Search Results (8)

Internet of Things (IoT) technology in healthcare has enabled innovative services that enhance patient monitoring, diagnostics and medical data management. However, securing sensitive health data while maintaining system efficiency of resource-constrained IoT devices remains a critical challenge. This work presents a comprehensive end-to-end IoT security framework for healthcare environments, addressing encryption at two key levels: lightweight encryption at the edge for resource-constrained devices and robust end-to-end encryption when transmitting data to the cloud via MQTT cloud brokers. The proposed system leverages multi-broker MQTT architecture to optimize resource utilization and enhance message reliability. At the edge, lightweight cryptographic techniques ensure low-latency encryption before transmitting data via a secure MQTT broker hosted within the hospital infrastructure. To safeguard data as it moves beyond the hospital to the cloud, stronger end-to-end encryption are applied to ensure end-to-end security, such as AES-256 and TLS 1.3, to ensure confidentiality and resilience over untrusted networks. A proof-of-concept Python 3.10 -based MQTT implementation is developed using open-source technologies. Security and performance evaluations demonstrate the feasibility of the multi-layer encryption approach, effectively balancing computational overhead with data protection. Security and performance evaluations demonstrate that our novel HECS4MQTT (Health Edge Cloud Security for MQTT) framework achieves a unique balance between efficiency and security. Unlike existing solutions that either impose high computational overhead at the edge or rely solely on transport-layer protection, HECS4MQTT introduces a layered encryption strategy that decouples edge and cloud security requirements. This design minimizes processing delays on constrained devices while maintaining strong cryptographic protection when data crosses trust boundaries. The framework also introduces a lightweight bridge component for re-encryption and integrity enforcement, thereby reducing broker compromise risk and supporting compliance with healthcare security regulations. Our HECS4MQTT framework offers a scalable, adaptable, and trust-separated security model, ensuring enhanced confidentiality, integrity, and availability of healthcare data while remaining suitable for deployment in real-world, latency-sensitive, and resource-limited medical environments. Full article

With the rapid growth of internet-connected devices and their resource-constrained capabilities, the current authentication mechanisms are unable to meet the complex IoT application requirements, such as in the Industrial Internet of Things (IIoT), due to the increased computation, communication, and storage overhead arising from these mechanisms. In the IIoT, machine-to-machine (M2M) communication is an underlying technology where devices (e.g., sensors, actuators, and controllers) can be enabled to exchange information autonomously; thus, the massive data generated by these devices can increase latency, network congestion, and the complexity of security management. Message queue telemetry transport (MQTT) is one of the promising M2M protocols used in the IoT that could encounter such issues because it relies on a central broker in the cloud and implements a heavyweight authentication mechanism based on TLS. Therefore, this paper proposes an MQTT architecture with multi-tier brokers based on fog computing, where each broker is deployed with an authentication manager. In addition, the paper presents a lightweight mutual authentication scheme based on hash function and XOR operation. Comparing the results given in the benchmark, the overall performance of our scheme shows that storage and communication overheads are reduced to 89% and 23%, respectively. Furthermore, our system can resist against several cyberattacks and provide scalability. Full article

In this study, we implemented an integrated security solution with Spring Security and Keycloak open-access platform (SSK) to secure data collection and exchange over microservice architecture application programming interfaces (APIs). The adopted solution implemented the following security features: open authorization, multi-factor authentication, identity brokering, and user management to safeguard microservice APIs. Then, we extended the security solution with a virtual private network (VPN), Blowfish and crypt (Bcrypt) hash, encryption method, API key, network firewall, and secure socket layer (SSL) to build up a digital infrastructure. To accomplish and describe the adopted SSK solution, we utilized a web engineering security method. As a case study, we designed and developed an electronic health coaching (eCoach) prototype system and hosted the system in the expanded digital secure infrastructure to collect and exchange personal health data over microservice APIs. We further described our adopted security solution’s procedural, technical, and practical considerations. We validated our SSK solution implementation by theoretical evaluation and experimental testing. We have compared the test outcomes with related studies qualitatively to determine the efficacy of the hybrid security solution in digital infrastructure. The SSK implementation and configuration in the eCoach prototype system has effectively secured its microservice APIs from an attack in all the considered scenarios with 100% accuracy. The developed digital infrastructure with SSK solution efficiently sustained a load of (≈)300 concurrent users. In addition, we have performed a qualitative comparison among the following security solutions: Spring-based security, Keycloak-based security, and their combination (our utilized hybrid security solution), where SSK showed a promising outcome. Full article

Automakers manage vast fleets of connected vehicles and face an ever-increasing demand for their sensor readings. This demand originates from many stakeholders, each potentially requiring different sensors from different vehicles. Currently, this demand remains largely unfulfilled due to a lack of systems that can handle such diverse demands efficiently. Vehicles are usually passive participants in data acquisition, each continuously reading and transmitting the same static set of sensors. However, in a multi-tenant setup with diverse data demands, each vehicle potentially needs to provide different data instead. We present a system that performs such vehicle-specific minimization of data acquisition by mapping individual data demands to individual vehicles. We collect personal data only after prior consent and fulfill the requirements of the GDPR. Non-personal data can be collected by directly addressing individual vehicles. The system consists of a software component natively integrated with a major automaker’s vehicle platform and a cloud platform brokering access to acquired data. Sensor readings are either provided via near real-time streaming or as recorded trip files that provide specific consistency guarantees. A performance evaluation with over 200,000 simulated vehicles has shown that our system can increase server capacity on-demand and process streaming data within 269 ms on average during peak load. The resulting architecture can be used by other automakers or operators of large sensor networks. Native vehicle integration is not mandatory; the architecture can also be used with retrofitted hardware such as OBD readers. Full article

Cities are becoming increasingly complex to manage, as they increase in size and must provide higher living standards for their populations. New technology-based solutions must be developed towards attending this growth and ensuring that it is socially sustainable. This paper puts forward the notion that these solutions must share some properties: they should be anthropocentric, holistic, horizontal, multi-dimensional, multi-modal, and predictive. We propose an architecture in which streaming data sources that characterize the city context are used to feed a real-time graph of the city’s assets and states, as well as to train predictive models that hint into near future states of the city. This allows human decision-makers and automated services to take decisions, both for the present and for the future. To achieve this, multiple data sources about a city were gradually connected to a message broker, that enables increasingly rich decision-support. Results show that it is possible to predict future states of a city, in aspects such as traffic, air pollution, and other ambient variables. The key innovative aspect of this work is that, as opposed to the majority of existing approaches which focus on a real-time view of the city, we also provide insights into the near-future state of the city, thus allowing city services to plan ahead and adapt accordingly. The main goal is to optimize decision-making by anticipating future states of the city and make decisions accordingly. Full article

Skateboarding as a method of transportation has become prevalent, which has increased the occurrence and likelihood of pedestrian–skateboarder collisions and near-collision scenarios in shared-use roadway areas. Collisions between pedestrians and skateboarders can result in significant injury. New approaches are needed to evaluate shared-use areas prone to hazardous pedestrian–skateboarder interactions, and perform real-time, in situ (e.g., on-device) predictions of pedestrian–skateboarder collisions as road conditions vary due to changes in land usage and construction. A mechanism called the Surrogate Safety Measures for skateboarder–pedestrian interaction can be computed to evaluate high-risk conditions on roads and sidewalks using deep learning object detection models. In this paper, we present the first ever skateboarder–pedestrian safety study leveraging deep learning architectures. We view and analyze state of the art deep learning architectures, namely the Faster R-CNN and two variants of the Single Shot Multi-box Detector (SSD) model to select the correct model that best suits two different tasks: automated calculation of Post Encroachment Time (PET) and finding hazardous conflict zones in real-time. We also contribute a new annotated data set that contains skateboarder–pedestrian interactions that has been collected for this study. Both our selected models can detect and classify pedestrians and skateboarders correctly and efficiently. However, due to differences in their architectures and based on the advantages and disadvantages of each model, both models were individually used to perform two different set of tasks. Due to improved accuracy, the Faster R-CNN model was used to automate the calculation of post encroachment time, whereas to determine hazardous regions in real-time, due to its extremely fast inference rate, the Single Shot Multibox MobileNet V1 model was used. An outcome of this work is a model that can be deployed on low-cost, small-footprint mobile and IoT devices at traffic intersections with existing cameras to perform on-device inferencing for in situ Surrogate Safety Measurement (SSM), such as Time-To-Collision (TTC) and Post Encroachment Time (PET). SSM values that exceed a hazard threshold can be published to an Message Queuing Telemetry Transport (MQTT) broker, where messages are received by an intersection traffic signal controller for real-time signal adjustment, thus contributing to state-of-the-art vehicle and pedestrian safety at hazard-prone intersections. Full article

Delivering electronic health care (eHealth) services across multi-cloud providers to implement patient-centric care demands a trustworthy brokering architecture. Specifically, such an architecture should aggregate relevant medical information to allow informed decision-making. It should also ensure that this information is complete and authentic and that no one has tampered with it. Brokers deployed in eHealth services may fall short of meeting such criteria due to two key behaviors. The first involves violating international health-data protection laws by allowing user anonymity and limiting user access rights. Second, brokers claiming to provide trustworthy transactions between interested parties usually rely on user feedback, an approach vulnerable to manipulation by malicious users. This paper addresses these data security and trust challenges by proposing HealthyBroker, a novel, trust-building brokering architecture for multiple cloud environments. This architecture is designed specifically for patient-centric cloud eHealth services. It enables care-team members to complete eHealth transactions securely and access relevant patient data on a “need-to-know” basis in compliance with data-protection laws. HealthyBroker also protects against potential malicious behavior by assessing the trust relationship and tracking it using a neutral, tamper-proof, distributed blockchain ledger. Trust is assessed based on two strategies. First, all transactions and user feedback are tracked and audited in a distributed ledger for transparency. Second, only feedback coming from trustworthy parties is taken into consideration. HealthyBroker was tested in a simulated eHealth multi-cloud environment. The test produced better results than a benchmark algorithm in terms of data accuracy, service time, and the reliability of feedback received as measured by three malicious behavior models (naïve, feedback isolated, and feedback collective). These results demonstrate that HealthyBroker can provide care teams with a trustworthy, transparent ecosystem that can facilitate information sharing and well-informed decisions for patient-centric care. Full article

Mobile phone network data, routinely collected by its providers, possess very valuable encoded information about human behaviors. Intensive tourist activities in urban spaces bring smartness via mobile phone fingerprints into the understanding of an urban ecosystem. Due to the diverse processes that govern mobile communication, mining the geolocations of individuals seems to be non-trivial, tedious, and even irregular, which can lead to an incomplete trajectory. Enriching trajectories with infrastructural facilities is another challenge. We provide a unified approach, comprised of both informal and formal elements, to obtain a common framework, which maps pervasive datasets into a collection of individual patterns in urban spaces, to obtain context-enhanced trajectory reconstructions. Through the algorithmization of the approach, we acquire a study that provides new insights on individual and anonymized tourist behaviors. In order to obtain individual behaviors, it is necessary to carry out an arduous extraction process. We propose a multi-agent system architecture and predefined message streams, which are transported on a message-broker platform. We also propose all of the basic algorithms that compose the prototype of the entire multi-agent system. All algorithms were formally analyzed due to termination and time complexity. System evaluation, together with a few basic experiments, was also carried out. The performance evaluation results authenticate system feasibility, credibility, and vitality. Those factors prove its effectiveness and the possibility to build the target system, whilst supporting every urban ecosystem. The system would also strongly influence municipal services to understand urban context and operate more effectively in order to support tourist activities to become safer and more comfortable. Full article