Securing internet of medical things systems: Limitations, issues and recommendations

Abstract Traditional health-care systems suffer from new challenges associated with the constant increase in the number of patients. In order to address this issue, and to increase the accuracy, reliability, efficiency, and effectiveness of the health-care domain, the Internet of Medical Things (IoMT) was proposed. IoMT can be considered as an enhancement and investment to respond more effectively and efficiently to patients’ needs. However, IoMT suffers from different issues and challenges such as the lack of security and privacy measures, in addition to the necessary training and awareness. In this paper, we highlight the importance of implementing the right security measures and the required training skills, in order to enhance the immunity of IoMT against cyber-attacks. Moreover, we review the main IoMT security and privacy issues, and the existing security solutions. These solutions are classified as cryptographic or non-cryptographic. Then, the different solutions are analyzed and compared in terms of computational complexity and required resources. It is important to note that the security measures for IoMT exhibit a trade-off between the security level and the system performance, especially in the rise of digital healthcare v4.0 era. Next, we discuss the appropriate security solutions such as lightweight cryptographic algorithms, and protocols that attempt to reduce the overhead in terms of computations and resources. This leads to the conclusion that there is a need to design an efficient intrusion detection/prevention system that cooperates with dynamic shadow honeypots. Finally, we propose a security solution, which is divided into five different layers to detect and prevent attacks, in addition to reducing/correcting the damage of these known attacks and preserving the patients’ privacy. However, it should be noted that zero-day attacks and exploits are still the main challenging issue that surrounds IoMT.

[1]  Wenyuan Xu,et al.  Channel surfing and spatial retreats: defenses against wireless denial of service , 2004, WiSe '04.

[2]  Y.T. Zhang,et al.  Wearable medical devices for tele-home healthcare , 2004, The 26th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[3]  Carmen C. Y. Poon,et al.  A novel biometrics method to secure wireless body area sensor networks for telemedicine and m-health , 2006, IEEE Communications Magazine.

[4]  Fendy Santoso,et al.  Indoor location-aware medical systems for smart homecare and telehealth monitoring: state-of-the-art , 2015, Physiological measurement.

[5]  Mihir Bellare,et al.  Hash Function Balance and Its Impact on Birthday Attacks , 2004, EUROCRYPT.

[6]  Pardeep Kumar,et al.  Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey , 2011, Sensors.

[7]  Todd R. Andel,et al.  Cybersecurity issues in robotics , 2017, 2017 IEEE Conference on Cognitive and Computational Aspects of Situation Management (CogSIMA).

[8]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[9]  Robert Malkin,et al.  Effectiveness of medical equipment donations to improve health systems: how much medical equipment is broken in the developing world? , 2011, Medical & Biological Engineering & Computing.

[10]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[11]  Xuanhe Zhao,et al.  Ingestible hydrogel device , 2019, Nature Communications.

[12]  Wei-Kuan Shih,et al.  A Robust Mutual Authentication Protocol for Wireless Sensor Networks , 2010 .

[13]  Ali Chehab,et al.  An Efficient OFDM-Based Encryption Scheme Using a Dynamic Key Approach , 2019, IEEE Internet of Things Journal.

[14]  Colleen Swanson,et al.  SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks , 2014, 2014 IEEE Symposium on Security and Privacy.

[15]  J. Birkmeyer,et al.  Surgeon volume and operative mortality in the United States. , 2003, The New England journal of medicine.

[16]  Megan Boysen-Osborn,et al.  Ten Tips for Engaging the Millennial Learner and Moving an Emergency Medicine Residency Curriculum into the 21st Century , 2016, The western journal of emergency medicine.

[17]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[18]  J. C. Dorlas,et al.  The difference in blood pressure between upper arm and finger during physical exercise. , 1988, Clinical physiology.

[19]  Elliot Krames,et al.  Implantable devices for pain control: spinal cord stimulation and intrathecal therapies. , 2002, Best practice & research. Clinical anaesthesiology.

[20]  Calton Pu,et al.  Reverse Social Engineering Attacks in Online Social Networks , 2011, DIMVA.

[21]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[22]  Hyun-Kyu Kang,et al.  An off-line dictionary attack on a simple three-party key exchange protocol , 2009, IEEE Commun. Lett..

[23]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[24]  Ran Wei,et al.  Locating AED Enabled Medical Drones to Enhance Cardiac Arrest Response Times , 2016, Prehospital emergency care : official journal of the National Association of EMS Physicians and the National Association of State EMS Directors.

[25]  Zubair A. Baig,et al.  An Analysis of Smart Grid Attacks and Countermeasures , 2013, J. Commun..

[26]  Harshita Harshita,et al.  Detection and Prevention of ICMP Flood DDOS Attack , 2017 .

[27]  Hsin-Wen Wei,et al.  A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography , 2011, Sensors.

[28]  N. Schiller,et al.  Prosody perception and production by children with cochlear implants , 2018, Journal of Child Language.

[29]  Donghoon Lee,et al.  Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks , 2014, Sensors.

[30]  Sarah Spiekermann,et al.  Ethical IT Innovation - A Value-Based System Design Approach , 2015 .

[31]  Lingyun Jiang,et al.  Task-role-based Access Control Model in Smart Health-care System , 2015 .

[32]  Hsinchun Chen,et al.  Assessing medical device vulnerabilities on the Internet of Things , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[33]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..

[34]  Cheng-Chi Lee,et al.  An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks , 2013, Sensors.

[35]  Aydogan Ozcan,et al.  Wearable and Implantable Sensors for Biomedical Applications. , 2018, Annual review of analytical chemistry.

[36]  Ingrid Moerman,et al.  A Comprehensive Survey of Wireless Body Area Networks , 2012, Journal of Medical Systems.

[37]  Prashansa Agrawal,et al.  Artificial Intelligence in Drug Discovery and Development , 2018 .

[38]  Jianying Hu,et al.  Artificial intelligence and machine learning in clinical development: a translational perspective , 2019, npj Digital Medicine.

[39]  Yevgeni Koucheryavy,et al.  IoT Use Cases in Healthcare and Tourism , 2015, 2015 IEEE 17th Conference on Business Informatics.

[40]  Shawn T Brown,et al.  The economic and operational value of using drones to transport vaccines. , 2016, Vaccine.

[41]  J. Sensmeier Harnessing the power of artificial intelligence. , 2017, Nursing management.

[42]  Dongbing Gu,et al.  Resilience against brute force and rainbow table attacks using strong ICMetrics session key pairs , 2013, 2013 1st International Conference on Communications, Signal Processing, and their Applications (ICCSPA).

[43]  David Clark,et al.  Supporting Real-Time Applications in an Integrated Services Packet Network: Architecture and Mechanism , 1992, SIGCOMM.

[44]  Michael Schukat,et al.  A ZigBee honeypot to assess IoT cyberattack behaviour , 2017, 2017 28th Irish Signals and Systems Conference (ISSC).

[45]  Allan Turner,et al.  A Practitioner-Researcher Partnership to Develop and Deliver Operational Value of Threat, Risk and Vulnerability Assessment Training to meet the Requirements of Emergency Responders , 2012 .

[46]  Thomas E Lewis Protecting patient privacy , 2003 .

[47]  Gonzalo Mateos,et al.  Health Monitoring and Management Using Internet-of-Things (IoT) Sensing with Cloud-Based Processing: Opportunities and Challenges , 2015, 2015 IEEE International Conference on Services Computing.

[48]  Jossy P. George DEVELOPMENT OF EFFICIENT BIOMETRIC RECOGNITION ALGORITHMS BASED ON FINGERPRINT AND FACE , 2012 .

[49]  Anil K. Jain,et al.  Biometric Recognition : An Overview , 2012 .

[50]  Sang-Soo Yeo,et al.  Securing against brute-force attack: A hash-based RFID mutual authentication protocol using a secret value , 2011, Comput. Commun..

[51]  Mohsen Guizani,et al.  The rise of ransomware and emerging security challenges in the Internet of Things , 2017, Comput. Networks.

[52]  Ryad Benosman,et al.  Artificial retina: the multichannel processing of the mammalian retina achieved with a neuromorphic asynchronous light acquisition device , 2012, Journal of neural engineering.

[53]  Syed Rameem Zahra,et al.  RansomWare and Internet of Things: A New Security Nightmare , 2019, 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence).

[54]  Fengjun Li,et al.  Cyber-Physical Systems Security—A Survey , 2017, IEEE Internet of Things Journal.

[55]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[56]  Tony Q. S. Quek,et al.  A game theoretic model for enabling honeypots in IoT networks , 2016, 2016 IEEE International Conference on Communications (ICC).

[57]  Pravin Bhagwat,et al.  Industry Report: Bluetooth: Technology for Short-Range Wireless Apps , 2001, IEEE Internet Comput..

[58]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[59]  Raphaël Couturier,et al.  Efficient & secure cipher scheme with dynamic key-dependent mode of operation , 2019, Signal Process. Image Commun..

[60]  Mary Beth Pinto,et al.  Fit for life: A content analysis of fitness tracker brands use of Facebook in social media marketing , 2016, Journal of Brand Management.

[61]  David D. Coleman,et al.  CWNA: Certified Wireless Network Administrator Official Study Guide: Exam PW0-105 , 2006 .

[62]  Christos Strydis,et al.  Secure key-exchange protocol for implants using heartbeats , 2016, Conf. Computing Frontiers.

[63]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[64]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[65]  Tomás Cerný,et al.  Survey of Authentication and Authorization for the Internet of Things , 2018, Secur. Commun. Networks.

[66]  Pardeep Kumar,et al.  RUASN: A Robust User Authentication Framework for Wireless Sensor Networks , 2011, Sensors.

[67]  D. Lycett,et al.  The effect of telehealth versus usual care for home-care patients with long-term conditions: A systematic review, meta-analysis and qualitative synthesis , 2019, Journal of telemedicine and telecare.

[68]  Jeffrey G. Andrews,et al.  Femtocell networks: a survey , 2008, IEEE Communications Magazine.

[69]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[70]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[71]  Muzhir Shaban Al-Ani,et al.  Biometrics Hand Geometry Using Discrete Cosine Transform (DCT) , 2013 .

[72]  Hamed Mohsenian Rad,et al.  False data injection attacks with incomplete information against smart power grids , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[73]  Georgios Kambourakis,et al.  The Mirai botnet and the IoT Zombie Armies , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[74]  Manachai Toahchoodee,et al.  A Spatio-temporal Role-Based Access Control Model , 2007, DBSec.

[75]  Sooyoung Yoo,et al.  Survey on the demand for adoption of Internet of Things (IoT)-based services in hospitals: Investigation of nurses' perception in a tertiary university hospital. , 2019, Applied nursing research : ANR.

[76]  Nicolas Sklavos,et al.  Malware in IoT Software and Hardware , 2016 .

[77]  Satish Vadlamani,et al.  Jamming attacks on wireless networks: A taxonomic survey , 2016 .

[78]  Shaun K. McGovern,et al.  Feasibility of an augmented reality cardiopulmonary resuscitation training system for health care providers , 2019, Heliyon.

[79]  Sarmistha Neogy,et al.  A Generic Survey on Medical Big Data Analysis Using Internet of Things , 2019 .

[80]  Oksana Burford,et al.  Mobile Health Apps to Facilitate Self-Care: A Qualitative Study of User Experiences , 2016, PloS one.

[81]  Sandeep K. S. Gupta,et al.  Security solutions for pervasive healthcare , 2007 .

[82]  Yiwen Gao,et al.  An empirical study of wearable technology acceptance in healthcare , 2015, Ind. Manag. Data Syst..

[83]  Ali Chehab,et al.  Lightweight, dynamic and efficient image encryption scheme , 2018, Multimedia Tools and Applications.

[84]  Chun Chen,et al.  An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks , 2010, Ad Hoc Sens. Wirel. Networks.

[85]  Arindam Chakrabarty,et al.  The Internet of Things (IoT) Augmentation in Healthcare: An Application Analytics , 2019, ICICCT 2019 – System Reliability, Quality Control, Safety, Maintenance and Management.

[86]  Sadie Creese,et al.  Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[87]  Raul N. Uppot,et al.  Advances in Virtual and Augmented Reality—Exploring the Role in Health-care Education , 2019, Journal of Radiology Nursing.

[88]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[89]  J. Woodward,et al.  Biometrics: A Look at Facial Recognition , 2003 .

[90]  Ayan Banerjee,et al.  PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks , 2010, IEEE Transactions on Information Technology in Biomedicine.

[91]  Lucila Ohno-Machado,et al.  Protecting patient privacy by quantifiable control of disclosures in disseminated databases , 2004, Int. J. Medical Informatics.

[92]  Russell H. Taylor,et al.  Spatial motion constraints in medical robot using virtual fixtures generated by anatomy , 2004, IEEE International Conference on Robotics and Automation, 2004. Proceedings. ICRA '04. 2004.

[93]  S. Cobb,et al.  Health behavior, illness behavior, and sick role behavior. I. Health and illness behavior. , 1966, Archives of environmental health.

[94]  Melanie Swan,et al.  Sensor Mania! The Internet of Things, Wearable Computing, Objective Metrics, and the Quantified Self 2.0 , 2012, J. Sens. Actuator Networks.

[95]  Chun-Wei Yang,et al.  Modification Attack on QSDC with Authentication and the Improvement , 2013 .

[96]  Asimina Kiourti,et al.  Implantable and ingestible medical devices with wireless telemetry functionalities: A review of current status and challenges , 2014, Bioelectromagnetics.

[97]  Raphaël Couturier,et al.  DistLog: A distributed logging scheme for IoT forensics , 2020, Ad Hoc Networks.

[98]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[99]  Tim Leinmüller,et al.  Trust Issues for Vehicular Ad Hoc Networks , 2008, VTC Spring 2008 - IEEE Vehicular Technology Conference.

[100]  Mitko Bogdanoski,et al.  Analysis of the SYN Flood DoS Attack , 2013 .

[101]  Ali Chehab,et al.  Preserving data security in distributed fog computing , 2019, Ad Hoc Networks.

[102]  Peter Bagnall,et al.  Taxonomy of Communication Requirements for Large-scale Multicast Applications , 1999, RFC.

[103]  Prosanta Gope,et al.  A Realistic Lightweight Anonymous Authentication Protocol for Securing Real-Time Application Data Access in Wireless Sensor Networks , 2016, IEEE Transactions on Industrial Electronics.

[104]  Ali Chehab,et al.  One round cipher algorithm for multimedia IoT devices , 2018, Multimedia Tools and Applications.

[105]  Mohamed Amine Ferrag,et al.  Authentication Protocols for Internet of Things: A Comprehensive Survey , 2016, Secur. Commun. Networks.

[106]  Raphaël Couturier,et al.  Lightweight Dynamic Key-Dependent and Flexible Cipher Scheme for IoT Devices , 2019, 2019 IEEE Wireless Communications and Networking Conference (WCNC).

[107]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[108]  David Both Network Time Protocol , 2020 .

[109]  Carl Wijting,et al.  Device-to-device communication as an underlay to LTE-advanced networks , 2009, IEEE Communications Magazine.

[110]  Bilgiday Yuce,et al.  Fault Attacks on Embedded Software: New Directions in Modeling, Design, and Mitigation , 2018 .

[111]  Anthony G A Aggidis,et al.  Investigating pipeline and state of the art blood glucose biosensors to formulate next steps. , 2015, Biosensors & bioelectronics.

[112]  Christoph Thuemmler,et al.  Health 4.0: How Virtualization and Big Data are Revolutionizing Healthcare , 2017 .

[113]  Alvin S. Lim,et al.  Jamming and anti-jamming techniques in wireless networks: a survey , 2014, Int. J. Ad Hoc Ubiquitous Comput..

[114]  Minglu Zhang,et al.  Design and implementation of an Emergency Search and Rescue System based on mobile robot and WSN , 2010, 2010 2nd International Asia Conference on Informatics in Control, Automation and Robotics (CAR 2010).

[115]  Mehmet K. Aktas,et al.  Emerging Security Mechanisms for Medical Cyber Physical Systems , 2016, IEEE/ACM Transactions on Computational Biology and Bioinformatics.

[116]  B. Hannaford,et al.  Doc at a Distance , 2006, IEEE Spectrum.

[117]  B. Shipman,et al.  Augmented Reality in Emergency Medicine: A Scoping Review , 2019, Journal of medical Internet research.

[118]  Kevin Curran,et al.  An overview of steganography techniques applied to the protection of biometric data , 2017, Multimedia Tools and Applications.

[119]  Geng Yang,et al.  Wearable Internet of Things: Concept, architectural components and promises for person-centered healthcare , 2014 .

[120]  Dhiren Patel,et al.  A Survey on Internet of Things: Security and Privacy Issues , 2014 .

[121]  Yuan-Ting Zhang,et al.  Introduction to the Special Section: Convergence of Automation Technology, Biomedical Engineering, and Health Informatics Toward the Healthcare 4.0 , 2018 .

[122]  Ryan A. Beasley Medical Robots: Current Systems and Research Directions , 2012, J. Robotics.

[123]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[124]  Younghwa Lee,et al.  Investigating factors affecting the adoption of anti-spyware systems , 2005, CACM.

[125]  Nicolas P. Terry,et al.  Protecting Patient Privacy in the Age of Big Data , 2012 .

[126]  Daniel Jeswin Nallathambi,et al.  Use of honeypots for mitigating DoS attacks targeted on IoT networks , 2017, 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP).

[127]  Raphaël Couturier,et al.  Lightweight Stream Cipher Scheme for Resource-Constrained IoT Devices , 2019, 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[128]  Erchin Serpedin,et al.  Physical layer security for wireless implantable medical devices , 2015, 2015 IEEE 20th International Workshop on Computer Aided Modelling and Design of Communication Links and Networks (CAMAD).

[129]  Manolis Koubarakis,et al.  Agents in decentralised information ecosystems:the diet approach , 2001 .

[130]  Pouria Khosravi,et al.  An exploration of usability issues in telecare monitoring systems and possible solutions: a systematic literature review , 2019, Disability and rehabilitation. Assistive technology.

[131]  Haipeng Shen,et al.  Artificial intelligence in healthcare: past, present and future , 2017, Stroke and Vascular Neurology.

[132]  Rose Qingyang Hu,et al.  Energy Efficient Self-Sustaining Wireless Neighborhood Area Network Design for Smart Grid , 2015, IEEE Transactions on Smart Grid.

[133]  Loukas Lazos,et al.  Selective Jamming Attacks in Wireless Networks , 2010, 2010 IEEE International Conference on Communications.

[134]  Ping Wang,et al.  Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks , 2018, IEEE Transactions on Industrial Informatics.

[135]  George Kesidis,et al.  Preliminary study of fission defenses against low-volume DoS attacks on proxied multiserver systems , 2017, 2017 12th International Conference on Malicious and Unwanted Software (MALWARE).

[136]  Dylan Sey A survey on authentication methods for the Internet of Things , 2018, PeerJ Prepr..

[137]  Mohsen Guizani,et al.  Drone-Assisted Public Safety Networks: The Security Aspect , 2017, IEEE Communications Magazine.

[138]  Ali Chehab,et al.  A Physical Encryption Scheme for Low-Power Wireless M2M Devices: a Dynamic Key Approach , 2018, Mob. Networks Appl..

[139]  H. Labiod,et al.  Risk analysis study of ITS communication architecture , 2012, 2012 Third International Conference on The Network of the Future (NOF).

[140]  A. Kannan,et al.  Intelligent temporal role based access control for data storage in cloud database , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[141]  Ali Chehab,et al.  A new efficient lightweight and secure image cipher scheme , 2017, Multimedia Tools and Applications.

[142]  John R. White,et al.  Smartphone-Based Glucose Monitors and Applications in the Management of Diabetes: An Overview of 10 Salient “Apps” and a Novel Smartphone-Connected Blood Glucose Monitor , 2012, Clinical Diabetes.

[143]  Amarsinh Vidhate,et al.  Security attacks in IoT: A survey , 2017, 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC).

[144]  Di Wu,et al.  A Survey on Latest Botnet Attack and Defense , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[145]  Minhee Kang,et al.  Recent Patient Health Monitoring Platforms Incorporating Internet of Things-Enabled Smart Devices , 2018, International neurourology journal.

[146]  Jingyuan Zhang,et al.  A survey of cyber crimes , 2012, Secur. Commun. Networks.

[147]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[148]  Donghyun Kim,et al.  Privacy aware incentive mechanism to collect mobile data while preventing duplication , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[149]  Dermot Phelan,et al.  Accuracy of Wrist-Worn Heart Rate Monitors , 2017, JAMA cardiology.

[150]  Luis Ayala Active Medical Device Cyber-Attacks , 2016 .