A threat taxonomy for mHealth privacy

Networked mobile devices have great potential to enable individuals (and their physicians) to better monitor their health and to manage medical conditions. In this paper, we examine the privacy-related threats to these so-called mHealth technologies. We develop a taxonomy of the privacy-related threats, and discuss some of the technologies that could support privacy-sensitive mHealth systems. We conclude with a brief summary of research challenges.

[1]  Sasikanth Avancha,et al.  A privacy framework for mobile health and home-care systems , 2009, SPIMACS '09.

[2]  Cory Cornelius,et al.  On Usable Authentication for Wireless Body Area Networks , 2010 .

[3]  S. Sastry,et al.  Security and Privacy Issues with Health Care Information Technology , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[4]  Lui Sha,et al.  I-Living: An Open System Architecture for Assisted Living , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[5]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[6]  J.A. Paradiso,et al.  A Compact, High-Speed, Wearable Sensor Network for Biomotion Capture and Interactive Media , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[7]  Pam Dixon Medical Identity Theft: the Information Crime That Can Kill You , 2006 .

[8]  Joachim Biskup,et al.  Computer Security - ESORICS 2007, 12th European Symposium On Research In Computer Security, Dresden, Germany, September 24-26, 2007, Proceedings , 2007, ESORICS.

[9]  Kamin Whitehouse,et al.  Protecting your daily in-home activity information from a wireless snooping attack , 2008, UbiComp.

[10]  Tanzeem Choudhury,et al.  Activity-aware ECG-based patient authentication for remote health monitoring , 2009, ICMI-MLMI '09.

[11]  Salvatore J. Stolfo,et al.  Insider Attack and Cyber Security - Beyond the Hacker , 2008, Advances in Information Security.

[12]  M. Eric Johnson,et al.  Data Hemorrhages in the Health-Care Sector , 2009, Financial Cryptography.

[13]  Joan Hash,et al.  SP 800-66 Rev. 1. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule , 2008 .

[14]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[15]  Sean W. Smith,et al.  Preventative Directions For Insider Threat Mitigation Via Access Control , 2008, Insider Attack and Cyber Security.

[16]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[17]  Bradley Malin,et al.  Re-identification of Familial Database Records , 2006, AMIA.

[18]  Lan Wang,et al.  Design and Implementation of a Secure Wireless Mote-Based Medical Sensor Network , 2008, Sensors.

[19]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[20]  Sérgio Shiguemi Furuie,et al.  A contextual role-based access control authorization model for electronic patient record , 2003, IEEE Transactions on Information Technology in Biomedicine.

[21]  M. Eric Johnson,et al.  Information security and privacy in healthcare: current state of research , 2010, Int. J. Internet Enterp. Manag..

[22]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[23]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[24]  Gerald L. Lohse,et al.  On site: to opt-in or opt-out?: it depends on the question , 2001, CACM.

[25]  Muttukrishnan Rajarajan,et al.  Securing electronic health records with novel mobile encryption schemes , 2007, Int. J. Electron. Heal..

[26]  Cormac J. Sreenan,et al.  Wireless Sensor Networks, 6th European Conference, EWSN 2009, Cork, Ireland, February 11-13, 2009. Proceedings , 2009, EWSN.

[27]  Charles V. Wright,et al.  On Inferring Application Protocol Behaviors in Encrypted Network Traffic , 2006, J. Mach. Learn. Res..

[28]  Peter I. Corke,et al.  secFleck: A Public Key Technology Platform for Wireless Sensor Networks , 2009, EWSN.

[29]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[30]  Roger Dingledine,et al.  Financial Cryptography and Data Security , 2009, Lecture Notes in Computer Science.