Optimal Witnessing of Healthcare IoT Data Using Blockchain Logging Contract

Verification of data generated by wearable sensors is increasingly becoming of concern to health service providers and insurance companies. There is a need for a verification framework that various authorities can request a verification service for the local network data of a target IoT device. In this paper, we leverage blockchain as a distributed platform to realize an on-demand verification scheme. This allows authorities to automatically transact with connected devices for witnessing services. A public request is made for witness statements on the data of a target IoT that is transmitted on its local network, and subsequently, devices (in close vicinity of the target IoT) offer witnessing service. Our contributions are threefold: (1) We develop a system architecture based on blockchain and smart contract that enables authorities to dynamically avail a verification service for data of a subject device from a distributed set of witnesses which are willing to provide (in a privacy-preserving manner) their local wireless measurement in exchange of monetary return; (2) We then develop a method to optimally select witnesses in such a way that the verification error is minimized subject to monetary cost constraints; (3) Lastly, we evaluate the efficacy of our scheme using real Wi-Fi session traces collected from a five-storeyed building with more than thirty access points, representative of a hospital. According to the current pricing schedule of the Ethereum public blockchain, our scheme enables healthcare authorities to verify data transmitted from a typical wearable device with the verification error of the order 0.01% at cost of less than two dollars for one-hour witnessing service.Comment: 12 pages, 12 figure

Improving Confidentiality and Integrity of Health Data for Body-Worn Sensors

The growing demands placed on national healthcare systems due to the increasingprevalence of chronic conditions in the population are necessitating the adoption ofwearable healthcare monitoring devices for at-home medical management. Wearablesensors capable of physiological measurement of patient ECG, heart rate, glucose,blood-oxygen, and activity levels continuously transmit data via the body area networkto a gateway such as a smart-phone or an access point, and this data is thenrecorded and analyzed in the cloud in real-time for access by healthcare providersand insurers. One of the key challenges in this new ecosystem of remote healthmanagement pertains to the ability to ensure the confidentiality, authenticity, andintegrity of the medical data generated by the ultra-light-weight wearable sensordevices, given the severe constraints on their energy and memory resources.This thesis aims to address the challenges of ensuring confidentiality, authenticity,and integrity of medical data generated by ultra-light-weight wearable sensorsby combining aspects of their operating environment, such as the radio propagationcharacteristics and the presence of other wireless devices, with cryptography andBlockchain technology. Our first contribution develops a three-step protocol thatenables an ultra-low-power passive sensor to establish a secret shared key with thepersonal gateway. We show that the reflective behaviour of passive sensors poses additionalchallenges to active sensors, and we design a novel pre-compensation methodthat yields matching secret keys between the legitimate parties while incapacitatingeavesdroppers from estimating the shared key. For our second contribution, wedesign and develop an on-demand privacy-preserving data verification service basedon Blockchain technology that requests witness statements from wireless devicesin proximity to the sensor. Our scheme enables health authorities to verify datatransmitted from wearable sensors with very high probability in a cost-effective andscalable manner. Our third contribution addresses the real-world scenario wherepacket losses can occur to introduce uncertainties to the proposed data verificationservice, and develop an optimum witness selection method that minimizes the verificationerror within a budget constraint. We also study the efficacy of differentbudget allocation schemes to enhance the performance of our verification system. Our results show that verification error can be minimised within different budgetallocation schemes that consider the uncertainties due to packet loss in the environment.Taken together, our contributions allow data from ultra-light-weight body-wearablesensors to be protected against passive security attacks (perpetrated by eavesdroppersin the environment) and provide healthcare authorities a dynamic verificationservice to detect active security attacks (such as Man-In-The-Middle and replayattacks)