A Fog Computing Solution for Context-Based Privacy Leakage Detection for Android Healthcare Devices

Intelligent medical service system integrates wireless internet of things (WIoT), including medical sensors, wireless communications, and middleware techniques, so as to collect and analyze patients’ data to examine their physical conditions by many personal health devices (PHDs) in real time. However, large amount of malicious codes on the Android system can compromise consumers’ privacy, and further threat the hospital management or even the patients’ health. Furthermore, this sensor-rich system keeps generating large amounts of data and saturates the middleware system. To address these challenges, we propose a fog computing security and privacy protection solution. Specifically, first, we design the security and privacy protection framework based on the fog computing to improve tele-health and tele-medicine infrastructure. Then, we propose a context-based privacy leakage detection method based on the combination of dynamic and static information. Experimental results show that the proposed method can achieve higher detection accuracy and lower energy consumption compared with other state-of-art methods.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Bo Cheng,et al.  Proactive personalized services through fog-cloud computing in large-scale IoT-based healthcare application , 2017, China Communications.

[3]  Dharma P. Agrawal,et al.  Fog Networks in Healthcare Application , 2016, 2016 IEEE 13th International Conference on Mobile Ad Hoc and Sensor Systems (MASS).

[4]  Agusti Solanas,et al.  Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice , 2018, IEEE Access.

[5]  Zhen Huang,et al.  PScout: analyzing the Android permission specification , 2012, CCS.

[6]  Zhemin Yang,et al.  LeakMiner: Detect Information Leakage on Android with Static Taint Analysis , 2012, 2012 Third World Congress on Software Engineering.

[7]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[8]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[9]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[10]  Xiaojiang Du,et al.  Prometheus: Privacy-aware data retrieval on hybrid cloud , 2013, 2013 Proceedings IEEE INFOCOM.

[11]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[12]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[13]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[14]  Xuxian Jiang,et al.  AppInk: watermarking android apps for repackaging deterrence , 2013, ASIA CCS '13.

[15]  Golden G. Richard,et al.  AspectDroid: Android App Analysis System , 2016, CODASPY.

[16]  James Jin Kang,et al.  Application of an Emergency Alarm System for Physiological Sensors Utilizing Smart Devices , 2017 .

[17]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[18]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[19]  Michael Backes,et al.  AppGuard - Enforcing User Requirements on Android Apps , 2013, TACAS.

[20]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[21]  Marco D. Santambrogio,et al.  A fog-computing architecture for preventive healthcare and assisted living in smart ambients , 2017, 2017 IEEE 3rd International Forum on Research and Technologies for Society and Industry (RTSI).

[22]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[23]  John C. S. Lui,et al.  TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime , 2016, CCS.

[24]  Xiaojiang Du,et al.  Internet Protocol Television (IPTV): The Killer Application for the Next-Generation Internet , 2007, IEEE Communications Magazine.

[25]  Lei Zhang,et al.  A survey of privacy protection techniques for mobile devices , 2017, Journal of Communications and Information Networks.

[26]  Sandeep K. Sood,et al.  A Fog-Based Healthcare Framework for Chikungunya , 2018, IEEE Internet of Things Journal.

[27]  M. Shamim Hossain,et al.  A Security Model for Preserving the Privacy of Medical Big Data in a Healthcare Cloud Using a Fog Computing Facility With Pairing-Based Cryptography , 2017, IEEE Access.

[28]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[29]  Thomas Schreck,et al.  Mobile-sandbox: having a deeper look into android applications , 2013, SAC '13.

[30]  James Jin Kang,et al.  An Integrated mHealth and Vehicular Sensor Based Alarm System Emergency Alarm Notification System for Long Distance Drivers using Smart Devices and Cloud Networks , 2018, 2018 28th International Telecommunication Networks and Applications Conference (ITNAC).

[31]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[32]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[33]  Yan Chen,et al.  Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android , 2015, SecureComm.

[34]  Sencun Zhu,et al.  ViewDroid: towards obfuscation-resilient mobile application repackaging detection , 2014, WiSec '14.

[35]  James Jin Kang,et al.  A Review of Security Protocols in mHealth Wireless Body Area Networks (WBAN) , 2015, FNSS.

[36]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[37]  Thomas Schreck,et al.  Mobile-Sandbox: combining static and dynamic analysis with machine-learning techniques , 2015, International Journal of Information Security.

[38]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[39]  Qun Li,et al.  Fog Computing: Platform and Applications , 2015, 2015 Third IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb).