for Interconnection Networks

Abstract-Network-on-chip (NoC) approach has been proposed as a solution to the complex on-chip communication problems by scaling down the concepts of macro-and tele-networks, and applying them to the system-on-chip domain. In this paper, an efficient routing algorithm for two-dimensional mesh networkon-chips is presented. The algorithm, which is based on OddEven turn model, is called History-Based Odd-Even (HB-OE). It is more fair and efficient in load balancing compared to the typical Odd-Even turn model algorithm. In this routing, based on the location of the current node, the network is divided into four sub-networks and the history of each sub-network regarding the direction of the last forwarded packet is saved using a flag register. We further enhance this routing by using a technique named Free-Channel to check the availability of the output ports as well as their history. To assess the latency of the proposed algorithm, transpose traffic profile for packet injection is used. The simulation results reveal that the HB-OE + Free-Channel routing policy can achieve lower latency compared to the conventional Odd-Even turn model with negligible area overhead