Master Thesis Topic:- Protection of personal information used by IOT devices in health care. Template for thesis 1. Abstract 2. Introduction 3. Literature Review 4. Methodology 5. Results 6....

Abstract
The aim of this research is to explore IOT healthcare systems for understanding security concerns and identifying secure architectures that can help address them. The report explores the most common applications of IOT in healthcare such as healthcare monitoring and explores in depth the threats that are brought about. It explains how security threats can affect the healthcare systems and patients as well as explores the consequences of the same. The research makes use of a secondary literature review based methodology to explore the solutions that are available to counter these threats. It also covers the details of some of the standards that are used in the IOT based healthcare systems for protection including ISO CD 30141 and ISO AWI 21823. IOT based secure healthcare architecture have been explored to understand what can help protect patient care systems from the security threats that arise from IOT network. Some of the architectures and methods details in the report include Elliptic Curve Cryptography, TinySec, Datagram transport Layer security, SEA architecture, and secure IOT architecture using body sensor network. Based on the analysis of the secondary qualitative data found on the subject, certain recommendations have been made to be followed by organizations using IOT healthcare systems to make their systems secure.
Contents
Abstract    1
Introduction    3
Aims & Objectives    3
Literature Review    4
IOT Architecture    4
IOT Components    5
IOT Applications    6
IOT in Healthcare    7
Health Care Systems    8
IOT SOLUTIONS FOR THE DISABLED    11
Patient Health Monitoring System    12
Security Concerns    13
Security Solutions    15
Addressing Privacy Issues    15
Addressing Security Issues for Physical Objects    16
Security Issues for Communication Technologies    16
Security Issues for Applications    16
Security Issues for Personal Protection    17
Security Standards    18
ISO/IEC CD 30141 Internet of Things Reference Architecture (IoT RA)    18
ISO/IEC AWI 21823-1 Internet of things (IoT)    19
Methodology    19
Research Philosophies    20
Research Approach    22
Data Collection    23
Limitations    23
Ethical Codes    23
Data Analysis    23
IOT Based healthcare security    23
Elliptic Curve Cryptography    24
TinySec    24
Secure and Efficient Authentication and Authorization (SEA) Architecture    26
Datagram Transport Layer Security    28
FDA guidance on medical devices    29
IOT based secure healthcare system using Body Sensor Network    30
Recommendations    32
Conclusions    35
References    37
Introduction
The aim of this research is to explore IOT healthcare systems and architectures to understand what a security concerns are raised in these systems and what measures can be taken to overcome them. IOT devices involve physical objects that have sensors attached to them such that the data about the current activities of the object or the person to whom it is attached can be monitored through the use of sensor and transferred to a remote server for further analysis. IOT devices connect every day objects to the internet to enable this exchange of information. In healthcare, the most common use of IOT is for healthcare monitoring of the patients who may be disabled or sick. It brings many benefits as tracking helps monitor and assess any potential hazards or coming diseases such that proactive steps can be taken by the healthcare practitioners to prevent the patient from suffering any major problem. However, as the system connects devices to internet, a seamless network is created that also exposes the users or patients to the cyber related risks. This research would explore the health care systems and architectures of IOT to understand the data reliability and security concerns as well as conduct a critical analysis of the solutions that can help overcome the difficulties that occur due to security threats.
Aims & Objectives
The aim of this research is to explore the security and data reliability problems and solutions by exploring the healthcare systems and architectures. To achieve this aim, some research questions are needed to be answered:
· How do the IOT based healthcare systems work?
· What architecture can be used to secure Healthcare IOT systems?
· What are the security concerns in the healthcare IOT systems?
· How is reliability of data taken care of in IOT based secure healthcare systems?
· How can healthcare systems be made secure with the use of right IOT architecture?
Following objectives would have to be addressed in the current research:
· Explore healthcare systems that are developing using IOT devices
· Explore secure architecture that are used in Healthcare IOT systems
· Explore the security concerns that are raised in the healthcare IOT systems
· Understand data reliability and how it is maintained in various IOT architectures used in healthcare systems
· Explore the solutions of IOT security and make recommendations for a secure IOT architecture
Literature Review
Internet of Things (IoT) is a dynamic distributed system of networks of devices that can capture real world data through sensors, process the same to develop insights and communicate with others for sharing or exchanging these insights. It has certain key characteristics that distinguishes them from other networks and these including identification, communication, and interaction of anything that can include electronic devices as well as living beings. IOT devices can connect to the internet and perform these exchanges in real time. Connecting to internet also allows remote monitoring of the devices. Many advanced and intelligent functionalities can be added in a device through it.
IOT Architecture
Figure 1: IOT layers (Sethi and Sarangi 2017)
IOT architecture consists of four major layers that include edge technology, access gateway, middleware and application layer. The lower two layers involves capturing of data while the other two use the data captured for analysis and value addition.
Edge Technology: it is the first layer of the IOT architecture that contains the hardware based data collection components like sensors, RFID systems, EDIs, GPS, cameras, and intelligent terminals. These components collect the information, processes it, and communicates the same to the next layer. RFID are the portable devices and has a reader tag and the data that is recorded is as per the need of the RFID tag. RFID tags are useful in enabling real time data monitoring. The data that is transmitted through the RFID tag can include information on devices and the patient in the case of patient monitoring system such as glucose level, blood pressure, and location. IOT systems use Wireless Sensor Networks (WSNs) that having huge number of nodes that sense the results (Bozdogan and Kara 2015).
Gateway: An access gateway handles the data received from the edge layer through technologies like Wi-Fi, Ethernet, WSN, WI-Max, and GSM.
Middleware: After the gateway comes the middleware, which is a software platform that provides a variety of data services including discovery, filtering, aggregation, analysis, and access control. The middleware connects to the top layer, which is the application layer. The application layer connects the IOT system to the users and it has two sub-layers including data management and application service. Data management layer provides services like directory, quality of service, cloud computing data, processing and M2M. Application layer includes an interface between the end users and the applications used in the enterprises (Zarghami 2013).
IOT Components
IOT has a variety of different components working together. One key component of the system is physical object that is used for collecting and monitoring information of the users. The data that this object or device would collect can include vital signs of health such as glucose levels, heart rate, and blood pressure.
Communication technology is another component, which serves as a link between the healthcare application and the devices. These technologies can be ZigBee, Bluetooth, Light Fidelity, or Wi-Fi. ZigBee is an IEEE 802.15.4 standard that work with low power and in short range. The technology is built on Low Rate Wireless Personal Area Network (LR-WPAN) and operates in the 2.4GHz ISM band. Bluetooth, which works on IEEE 802.15.1 standard also, operates in the same band but ZigBee costs less than Bluetooth. Bluetooth makes point to point or point to multipoint connections based on Wireless Personal Area Network (WPAN). Bluetooth devices can operate with low energies and thus, consume less power (Sidhu, Singh and Chhabra 2007).
Light Fidelity (Li-Fi) is a Visible Light Communication system and uses light unlike Wi-Fi, which uses radio waves. Rapid pulses of light between 400 and 800 THz keep being transmitted through an LED lamo, which is fitted on the transceiver. These LEDs transmit data in the form of light while the photoreceptors receive the signals and covert the same into the digital data. However, in the areas where there are obstacles such as walls and trees, Li-Fi cannot be used as the light transmitted can interfere with other sources of light such as sunlight or bulbs. The advantage of this technology is that it is a low cost technology and can eliminate the problem of overlapping of frequencies in signals so there is no electromagnetic interference. Li-Fi technology is used for patient monitoring within a room such as in the case of MRI scanner (MALLICK 2016).
Wi-Fi technologies include IEEE 802.11x Wireless LAN. These technologies work on three interoperable technologies including Direct Sequence Spread Spectrum, Frequency Hopping Spread Spectrum (FHSS), and Infrared (IR). Wi-Fi standards like IEEE 802.11n perform well at the data rate of 600 Mbps under 2.4 GHz or 5 GHz Radio Frequency bands. The technology uses Multiple Input Multiple Output (MIMO) for maximum use of the band available. Protocols are available for security such as Wi-Fi Protected Access Points, WI-Fi protected areas, Advanced Encryption Standard, and Wired Equivalent Privacy (Narendra, Duquennoy and Voigt 2015).
Long Term Evolution (LTE) is another Wireless broadband technology that uses 4G technology. This technology provides 75 Mbps of Uplink data rate and 300 Mbps of down Link data rate. LTE is very cost effective especially in the cases of M2M services. It can be used in healthcare for monitoring and tracking of patients and the devices attached to them. LTE-A is an actual 4G communication standard, which provides 3 GBps of downlink and 1.5 Gbps of uplink data rate at low latency. This technology also provided backward compatibility with LTE networks and thus, services can take advantage of the LTE networks (Paavola 2007).
IOT Applications
The applications IoT component is responsible for data formatting and arranging data flow for specific applications [20]. It provides users with care and assistance through smart technologies like smart home technology. Smart health systems introducing new interconnections between the natural habitat of the disabled, their bodies, and the Internet at the purpose to produce and manage participatory medical knowledge. By replacing wireless sensors inside the home, on clothes and personal items, it becomes possible to monitor, in a way that preserves the privacy, the macroscopic behavior of the person as well as to compile statistics, to identify precursors of dangerous behavioral abnormalities, and finally to activate alarms or prompt for remote actions by appropriate assistance procedures. Users can read health information of the patients through smart IOT applications such as diabetes therapy management and ECG monitoring. Real world inputs are used by the healthcare systems that is obtained from the IOT devices like sensor network and RFID. Data collected is then sent to the cloud technology for storage and processing. The benefit of using cloud computing is that it can improve the quality as well as accessibility of healthcare and reduce the cost. Cloud computing can use different models from Platform as a Service, Software as a Service, and Infrastructure as a Service. IaaS includes software and hardware, which takes service requests from users that are fulfilled by administration at the backend. PaaS services and tools enable efficiently running of cloud-based application by providing control. SaaS provides users applications over cloud that they can use to consume services lime processing, storage and execution (Bilal 2012).
IOT in Healthcare
A variety of sectors including industrial and non-industrial make use of IOT devices for enhancing their infrastructure such as telecommunication, manufacturing, and healthcare. In healthcare sector, the applications of IOT are on rise. It is used in healthcare services like m-health, assisted living, wearables, community healthcare, medical access, and embedded systems. Some of the IOT applications are patient monitoring for ECG, Glucose level, body temperature, and oxygen saturation, and management of services like rehabilitation, medical management, wheelchair management, and smartphone devices (Munir, Kansakar and Khan 2017).
Figure 2:- IoT in Health Care (MILOVANOVIC and BOJKOVIC 2017)
Health Care Systems
IOT has made it possible for health care systems to enhance their efficiencies in providing quality in cost effective ways such that quality services can be provided to the patients. Patients and health care providers for establishing an automated communication between them such that the practitioner remains updated with the health status of the patient can use smart healthcare systems have been built that.
Smart Health Care Systems involve capturing of human health parameters with biometric sensors. The communication happens between the patient and the healthcare practitioner or the caretaker though an IOT cloud (Bardach, Real and Bardach 2015).
Figure 5: The confluence brought about by the IoT (Dlodlo 2013)
As the figure above shows, healthcare IOT consists of healthcare processes like care delivery, wellness, and preventive care, people who are involved in deliveries of these services who would be using a variety of devices from tablet, laptops, mobile, and other devices. These devices can access data over a cloud and can also store the data over it. These devices are called the IOT devices.
The benefits of using IOT devices over cloud include capture of real time data and making it more accessible for patients and healthcare service providers. A typical system of IOT in the healthcare sector includes a system to capture data, a cloud for connecting, and a health care portal.
Normally, a system would make use of Arduino uno ATmega 328P Microcontroller as the device for sensing the body temperature of a patient. Once this device captures the data, it is stored in a database server such as MySQL, which is connected to a real time health portal that can be used for reviewing the health status of the patient. There are several Android based application written using Java programming that can be installed on the mobile, table or a PC for accessing the real time data access portal. The system uses an Ethernet shield for providing the internet connection for real time data transfer between sensors and the database.
Data Acquisition: A sensor is used for capturing data from the patient or a healthcare unit. Some examples of these sensors are DS18B20 that is used for capturing heart beat values and microcontroller Arduino Uno ATmega 328P, which captures the body temperature data.
    
Cloud system: The data that is captured through sensing devices is transferred to a processor such as HLK-RM04 Serial through a Wi-Fi Module and gets stored in a MySQL server. This connection is established through an HTTP protocol.
    
Real Time Health Portal: a user through a healthcare portal that is usually written with Java and is made available through Android applications accessible through multiple devices including mobile laptops, tablets, and personal computers can view the data. An example would be an Android application that would give notification to a mobile user is any fluctuations is observed in the health of a patient (Abbasi, et al. 2017).
IOT SOLUTIONS FOR THE DISABLED
Figure 2: IoT Applications for the Disabled Users (Dasgupta, Mehta and Raha 2012)
IOT applications can be used for disabled who can be served using devices they use such as mobiles, robotic devices, and so on. Personal sensors can also be installed in their wearables or their home equipment’s as in smart homes. The figure above shows a list different types of personal sensors and other objects that can be used with disabled in healthcare.
Fast growing number of the aging population has given rise of more health concerns and healthcare expenses are on rise. In rural areas, healthcare services are not sufficient, as there is a lack of specialized healthcare service. Thus, disabled have to go for large hospitals and healthcare institutes that are costly. IOT can allow the extension of nominal healthcare services from healthcare practitioners to the rural region and thus, make health care cost effective for them. These tasks can include maintenance activities like eating, bathing, and dressing, instrumental activities like using electronic items like television, telephone, and dishwasher, and other enhanced activities like learning, socializing, and engaging into hobbies.
Disable people can be classified based on their types of disabilities include physically disable and cognitive disability or based on competency including independently lived disabled, homebound disabled, and institutionalized disabled. Physically disabled per would have intellectual or perceptual disabilities that are most common with elderly people of age above 59 as they lack strength and endurance. Cognitive disabilities arise from mental malfunctions causing poor performance in normal functioning. Independently living disabled person could be mobile or immobile. Mobile people can be tracked using GPS and other sensors such as accelerometer proximity sensors, and video camera that can be connected through Bluetooth, WI-Fi or mobile internet. Homebound disabled people stay at home and need special assistance if they need to get out. Sensor systems can be installed at home for such a person for providing assistance at home with devices such as wearables that can help make their lives easier. Institutionalized disabled need nursing facilities for a long term specialized care.
IOT can help the disabled in various ways such as preventing diseases, preventing disabilities, and managing chronic diseases. Remover monitoring can be done with IOT devices to detect vital signs in patients so that immediate action can be taken by the caregiver to benefit the patient. Three are inexpensive monitoring systems available for capture o such data and complex algorithms can be used on the data that is collected for sending alerts to the healthcare professionals. Early prevention of disease is possible through such monitoring systems as those suffering with some ailment like diabetes can be monitored and thus, prevented from emergencies (CityPulse 2014).
Patient Health Monitoring System
IOT sensors make a powerful tool for the healthcare sector as it enables remote monitoring of patient’s health such that doctors and practitioners can keep track of the health of their patients and give them appropriate advice on the real time to ensure better healthcare. A remote patient health monitoring system usually consists of a three-tier architecture. The network tier, which is the first tier of the architecture, contains the wearable sensors that act as the sources for data capture and the data that may be captured include latest health condition of the patient including blood pressure and body temperature. The second tier of the IOT architecture includes services that allow the communication and exchange of the data between sensors and other nodes in the network. The top tier of the architecture has nodes used for processing and analysis of the data that is captured for investigation (CityPulse 2014).
A healthcare monitoring system as shown in the figure below involves acquisition of data which is gathered and transferred to an IOT application the process it and analyses the same to deliver the insights to the sue through the IOT devices.
Figure 3: Healthcare monitoring system architecture (Aroul, Walker and Bhatia 2004)
Ambient assisted living can be given to the disabled patient so that they are not alone when they face a health problem. Assistance can be provided to such a patient even for the daily routine work through sensing, computing, communication, and intelligence user interface systems connected with the normal objects. Some sensors can also be embedded into a body such as heart beat stimulator or embedded in the furniture at home. These different types of sensors embedded in different objects are connected such that the data captured is shaped at the same place on the cloud the analysis is provided to the caregiver or the healthcare professional. These devices can also include biometrics that can measure ECG or other alarming systems that allow remote monitoring and care (Fujitsu 2016).
Security Concerns
There is a huge number of devices that are used in IOT networks today and these devices present a variety of e-health scenarios an example of which is the remote monitoring of the patient health. However, these applications increase the dependence of systems on the technologies for identification of patient and the health condition. This can lead to certain risks for the patients if the data collected is not reliable and the patient information is not authentic. In an open and interconnected environment of IOT systems, the integrity of this data could be at risk as the data while in transit can be exposed to hackers who can make use of the data to take advantage of it and launch attacks against patients including the physical attacks. For example, a thief who comes to know that the person living in a house has a weak heart or a disease like asthma, can use the information and attack on the person’s weakness to steal physical stuff from the house (Bagot, Launay and Guidec 2016).
Healthcare cyber-attacks can be very dangerous for the patients and could even be life threatening. As per ICO, healthcare faces large number of data breach incidences and in 2014, the incidences were doubled as compared to the previous year in the UK healthcare system. Healthcare companies have faced 183 data leak incidences and 91 breaches in 2013 while in 2014, there was 44% rise in the data security incidences. Because of such attacks, organizations may have to pay penalties of up to US$1.5 million for a single breach. Further, they need to notify the patients and other affected within 60 days of the experience of the breach. The breach is also to be reported to media if it is likely to affect more than 500 people as per regulation. In 2015, over 12.3 million Americans were affected by 270 data security breaches in healthcare sector. The healthcare sector lack sufficient resources needed for cybersecurity protection, which is why they are attractive target for cyber criminals (H.Weber 2010).
There are online applications used for managing healthcare systems that allow sharing of patient information over the web between the hospital and the patient or healthcare professional. This includes the data collected through sensors in the real time and involves tracking of their regular activities. Such applications need to have strong authorization mechanisms. If the authentication mechanism is not strong enough then attackers can exploit the weakness. If a sensor that is connected to, a patient is compromised in this way, it can have dire consequences and can even lead to the loss of life of a patient. Thus, it is very important that these devices are kept safe. IOT sensors used in medical systems for supporting patients continuously keep capturing the data on the hospital visits, patient health stasis, and analyses the same in the real time. These are mostly integrated with a traditional IT infrastructure used in hospital and thus, would have more security challenges. Further, the IOT systems usually are decentralized which makes it even more difficult to anticipate and mitigate security threats and protect humans from malicious intenders (KAHRAMAN 2010).
Critical infrastructure of hospitals and healthcare systems rely on sensor devices and control systems that are vulnerable to security threats. If these threats are not addressed properly then it can have serious implications on patients. Critical infrastructure of an organization include the power generation, telecom networks, financial services, and healthcare services. Cyber threats can cause power failure, and malfunctioning of hear care systems causing medical accidents. An attacker if gets access to the patient monitoring system, the attacker would be able to control the medical devices, which can affect the safety of the patient (Zhou, Zhang and Liu 2018).
Using cyber security solutions in healthcare IOT is challenging. Latest advances have developed embedded security systems, intrusion detection, and PLC sensor security as some of the solutions for healthcare IOT protection. However, the fact remains that IOT protocols still lack sufficient features needed for protection of the systems from sophistical cyber threats. GSM being the dominant technology used in IOT networks, the vulnerability is significant. A5/3 or KASUMI algorithm used in IOT has some major weaknesses that can be exploited by attackers. IPv6 protocol that is designed for data-intensive applications is used over low power devices and is vulnerable to DOS attacks. An attacker can send fragmented packets to fake targets through the IOT system thereby blocking services for genuine users in the DOS attack (Kolozali 2014).
Although IOT protocols are designed with high-end service provision technologies, when the data is encrypted using weaker algorithms, the security level is downgraded thereby giving only the negotiated level of security. Cloud database provides an easy access to storage systems such as NoSQL Mongo databases. A large amount of data that is generated in the real time can be handled by these database systems through a single server. These databases contain sensitive information of patients. If SQL injection attacks happen on such databases, the impact could be devastating for whole database and even the cloud based content management system (Mukherjee, Dolui and Datta 2013).
Medical professionals can use online systems for accessing patient records as well as sharing them with other professionals. The data that is shared in this way can be very sensitive and confidential. A breach of this data could have negative impacts on both the patient and the medical institution. If the healthcare system has to be protected from such threats, it is essential have advances algorithms used for accounting and authorization. Hospitals also need to follow certain legal procedures such as those defined in Health Insurance Portability and Accountability Act (HIPPAA) as these can help in handling patient information that is accessed over the cloud (Nath and Som2 2017).
Security Solutions
There are varieties of security solutions that are used for the protection of IOT based healthcare systems. Use of authentication of data access through healthcare portals on smartphones is one common method of providing security. The authentication is cryptography based such that the data is encrypted and can only be decrypted with proper authentication. Authentication can provide security by preventing unauthentic users like hackers from logging into the system. However, the systems being complex with involvement of IOT devices and internet-based applications, high-end security solutions are needed and just basic authentication may not be sufficient as a security provision (Pathak...