Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications
- Provide insights related to security challenges in Internet of Things, highlighting the potential use cases and applications for overcoming such challenges, ultimately leading to the SecureIoT project;
- Comprehensively describe the work underwent for implementing SecureIoT services in scenarios particular for Socially Assistive Robots;
- Provide an evaluation of SecureIoT services as integrated in SAR scenarios.
2. Security in the Internet of Things
2.1. Related Work
2.2. Socially Assistive Robots
2.3. SecureIoT Project
- IoT Systems Layer: consists of heterogeneous components such as field devices, fog nodes, field networks, edge gateways and cloud computing infrastructures that make up a typical IoT system. Note that the IoT systems layer is not part of the SecureIoT platform, but rather the layer of field systems that must be secured via the SecureIoT platform and its architecture.
- Data Collection and Actuation Layer: in charge of interacting with the field (IoT Systems Layer) for collecting security related data from various probes and from all the different parts of IoT systems and driving security-related automation and actuation tasks such as the configuration of security-related properties of IoT systems.
- Analytics: analyses the collected data (from the Data Collection and Actuation Layer) in order to identify security-related events and indicators in the form of incidents, threats and attacks. It comprises a range of data analytics algorithms (including Machine Learning (ML) and Artificial Intelligence (AI), which are used to detect security events and shape security policies accordingly.
- IoT Security Services: comprises IoT security services primarily offered by the SecureIoT platform. They are based on the data processing outcomes of the Analytics layer.
- Use Cases: leverages the security services layer in order to provide security functionalities to specific IoT applications and use cases, such as the Socially Assistive Robot application of the project.
3. Security Services in Socially Assistive Robot Scenarios
3.1. System Architecture
- Logstash: is a component for processing and transforming data using filters and send them to Elasticsearch.
- Kibana: is a web interface for searching and visualizing data.
- Beats: are lightweight components to collect data from distributed machines and send them to Logstash or Elasticsearch.
3.2. Data Collection Setup
- QTrobot Data: sensory data of QTrobot are collected by having test users, internal members of LuxAI, interacting with the QTrobot and using its functionalities such as playing the different games. These data are also stored and can be replayed, simulating the actual recorded interaction, to repeat a scenario several times for test and development purposes.
- CC2U data: data from the CC2U assisted living environment is simulated using the CC2U simulator. The simulator generates various sensory data related to sleep monitoring, activity monitors and walking steps, for example. A simulated user is driven by models for the home, the weather, the sensing environment and the behaviour of the user in it. The simulator returns all the metadata expected from an actual home, obtained by processing the measurements of the sensors as well as the state of a simulated user, which can be inferred from the measurements.
- Generic system probes: collecting the QT’s and the CC2U’s static system configuration as well as their dynamic status. The system data are collected using Metricbeat and Packetbeats, including CPU usage, memory, file system, disk IO, network IO and statistics and statistics of running processes, as well as the data about the network traffic of the system.
- Application specific probes: collecting application level data. At the component level, a comprehensive logging system has been developed and several probes are installed both at QT and CC2U, providing a fine grain control to the SecureIoT system to start, stop and configure these probes to collect the desired data at a desired rate. The data logged ranges from sensory data such as results of emotion recognition software up to the messages communicated between different components such as coaching messages and game commands exchanged between QTrobot and CC2U. The component’ logs are first collected into log files and are then transferred by Filebeat to Logstash and after processing to Elasticsearch.
3.3. Technical Setup
3.4. Technical Evaluation Methodology
- SecureIoT Probes/Data collection layer: for pushing collected raw measurements to SecureIoT Infrastructure.
- Data Routing/Analytics layer: for storing the data pushed from the probes to the Global Repository (ElasticSearch),
- Security Template Extraction/Analytics layer: for training the Analytics algorithms with annotated historical data coming from the IoT Systems,
- Analytics Engine/Analytics layer: which is using the trained templates to analyze the real time data coming from the IoT Systems and are stored to the SecureIoT Global Repository (ElasticSearch),
- Data Bus: which is used as a messaging channel implementing a publish/subscribe paradigm for the Analytics reports,
- CMDB/IoT Security Services layer: where specific use case data describing the involved assets and the potential vulnerabilities/threats are stored,
- Risk Assessment Engine/IoT Security Services layer: which is analyzing the published reports from the Analytics Engine to the Data Bus and
- Risk Assessment Dashboard/IoT Security Services layer: which is responsible to visualize the risk assessment reports with possible mitigation actions.
3.5. Methodology for Stakeholder Feedback
- A set of interviews conducted with a few stakeholders close to each use case (with questions in free form).
- Filling in a stakeholder questionnaire with a large pool of stakeholders thus providing as many meaningful results as possible.
- Filling in a User Experience Questionnaire (UEQ) that automatically calculates feedback results and outputs meaningful graphs. The motivation for using the UEQ is that at the final stage of the SecureIoT project, User Experience is warranted to be validated. The UEQ relies on a well-known standard available online.
4.1. Scenario Description
4.1.1. Scenario SAR 1—Cognitive and Physical Games
4.1.2. Scenario SAR 2—Monitoring and Check-Ups
4.1.3. Scenario SAR 3—Daily Calendar and System Admin
4.2. Predictive Analytics and Risk Assessment
- Generic system data: such as data related to CPU, memory, disk and network statistics;
- Low level system data: such as patterns of motors data, patterns of messages passed between ROS components and the frequency of exchanges, and patterns of communication messages between CC2U components;
- Application-level data: history of played games and their results as well as patterns of gestures used in the games and patterns of vital sign data and number of steps.
- Capturing information from the expert of the scenario;
- Refining the cyber-threat scenarios;
- Modelling the cyber-threat scenarios and building the risk assessment model in the system including creating a mathematic model about how the system behaves, relations between elements and probabilities of threats to happen.
5.1. Data Collection and Probe Validation
5.2. Predictive Analytics and Risk Assessment
5.2.1. Anomaly Detection
5.2.2. Validation of Predictive Analytics and Risk Assessment Service
- Two access points with the same SSID, one for normal connection and the other for attack imitation;
- Three probes:
- “sar_wlan”: to monitor and collect available access points information along with the active one (the one that robot is connected to);
- “sar_rosgraph”: to monitor and collect data about the ROS internal state (publish/subscribe components);
- “sar_motorstate”: to monitor and collect all motors’ positions, velocity and efforts.
- User, who is playing with the robot;
- Attack generator (i.e., “attack_gesture”) which disturbs robot normal behavior by playing unrelated gesture on the robot;
- Attacker who turns on the second access point, access the robot ROS network and run the attack generator.
- Only one of the two access points is on;
- User is playing a game (memory game) with the robot;
- Robot plays only specific gestures so the motors follow specific position trajectory.
- Attacker turns on the second access point with the same SSID, in which case, the “sar_wlan” probe reports the second access point;
- Attacker runs the attack generator to disturb robot normal behavior, in which case, the “sar_rosgraph” probe reports a new software component (i.e., “attack_gesture”) in the ROS network;
- Robot plays gestures, which are unrelated in the current application context, in which case the data reported by “sar_motorstate” contains abnormal trajectories of motors’ positions.
5.2.3. Predictive Data Analysis
5.3. Stakeholder Feedback Evaluation
- Excellent: In the range of the 10% best results;
- Good: 10% of the results are better and 75% of the results are worse;
- Above average: 25% of the results in the benchmark are better, 50% of the results are worse;
- Below average: 50% of the results in the benchmark are better, 25% of the results are worse;
- Bad: In the range of the 25% worst results.
6. Future Perspectives and Open Challenges
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
|DDoS||Distributed Denial of Service|
|IoT||Internet of Things|
|IoMT||Internet of Medical Things|
|MQTT||Message Queueing Telemetry Transport|
|ROS||Robot Operating System|
|SAR||Socially Assistive Robots|
|SSID||Service Set IDentificator|
|UEQ||User Experience Questionnaire|
- Ring Video Doorbell Pro Under the Scope—Bitdefender Labs. Available online: https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/ (accessed on 22 March 2021).
- Blink XT2 Sync Module Multiple Vulnerabilities—Research Advisory|Tenable. Available online: https://www.tenable.com/security/research/tra-2019-51 (accessed on 28 March 2021).
- Faxploit: New Check Point Research Reveals How Criminals Can Target Company and Private Fax Machines to Take Over Networks and Spread Malware|Check Point Software. Available online: https://www.checkpoint.com/press/2018/faxploit-new-check-point-research-reveals-criminals-can-target-company-private-fax-machines-take-networks-spread-malware/ (accessed on 25 March 2021).
- Maiti, A.; Jadliwala, M. Light Ears: Information Leakage via Smart Lights. In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies; ACM: New York, NY, USA, 2019; 3. [Google Scholar] [CrossRef]
- Hilta, S.; Kropotov, V.; Mercês, F.; Rosario, M.; Sancho, D. The Internet of Things in the Cybercrime Underground. Available online: https://documents.trendmicro.com/assets/white_papers/wp-the-internet-of-things-in-the-cybercrime-underground.pdf (accessed on 28 March 2021).
- Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet. Available online: https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected (accessed on 27 March 2021).
- Why the DDoS Attack Happened and What Can Be Done to Prevent More Episodes. Available online: https://theinternetofallthings.com/why-the-ddos-attack-happened-10262016/ (accessed on 29 March 2021).
- Pacemaker Controllers still Vulnerable 18 Months after Flaws Reported. Available online: https://nakedsecurity.sophos.com/2018/08/14/pacemaker-controllers-still-vulnerable-18-months-after-flaws-reported/ (accessed on 30 March 2021).
- MacDermott, A.; Kendrick, P.; Idowu, I.; Ashall, M.; Shi, Q. Securing Things in the Healthcare Internet of Things. In Proceedings of the 2019 Global IoT Summit (GIoTS), Aarhus, Denmark, 17–21 June 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Kunnappilly, A.; Marinescu, R.; Seceleanu, C. A Model-Checking-Based Framework for Analyzing Ambient Assisted Living Solutions. Sensors 2019, 19, 5057. [Google Scholar] [CrossRef][Green Version]
- Brezulianu, A.; Geman, O.; Zbancioc, M.D.; Hagan, M.; Aghion, C.; Hemanth, D.J.; Son, L.H. IoT Based Heart Activity Monitoring Using Inductive Sensors. Sensors 2019, 19, 3284. [Google Scholar] [CrossRef] [PubMed][Green Version]
- Zhang, T.; Sodhro, A.H.; Luo, Z.; Zahid, N.; Nawaz, M.W.; Pirbhulal, S.; Muzammal, M. A Joint Deep Learning and Internet of Medical Things Driven Framework for Elderly Patients. IEEE Access 2020, 8, 75822–75832. [Google Scholar] [CrossRef]
- Bigini, G.; Freschi, V.; Lattanzi, E. A Review on Blockchain for the Internet of Medical Things: Definitions, Challenges, Applications, and Vision. Future Internet 2020, 12, 208. [Google Scholar] [CrossRef]
- Drăgulinescu, A.M.C.; Manea, A.F.; Fratu, O.; Drăgulinescu, A. LoRa-Based Medical IoT System Architecture and Testbed. Wirel. Pers. Commun. 2020. [Google Scholar] [CrossRef]
- Sun, L.; Jiang, X.; Ren, H.; Guo, Y. Edge-Cloud Computing and Artificial Intelligence in Internet of Medical Things: Architecture, Technology and Application. IEEE Access 2020, 8, 101079–101092. [Google Scholar] [CrossRef]
- Srilakshmi, A.; Mohanapriya, P.; Harini, D.; Geetha, K. IoT based Smart Health Care System to Prevent Security Attacks in SDN. In Proceedings of the 2019 Fifth International Conference on Electrical Energy Systems (ICEES), Chennai, India, 21–22 February 2019; pp. 1–7. [Google Scholar] [CrossRef]
- Saba, T.; Haseeb, K.; Ahmed, I.; Rehman, A. Secure and energy-efficient framework using Internet of Medical Things for e-healthcare. J. Infect. Public Health 2020, 13, 1567–1575. [Google Scholar] [CrossRef] [PubMed]
- Butpheng, C.; Yeh, K.H.; Xiong, H. Security and Privacy in IoT-Cloud-Based e-Health Systems—A Comprehensive Review. Symmetry 2020, 12, 1191. [Google Scholar] [CrossRef]
- Pal, S.; Hitchens, M.; Rabehaja, T.; Mukhopadhyay, S. Security Requirements for the Internet of Things: A Systematic Approach. Sensors 2020, 20, 5897. [Google Scholar] [CrossRef] [PubMed]
- Celic, L.; Magjarevic, R. Seamless connectivity architecture and methods for IoT and wearable devices. Automatika 2020, 61, 21–34. [Google Scholar] [CrossRef]
- Bendavid, Y.; Bagheri, N.; Safkhani, M.; Rostampour, S. IoT Device Security: Challenging “A Lightweight RFID Mutual Authentication Protocol Based on Physical Unclonable Function”. Sensors 2018, 18, 4444. [Google Scholar] [CrossRef] [PubMed][Green Version]
- Aman, M.N.; Chua, K.C.; Sikdar, B. Physically secure mutual authentication for IoT. In Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan, 7–10 August 2017; pp. 310–317. [Google Scholar] [CrossRef]
- Liu, X.; Zhao, M.; Li, S.; Zhang, F.; Trappe, W. A Security Framework for the Internet of Things in the Future Internet Architecture. Future Internet 2017, 9, 27. [Google Scholar] [CrossRef][Green Version]
- Agarwal, S.; Oser, P.; Lueders, S. Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk. Sensors 2019, 19, 4107. [Google Scholar] [CrossRef] [PubMed][Green Version]
- Zaky, A.; Elmitwalli, E.; Hemeda, M.; Ismail, Y.; Salah, K. Ultra Low-Power Encryption/Decryption Core for Lightweight IoT Applications. In Proceedings of the 2019 15th International Computer Engineering Conference (ICENCO), Cairo, Egypt, 29–30 December 2019; pp. 39–43. [Google Scholar] [CrossRef]
- Abu-Tair, M.; Djahel, S.; Perry, P.; Scotney, B.; Zia, U.; Carracedo, J.M.; Sajjad, A. Towards Secure and Privacy-Preserving IoT Enabled Smart Home: Architecture and Experimental Study. Sensors 2020, 20, 6131. [Google Scholar] [CrossRef]
- Ramalingam, S.; Gan, H.; Epiphaniou, G.; Mistretta, E. A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments. Sensors 2020, 20, 5252. [Google Scholar] [CrossRef]
- Gao, Y.; Al-Sarawi, S.F.; Abbott, D. Physical unclonable functions. Nat. Electron. 2020, 3, 81–91. [Google Scholar] [CrossRef]
- Sha, K.; Yang, T.A.; Wei, W.; Davari, S. A survey of edge computing-based designs for IoT security. Digit. Commun. Netw. 2020, 6, 195–202. [Google Scholar] [CrossRef]
- Puthal, D.; Yang, L.T.; Dustdar, S.; Wen, Z.; Jun, S.; Moorsel, A.V.; Ranjan, R. A User-Centric Security Solution for Internet of Things and Edge Convergence. ACM Trans. Cyber-Phys. Syst. 2020, 4, 32. [Google Scholar] [CrossRef]
- Hsu, R.H.; Lee, J.; Quek, T.Q.; Chen, J.C. Reconfigurable security: Edge-computing-based framework for IoT. IEEE Netw. 2018, 32, 92–99. [Google Scholar] [CrossRef][Green Version]
- Satamraju, K.P.; Malarkodi, B. Design and Evaluation of a Lightweight Security Framework for IoT Applications. In Proceedings of the TENCON 2019—2019 IEEE Region 10 Conference (TENCON), Kochi, India, 17–20 October 2019; pp. 522–526. [Google Scholar] [CrossRef]
- Maskeliūnas, R.; Damaševičius, R.; Segal, S. A Review of Internet of Things Technologies for Ambient Assisted Living Environments. Future Internet 2019, 11, 259. [Google Scholar] [CrossRef][Green Version]
- Butun, I.; Sari, A.; Österberg, P. Hardware Security of Fog End-Devices for the Internet of Things. Sensors 2020, 20, 5729. [Google Scholar] [CrossRef] [PubMed]
- Akhbarifar, S.; Javadi, H.H.S.; Rahmani, A.M.; Hosseinzadeh, M. A secure remote health monitoring model for early disease diagnosis in cloud-based IoT environment. Pers. Ubiquitous Comput. 2020. [Google Scholar] [CrossRef] [PubMed]
- Deshmukh, R.V.; Devadkar, K.K. Understanding DDoS Attack & its Effect in Cloud Environment. Procedia Comput. Sci. 2015, 49, 202–210. [Google Scholar] [CrossRef][Green Version]
- Soliman, A.K.; Salama, C.; Mohamed, H.K. Detecting DNS Reflection Amplification DDoS Attack Originating from the Cloud. In Proceedings of the 2018 13th International Conference on Computer Engineering and Systems (ICCES), Cairo, Egypt, 18–19 December 2018; pp. 145–150. [Google Scholar] [CrossRef]
- Mahjabin, T.; Xiao, Y.; Sun, G.; Jiang, W. A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sens. Netw. 2017, 13, 155014771774146. [Google Scholar] [CrossRef][Green Version]
- Ridhawi, I.A.; Kotb, Y. A Secure Service-Specific OverlayComposition Model for Cloud Networks. Softw. Netw. 2017, 2017, 221–240. [Google Scholar] [CrossRef]
- Nebbione, G.; Calzarossa, M.C. Security of IoT Application Layer Protocols: Challenges and Findings. Future Internet 2020, 12, 55. [Google Scholar] [CrossRef][Green Version]
- Iyer, S.; Bansod, G.V.; Naidu, P.; Garg, S. Implementation and Evaluation of Lightweight Ciphers in MQTT Environment. In Proceedings of the 2018 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), Msyuru, India, 14–15 December 2018; pp. 276–281. [Google Scholar] [CrossRef]
- Bemelmans, R.; Gelderblom, G.J.; Jonker, P.; de Witte, L. Socially Assistive Robots in Elderly Care: A Systematic Review into Effects and Effectiveness. J. Am. Med Dir. Assoc. 2012, 13, 114–120. [Google Scholar] [CrossRef]
- Papadopoulos, I.; Lazzarino, R.; Miah, S.; Weaver, T.; Thomas, B.; Koulouglioti, C. A systematic review of the literature regarding socially assistive robots in pre-tertiary education. Comput. Educ. 2020, 155, 103924. [Google Scholar] [CrossRef]
- Scassellati, B.; VÃzquez, M. The potential of socially assistive robots during infectious disease outbreaks. Sci. Robot. 2020, 5, eabc9014. [Google Scholar] [CrossRef]
- Vulpe, A.; Paikan, A.; Craciunescu, R.; Ziafati, P.; Kyriazakos, S.; Hemmer, A.; Badonnel, R. IoT Security Approaches in Social Robots for Ambient Assisted Living Scenarios. In Proceedings of the 2019 22nd International Symposium on Wireless Personal Multimedia Communications (WPMC), Lisbon, Portugal, 24–27 November 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Hemmer, A.; Abderrahim, M.; Badonnel, R.; François, J.; Chrisment, I. Comparative Assessment of Process Mining for Supporting IoT Predictive Security. IEEE Trans. Netw. Serv. Manag. 2021, 18, 1092–1103. [Google Scholar] [CrossRef]
- Healthentia Platform. Available online: http://www.healthentia.com/ (accessed on 29 September 2021).
- PANACEA H2020 Project. Available online: http://www.panacearesearch.eu/ (accessed on 27 September 2021).
|Probe ID||Sampling Rate||Publish Rate||Sample Size||Network Overhead (per Each Publish)|
|sar_motorstate: QTPC||5 Hz||0.1 Hz||1.4 KB||70 KB|
|sar_wlan: QTP||0.1 Hz||0.1 Hz||0.8 K||0.8 K|
|sar_rosgraph: QTPC||0.1 Hz||0.1 Hz||6.5 K||6.5 K|
|Total network overhead per each publish (10 s):||77.3 K|
|6||1.6||1.2||1.1||18||not interesting||interesting||Hedonic Quality|
|8||1.1||0.6||0.8||18||usual||leading edge||Hedonic Quality|
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Vulpe, A.; Crăciunescu, R.; Drăgulinescu, A.-M.; Kyriazakos, S.; Paikan, A.; Ziafati, P. Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications. Sensors 2021, 21, 6912. https://doi.org/10.3390/s21206912
Vulpe A, Crăciunescu R, Drăgulinescu A-M, Kyriazakos S, Paikan A, Ziafati P. Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications. Sensors. 2021; 21(20):6912. https://doi.org/10.3390/s21206912Chicago/Turabian Style
Vulpe, Alexandru, Răzvan Crăciunescu, Ana-Maria Drăgulinescu, Sofoklis Kyriazakos, Ali Paikan, and Pouyan Ziafati. 2021. "Enabling Security Services in Socially Assistive Robot Scenarios for Healthcare Applications" Sensors 21, no. 20: 6912. https://doi.org/10.3390/s21206912