In this thesis, we explore, identify, examine, and provide research-based solutions and suggestions for the challenges concerning the security of the healthcare IoT systems. In summary, the following objectives and research questions have been delineated.
• Creating an efficient standards-based communication architecture for healthcare IoT systems. The architecture ensures security and seam- less availability of medical IoT devices and services, as well as ubiqui- tous mobility.
• Creating the building blocks of secure end-to-end communication for healthcare IoT systems. The created blocks offer peer authentication and authorization to highly resource constrained IoT devices. The authentication and authorization of the healthcare IoT peers are done using personalized unique cryptographic keys.
The following research questions (RQs) are addressed to achieve the objectives of end-to-end security in healthcare IoT systems.
• RQ1: How to design a reliable and robust communication architecture that considers the constrained nature of healthcare IoT devices? The architecture of a system provides information about the com- ponents, the organization of the parts, and the interactions. It is one of the critical elements for achieving graceful scaling and perfor- mance. Among the non-functional requirements that constrain the system architecture design, few of these are scalability, usability, and performance. In most healthcare IoT applications, especially in smart homes and hospitals, there exists a bridging point, which is a gateway between a sensor network and the Internet that often performs essen- tial functions such as translating between the protocols utilized in the Internet and sensor networks [14, 15].
• RQ2: How to design a secure healthcare IoT architecture such a way that it ensures seamless availability of IoT devices/services and ubiq- uitous mobility?
Healthcare IoT services are supposed to be offered to patients in a seamlessly and continuously way when the patients are moving. An essential feature is giving patients the ability to walk around the hos- pital wards knowing their health condition is being monitored without interruption. In a case that a moving sensor loses its connection with one of the smart gateways, health caregivers will stop monitoring the patients. This condition is not favorable in situations where real-time and continuous monitoring is necessary. Distributed smart e-health gateways can provide seamless availability and ubiquitous mobility of healthcare IoT systems. By exploiting smart e-health gateways in a distributed fashion, the tasks of a centralized gateway can be broke down to be handled by distributed smart gateways.
• RQ3: How unauthorized access and intrusion attempts can be pre- vented in healthcare IoT systems?
In a healthcare IoT system, security and privacy of patients are among significant areas of concern, as most devices and their communications are wireless. Performing mutual authentication and authorization, trustworthy communication of healthcare IoT devices and services can barricade unauthorized access and intrusion attempts. With mutual authentication and authorization, trustworthy communication can oc- cur when one device trusts the other devices. Therefore, eavesdropping on sensitive medical data or malicious triggering of specific tasks can be prevented, and any malicious activity can be blocked before enter- ing a medical constrained domain.
communicate beyond the independent network securely?
End-to-end security is one of the significant requirements in health- care IoT systems. This feature enables the end-points of a healthcare IoT system to communicate securely. Designing a handshake delega- tion architecture using a session resumption technique can efficiently achieve a secure end-to-end communication. The main idea to employ session resumption is to perform heavy-weight operations only once, during an initial handshake connection phase. Thus, the peers need to keep a minimal session state, even after the session is terminated. The session resumption enables the peers to resume the secure connection without the need for running expensive operations and transmitting long certificates.
• RQ5: How to exploit the human body as the authentication iden- tity and the means of generating and managing cryptographic keys to secure Body Area Networks (BANs)?
Given the constrained nature of medical sensors used in BSNs, con- ventional key generation approaches may potentially involve reason- able computations, as well as latency during network or any subse- quent adjustments, due to their need for pre-deployment. Biometrics are generally regarded as the only solution that is lightweight, re- quires low resources, and, indeed, can identify authorized subjects in BANs [16, 17, 18, 19]. The choice of a biometric to be used for gen- erating cryptographic keys relies on the capability of medical sensor nodes on extracting an individual’s relevant biometric information. It has been found that the next generation of biometrics (also known as physiological or bio-signals) are the best candidates to be employed for the authentication and generating cryptographic keys. Because cryp- tographic keys generated using humans’ physiological signals have the following specifications. First, they are different for different subjects at any time. Second, they are different for the same person at different time intervals. Third, they are cryptographically random to provide security. Finally, they are measurable from each subject.