Security and Privacy for the Internet of Medical Things Enabled Healthcare Systems: A Survey

With the increasing demands on quality healthcare and the raising cost of care, pervasive healthcare is considered as a technological solutions to address the global health issues. In particular, the recent advances in Internet of Things have led to the development of Internet of Medical Things (IoMT). Although such low cost and pervasive sensing devices could potentially transform the current reactive care to preventative care, the security and privacy issues of such sensing system are often overlooked. As the medical devices capture and process very sensitive personal health data, the devices and their associated communications have to be very secured to protect the user’s privacy. However, the miniaturized IoMT devices have very limited computation power and fairly limited security schemes can be implemented in such devices. In addition, with the widespread use of IoMT devices, managing and ensuring the security of IoMT systems are very challenging and which are the major issues hindering the adoption of IoMT for clinical applications. In this paper, the security and privacy challenges, requirements, threats, and future research directions in the domain of IoMT are reviewed providing a general overview of the state-of-the-art approaches.

[1]  A. Landman,et al.  Cybersecurity features of digital medical devices: an analysis of FDA product summaries , 2019, BMJ Open.

[2]  René Mayrhofer,et al.  Smartphone-Based Gait Recognition: From Authentication to Imitation , 2017, IEEE Transactions on Mobile Computing.

[3]  Ara Darzi,et al.  Cybersecurity and healthcare: how safe are we? , 2017, British Medical Journal.

[4]  Paul Barrett,et al.  Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[5]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[6]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[7]  Sukumar Mishra,et al.  Maintaining Security and Privacy in Health Care System Using Learning Based Deep-Q-Networks , 2018, Journal of Medical Systems.

[8]  Fang Liu,et al.  Security and Privacy in the Medical Internet of Things: A Review , 2018, Secur. Commun. Networks.

[9]  Patrick Crilly,et al.  Using smart phones and body sensors to deliver pervasive mobile personal healthcare , 2010, 2010 Sixth International Conference on Intelligent Sensors, Sensor Networks and Information Processing.

[10]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11]  Mehmet A. Orgun,et al.  Privacy Preservation in e-Healthcare Environments: State of the Art and Future Directions , 2018, IEEE Access.

[12]  Xianghan Zheng,et al.  Lightweight distributed secure data management system for health internet of things , 2017, J. Netw. Comput. Appl..

[13]  Erchin Serpedin,et al.  Physical layer security for wireless implantable medical devices , 2015, 2015 IEEE 20th International Workshop on Computer Aided Modelling and Design of Communication Links and Networks (CAMAD).

[14]  Wei Li,et al.  Wearable indoor localisation approach in Internet of Things , 2016, IET Networks.

[15]  Jie Wu,et al.  PrivacyProtector: Privacy-Protected Patient Data Collection in IoT-Based Healthcare Systems , 2018, IEEE Communications Magazine.

[16]  Nureni Ayofe Azeez,et al.  Security and privacy issues in e-health cloud-based system: A comprehensive content analysis , 2019, Egyptian Informatics Journal.

[17]  Gengfa Fang,et al.  Encryption for Implantable Medical Devices Using Modified One-Time Pads , 2015, IEEE Access.

[18]  Emil C. Lupu,et al.  Extracting Randomness from the Trend of IPI for Cryptographic Operations in Implantable Medical Devices , 2018, IEEE Transactions on Dependable and Secure Computing.

[19]  Sandeep K. S. Gupta,et al.  TARA: Thermal-Aware Routing Algorithm for Implanted Sensor Networks , 2005, DCOSS.

[20]  Ximeng Liu,et al.  Lightweight Privacy-Preserving Identity-Based Verifiable IoT-Based Health Storage System , 2019, IEEE Internet of Things Journal.

[21]  Wenyao Xu,et al.  Multichannel EEG-based biometric using improved RBF neural networks , 2015, 2015 IEEE Signal Processing in Medicine and Biology Symposium (SPMB).

[22]  Soichi Ogishima,et al.  Authentication of Patients and Participants in Health Information Exchange and Consent for Medical Research: A Key Step for Privacy Protection, Respect for Autonomy, and Trustworthiness , 2018, Front. Genet..

[23]  Subir Biswas,et al.  On-body Packet Routing Algorithms for Body Sensor Networks , 2009, 2009 First International Conference on Networks & Communications.

[24]  Rajiv Chakravorty,et al.  A programmable service architecture for mobile medical care , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[25]  Benny P. L. Lo,et al.  EEG-based user identification system using 1D-convolutional long short-term memory neural networks , 2019, Expert Syst. Appl..

[26]  D. Hasan Jamak DIGITAL SIGNATURE ALGORITHM (DSA) , 2006 .

[27]  R. Bromwich,et al.  Privacy risks when using mobile devices in health care , 2016, Canadian Medical Association Journal.

[28]  Peng An,et al.  A compensation method to improve the performance of IPI-based entity recognition system in body sensor networks , 2013, 2013 35th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC).

[29]  Wenping Ma,et al.  ETAP: Energy-Efficient and Traceable Authentication Protocol in Mobile Medical Cloud Architecture , 2018, IEEE Access.

[30]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[31]  Hassan Ghasemzadeh,et al.  Toward seamless wearable sensing: Automatic on-body sensor localization for physical activity monitoring , 2014, 2014 36th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[32]  Sandeep K. S. Gupta,et al.  Communication scheduling to minimize thermal effects of implanted biosensor networks in homogeneous tissue , 2005, IEEE Transactions on Biomedical Engineering.

[33]  Wenyuan Xu,et al.  Jamming sensor networks: attack and defense strategies , 2006, IEEE Network.

[34]  Ankur Gupta,et al.  A lightweight anonymous user authentication and key establishment scheme for wearable devices , 2019, Comput. Networks.

[35]  M. Chung,et al.  Cardiovascular Implantable Electronic Device Replacement Infections and Prevention: Results from the REPLACE Registry , 2012, Pacing and clinical electrophysiology : PACE.

[36]  Meng Zhang,et al.  MedMon: Securing Medical Devices Through Wireless Monitoring and Anomaly Detection , 2013, IEEE Transactions on Biomedical Circuits and Systems.

[37]  L Erasmus,et al.  ELECTRONIC MEDICAL RECORDS SYSTEM USER ACCEPTANCE , 2015 .

[38]  Mikhail Khitrov,et al.  Talking passwords: voice biometrics for data access and security , 2013 .

[39]  Edward David Moreno,et al.  An Architecture for Self-healing in Internet of Things , 2015 .

[40]  Ahmed Farouk,et al.  Secure Medical Data Transmission Model for IoT-Based Healthcare Systems , 2018, IEEE Access.

[41]  Tzonelih Hwang,et al.  BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network , 2016, IEEE Sensors Journal.

[42]  Aiqing Zhang,et al.  Light-Weight and Robust Security-Aware D2D-Assist Data Transmission Protocol for Mobile-Health Systems , 2017, IEEE Transactions on Information Forensics and Security.

[43]  Fengyuan Xu,et al.  IMDGuard: Securing implantable medical devices with the external wearable guardian , 2011, 2011 Proceedings IEEE INFOCOM.

[44]  Rabul Hussain Laskar,et al.  Study on biometric authentication systems, challenges and future trends: A review , 2013 .

[45]  Azzedine Boukerche,et al.  A secure mobile healthcare system using trust-based multicast scheme , 2009, IEEE Journal on Selected Areas in Communications.

[46]  Carmen C. Y. Poon,et al.  Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network , 2008, IEEE Transactions on Information Technology in Biomedicine.

[47]  Sharath Pankanti,et al.  Biometric Recognition: Security and Privacy Concerns , 2003, IEEE Secur. Priv..

[48]  Dariush Abbasinezhad-Mood,et al.  A Robust and Efficient ECC-based Mutual Authentication and Session Key Generation Scheme for Healthcare Applications , 2018, Journal of Medical Systems.

[49]  P. Poongodi,et al.  Augmented lightweight security scheme with access control model for wireless medical sensor networks , 2018, Cluster Computing.

[50]  Sotiris Ioannidis,et al.  Review of Security and Privacy for the Internet of Medical Things (IoMT) , 2019, 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS).

[51]  Leïla Azouz Saïdane,et al.  Privacy-preserving aware data transmission for IoT-based e-health , 2019, Comput. Networks.

[52]  Serge Vaudenay,et al.  Contactless Access Control Based on Distance Bounding , 2017, ISC.

[53]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[54]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[55]  Ashok Kumar Das,et al.  LSCSH: Lattice-Based Secure Cryptosystem for Smart Healthcare in Smart Cities Environment , 2018, IEEE Communications Magazine.

[56]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[57]  V. Raposo Electronic health records: Is it a risk worth taking in healthcare delivery? , 2015, GMS health technology assessment.

[58]  Mark Zwolinski,et al.  Overview of PUF-based hardware security solutions for the internet of things , 2016, 2016 IEEE 59th International Midwest Symposium on Circuits and Systems (MWSCAS).

[59]  Guang-Zhong Yang,et al.  Secure key generation using gait features for Body Sensor Networks , 2017, 2017 IEEE 14th International Conference on Wearable and Implantable Body Sensor Networks (BSN).

[60]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[61]  Robert H. Deng,et al.  Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control , 2018, IEEE Internet of Things Journal.

[62]  Ramesh Kumar,et al.  State Of The Art : Security In Wireless Body Area Networks , 2013 .

[63]  Inwhee Joe,et al.  An indoor localization system considering channel interference and the reliability of the RSSI measurement to enhance location accuracy , 2015, 2015 17th International Conference on Advanced Communication Technology (ICACT).

[64]  Gang Zhou,et al.  Toward Sensor-Based Random Number Generation for Mobile and IoT Devices , 2016, IEEE Internet of Things Journal.

[65]  Noureddine Boudriga,et al.  Security of implantable medical devices: limits, requirements, and proposals , 2014, Secur. Commun. Networks.

[66]  Venu Govindaraju,et al.  Behavioural biometrics: a survey and classification , 2008, Int. J. Biom..

[67]  Yong Xiang,et al.  Anonymous Authentication Scheme for Smart Cloud Based Healthcare Applications , 2018, IEEE Access.

[68]  Ye Li,et al.  Gait-Cycle-Driven Transmission Power Control Scheme for a Wireless Body Area Network , 2018, IEEE Journal of Biomedical and Health Informatics.

[69]  Tobias Nilges,et al.  The Cryptographic Strength of Tamper-Proof Hardware , 2015 .

[70]  Noureddine Boudriga,et al.  Securing implantable cardiac medical devices: use of radio frequency energy harvesting , 2013, TrustED '13.

[71]  Colleen Swanson,et al.  SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks , 2014, 2014 IEEE Symposium on Security and Privacy.

[72]  Hui Sun,et al.  Secure Identity Authentication of Community Medical Internet of Things , 2019, IEEE Access.

[73]  Mehmet A. Orgun,et al.  Ideas and Challenges for Securing Wireless Implantable Medical Devices: A Review , 2017, IEEE Sensors Journal.

[74]  Xuedong Liang,et al.  PERFORMANCE ANALYSIS OF THE IEEE 802.15.4 BASED ECG MONITORING NETWORK , 2007 .

[75]  Nitesh Saxena,et al.  Accelerometers and randomness: perfect together , 2011, WiSec '11.

[76]  Allen Y. Yang,et al.  DexterNet: An Open Platform for Heterogeneous Body Sensor Networks and its Applications , 2009, 2009 Sixth International Workshop on Wearable and Implantable Body Sensor Networks.

[77]  Sajjan G. Shiva,et al.  Security and Privacy in the Internet of Medical Things: Taxonomy and Risk Assessment , 2017, 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops).

[78]  H WilliamsPatriciaA,et al.  Always connected: The security challenges of the healthcare Internet of Things , 2016 .

[79]  Nazar Abbas Saqib,et al.  Detection of jamming attacks in 802.11b wireless networks , 2013, EURASIP Journal on Wireless Communications and Networking.

[80]  Victor I. Chang,et al.  Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system , 2018, Inf. Sci..

[81]  Kuo-Hui Yeh,et al.  A Secure IoT-Based Healthcare System With Body Sensor Networks , 2016, IEEE Access.

[82]  Sanjay Jha,et al.  SEDA: Secure Over-the-Air Code Dissemination Protocol for the Internet of Things , 2018, IEEE Transactions on Dependable and Secure Computing.

[83]  Benny P. L. Lo,et al.  Random Number Generation Using Inertial Measurement Unit Signals for On-Body IoT Devices , 2018, IoT 2018.

[84]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[85]  Yingnan Sun,et al.  An Artificial Neural Network Framework for Gait-Based Biometrics , 2019, IEEE Journal of Biomedical and Health Informatics.

[86]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[87]  Ning Ye,et al.  Private and Secured Medical Data Transmission and Analysis for Wireless Sensing Healthcare System , 2017, IEEE Transactions on Industrial Informatics.

[88]  Abdullah Algarni,et al.  A Survey and Classification of Security and Privacy Research in Smart Healthcare Systems , 2019, IEEE Access.

[89]  Pardeep Kumar,et al.  Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey , 2011, Sensors.

[90]  John A. Stankovic,et al.  Research Directions for the Internet of Things , 2014, IEEE Internet of Things Journal.

[91]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).