Secure-by-Design Real-Time Internet of Medical Things Architecture: e-Health Population Monitoring (RTPM)
Abstract
:1. Introduction
1.1. Introduction Internet of Things (IoT)
1.2. Internet of Medical Things (IoMT)
1.3. Problem Statement, Research Aim, and Objectives
2. Background and Literature Study
2.1. IoMT Transforming Healthcare
2.2. Smart Healthcare Facilities
2.3. Necessity of Data Security and Privacy
2.4. Enhancing Data Security and Confidentiality in Smart Healthcare Settings
3. Materials and Research Methods
3.1. Requirements
3.1.1. Key Functional Requirements for the System
- Encrypted communication between devices and servers (IoMT and web server).
- Information integrity checking implementation for message verification.
- Information availability, authentication of users and devices, and non-repudiation functionality incorporation.
- Salting of the stored hashes to add the next level of security.
- Secure storage of data.
- Self-healing and no data loss during a network failure.
3.1.2. Other Non-Functional Requirements for the System
- Data visualisation for ease of data interpretation.
- Use of visual or auditable engagement like LEDs and buzzer sounds to be inclusive in the interaction and engagement.
- User’s participation during the securing process.
3.2. Security Constraints and Requirements
- Data Confidentiality: Ensure all patient data are protected to prevent privacy violations or exposure to unauthorised third parties.
- Integrity: Ensure that patient medical data are tamper-proof during the communication from the IoMT device to the server.
- Authentication, Authorisation, and Access Control: Ensure that only authorised devices and users can join the network or begin communication to and from the server while participation is authorised and access to information is controlled.
- Freshness: Ensure that real-time communication is achieved.
- Non-Repudiation: Ensure data signing to validate where the data are originating from to ensure non-repudiation in the process of an identity attack.
- Isolated Network: The system should be allowed to withstand network failure and be able to conduct self-healing in the process of data recovery when the network fails.
3.3. System Requirements
3.4. Other Tools
3.5. Testing Strategy
4. Proposed System and Architecture
4.1. RTPM Monitoring Architecture
4.2. RTPM Controller at the Client
4.3. RTPM User, Device, and Key Management
5. Results and Discussion
- (a)
- Data confidentiality: It is crucial to maintain data confidentiality since it deals with health and/or well-being-related data. The proposed system interacts and engages with the client node and the IoMT server using an AES session key, which is generated and provided by the server to the IoMT client. The session key is securely delivered using RSA public key cryptography, and the key is signed to guarantee the source of the generation and maintain the integrity of the information. The client and the server are both capable of generating keys. To maintain freshness and preserve security, the session keys are generated for every new connection and each session. Table 2 provides the security method’s overhead in terms of time of execution, and these results are tested using the IoMT client (Raspberry Pi 4) with the following configuration: Broadcom BCM2711 SoC with a 1.8 GHz, 64-bit quad-core ARM Cortex-A72 processor with 4 GB RAM, and the IoMT server executing with 64-bit, Intel Core i7, CPU @2.6 GHz with 32 GB RAM. The system is tested with various key sizes (standard and above) to select the best key sizes for performing real-time communication. The results of Table 2 are average values of executing over 10 rounds for each key size. The key generation and the key file generation take exponentially more time as the key size increases. The AES key generation time, encryption time, and decryption time take only a few milliseconds irrespective of the key sizes (128 bits, 192 bits, or 256 bits), while the RSA takes a little less than a second only for key sizes below 2048 bits for key generation, but takes some seconds to minutes for key sizes of RSA 4096 and above. However, the RSA method of encryption takes from around 0.01 s to 0.07 s when the key size increases from RSA 1024 bits to RSA 8192 bits. On average, the decryption time takes more than the encryption time. To meet the real-time requirement of interaction between the client and the server, the best option is the use of the AES encryption method while the secure session key transfer is conducted by RSA. To meet real-time requirements, this paper uses RSA 2048, AES 256, and SHA 256.
- (b)
- Data Integrity: All data generated by the IoMT client are signed, and the integrity of the data is preserved using SHA 256 along with the privacy of the sender to avoid any form of non-repudiation attack. Creating a digital signature of the IoMT data takes 0.0011 s to 1.03 s when the RSA 1024-bit key and RSA 8192-bit key are used, respectively. As expected, as the key size increases, the digital verification takes longer, but it is more linear and not exponential. Since this paper uses an RSA 2048-bit key, it takes 0.04 s for signing and 0.0008 s for the verification, which is ideal for real-time communication.
- (c)
- Data Availability (Authorisation, Authentication, and Access Control): To ensure data availability and protect the system from any form of DoS or DDoS attack, the proposed system authorises every user through a registration process, and a unique code is generated using SHA 256 with the help of the user’s registration data (Υ), MAC address (∂), and a 32-bit random number (µ) at the IoMT server, which is provided to enter into the IoMT client as a unique ID = SHA256 (Υ + ∂ + µ) during the device authentication process along with the NHS number to help the server uniquely identify and authenticate the connecting IoMT devices. This ensures that every connection request is unique, and the system also removes any idle connection requests (including any half-open connections using a timeout technique) to guarantee service availability.
- (d)
- System Recovery and Self-Healing Network: One of the biggest issues when data collection is carried out over a network is the fear of network failure. In a real-time monitoring system, network failure will lead to data loss, but health and well-being data are critical, so all data should be delivered. So, in this system, a self-healing network system is adopted to recover and avoid data lost in the process of network failure. If the client is disconnected, the last data block sent is remembered, and the data continue to be sent from the last point of failure automatically when the application is restarted. So, the interaction of the client with the server is seamlessly synced without any data duplication or data loss when the network fails. To achieve this goal, the client reading the sensory data shares the same database with the application that connects with the server, and all data acknowledged by the server are set to 1 to determine what has been delivered and what is yet to be delivered otherwise.
- (e)
- Privacy-based Alerting, Monitoring, and Evidence Collection: The system can securely alert the user’s selected individual, e.g., friends or family (via email), when the condition of the monitoring outcome is not normal (e.g., when the body temperature is too high or when the air quality of the room is bad). This is to support and update the carers and loved ones on the well-being of the user. The IoMT device detects when someone approaches and when someone touches or moves the IoMT device with the help of proximity, accelerometer, and gyroscope sensors and alerts about the events with a message, a red LED, and a buzzer. This is to ensure that the system is not disturbed, stolen, damaged, or moved unnecessarily when the system is in operation. If the alert messages are ignored and the IoMT device is touched or moved, then visual evidence is captured by a camera, and the evidence is securely transferred to the server. However, these settings can be disabled when the monitoring is conducted remotely from home, but these functions can be enabled when it is deployed in public care areas like hospitals to track and trace events in and around the patient for their safety and security. Figure 10 shows a warning message, while Figure 11 shows the alert message that is triggered when someone comes too close to the device, and Figure 12 shows the activation of the camera when someone attempts to take or move the IoMT device. These systems are necessary to give alerts on disturbances to the surroundings and also connect with the concerned stakeholders of the user.
- (f)
- Visualisation of the Collected Data: The health and well-being environmental data that are collected from IoMT sensors can be viewed by the stakeholders through the IoMT server and web server. The screenshots of the temperature reading and moisture level of the skin when holding the sensors were collected using temperature and humidity sensors, and the results are shown in Figure 13. The spikes in the results are the results of blowing warm air through the mouth, which guarantees proper working of the system. The readings are taken from a snapshot record from 11:51:33 (AM) to 12:58:17 (PM), and the readings are taken every 5 s and updated on the server only when there is a change in the reading value; however, the IoMT client pushes the last recorded data even if there is no change if the time lapse over 5 min to ensure that the connection is live.
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Mohanta, B.; Das, P.; Patnaik, S. Healthcare 5.0: A Paradigm Shift in Digital Healthcare System Using Artificial Intelligence, IOT and 5G Communication. In Proceedings of the 2019 International Conference on Applied Machine Learning (ICAML), Bhubaneswar, India, 25–26 May 2019. [Google Scholar] [CrossRef]
- Ashton, K. That “Internet of Things” Thing. RFID J. 2009, 22, 97–114. Available online: https://www.rfidjournal.com/that-internet-of-things-thing (accessed on 4 July 2024).
- Scarpato, N.; Pieroni, A.; Nunzio, L.D.; Fallucchi, F. E-health-IoT Universe: A Review. Int. J. Adv. Sci. Eng. Inf. Technol. 2017, 7, 2328. [Google Scholar] [CrossRef]
- Ghubaish, A.; Salman, T.; Zolanvari, M.; Unal, D.; Al-Ali, A.; Jain, R. Recent advances in the internet-of-medical-things (IoMT) systems security. IEEE Internet Things J. 2020, 8, 8707–8718. [Google Scholar] [CrossRef]
- Kakhi, K.; Alizadehsani, R.; Kabir, H.D.; Khosravi, A.; Nahavandi, S.; Acharya, U.R. The internet of medical things and artificial intelligence: Trends, challenges, and opportunities. Biocybern. Biomed. Eng. 2022, 42, 749–771. [Google Scholar] [CrossRef]
- Sahi, M.A.; Abbas, H.; Saleem, K.; Yang, X.; Derhab, A.; Orgun, M.A.; Iqbal, W.; Rashid, I.; Yaseen, A. Privacy Preservation in e-Healthcare Environments: State of the Art and Future Directions. IEEE Access 2018, 6, 464–478. [Google Scholar] [CrossRef]
- Yu, J.; Kim, E.; Kim, H.; Huh, J. A framework for detecting MAC and IP spoofing attacks with network characteristics. In Proceedings of the 2016 International Conference on Software Security and Assurance (ICSSA), Saint Pölten, Austria, 24–25 August 2016; pp. 49–53. [Google Scholar]
- Banakh, R.; Piskozub, A.; Opirskyy, I. Detection of MAC spoofing attacks in IEEE 802.11 networks using signal strength from attackers’ devices. In Proceedings of the 1st International Conference on Computer Science, Engineering and Education Applications (ICCSEEA2018), Kiev, Ukraine, 18–20 January 2018; Springer: Cham, Switzerland, 2019; pp. 468–477. [Google Scholar]
- Jiang, P.; Wu, H.; Xin, C. A channel state information based virtual MAC spoofing detector. High Confid. Comput. 2022, 2, 100067. [Google Scholar] [CrossRef]
- Whalen, S. An Introduction to ARP Spoofing, Node99, Online Document. 2001, p. 563. Available online: https://priv.gg/e/arp_spoofing_intro.pdf (accessed on 4 July 2024).
- Srinath, D.; Panimalar, S.; Simla, A.J.; Deepa, J. Detection and Prevention of ARP spoofing using Centralized Server. Int. J. Comput. Appl. 2015, 113, 26–30. [Google Scholar] [CrossRef]
- Nayak, G.; Mishra, A.; Samal, U.; Mishra, B.K. Depth analysis on DoS & DDoS attacks. In Wireless Communication Security; Wiley: Hoboken, NJ, USA, 2022; pp. 159–182. [Google Scholar]
- Al-Shareeda, M.A.; Manickam, S.; Ali, M. DDoS attacks detection using machine learning and deep learning techniques: Analysis and comparison. Bull. Electr. Eng. Inform. 2023, 12, 930–939. [Google Scholar] [CrossRef]
- Balaji Bharatwaj, M.; Aditya Reddy, M.; Senthil Kumar, T.; Vajipayajula, S. Detection of DoS and DDoS attacks using hidden markov model. In Proceedings of the Inventive Communication and Computational Technologies conference (ICICCT 2021), Tamil Nadu, India, 8 May 2021; Springer: Singapore, 2021; pp. 979–992. [Google Scholar]
- Ibrahim, R.F.; Abu Al-Haija, Q.; Ahmad, A. DDoS attack prevention for internet of thing devices using Ethereum blockchain technology. Sensors 2022, 22, 6806. [Google Scholar] [CrossRef]
- Shah, Z.; Ullah, I.; Li, H.; Levula, A.; Khurshid, K. Blockchain based solutions to mitigate distributed denial of service (DDoS) attacks in the Internet of Things (IoT): A survey. Sensors 2022, 22, 1094. [Google Scholar] [CrossRef]
- Vishnu, S.; Ramson, S.J.; Jegan, R. Internet of medical things (IoMT)-An overview. In Proceedings of the 2020 5th International Conference on Devices, Circuits and Systems (ICDCS), Coimbatore, India, 5–6 March 2020; pp. 101–104. [Google Scholar] [CrossRef]
- Malasinghe, L.P.; Ramzan, N.; Dahal, K. Remote patient monitoring: A comprehensive study. J. Ambient Intell. Humaniz. Comput. 2017, 10, 57–76. [Google Scholar] [CrossRef]
- Tabatabaei, S.M.; Kasrineh, M.R.; Sharifzadeh, N.; Soodejani, M.T. COVID-19: An Alarm to Move Faster towards “Smart Hospital”. Online J. Public Health Inform. 2021, 13, 7. [Google Scholar] [CrossRef] [PubMed]
- Michard, F.; Saugel, B.; Vallet, B. Rethinking the post-COVID-19 pandemic hospital: More ICU beds or smart monitoring on the wards? Intensive Care Med. 2020, 46, 1792–1793. [Google Scholar] [CrossRef] [PubMed]
- Lake, E.T.; Shang, J.; Klaus, S.; Dunton, N.E. Patient falls: Association with hospital Magnet status and nursing unit staffing. Res. Nurs. Health 2010, 33, 413–425. [Google Scholar] [CrossRef] [PubMed]
- Schubert, M.; Ausserhofer, D.; Desmedt, M.; Schwendimann, R.; Lesaffre, E.; Li, B.; De Geest, S. Levels and correlates of implicit rationing of nursing care in Swiss acute care hospitals—A cross sectional study. Int. J. Nurs. Stud. 2013, 50, 230–239. [Google Scholar] [CrossRef]
- Neuraz, A.; Guérin, C.; Payet, C.; Polazzi, S.; Aubrun, F.; Dailler, F.; Lehot, J.J.; Piriou, V.; Neidecker, J.; Rimmelé, T.; et al. Patient mortality is associated with staff resources and workload in the ICU: A multicenter observational study. Crit. Care Med. 2015, 43, 1587–1594. [Google Scholar] [CrossRef] [PubMed]
- McHugh, M.D.; Aiken, L.H.; Sloane, D.M.; Windsor, C.; Douglas, C.; Yates, P. Effects of nurse-to-patient ratio legislation on nurse staffing and patient mortality, readmissions, and length of stay: A prospective study in a panel of hospitals. Lancet 2021, 397, 1905–1913. [Google Scholar] [CrossRef]
- Boyle, S.M.; Washington, R.; McCann, P.; Koul, S.; McLarney, B.; Gadegbeku, C.A. The nephrology nursing shortage: Insights from a pandemic. Am. J. Kidney Dis. 2022, 79, 113–116. [Google Scholar] [CrossRef] [PubMed]
- Penturij-Kloks, M.M.; de Gans, S.T.; van Liempt, M.; de Vries, E.; Scheele, F.; Keijsers, C.J. Pandemic Lessons for Future Nursing Shortage: A Prospective Cohort Study of Nurses’ Work Engagement before and during 16 Months of COVID-19. J. Nurs. Manag. 2023, 2023, 6576550. [Google Scholar] [CrossRef]
- Tariq, M.U. Advanced wearable medical devices and their role in transformative remote health monitoring. In Transformative Approaches to Patient Literacy and Healthcare Innovation; IGI Global: Hershey, PA, USA, 2024; pp. 308–326. [Google Scholar]
- Kim, B.; Kim, S.; Lee, M.; Chang, H.; Park, E.; Han, T. Application of an Internet of Medical Things (IoMT) to Communications in a Hospital Environment. Appl. Sci. 2020, 12, 12042. [Google Scholar] [CrossRef]
- Siam, A.I.; El-Affendi, M.A.; Abou Elazm, A.; El-Banby, G.M.; El-Bahnasawy, N.A.; Abd El-Samie, F.E.; Abd El-Latif, A.A. Portable and real-time IoT-based healthcare monitoring system for daily medical applications. IEEE Trans. Comput. Soc. Syst. 2022, 10, 1629–1641. [Google Scholar] [CrossRef]
- Ratnakar, A.; Enamamu, T.; Alfoudi, A.; Ikpehai, A.; Marchang, J.; Lee, G.M. Deep sensing: Inertial and ambient sensing for activity context recognition using deep convolutional neural networks. Sensors 2020, 20, 3803. [Google Scholar] [CrossRef] [PubMed]
- Ratnakar, N.C.; Prajapati, B.R.; Prajapati, B.G.; Prajapati, J.B. Smart Innovative Medical Devices Based on Artificial Intelligence. In Handbook on Augmenting Telehealth Services; CRC Press: Boca Raton, FL, USA, 2024; pp. 150–172. [Google Scholar]
- Osama, M.; Ateya, A.A.; Sayed, M.S.; Hammad, M.; Pławiak, P.; Abd El-Latif, A.A.; Elsayed, R.A. Internet of medical things and healthcare 4.0: Trends, requirements, challenges, and research directions. Sensors 2023, 23, 7435. [Google Scholar] [CrossRef] [PubMed]
- Popoola, O.; Rodrigues, M.; Marchang, J.; Shenfield, A.; Ikpehia, A.; Popoola, J. A critical literature review of security and privacy in smart home healthcare schemes adopting IoT & blockchain: Problems, challenges and solutions. Blockchain Res. Appl. 2023, 5, 100178. [Google Scholar]
- Mejía-Granda, C.M.; Fernández-Alemán, J.L.; Carrillo-de-Gea, J.M.; García-Berná, J.A. Security vulnerabilities in healthcare: An analysis of medical devices and software. Med. Biol. Eng. Comput. 2024, 62, 257–273. [Google Scholar] [CrossRef] [PubMed]
- IBM Security X-Force Threat Intelligence Index. 2024. Available online: https://www.ibm.com/reports/threat-intelligence (accessed on 4 July 2024).
- Ingham, M.; Marchang, J.; Bhowmik, D. IoT security vulnerabilities and predictive signal jamming attack analysis in LoRaWAN. IET Inf. Secur. 2020, 14, 368–379. [Google Scholar] [CrossRef]
- Beavers, J.L.; Faulks, M.; Marchang, J. Hacking NHS pacemakers: A feasibility study. In Proceedings of the 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, UK, 16–18 January 2019; pp. 206–212. [Google Scholar]
- BBC News. Community Health Systems data hack hits 4.5 million. BBC News, 18 August 2014. Available online: https://www.bbc.co.uk/news/technology-28838661(accessed on 10 May 2024).
- Zetter, K. Hacking team’s leak helped researchers hunt down a Zero-Day. WIRED, 13 January 2016. Available online: https://www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/(accessed on 10 May 2024).
- Staff, D.R. Former NY hospital employee admits to stealing colleagues’ data. Darkreading. 11 December 2023. Available online: https://www.darkreading.com/cyberattacks-data-breaches/former-ny-hospital-employee-admits-to-stealing-colleagues-data (accessed on 10 May 2024).
- US Department of Health and Human Services. Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History|Guidance Portal. 2020. Available online: https://www.hhs.gov/guidance/document/anthem-pays-ocr-16-million-record-hipaa-settlement-following-largest-us-health-data-breach (accessed on 10 May 2024).
- Davis, J. Magellan Health Data breach victim tally reaches 365K patients. HealthITSecurity, 19 October 2021. Available online: https://healthitsecurity.com/news/magellan-health-data-breach-victim-tally-reaches-365k-patients(accessed on 10 May 2024).
- Mohurle, S.; Patil, M. A brief study of wannacry threat: Ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 2017, 8, 1938–1940. [Google Scholar]
- Lazarovitz, L. Deconstructing the solarwinds breach. Comput. Fraud. Secur. 2021, 2021, 17–19. [Google Scholar] [CrossRef]
- Muncaster, P. Save the Children hit by $1m BEC scam. Infosecurity. 28 April 2024. Available online: https://www.infosecurity-magazine.com/news/save-the-children-hit-by-1m-bec/ (accessed on 10 May 2024).
- Wallace, F. Why data security has become a priority for healthcare professionals. United States Cybersecurity Magazine. 28 April 2024. Available online: https://www.uscybersecurity.net/healthcare/ (accessed on 10 May 2024).
- U.S. Department of Health and Human Services. Health Sector Cybersecurity Coordination Center 2024. (HC3). ID#202405301200. Available online: www.HHS.GOV/HC3 (accessed on 10 May 2024).
- Sadeghian, A.; Zamani, M.; Abdullah, S.M. A taxonomy of SQL injection attacks. In Proceedings of the 2013 International Conference on Informatics and Creative Multimedia, Kuala Lumpur, Malaysia, 4–6 September 2013; pp. 269–273. [Google Scholar]
- Stellios, I.; Kotzanikolaou, P.; Psarakis, M. Advanced persistent threats and zero-day exploits in industrial Internet of Things. In Security and Privacy Trends in the Industrial Internet of Things; Springer: Cham, Switzerland, 2019; pp. 47–68. [Google Scholar]
- Liu, L.; De Vel, O.; Han, Q.L.; Zhang, J.; Xiang, Y. Detecting and preventing cyber insider threats: A survey. IEEE Commun. Surv. Tutor. 2018, 20, 1397–1417. [Google Scholar] [CrossRef]
- Naaz, S. Detection of phishing in internet of things using machine learning approach. Int. J. Digit. Crime Forensics 2021, 13, 15. [Google Scholar] [CrossRef]
- Alkhwaja, I.; Albugami, M.; Alkhwaja, A.; Alghamdi, M.; Abahussain, H.; Alfawaz, F.; Almurayh, A.; Min-Allah, N. Password cracking with brute force algorithm and dictionary attack using parallel programming. Appl. Sci. 2023, 13, 5979. [Google Scholar] [CrossRef]
- Gaurav, A.; Gupta, B.B.; Panigrahi, P.K. A comprehensive survey on machine learning approaches for malware detection in IoT-based enterprise information system. Enterp. Inf. Syst. 2023, 17, 2023764. [Google Scholar] [CrossRef]
- Rao, V.V.; Marshal, R.; Gobinath, K. The IoT Supply Chain Attack Trends-Vulnerabilities and Preventive Measures. In Proceedings of the 2021 4th International Conference on Security and Privacy (ISEA-ISAP), Dhanbad, India, 27–30 October 2021; pp. 1–4. [Google Scholar]
- Ghasemi, M.; Saadaat, M.; Ghollasi, O. Threats of social engineering attacks against security of Internet of Things (IoT). In Proceedings of the 1st International Conference on Fundamental Research in Electrical Engineering, Tehran, Iran, 26 July 2018; Springer: Singapore, 2019; pp. 957–968. [Google Scholar]
- Srinivasa, S.; Pedersen, J.M.; Vasilomanolakis, E. Open for hire: Attack trends and misconfiguration pitfalls of IoT devices. In Proceedings of the 21st ACM Internet Measurement Conference 2021, Virtual, 2–4 November 2021; pp. 195–215. [Google Scholar]
- Galeano-Brajones, J.; Carmona-Murillo, J.; Valenzuela-Valdés, J.F.; Luna-Valero, F. Detection and mitigation of DoS and DDoS attacks in IoT-based stateful SDN: An experimental approach. Sensors 2020, 20, 816. [Google Scholar] [CrossRef] [PubMed]
- Martani, A.; Geneviève, L.D.; Elger, B.; Wangmo, T. It’s not something you can take in your hands. Swiss experts’ perspectives on health data ownership: An interview-based study. BMJ Open 2021, 11, e045717. [Google Scholar] [CrossRef]
- Zhang, C.; Xia, J.; Yang, B.; Puyang, H.; Wang, W.; Chen, R.; Yan, F. Citadel: Protecting data privacy and model confidentiality for collaborative learning. In Proceedings of the ACM Symposium on Cloud Computing, Seattle, WA, USA, 1–4 November 2021; pp. 546–561. [Google Scholar]
- Simmons, G.J. Symmetric and asymmetric encryption. ACM Comput. Surv. CSUR 1979, 11, 305–330. [Google Scholar] [CrossRef]
- Qiu, T.; Chi, J.; Zhou, X.; Ning, Z.; Atiquzzaman, M.; Wu, D.O. Edge computing in industrial internet of things: Architecture, advances and challenges. IEEE Commun. Surv. Tutor. 2020, 22, 2462–2488. [Google Scholar] [CrossRef]
- Indu, I.; Anand, P.R.; Bhaskar, V. Identity and access management in cloud environment: Mechanisms and challenges. Eng. Sci. Technol. Int. J. 2018, 21, 574–588. [Google Scholar] [CrossRef]
- AlHogail, A. Improving IoT technology adoption through improving consumer trust. Technologies 2018, 6, 64. [Google Scholar] [CrossRef]
- Dzissah, D.A.; Lee, J.S.; Suzuki, H.; Nakamura, M.; Obi, T. Privacy enhanced healthcare information sharing system for home-based care environments. Healthc. Inform. Res. 2019, 25, 106. [Google Scholar] [CrossRef]
- Hathaliya, J.J.; Tanwar, S. An exhaustive survey on security and privacy issues in Healthcare 4.0. Comput. Commun. 2020, 153, 311–335. [Google Scholar] [CrossRef]
- Elhoseny, M.; Ramírez-González, G.; Abu-Elnasr, O.M.; Shawkat, S.A.; Arunkumar, N.; Farouk, A. Secure medical data transmission model for IoT-based healthcare systems. IEEE Access 2018, 6, 20596–20608. [Google Scholar] [CrossRef]
- Yeh, K.-H. BSNCare+: A Robust IoT-Oriented Healthcare System with Non-Repudiation Transactions. Appl. Sci. 2016, 6, 418. [Google Scholar] [CrossRef]
- Tsai, K.-L.; Huang, Y.-L.; Leu, F.-Y.; You, I.; Huang, Y.-L.; Tsai, C.-H. AES-128 Based Secure Low Power Communication for LoRaWAN IoT Environments. IEEE Access 2018, 6, 45325–45334. [Google Scholar] [CrossRef]
- Moosavi, S.R.; Nigussie, E.; Levorato, M.; Virtanen, S.; Isoaho, J. Performance Analysis of End-to-End Security Schemes in Healthcare IoT. Procedia Comput. Sci. 2018, 130, 432–439. [Google Scholar] [CrossRef]
- Becker, P.; Tebes, G.; Peppino, D.; Olsina Santos, L.A. Applying an improving strategy that embeds functional and non-functional requirements concepts. J. Comput. Sci. Technol. 2019, 19, 153–174. [Google Scholar] [CrossRef]
- Kurtanović, Z.; Maalej, W. Automatically classifying functional and non-functional requirements using supervised machine learning. In Proceedings of the 2017 IEEE 25th International Requirements Engineering Conference (RE), Lisbon, Portugal, 4–8 September 2017; pp. 490–495. [Google Scholar]
- Marchang, J.; Ibbotson, G.; Wheway, P. Will blockchain technology become a reality in sensor networks? In Proceedings of the 2019 Wireless Days (WD), Manchester, UK, 24–26 April 2019; pp. 1–4. [Google Scholar]
Cyber Attack Name | Description | Mitigation | Impact Example |
---|---|---|---|
SQL Injection [48] | Malicious code injected via web application vulnerabilities to gain unauthorised access. | Use parameterised queries, input validation, and access controls to restrict unauthorised database access. | Community Health Systems in the US lost 4.5 million patient records in a 2014 SQL Injection attack [38]. |
Zero-Day Exploits [49] | Using undiscovered hardware or software flaws for unauthorised access. | Implement intrusion detection/prevention systems, monitor for unusual activity, and stay updated with security advisories. | Hacking Team’s 2015 breach revealed several zero-day vulnerabilities in widely used software [39]. |
Insider Threats [50] | Staff or subcontractors with access to patient data might inadvertently cause harm or steal information. | Set access controls, monitor user behaviour, run background checks, and offer regular cybersecurity training to staff. | A former employee of a New York health system was indicted in 2015 for stealing information on over 12,000 patients and selling it on the dark web [40]. |
Phishing [51] | False emails trick users into revealing sensitive data. | Provide cybersecurity training, use email filters, and employ two-factor authentication to prevent phishing attacks. | Anthem, a US health insurer, lost 78.8 million patient details in a 2015 phishing attack [41]. |
Password Attacks [52] | Cracking passwords for unauthorised access; includes brute force or dictionary attacks. | Enforce strong password regulations, regular changes, and complexity requirements, and establish two-factor authentication. | During a credential-stuffing attack on Magellan Health in 2020, 365,000 patients’ information was stolen [42]. |
Malware [53] | Dangerous software, like viruses, trojans, and ransomware, that can steal data or corrupt systems. | Implement anti-malware software, perform routine backups, and keep systems updated with security patches. | The NHS in the UK faced the WannaCry ransomware in 2017, demanding ransom for file decryption [43]. |
Supply Chain Attacks [54] | Infiltrating healthcare systems through third-party hardware or software providers. | Monitor third-party vendors, enforce strict contracts, and conduct routine risk assessments. | Cyber-attack on software developer SolarWinds compromised businesses, including healthcare providers, in 2020 [44]. |
Social Engineering [55] | Coercing individuals into disclosing private information or performing certain tasks. | Regular cybersecurity training, security awareness programmes, and implementing security controls like spam filters and two-factor authentication. | Save the Children suffered a BEC attack in 2018, costing them GBP 1 million due to a fraudulent money transfer [45]. |
Misconfiguration [56] | Misconfiguring medical equipment or systems makes them vulnerable to intrusions or data breaches. | Adopt automated configuration management systems, secure configuration practices, and conduct routine auditing/testing of system configurations. | In 2018, 500,000 patients’ information was stolen due to a misconfigured ransomware attack demanding submission at HMC in the US [46]. |
DoS/DDoS [57] | Overwhelming healthcare systems with traffic causes breakdowns or inaccessibility. | Implement network segmentation, deploy DDoS mitigation services/hardware, and create a DDoS response strategy. | It impacts the care services, and it can happen anytime. It has a massive amount of service interruptions [47]. WannaCry ransomware in 2017 [43] has a service denial impact. |
Methods | Cryptographic Algorithm (Seconds) | |||||||
---|---|---|---|---|---|---|---|---|
Security processes | AES 128 | AES 192 | AES 256 | RSA 1024 | RSA 2048 | RSA 4096 | RSA 7936 | RSA 8192 |
Key generation (IoMT) | 0.000522 | 0.000554 | 0.000631 | 0.283 | 0.865 | 8.912 | 119.947 | 178.202 |
Key generation (server) | 0.0001 | 0.000139 | 0.00014 | 0.215 | 0.731 | 4.708 | 49.21 | 54.043 |
Key file generation (IoMT) | 0.002196 | 0.002214 | 0.002631 | 0.328 | 0.911 | 9.102 | 120.005 | 178.809 |
Key file generation (server) | 0.000219 | 0.000221 | 0.000221 | 0.33 | 0.788 | 4.811 | 49.43 | 54.102 |
Encryption | 0.000261 | 0.000261 | 0.000261 | 0.0149 | 0.015 | 0.0238 | 0.0688 | 0.072 |
Decryption | 0.000042 | 0.000042 | 0.000043 | 0.0095 | 0.0202 | 0.0522 | 0.2802 | 0.3152 |
Digital signature | - | - | - | 0.0011 | 0.0408 | 0.1744 | 0.9283 | 1.0355 |
Digital signature verification | - | - | - | 0.00048 | 0.000829 | 0.00126 | 0.00387 | 0.00409 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Marchang, J.; McDonald, J.; Keishing, S.; Zoughalian, K.; Mawanda, R.; Delhon-Bugard, C.; Bouillet, N.; Sanders, B. Secure-by-Design Real-Time Internet of Medical Things Architecture: e-Health Population Monitoring (RTPM). Telecom 2024, 5, 609-631. https://doi.org/10.3390/telecom5030031
Marchang J, McDonald J, Keishing S, Zoughalian K, Mawanda R, Delhon-Bugard C, Bouillet N, Sanders B. Secure-by-Design Real-Time Internet of Medical Things Architecture: e-Health Population Monitoring (RTPM). Telecom. 2024; 5(3):609-631. https://doi.org/10.3390/telecom5030031
Chicago/Turabian StyleMarchang, Jims, Jade McDonald, Solan Keishing, Kavyan Zoughalian, Raymond Mawanda, Corentin Delhon-Bugard, Nicolas Bouillet, and Ben Sanders. 2024. "Secure-by-Design Real-Time Internet of Medical Things Architecture: e-Health Population Monitoring (RTPM)" Telecom 5, no. 3: 609-631. https://doi.org/10.3390/telecom5030031
APA StyleMarchang, J., McDonald, J., Keishing, S., Zoughalian, K., Mawanda, R., Delhon-Bugard, C., Bouillet, N., & Sanders, B. (2024). Secure-by-Design Real-Time Internet of Medical Things Architecture: e-Health Population Monitoring (RTPM). Telecom, 5(3), 609-631. https://doi.org/10.3390/telecom5030031