Security analysis of mobile applications: A case study of a collaboration tool in healthcare

Mobile-based collaboration tools are increasingly used for communication and information sharing in delivering healthcare services that need collaboration across different geographical locations. Some of the typical features found in the collaboration tools include video conferencing facility, images/documents exchange in real-time, and annotations to point and draw on shared rich media content. Though the innovations and conveniences of such collaboration tools are well understood, security implications of such systems are often overlooked. As a result, necessary security mechanisms are not supported by them. This can lead to serious security threats and privacy violations. In this paper, we first present a collaboration tool which was developed to facilitate the collaborations among health care providers using pervasive mobile devices for delivering health services to remote and regional areas. We provide a comprehensive security analysis of the tool. The aim of the analysis is to understand a variety of end-to-end security mechanisms needed in different layers of the system. We also provide security recommendations which can improve the overall security of the system.

[1]  Leila Alem,et al.  Supporting distributed collaborations between mobile health workers and expert clinicians in home care , 2013, CHI Extended Abstracts.

[2]  Julian Jang,et al.  A survey of emerging threats in cybersecurity , 2014, J. Comput. Syst. Sci..

[3]  David Kotz,et al.  A threat taxonomy for mHealth privacy , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[4]  Marin Silic,et al.  Emerging security threats for mobile platforms , 2011, 2011 Proceedings of the 34th International Convention MIPRO.

[5]  Yuval Elovici,et al.  Google Android: A State-of-the-Art Review of Security Mechanisms , 2009, ArXiv.

[6]  K. Rheuban The role of telemedicine in fostering health-care innovations to address problems of access, specialty shortages and changing patient care needs , 2006, Journal of telemedicine and telecare.

[7]  L. Marshall Commonwealth Scientific and Industrial Research Organization , 1953, Nature.

[8]  Sandeep K. S. Gupta,et al.  Biosec: a biometric based approach for securing communication in wireless networks of biosensors implanted in the human body , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[9]  Pam Dixon Medical Identity Theft: the Information Crime That Can Kill You , 2006 .

[10]  Duncan Roderick Stevenson,et al.  Tertiary-Level Telehealth: A Media Space Application , 2011, Computer Supported Cooperative Work (CSCW).

[11]  Phurivit Sangkatsanee,et al.  Practical real-time intrusion detection using machine learning approaches , 2011, Comput. Commun..

[12]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[13]  Tanzeem Choudhury,et al.  Activity-aware ECG-based patient authentication for remote health monitoring , 2009, ICMI-MLMI '09.

[14]  Jie Wu,et al.  Security analysis of emerging remote obstetrics monitoring systems , 2012, 2012 IEEE 14th International Conference on e-Health Networking, Applications and Services (Healthcom).

[15]  Jane Hunter,et al.  Implementing a Secure Annotation Service , 2006, IPAW.

[16]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[17]  Weidong Huang,et al.  Developing Mobile Remote Collaboration Systems for Industrial Use: Some Design Challenges , 2011, INTERACT.

[18]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..