SFTSDH: Applying Spring Security Framework With TSD-Based OAuth2 to Protect Microservice Architecture APIs

The Internet of Medical Things (IoMT) combines medical devices and applications that use network technologies to connect healthcare information systems (HIS). IoMT is reforming the medical industry by adopting information and communication technologies (ICTs). Identity verification, secure collection, and exchange of medical data are essential in health applications. In this study, we implemented a hybrid security solution to secure the collection and management of personal health data using Spring Framework (SF), Services for Sensitive Data (TSD) as a service platform, and Hyper-Text-Transfer-Protocol (HTTP (H)) security methods. The adopted solution (SFTSDH = SF + TSD + H) instigated the following security features: identity brokering, OAuth2, multifactor authentication, and access control to protect the Microservices Architecture Application Programming Interfaces (APIs), following the General Data Protection Regulation (GDPR). Moreover, we extended the adopted security solution to develop a digital infrastructure to facilitate the research and innovation work in the electronic health (eHealth) section, focusing on solution validation with theoretical evaluation and experimental testing. We used a web engineering security methodology to achieve and explain the adopted security solution. As a case study, we designed and implemented electronic coaching (eCoaching) prototype system and deployed the same in the developed infrastructure to securely record and share personal health data. Furthermore, we compared the test results with related studies qualitatively for the efficient evaluation of the implemented security solution. The SFTSDH implementation and configuration in the prototype system have effectively secured the eCoach APIs from an attack in all the considered scenarios. The eCoach prototype with the SFTSDH solution effectively sustained a load of (≈) 1000 concurrent users in the developed digital health infrastructure. In addition, we performed a qualitative comparison among the following security solutions: SF security, third-party security, and SFTSDH, where SFTSDH showed a promising outcome.

[1]  A. Prinz,et al.  Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study , 2022, Sensors.

[2]  Khan Muhammad,et al.  Efficient Security and Authentication for Edge-Based Internet of Medical Things , 2020, IEEE Internet of Things Journal.

[3]  Leonardo Babun,et al.  A survey on IoT platforms: Communication, security, and privacy perspectives , 2021, Comput. Networks.

[4]  Martin W. Gerdes,et al.  An Automatic Ontology-Based Approach to Support Logical Representation of Observable and Measurable Data for Healthy Lifestyle Management: Proof-of-Concept Study , 2021, Journal of medical Internet research.

[5]  Padmalochan Bera,et al.  Software defined networking architecture, traffic management, security, and placement: A survey , 2021, Comput. Networks.

[6]  Martin W. Gerdes,et al.  Human Coaching Methodologies for Automatic Electronic Coaching (eCoaching) as Behavioral Interventions With Information and Communication Technology: Systematic Review , 2021, Journal of Medical Internet Research.

[7]  A. Aman,et al.  IoMT amid COVID-19 pandemic: Application, architecture, technology, and security , 2020, Journal of Network and Computer Applications.

[8]  P. Scuffham,et al.  The Internet of Things: Impact and Implications for Health Care Delivery , 2020, Journal of medical Internet research.

[9]  Ayan Chatterjee,et al.  A Proposed Access Control-Based Privacy Preservation Model to Share Healthcare Data in Cloud , 2020, 2020 16th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)(50308).

[10]  Ayan Chatterjee,et al.  Reference Design Model for a Smart e-Coach Recommendation System for Lifestyle Support based on ICT Technologies , 2020 .

[11]  Omar H. Alhazmi,et al.  Secure IoT Resources with Access Control over RESTful Web Services , 2020 .

[12]  Yingnan Sun,et al.  Security and Privacy for the Internet of Medical Things Enabled Healthcare Systems: A Survey , 2019, IEEE Access.

[13]  Ayan Chatterjee,et al.  eHealth Initiatives for The Promotion of Healthy Lifestyle and Allied Implementation Difficulties , 2019, 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[14]  P. Gondim,et al.  IoMT Platform for Pervasive Healthcare Data Aggregation, Processing, and Sharing Based on OneM2M and OpenEHR , 2019, Sensors.

[15]  Samiran Chattopadhyay,et al.  A Provably Secure and Lightweight Anonymous User Authenticated Session Key Exchange Scheme for Internet of Things Deployment , 2019, IEEE Internet of Things Journal.

[16]  Quy Nguyen,et al.  Applying Spring Security Framework and OAuth2 To Protect Microservice Architecture API , 2019, J. Softw..

[17]  Panagiotis G. Sarigiannidis,et al.  Securing the Internet of Things: Challenges, threats and solutions , 2019, Internet Things.

[18]  Ahmed A. Ismail,et al.  Performance Evaluation of Open Source IoT Platforms , 2018, 2018 IEEE Global Conference on Internet of Things (GCIoT).

[19]  Youakim Badr,et al.  Internet of Medical Things: A Review of Recent Contributions Dealing With Cyber-Physical Systems in Medicine , 2018, IEEE Internet of Things Journal.

[20]  Gerd Kiparski,et al.  Buchbesprechungen. Feiler, Lukas / Forgó, Nikolaus / Weigl, Michaela: The Eu General Data Protection Regulation (Gdpr): A Commentary , 2018, Comput. und Recht.

[21]  Steve G. Langer,et al.  Learning HL7 FHIR Using the HAPI FHIR Server and Its Use in Medical Imaging with the SIIM Dataset , 2018, Journal of Digital Imaging.

[22]  Fang Liu,et al.  Security and Privacy in the Medical Internet of Things: A Review , 2018, Secur. Commun. Networks.

[23]  Jyothi Salibindla,et al.  Microservices API Security , 2018 .

[24]  Juhee Kwon,et al.  Meaningful Healthcare Security: Does Meaningful-Use Attestation Improve Information Security Performance? , 2014, MIS Q..

[25]  A. B. Hssane,et al.  Big healthcare data: preserving security and privacy , 2018, Journal of Big Data.

[26]  Mohd Fadzil Hassan,et al.  Adaptive security architecture for protecting RESTful web services in enterprise computing environment , 2017, Service Oriented Computing and Applications.

[27]  Lei Xie,et al.  Design and Implement of Spring Security-Based T-RBAC , 2017, WCNA 2017.

[28]  Clemens Scott Kruse,et al.  Security Techniques for the Electronic Health Records , 2017, Journal of Medical Systems.

[29]  Katy Tarrit,et al.  A Catalog of Security Architecture Weaknesses , 2017, 2017 IEEE International Conference on Software Architecture Workshops (ICSAW).

[30]  Ning Ye,et al.  Private and Secured Medical Data Transmission and Analysis for Wireless Sensing Healthcare System , 2017, IEEE Transactions on Industrial Informatics.

[31]  Jiri Hosek,et al.  On perspective of security and privacy-preserving solutions in the internet of things , 2016, Comput. Networks.

[32]  Tzonelih Hwang,et al.  BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network , 2016, IEEE Sensors Journal.

[33]  Felipe Gutierrez,et al.  Spring with Spring Boot , 2016 .

[34]  J Lauret,et al.  Modular and scalable RESTful API to sustain STAR collaboration's record keeping , 2015 .

[35]  Cicely Marston,et al.  Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study , 2015, BMC Medical Informatics and Decision Making.

[36]  L. D. de Witte,et al.  Concurrent validity of the MOX activity monitor compared to the ActiGraph GT3X. , 2015, Telemedicine journal and e-health : the official journal of the American Telemedicine Association.

[37]  Sujoy Acharya,et al.  Mastering Unit Testing Using Mockito and JUnit , 2014 .

[38]  Filip De Turck,et al.  Design of a security mechanism for RESTful Web Service communication through mobile clients , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[39]  Qiang Chen,et al.  A Health-IoT Platform Based on the Integration of Intelligent Packaging, Unobtrusive Bio-Sensor, and Intelligent Medicine Box , 2014, IEEE Transactions on Industrial Informatics.

[40]  Miguel López-Coronado,et al.  Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems , 2013, Journal of medical Internet research.

[41]  Pedro Martinez-Julia,et al.  Integration of the OAuth and Web Service family security standards , 2013, Comput. Networks.

[42]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[43]  Lingxia Liu,et al.  SA4WSs: A Security Architecture for Web Services , 2013, ICT-EurAsia.

[44]  Giuseppe Di Battista,et al.  26 Computer Networks , 2004 .

[45]  Gwoboa Horng,et al.  An Authentication Scheme to Healthcare Security under Wireless Sensor Networks , 2012, Journal of Medical Systems.

[46]  Sebastian Abeck,et al.  Identification and Implementation of Authentication and Authorization Patterns in the Spring Security Framework , 2012, SECURWARE 2012.

[47]  Anderson Santana de Oliveira,et al.  Enabling Message Security for RESTful Services , 2012, 2012 IEEE 19th International Conference on Web Services.

[48]  Isabel de la Torre Díez,et al.  Advances and Current State of the Security and Privacy in Electronic Health Records: Survey from a Social Perspective , 2012, Journal of Medical Systems.

[49]  Roch H. Glitho,et al.  RESTful web services for service provisioning in next-generation networks: a survey , 2011, IEEE Communications Magazine.

[50]  Shadi Aljawarneh,et al.  A web engineering security methodology for e-learning systems , 2011, Netw. Secur..

[51]  K. Griffiths,et al.  Security Considerations for E-Mental Health Interventions , 2010, Journal of medical Internet research.

[52]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[53]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.