Security and Privacy in The Internet of Things Healthcare Systems - Toward A Robust Solution in Real-Life Deployment
Security and Privacy in The Internet of Things Healthcare Systems - Toward A Robust Solution in Real-Life Deployment
Security and Privacy in The Internet of Things Healthcare Systems - Toward A Robust Solution in Real-Life Deployment
Keywords: The internet of things (IoT) technology can be nowadays used to track user activity in daily living and health-
Internet of things related quality of life. IoT healthcare sensors can play a great role in reducing health-related costs. It helps
Healthcare users to assess their health progression. Nonetheless, these IoT solutions add security challenges due to their
Security
direct access to numerous personal information and their close integration into user activities. As such, this
Data privacy
IoT technology is always a viable target for cybercriminals. More importantly, any adversarial attacks on an
Cybersecurity
Ambient assisted living
individual IoT node undermine the overall security of the concerned networks. In this study, we present the
privacy and security issues of IoT healthcare devices. Moreover, we address possible attack models needed
to verify the robustness of such devices. Finally, we present our deployed AMbient Intelligence (AMI) Lab
architecture, and we compare its performance to current IoT solutions.
∗ Corresponding author at: AMI-Lab, Computer Science Department, Faculty of Science, University of Sherbrooke, Sherbrooke, QC, Canada.
E-mail addresses: [email protected], [email protected] (I. Sadek).
1
Authors contributed equally.
https://doi.org/10.1016/j.cmpbup.2022.100071
Received 23 September 2021; Received in revised form 17 July 2022; Accepted 25 September 2022
Available online 1 October 2022
2666-9900/© 2022 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-
nc-nd/4.0/).
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
Fig. 1. Annual number of data breaches and exposed records in the United States from 2005 to 2019.
Source: Identify Theft Resource Center.
© 2020 Statista.
over an extended time as well as automatically alert healthcare pro- 2.1. Security concerns in IoT healthcare systems
fessionals or caregivers in emergencies such as falls in the case of se-
niors [7]. IoT-based wearable systems can also benefit pharmaceutical According to the ‘‘ABI (Allied Business Intelligence, Inc) Research
companies by reducing clinical trial tests through enhanced data col- report’’ [9], more than 10 billion wirelessly connected IoT devices
lection mechanisms [4]. According to the ‘‘World Population Prospects are currently available. Also, this number will overreach 30 billion
2019’’, the global population is expected to reach 8.5 billion in 2030, devices by 2026. The deployment of IoT devices will open doors to
and to increase further to 9.7 billion in 2050 and 10.9 billion by a massive amount of applications that would genuinely enhance our
2100. More importunately, it is predicted that in 2050 the 1.5 billion daily life. E-health applications are one of these applications that
people aged 65 years or over worldwide will exceed younger people are gaining more and more attention to [10]. Nonetheless, different
aged 15 to 24 years, i.e., 1.3 billion. Furthermore, Healthcare costs are issues have been raised because of integrating IoT technology in the
projected to grow at an alarmingly high rate and people are concerned healthcare domain. These issues include, but are not limited to, data
about these skyrocketing costs. In 2016, the world consumes US$7.5 storage and data management, data transfer between devices, privacy,
trillion on health or 10% of global domestic products (GDP). High- and security, ubiquitous, and unified access [11]. Data breaches can
income countries have the highest health share of GDP, i.e., 8.2%. severally influence both individual users’ and companies’ reputations.
Low and middle-income countries have a lower health share of GDP, Moreover, intruders will be able to monitor users’ private lives actively
i.e., 6.3% [8]. if they successfully compromised users’ IoT devices.
Technology becomes more ubiquitous in people’s lives due to the Though IoT keeps spreading at a high pace, the problem of security
introduction of IoT-based systems. A large amount of personnel data is still there. Several applications, especially in the healthcare domain
(e.g., activities and health status) will be collected and analyzed. Cyber- are arising due to the IoT evolution. However, healthcare is linked to
security is becoming important not just because of the growing number personal data, i.e., privacy and relevant health information of a patient.
of threats, vulnerabilities, and bad actors, but because technology is As a result, the security of such systems becomes a real concern.
becoming intuitively more sensitive, potentially impacting every area IoT is powered by the Internet, which means that the flow of infor-
of a person’s life. mation recorded by sensors is highly exposed. Therefore, dealing with
The contribution of this study is twofold. First, we highlight the large-scale deployment, involves that IoT goes through secured com-
security and privacy concerns associated with IoT-healthcare systems. munications while another issue is the security of the database itself
Second, we give an insight into how specific mechanisms or approaches where all information is kept leading to data profiling or data stealing.
can be applied to prevent or mitigate such adversarial attempts. We IoT healthcare systems face numerous issues in terms of security. They
anticipate this to guide future research to use and implement con- are mainly confidentiality, integrity, the privacy of data, authentication
crete solutions for IoT in healthcare problems based on the proposed between devices, tracks of the flow of information transfer, and the
approaches and mechanisms by security experts. persistence of information transfer [11].
We have organized the rest of the paper as follows. First, IoT In the case of environmental nodes which are sensors, actuators,
benefits and existing IoT security techniques are addressed in Sec- and gateways, data stealing, data privacy, and confidentiality prevail.
tion 2. Second, we introduced an IoT-based case study, i.e., AMbient In this configuration, attackers steal the information they need through
Intelligence (AMI) Lab architecture in Section 4. Third, we reviewed the unsecured home network, then sell that information. Data profiling
the security requirements of existing IoT schemes in Section 5. Fourth, is another common issue where the adversary intends to know who
the person is through data stealing and how he can hurt him. These
we presented a performance analysis of current state-of-the-art IoT
two issues are present in the overall healthcare-based IoT system. To
solutions in Section 5. At last, we concluded the paper Section 5.
achieve their goal, attackers use various techniques to prevent IoT
systems from working properly. We can present these attacks into five
2. Related work
main categories [12,13] as depicted below:
Following our discussion on healthcare-related challenges, we dis- 1. Selective-Forwarding Attacks: With selective-forwarding at-
cuss the most common security concerns that could affect IoT health- tacks [14] it is possible to launch Denial of Service (DoS) attacks
care systems (Section 2.1). Also, we explore existing IoT security tech- where malicious nodes selectively forward packets. The target of
nologies (Section 2.2). this attack is to disrupt routing paths. For example, by using this
2
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
technique, attackers prevent systems to generate an alert when between the two nodes in a network [19]. To address this issue,
a sensor detects that a person is in a critical situation (e.g., heart Liu et al. [18] proposed a new model called Addressless IoT Server
attack). to secure communication between the IoT client and IoT server.
2. Sinkhole Attacks: This type of attack implies that a malicious Likewise, Rehman and Manickam have designed a lightweight
node advertises an artificial beneficial routing path and attracts mechanism known as Secure-DAD to be deployed on IPv6-enabled
nearby nodes to route traffic through it. This attack does not IoT devices during the time of the installation to ensure only
necessarily disrupt the network operation; However, when cou- authenticated devices can communicate with each other. Thus,
pled with another attack (e.g., selective-forwarding attacks), it can enable secure communication between the devices in an IoT
becomes very powerful. Given this situation, all the information environment [20].
is sent to attackers instead of legitimate healthcare organiza- • Sharma et al. [21] proposed a privacy-preserving model for IoT
tions (i.e., responsible for storing and processing the recorded healthcare-based systems based on data-mining algorithms to
data). Hence, attackers will be able to steal sensitive patient monitor healthcare information systems [22]. In this study, re-
information and eventually profile this patient through his in- searchers have used kHealth [22] which is an IoT-based health-
formation [14]. care information monitoring system to analyze various privacy
3. Jamming: It is a classified machine-to-machine attack that oc- issues and challenges while collecting patient data. Later, the
cupies the wireless spectrum blocking the communication across authors recommended possible solutions to encounter such prob-
IoT devices, as a result of a noise signal used for interference lems while developing practical privacy-preserving data analytics
with wireless communication [15]. for IoT-based healthcare systems.
4. Flooding: The attacker attempts to drain the target’s resources • Wang et al. [23] proposed a data processing system to improve
(e.g., battery, processor, bandwidth, memory). As an example, network reliability and speed in sharing patient data over the IoT
attackers establish numerous connection requests to deplete bat- architecture known as Reduced sensor Data Processing Frame-
teries and occupy the bandwidth. The consequence of this tech- work (REDPF). This system is based on fog computing, the authors
nique is to disturb the continuous transmission and recording of have used Reduced Variable Neighborhood Search (RVNS) algo-
the information (e.g., sensor data) [15]. rithm to enhance the reliability in data transmission and effective
5. Phishing: It is most commonly used to steal a person’s informa- load balancing. The introduced framework has a self-adaptive
tion and consequently, data gathered by environmental nodes filter to recollect missing or inaccurate data automatically. Thus,
can be hacked. One way of this type of attack is asking for making it a fault-tolerant system.
information from users (e.g., Wi-Fi password) so the attackers • Srinivas et al. [24] proposed a cloud-based user authentication
will be granted access to IoT resources. scheme for secure authentication of medical data in the IoT
These security concerns prevent IoT nodes to function correctly healthcare monitoring system. This scheme creates a secret ses-
and can be spread across IoT healthcare systems, which limits their sion key to secure communications between the authorized user
adoption on a large scale. Nevertheless, several solutions are under and the wearable sensor node. The authors applied Real-Or-
investigation to address such concerns as depicted in the next section Random (ROR) model to perform a security analysis of the de-
(Section 2.2). signed mechanism to test its resilience against some well-known
attacks.
2.2. IoT security solutions • Raifa Akkaoui [25] proposed a decentralized authentication
scheme for IoT healthcare systems to minimize the impact of
distributed denial of services attacks (DDoS) on IoT environments
Privacy and security are considered major concerns in IoT architec-
by leveraging blockchain decentralized features. The author has
tures. Hence, an extensive number of studies have been conducted to
find solutions for these concerns [6]. Following, we briefly describe tested the mechanism over the Ethereum platform for security and
some of the existing solutions: privacy analysis. According to the researcher, the scheme ensures
confidentiality, integrity, anonymity, and privacy of IoT devices
• Gupta et al. [16] proposed a lightweight authentication scheme and users.
for wearable devices using simple cryptographic hash functions
to ensure secure communication over the network. Since these After elaborating on the common IoT security and privacy concerns,
devices operate on limited resources (e.g., limited memory and and some possible solutions, we discuss our proposed AMI architecture
computation capacity). Therefore, regular security and privacy as an attempt to address these concerns. (Section 4). Also, we provide
solutions are not well suited to run on wearable devices. The pro- a critical analysis of our proposed architecture compared to existing
posed scheme uses XOR and hashes function to hide the identity solutions.
of the devices to provide anonymity and privacy preservation.
• Gope and Sikdar [17] proposed a lightweight two-factor authen- 3. Security benchmark for IoT architecture
tication scheme to preserve the privacy of IoT devices. Authors
have given more emphasis on device authentication considering The basic IoT architecture consists of three main layers i.e. Physical
the open and public deployment of IoT devices, thus making aka Perception layer, Network layer, and Application layer. Unfor-
them vulnerable to physical and closing attacks. This scheme uses tunately, the existing IoT architecture does not come with security
certain one-way hash values and physically unclonable functions features. Therefore, in this study, we define a security benchmark
(PUFs), which are made of Integrated Circuits (ICs) to generate for IoT architecture based on core information and network security
random physical variations into the micro-structure of IC, thus principles and what applies to real-life IoT deployment.
making it unique. This benchmark comprises a set of standard security parameters
• The Internet Protocol version 6 (IPv6) has been specifically de- against which the security strength of various IoT systems can be
signed to connect a future generation of devices (i.e., IoT) over the compared. These requirements will primarily specify the criteria of
Internet. Since it provides a larger address space than the legacy IoT systems evaluation before deploying the solution in a real-world
IPv4 Internet Protocol and many new features [18]. However, due environment. The resulted evaluation score will determine the security
to its designed nature, it is vulnerable to DoS attacks during the strength of the proposed solution designed for IoT architecture. The
IP address configuration, which can disrupt the communication higher the score, the more secure the solution.
3
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
The work in this paper starts from the observation that by default • [R11] Do Not Use Default Self-Signed Certificates: All cer-
existing IoT architecture lacks security features. Therefore, our secu- tificates should be signed by a certification authority (Physical,
rity benchmark for IoT architecture first maps its basic three layers Network, and Application layers).
i.e. Physical, Network, and Application as follows. • [R12] Evaluate Possible Attack Vector Scenarios and Miti-
gations: Mitigation systems should be placed in front of critical
• Physical layer lies in IoT-end devices such as sensors, actuators,
smart wearable devices, etc. which act as a subscriber as well as assets. Rate-limiting from the application server should be con-
the publisher in an IoT environment. figured, IDS should be installed and configured to detect attacks,
• At the Network layer, routers are deployed as gateways to trans- and blacklisting systems for SSH connection should be enabled
mit the processed data from IoT end-devices to cloud servers for (Network layer).
data storage and analytics purpose. • [R13] Regular Software Check/Updates: Continuously
• Application layer provides various services to IoT users/IoT de- check/update the version of installed software including cloud
vices including data processing and analytics, messaging, and services (Physical, Network, and Application layers).
storage, and delivers other specific subscription-based application
services to IoT users. 4. Case study: AMI architecture
We then instantiated the core security requirements [26] and added
some new requirements to the IoT architecture based on the three We present in this section our proposed AMI architecture [28,29]
defined layered [11,27]. Following the standard security principles, to address the existing discussed security concerns. This architecture
our security recommendations cover confidentiality, integrity, access Fig. 2 is composed of the three main elements commonly found in an
control attributes, and other security attributes to make IoT systems IoT architecture, i.e., the End-user environment layer, Network layer,
robust against possible attack vectors. Emphasizing such security char- and Cloud layer. The following describes the architecture in its entirety
acteristics, we define the following security requirements. before elaborating on each part separately.
• [R1] Authentication: IoT devices have to be recognized and
validated in advance of entering the network. Each entity must 4.1. IoT architecture
have a unique key or a global unique identifier (UID).
• [R2] Confidentiality: It makes sure that information is protected The physical architecture proposed by AMI-lab is composed of
from unauthorized users. Moreover, sensitive information must sensors (e.g., sleep mat, door, smartwatch, scale, oxygen, contact,
be stored securely and must not be exposed to unauthorized and motion sensors), gateways, servers, and database operating in the
identities.
cloud layer and gateway servers Fig. 2. Its logical structure defines
• [R3] Integrity: Message integrity has to be maintained to ensure
the distribution and relationship across the different layers (i.e. from
the information transferred over the network has not been altered
environmental nodes to the cloud layer servers) and the involved
or modified undetectably.
security. The proposed architecture implements the concept of mi-
• [R4] Self-Healing: In a case, a node encounters a failure, might
croservices and as a result, the architecture is modular and easily
be on a system-level or a service level, the system should be aware
of the environment and take proper action to restore the working operated. Through the architecture’s scalability, improvement and in-
state with the same level of security or the least. tegration of a set of services are possible. The gateway is in charge
• [R5] Fault Tolerance: If a crash happens in the network follow- of the communication with the devices in the end user’s environment.
ing an attack, the system should keep working. A failed compo- A middleware component is used to efficiently handle the connected
nent should not refrain the overall system to continue working. devices through interoperability, subscription, and notification. This
Some failures can be foreseen and avoided or ignored by letting middleware provides an interface to manage connected objects. An
the system or the nodes provide the services they have been set access protocol management module based on the IEEE standard has
for. been used to manage the diverse communication protocols. Using the
• [R6] Resilience: In a case, there are several damaged points in 802.15.x and short-distance transmission protocols (e.g., Zigbee, Z-
the IoT network, the system still prevents incoming attacks. Even Wave), the gateway enables the communication with the connected
if the nodes face system failure or service failure, the security devices to carry a small amount of data over a short distance. Once data
implemented should not be impacted. The same level of security is received at the gateway, it will be sent to the cloud over 802.11 IEEE
before the failure should prevail. protocol through the Internet. The connectivity protocol module in
• [R7] Data Freshness: In a system where monitoring takes place, charge of sending the information from the gateway over the Internet is
whenever a party wants to access the data it should be the latest created to be an extremely lightweight published/subscribed messaging
and updated information. Thus, data analysis would be more
transport protocol. Within IoT systems, it is a serviceable protocol
accurate
for remote connections where a small code is needed to perform the
• [R8] Trust: The concept of trust can have different meanings and
transmission and lighten the bandwidth.
it is used in various domains. Though its importance is widely
recognized due to data privacy, trust is a complex concept that To conclusively ensure security, several mechanisms have been
is yet to be well described. Moreover, the satisfaction of trust implemented:
requirements is highly related to identity management and access
• The data is being sent through a secured channel between the
control issues. In general terms, users, i.e., patients need to be
environmental nodes and the cloud nodes. This secured chan-
assured that their private information or data will not be leaked
nel, which requires authentication from both sides is actively
and then misused in an IoT network.
• [R9] Configure Firewalls to Restrict Access: Enable iptables, sustained for the connection.
minimize allowed IPs and ports to necessary services only, and do • Though a secured channel has been provided, the security re-
not manually tamper iptables once configured (Network layer). mains a problem within a local area network (i.e., end user’s
• [R10] Use TLS/SSL where Possible: All services and communi- environment). Accordingly, each gateway has been configured
cations should be accessible over encrypted channels only (Net- with a firewall to restrict all other communications apart from
work and Application layer). Moreover, every application of- the gateway’s peer to subscribe to the published information
fered by the cloud should offer services over TLS/SSL channels and every other communication is denied, limiting the risk of
(Perception layer). intrusion.
4
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
• Moreover, another security concern encountered in the IoT is that dismisses all but forwards the proper information to the proper
data-stealing or data profiling through the identification of the peer.
owner of the device. To avert this threat, anonymity is prefaced
using the address of the gateways instead of the personal identity 4.1.2. Network
of the user. In the network, two servers are acting for securing the commu-
• Furthermore, a middle server that is responsible for the forward- nication channel over the Internet. Those servers are accountable for
ing limits the communication to a unique peer, between a unique creating the Secure Socket Layer (SSL) certificates for the peers in the
node (environment peer) in the end user’s environment and a cloud and the gateways in the end-user’s environment. They are also
unique node in the cloud (server peer). No other communication liable for ascertaining the tunnel from the end-user’s environment to
can be forwarded. Once the information reaches the node in the cloud securing the communication between the entities. To enhance
the cloud, the information is confirmed and then stored in the security, various propositions have been taken:
database.
• The cloud servers have their own firewall rules, denying all, • Compared to the UDP protocol, which is fast but lacks acknowl-
but accepting communication from the authorized parties. In edgment, TCP which has been used in the architecture is slower
this way, connections to the cloud servers are user restricted but reliable offering an error-correction technique and guaran-
and channel restricted. Every gathered information benefits from teeing delivery. In this way, our information will always get to
persistence and security. the other side. VPNs are about the encryption of the control
channel and the encryption of the data channel and to ensure
To visualize the final stored data, another secured channel for access
good security both channels’ security should be strong.
is required to be eligible to see the dashboard. Nonetheless, privacy
• To prevent attacks such as man-in-the-middle attacks, data au-
and confidentiality prevail even after reaching the dashboard. Thus, the
thentication is used through SHA (Secure Hash Algorithm), cre-
dashboard is also user restricted, a person is only authorized to view
ating a unique fingerprint of a valid TLS certificate that can be
the information he has the right to access, letting all other information
validated by the VPN client. We used a recommended version of
impossible to consult.
SHA such as SHA-2 which is secured compared to SHA-1.
Technically, to consolidate the security, security agents (based on
• Moreover, since normal HTTPS traffic uses TCP port 443, com-
scripts) are deployed on the environmental nodes and on the cloud
bining this port with our VPN server, means it becomes difficult
servers to sense and be aware of the environment. Once an intrusion has
been disclosed, e.g., someone logging into the environmental gateway, to distinguish VPN connections from other connections used by
the attacker is automatically logged out of the system. If it is a change email providers, and online banking sites. It means the VPN
in the rule table that is not entered by the administrator, the firewall connection is hard to block.
table will be flushed and reconfigured to maintain the same level • For securely encrypting a handshake, we prevail Elliptic Curve
of security before the intrusion. Every other aspect of the breach of Diffie–Hellman (ECDH) combined with ECDSA signature over
security leading to a defective or overloaded gateway/server is also Diffie–Hellman, to provide perfect forward secrecy. Finally, we
monitored to react in time and prevent a breach in the system. provided an industry-wide standard symmetric key cipher which
is AES with a 256-bit key size. Coupled with the uniqueness of
4.1.1. End-user environment each connection, our middle element gets a secure path from the
This part is composed of the environmental nodes which are sensors, end-user’s environment to the cloud architecture.
actuators, and gateways. Sensors acquire environmental information
(e.g., user motion, door state, vital signs), then send them to the 4.1.3. Cloud architecture
gateway to be processed and stored in a specific data model. The This part consists of servers based on a redundant and scalable
gateway is the only device exposed to the Internet and it uses a pub- architecture. In this configuration, we have a master that is the control
lished/subscribed protocol to publish the gathered information through plane and five nodes supporting the cloud nodes and the database for
a secure tunnel. The gateway is embedded with a proper firewall table the final storage. A published/subscribed protocol is used to acquire
5
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
Table 1
Performance analysis of AMI architecture with current stat-of-the-art IoT solutions based on security features.
IoT solutions Authentication Confidentiality Self-healing Fault tolerance Resilience Data freshness Trust
[16] ✓ ✓ ✗ ✗ ✗ ✗ ✓
[17] ✓ ✓ ✗ ✗ ✗ ✗ ✓
[18] ✓ ✓ ✗ ✗ ✓ ✓ ✓
[20] ✓ ✓ ✗ ✗ ✓ ✓ ✓
[21] ✗ ✓ ✗ ✗ ✗ ✗ ✓
[23] ✗ ✗ ✓ ✓ ✗ ✗ ✗
[24] ✓ ✓ ✗ ✗ ✓ ✗ ✓
[25] ✓ ✓ ✗ ✓ ✓ ✓ ✓
AMI architecture ✓ ✓ ✓ ✓ ✓ ✓ ✓
the information sent by the gateway (in the end-user’s environment) IoT-healthcare systems can employ such schemes to ensure continuous
and the server peer stores the information in the database. An IT services are available to their subscribed hosts.
component monitoring tool based on Zabbix is used to track the overall Self-healing is the potentiality of an IoT network to restore the
architecture and give notifications whenever a problem occurs (in the system during an event of node or system failure, application errors,
cloud servers and/or the environmental nodes). Further information etc. This feature is deployed at the gateway level to monitor the
on how we address the AMI architecture verification can be found in activities of the entire IoT network to detect and restore any faulty node
Supplementary Material. in the system while providing uninterrupted services to the nodes. Due
to the scalability of IoT healthcare systems, this feature is mandatory
5. Critical analysis to ensure proper communication between the publisher and subscriber
node in an IoT network. From our analysis, we conclude that AMI
In this section, we present the performance analysis of current state- architecture [23] solution provides this service.
of-the-art IoT solutions designed for the IoT environment. Some of these Referring to Table 1, it is clear that most of the proposed IoT
solutions are specifically designed for IoT healthcare systems while solutions regarding security concerns lack fault tolerance and self-
others are generic IoT schemes that are also applicable to the healthcare healing components. Emphasizing the definition of self-healing in this
domain. precise context, which is the aptitude of a system to be aware of its
environment and act upon failure, implies that reliability is not just
As we strive to achieve reliability, therefore, the analysis of these
about setting up a highly secured environment but goes beyond that
IoT solutions is evaluated based on the security characteristics men-
fact. Therefore, reliability comes from a highly secured and stable sys-
tioned in the subsection. Table 1 depicts the performance comparison
tem and from the aptitude of the system to recover from an unexpected
of our proposed solution i.e. AMI architecture with existing solutions
situation with the same level of security.
based on key security features, namely authentication, confidentiality,
As a result, Gupta et al. [16] work which focuses on IoT systems
self-healing, fault tolerance, resilience, data freshness, and trust.
with authentication and confidentiality features does not have a recov-
Authentication ensures that only legitimate users/devices can par-
ery plan regarding an unexpected failure in this feature to enable the
ticipate in the IoT-healthcare environment. This process can effectively
continuous reliability of the systems. Though most of the solutions [17,
mitigate the security issues related to impersonation attacks, where an
30,31] are based on strong security features such as authentication,
adversary acts as a genuine host by masquerading the identity of a valid
confidentiality, trust, and resilience to render reliability at its peak,
host. AMI architecture and most of the existing IoT solutions [16–18,
there is still a lack in the next step to take when an unexpected situation
20,24,25] provide this service.
happens. However, our work is to bring together features built into the
Confidentiality is the process of protecting sensitive data from unau-
solutions and add a possible recovery plan upon the unforeseen event.
thorized access. It can prevent any attempts of message modification at-
By doing so, a system is not just reliable until a situation happens.
tacks by maintaining the integrity of the information while transmitting
However, it keeps being reliable after a certain situation occurs.
over the public networks. AMI architecture and security schemes that From Table 1, we can deduce the importance of the self-healing
offer this feature [16–18,20,21,24,25] can be employed to maintain component in a reliable IoT architecture. For healthcare applications,
privacy in IoT-healthcare systems. reliability is not an accessory, it is a must. Surely, applications in-
Trust management in terms of data privacy, identity management, cluding elders’ monitoring require persistence of the incoming data
and access control are crucial in IoT-healthcare systems. Since the and a secured way to access them. In this case, a system that fails in
data/information about patients/users are sensitive by nature. There- terms of security aspects is a system unable to keep track of the older
fore, providing these services is essential in IoT-healthcare systems. information and maintain the previous security level creating breaches
To do so, apart from our proposed solution, existing solutions that in the system.
can provide these services are [16–18,20,21,24,25]. This makes them The findings from this work demonstrate that no existing IoT
applicable to the IoT-healthcare domain. scheme can provide an end-to-end solution. Each IoT solution has its
Resilience is the property that ensures the system is available to advantages and certain limitations. Therefore, to provide a reliable IoT
the users during any malicious incident. This feature can mitigate any system for the healthcare domain, an interoperable mechanism needs
attempts of DoS attacks on IoT healthcare systems. AMI architecture to be deployed that can integrate these schemes to provide security
and those solutions that can provide this feature are [18,20,24,25]. services for IoT systems at all three layers i.e. physical, network, and
Data freshness is the feature that ensures the information is recent application layers. However, that is very challenging as these schemes
and no adversary has re-used it to gain access to a network. By provid- are designed based on different protocols and algorithms thus making
ing this service, any attempt to reply to attacks and Man-in-the-middle them incompatible to work with each other. Therefore, interoperability
attacks can be prevented in an IoT healthcare system. AMI architecture among IoT systems is an open issue that needs to be addressed shortly
and other solutions that can offer this service are [18,20,23–25]. to attain sustainability in the IoT ecosystem.
Fault tolerance capability enables the IoT networks to deliver unin- Considering the fact, that AMI architecture is designed to offer
terrupted services to the users during an event of a system failure or any an end-to-end solution by providing security services at the physical,
adversarial attacks such as DoS/DDoS attacks. Some of the IoT Schemes network, and application layers for IoT systems. According to our per-
that can provide this feature are AMI architecture [18,20,23,25]. Thus, formance analysis results, as depicted in Table 1, only AMI architecture
6
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
fulfilled most if not all the security parameters. This study intended [5] D.V. Dimitrov, Medical internet of things and big data in healthcare, Healthc.
to investigate the reliability of existing IoT security solutions to be Inform. Res. 22 (3) (2016) 156–163, http://dx.doi.org/10.4258/hir.2016.22.3.
156.
employed in the Healthcare domain based on core security principles.
[6] A. Chacko, T. Hayajneh, Security and privacy issues with IoT in healthcare, in:
The diversity and openness of the IoT environment make it vulnerable
EAI Endorsed Transactions on Pervasive Health and Technology, Vol. 4, (14)
to various attack vectors. Therefore, to determine the robustness of the EAI, 2018, http://dx.doi.org/10.4108/eai.13-7-2018.155079.
existing IoT security mechanisms, we evaluated each of these schemes [7] I. Korhonen, J. Parkka, M. Van Gils, Health monitoring in the home of the
based on their security characteristics. After we analyzed these IoT future, IEEE Eng. Med. Biol. Mag. 22 (3) (2003) 66–73, http://dx.doi.org/10.
schemes, it was found that most of these solutions were specifically fo- 1109/MEMB.2003.1213628.
cused to design the lightweight mechanism for resource-constrained IoT [8] World Health Organization, Public Spending on Health: a Closer Look at Global
Trends, Technical documents, World Health Organization, 2018, p. 56.
wearable devices while addressing some security issues by providing
[9] A. Castillo O’Sullivan, A.D. Thierer, Projecting the growth and economic impact
features like authentication, confidentiality, and trust in IoT systems. of the internet of things, SSRN Electr. J. (2015) 10, http://dx.doi.org/10.2139/
Surely, implementing such schemes is essential and can provide ssrn.2618794.
some mitigation against possible attacks. However, considering the [10] I. Romdhani, Chapter 9 - confidentiality and security for IoT based healthcare, in:
scalability and heterogeneous nature of the IoT ecosystem these so- S. Li, L.D. Xu (Eds.), Securing the Internet of Things, Syngress, Boston, 2017, pp.
133–139, http://dx.doi.org/10.1016/B978-0-12-804458-2.00009-3, URL: http:
lutions with limited features may not be feasible enough to prevent
//www.sciencedirect.com/science/article/pii/B9780128044582000093.
intruders from compromising the IoT network. Therefore, some re-
[11] L.M. Dang, M.J. Piran, D. Han, K. Min, H. Moon, A survey on internet of things
searchers have proposed other solutions with more advanced features and cloud computing for healthcare, Electronics 8 (7) (2019) 768, http://dx.doi.
such as self-healing, resilience, fault-tolerance, and data freshness at org/10.3390/electronics8070768, URL: https://www.mdpi.com/2079-9292/8/7/
the network and application layers to ensure secure communication, 768.
uninterrupted services, and sharing of the latest information between [12] S. Raza, L. Wallgren, T. Voigt, SVELTE: Real-time intrusion detection in the
internet of things, Ad Hoc Netw. 11 (8) (2013) 2661–2674, http://dx.doi.org/10.
the nodes in an IoT environment. Thus, can provide more resilience to
1016/j.adhoc.2013.04.014, URL: http://www.sciencedirect.com/science/article/
possible attack vectors.
pii/S1570870513001005.
In this article, we introduced AMI architecture aiming to pro- [13] L. Wallgren, S. Raza, T. Voigt, Routing attacks and countermeasures in the
vide end-to-end security services at all three layers of IoT healthcare RPL-based internet of things, Int. J. Distrib. Sens. Netw. 9 (8) (2013) 794326,
systems. We also discussed other security solutions designed for IoT http://dx.doi.org/10.1155/2013/794326.
healthcare. We found that the existing schemes offer a partial solution, [14] C. Karlof, D. Wagner, Secure routing in wireless sensor networks: attacks and
countermeasures, in: Proceedings of the First IEEE International Workshop on
each one of those schemes has its pros and cons. From our comparative
Sensor Network Protocols and Applications, 2003, 2003, pp. 113–127, http:
analysis, we conclude that our AMI architecture fulfilled the security //dx.doi.org/10.1109/SNPA.2003.1203362.
criteria. It offers robustness against the possible attack vectors and [15] J.X. Zhang, K. Hoshino, Chapter 8 - implantable and wearable sensors, in:
hence makes it a reliable solution for IoT healthcare systems. J.X. Zhang, K. Hoshino (Eds.), Molecular Sensors and Nanodevices (Second
Although AMI architecture fulfilled raised security concerns, it is Edition), second ed., in: Micro and Nano Technologies, Academic Press, 2019, pp.
worth mentioning that securing communication between gateways and 489–545, http://dx.doi.org/10.1016/B978-0-12-814862-4.00008-9, URL: http:
//www.sciencedirect.com/science/article/pii/B9780128148624000089.
off-the-shelf sensors/nodes in the user environment is an open is-
[16] A. Gupta, M. Tripathi, T.J. Shaikh, A. Sharma, A lightweight anonymous user
sue. This communication depends on the type of used protocol in authentication and key establishment scheme for wearable devices, Comput.
wireless sensor networks. Additionally, commercial sensors/nodes use Netw. 149 (2019) 29–42, http://dx.doi.org/10.1016/j.comnet.2018.11.021, URL:
proprietary protocols not accessible for further investigation. https://www.sciencedirect.com/science/article/pii/S1389128618304389.
In future work, we plan to add more resilience to our system so that [17] P. Gope, B. Sikdar, Lightweight and privacy-preserving two-factor authentication
it can counter zero-day attacks. scheme for IoT devices, IEEE Internet Things J. 6 (1) (2019) 580–589, http:
//dx.doi.org/10.1109/JIOT.2018.2846299.
[18] R. Liu, Z. Weng, S. Hao, D. Chang, C. Bao, X. Li, Addressless: enhancing IoT
Declaration of competing interest server security using IPv6, IEEE Access 8 (2020) 90294–90315.
[19] S.U. Rehman, S. Manickam, Denial of service attack in IPv6 duplicate address
The authors declare that they have no known competing finan- detection process, Int. J. Adv. Comput. Sci. Appl. 7 (2016) 232–238, http:
//dx.doi.org/10.14569/IJACSA.2016.070630.
cial interests or personal relationships that could have appeared to
[20] S.U. Rehman, S. Manickam, Improved mechanism to prevent denial of service
influence the work reported in this paper.
attack in IPv6 duplicate address detection process, Int. J. Adv. Comput. Sci. Appl.
8 (2) (2017) 63–70, http://dx.doi.org/10.14569/IJACSA.2017.080209.
Appendix A. Supplementary data [21] S. Sharma, K. Chen, A. Sheth, Toward practical privacy-preserving analytics for
IoT and cloud-based healthcare systems, IEEE Internet Comput. 22 (2) (2018)
42–51, http://dx.doi.org/10.1109/MIC.2018.112102519.
Supplementary material related to this article can be found online
[22] P. Anantharam, T. Banerjee, A. Sheth, K. Thirunarayan, S. Marupudi, V. Srid-
at https://doi.org/10.1016/j.cmpbup.2022.100071. haran, S.G. Forbis, Knowledge-driven personalized contextual mhealth service
for asthma management in children, in: 2015 IEEE International Conference on
Mobile Services, 2015, pp. 284–291, http://dx.doi.org/10.1109/MobServ.2015.
References 48.
[23] K. Wang, Y. Shao, L. Xie, J. Wu, S. Guo, Adaptive and fault-tolerant data
[1] World Economic Forum, World economic forum: Global risks report processing in healthcare IoT based on fog computing, IEEE Trans. Netw. Sci.
2019, Comput. Fraud Secur. 2019 (2) (2019) 4, http://dx.doi.org/10.1016/ Eng. 7 (1) (2020) 263–273, http://dx.doi.org/10.1109/TNSE.2018.2859307.
S1361-3723(19)30016-8, URL: http://www.sciencedirect.com/science/article/ [24] J. Srinivas, A.K. Das, N. Kumar, J.J.P.C. Rodrigues, Cloud centric authen-
pii/S1361372319300168. tication for wearable healthcare monitoring system, IEEE Trans. Dependable
[2] C.D. Blendon, Robert J., Future health care challenges, Issues Sci. Technol. 4 Secure Comput. 17 (5) (2020) 942–956, http://dx.doi.org/10.1109/TDSC.2018.
(19) (2003) URL: https://issues.org/blendon/. 2828306.
[3] I. Sadek, A. Demarasse, M. Mokhtari, Internet of things for sleep tracking: [25] R. Akkaoui, Blockchain for the management of internet of things devices in the
wearables vs. nonwearables, Health Technol. (2019) http://dx.doi.org/10.1007/ medical industry, IEEE Trans. Eng. Manage. (2021).
s12553-019-00318-3. [26] C. Easttom, Computer Security Fundamentals, in: Pearson IT Cybersecurity
[4] D. Minoli, K. Sohraby, B. Occhiogrosso, IoT security (IoTSec) mechanisms for Curriculum (ITCC), Pearson Education, 2019, URL: https://books.google.com.eg/
e-Health and ambient assisted living applications, in: 2017 IEEE/ACM Interna- books?id=erauDwAAQBAJ.
tional Conference on Connected Health: Applications, Systems and Engineering [27] T.A. Ahanger, A. Aljumah, Internet of things: A comprehensive study of security
Technologies, CHASE, 2017, pp. 13–18, http://dx.doi.org/10.1109/CHASE.2017. issues and defense mechanisms, IEEE Access 7 (2019) 11020–11028, http://dx.
53. doi.org/10.1109/ACCESS.2018.2876939.
7
I. Sadek et al. Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
[28] I. Sadek, S.U. Rehman, J. Codjo, B. Abdulrazak, Privacy and security of IoT based [30] A. Esfahani, G. Mantas, R. Matischek, F.B. Saghezchi, J. Rodriguez, A. Bicaku,
healthcare systems: Concerns, solutions, and recommendations, in: J. Pagán, M. S. Maksuti, M.G. Tauber, C. Schmittner, J. Bastos, A lightweight authentication
Mokhtari, H. Aloulou, B. Abdulrazak, M.F. Cabrera (Eds.), How AI Impacts Urban mechanism for M2M communications in industrial IoT environment, IEEE In-
Living and Public Health, Springer International Publishing, Cham, 2019, pp. ternet Things J. 6 (1) (2019) 288–296, http://dx.doi.org/10.1109/JIOT.2017.
3–17. 2737630.
[29] B. Abdulrazak, S. Paul, S. Maraoui, A. Rezaei, T. Xiao, IoT architecture with plug [31] M. Saravanan, R. Shubha, A.M. Marks, V. Iyer, SMEAD: A secured mobile enabled
and play for fast deployment and system reliability: AMI platform, in: H. Aloulou, assisting device for diabetics monitoring, in: 2017 IEEE International Conference
B. Abdulrazak, A. de Marassé-Enouf, M. Mokhtari (Eds.), Participative Urban on Advanced Networks and Telecommunications Systems, ANTS, 2017, pp. 1–6,
Health and Healthy Aging in the Age of AI, Springer International Publishing, http://dx.doi.org/10.1109/ANTS.2017.8384099.
Cham, 2022, pp. 43–57.