CHUKA UNIVERSITY

NAME: KIPROP VICTOR

REG NO: EB3/43431/19
UNIT CODE: ACSC 482
COURSE: APPLIED COMPUTER SCIENCE
NAME OF SUPERVISING LECTURER: MR CHARLES K GITONGA
RESEARCH TOPIC: ENHANCEMENT OF IoT SECURITY IN HEALTH CARE USING
ARTIFICIAL INTELLIGENCE

A RESEARCH SUBMITTED TO CHUKA UNIVERSITY COMPUTER SCIENCE

DEPARTMENT IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE
DEGREE OF BACHELOR OF SCIENCE IN APPLIED COMPUTER SCIENCE

Submitted on…………………………..

DECLARATION
I KIPROP VICTOR hereby declare that this research proposal is my own work and as to the best
of my knowledge not been submitted to any other institution of higher learning.

Student………………………… Reg No…………………………….

Signature………………………. Date………………………….

This proposal has been submitted as a partial fulfillment of requirement for Bachelor of science
in Applied Computer Science of Chuka University with my approval as the supervisor

Supervisor……………………….

Signature………………………. Date…………………………
ACKNOWLEDGEMENT
This research and documentation would not have been successful without the support and
cooperation of several people. First, I would like to acknowledge and thank the almighty God for
the charitable time, strength and aptitude that enabled me to complete my research and come up
with the research documentation. Special thanks to my supervisor Mr. Charles K Gitonga for his
continuous advice and counsel. Finally, I would like to extend my heartfelt gratitude to my entire
family members for their continued support throughout my research period.

3
ABSTRACT
The promising power of the emerging Internet of Things (IoT) technology for nerve-connected
medical devices has played an important role in the next-generation health care industry with
advanced patient care. Due to the increase in the number of patients with serious illnesses, the
elderly and disabled people, there is an urgent need for real-time health monitoring infrastructure
to analyze patient’s health care data to avoid preventable deaths. However, smart health care
requires patients to share them physical information for online diagnosis and if the intelligent
health care information sharing system does not have effective security measures in place, this
sensitive information may be abused by malicious users. To address these issues, I propose the
integration of Artificial Intelligence in the intelligent health care information sharing systems. In
my model, each patient has a virtual machine dedicated to the data sharing system, each virtual
machine provides group data services that can be downloaded to those authorized IoT devices
which provides the customer’s services. In addition, the visible device is protected by AI-based
gateway which only confirms authorized items that can access the patient's visual device. Since
each item has a different MAC address, so my model can effectively validate IoT things
determined by resources and address issues caused by the identity theft.

4
TABLE OF CONTENTS
CHAPTER ONE: INTRODUCTION..............................................................................................1
1.1 Background to the Study.....................................................................................................1
1.2 Problem Statement..............................................................................................................2
1.3 Goals......................................................................................................................................3
1.4 Scope.....................................................................................................................................3
1.5 Justification / Significance..................................................................................................3
CHAPTER TWO: LITERATURE REVIEW..................................................................................4
2.0 Introduction..........................................................................................................................4
2.1 The current state of the art of IoT security.......................................................................4
2.2 SDN-Based Security Enforcement Framework................................................................9
2.2.1 Overview of the Framework........................................................................................9
2.3 Workflow of a System with a firewall including artificial intelligence.........................10
CHAPTER THREE: RESEARCH METHODOLOGY................................................................13
3.1 Research Design.................................................................................................................13
3.2 Research Tools and Procedures.......................................................................................13
3.2.1 Literature search........................................................................................................13
3.2.2 Case Analysis...............................................................................................................13
3.3 System Requirements........................................................................................................14
CHAPTER FOUR: RESULTS AND DISCUSSIONS..................................................................15
4.0 Introduction........................................................................................................................15
4.1 IoT architecture in healthcare..........................................................................................15
4.3 System Model.....................................................................................................................17
4.4 Main vulnerabilities of the healthcare IoT......................................................................18
CHAPTER FIVE: CONCLUSION, RECOMMENDATIONS, CHALLENGES AND FUTURE
WORK...........................................................................................................................................20
5.0 Challenges...........................................................................................................................20
5.1 Recommendation...............................................................................................................20
5.2 Future Work.......................................................................................................................20

5
 5.3 Conclusion..........................................................................................................................20
REFERENCE................................................................................................................................21

List of Tables
Table 1: IoT security in healthcare using AI...................................................................................6
Table 2: Summary of related survey papers....................................................................................7

DEFINITION OF IMPORTANT TERMS

IoT – Internet of Things.
AI – Artificial Intelligence.
SDN – Software-Defined Networking.
MAC – Media Access Control.
VM - Virtual Machine.

6
SP – Service Provider.
SC – Service Consumer.
SRM – Service Releasing Policy.
SM – Service Model.
SCM – Service Consumer Model.
IFM – Information Flow Model.
TM – Thing Model.

CHAPTER ONE: INTRODUCTION

1.1 Background to the Study
According to (“Bringing Internet of Things to healthcare”,2018), IoT is described as a network
of physical devices that uses connectivity to enable the exchange of data. The actual term
“Internet of Things” was coined by Kevin Ashton in 1999 during his work at Procter & Gamble.
Physical objects or "things” become smart by connecting to each other. These devices are not
necessarily the intricate technological advancements. They do, however, streamline processes
and enable healthcare workers to complete tasks in a timely manner. Companies that specialize
in healthcare or technology tend to heavily invest in IoT. At present, most tech devices come

7
with some form of connectivity, from wearables such as smart watches, implantable devices such
as insulin infusion pumps, smart pens that are communicating patient data to and from healthcare
records systems, X-ray machines with Wi-Fi or Bluetooth, etc. IoT-enabled medical devices
provide critical data that assist health practitioners perform their jobs. Tasks such as remote
patient monitoring, treatment progress observation, and the housing of vaccines are all
capabilities of medical devices with integrated IoT.
IoT security refers to a security strategy and protection mechanism that specifically safeguards
from the possibility of cyberattacks on IoT devices that are connected to the network and
purposely built for a fixed set of functionalities. Without robust security, any connected IoT
device is vulnerable to getting breached, compromised and controlled by a bad actor to
ultimately steal the user data and bring down systems.
Smart healthcare requires patients to share their physiological information for real-time
monitoring or online analyzing. All physiological information is extremely sensitive information
for patients, thus if the data sharing system of smart healthcare lacks effective security
mechanisms, this information might be accessed by malicious insiders which will consequently
incur serious privacy leakage accidents and cause more serious psychological harms to patients.
According to a survey, only in the United States, the economic losses due to medical identity
theft has been nearly 41.3 billion dollars per year. And more than 78% participants worry about
the leakage or misusing of their medical personal information. If the hacker gets hold of the
patient’s information, they will be able to make a fake identity card to purchase medicines or
medical equipment for resale. In certain cases, the attacker may have direct control over IoT
equipment, which results in potentially fatal results. For example, Johnson & Johnson warned
patients about unsuspected insulin pumps that allow hackers to inject insulin injections without
permission.
Due to constrained resources, how to effectively validate IoT things within the smart healthcare
is a vast challenge for data sharing system because it is nearly impossible for a sensor to send a
password or verification code to system. At the same time, encryption-based data sharing
mechanisms, such as attribute-based encryption (ABE) are insufficient to define fine-grained
data

operations, i.e., if a user decrypts an encrypted file, then the user can do anything towards the
decrypted file. Moreover, authentication-based access control techniques, such as role-based
access control (RBAC) or identity-based access control (IBAC), are vulnerable when facing
identity theft, that is if a legal user’s identities have been cracked by an attacker, then attacker
will obtain all of legal authorizations accordingly.
Data sharing systems are key engines when dealing with IoT in healthcare sector hence its
security is very crucial. Currently, there is the use of SDN-Based Security Enforcement

8
Framework in data sharing systems. In this framework, each patient should have a dedicated
virtual machine in data sharing system and because virtual machine is an enclosed system, only
patients can access their personal data stored in virtual machine, while any others (including
storage provider) cannot. Virtual machine is protected by the SDN-based gateway which
provides a firewall mechanism and guarantees only authorized things can access patient’s virtual
machine. Due to the rapid advancement of technology and increasing adoption of IoT devices in
the healthcare sector, the attack surface continues to grow and evolve rapidly too. Attack surface
is directly proportional to the attacks from cybercriminals meaning that cyberattacks are also
increasing with the increasing adoption of IoT things. Therefore, there is a serious need to
integrate an intelligent mechanism in the gateway.
Several researchers have proposed different mechanisms of enforcing IoT security in healthcare
sector using different technologies. This paper provides a detailed review of the strategies used
by the previous researchers to curb IoT security concerns in healthcare. It also proposes a model
to be used in data sharing systems with a more intelligent gateway incorporated with AI rules.

1.2 Problem Statement

The emergence of healthcare IoT has brought forth many of the previously irrelevant security
concerns. According to a study, the global large-scale IoT adoption resulted in a surge in IoT
malicious software attacks by 215.7% during 2018, and a 5% increase in the number of attacks in
2018 meaning that over 32 million attacks per year. Unfortunately, medical companies often do
not put into much consideration the security risks of connecting IoT devices to the internet.
There is a possibility that a zero-day exploit in a medical device can be used to injure or even
worse kill someone without being detected.
Since data sharing systems are key engines when dealing with IoT in healthcare sector, their
security is very paramount. The cyberattacks directed to it are getting more sophisticated as days
goes by, and traditional firewalls together with antiviral software are no longer coping with an
increasing number of threats. The currently proposed framework still uses firewall to secure the
data sharing system which is a bit outdated as compared to the increasing number of attacks.
Legacy cybersecurity tools are also capable of eliminating threats but they are limited to
elimination of only known threats.

1.3 Goals
1. To study and review IoT security technologies in healthcare sector that have been in use
over the recent past years.
2. To study the architecture of IoT in healthcare.
3. To study and review firewalls incorporated with artificial intelligence.

9
 4. To propose a model that can be used to enhance the security of data sharing systems of
IoT devices in healthcare using artificial intelligence.

1.4 Scope
This research will mainly focus on the security of a data sharing system used by the IoT devices
in healthcare. The data sharing system with be more secure by the incorporation of artificial
intelligence with the existing gateway.

1.5 Justification / Significance

Big changes are normally accompanied by various constraints hence the emergence of IoT in
healthcare has brought about several security issues. Cybersecurity breaches of IoT devices and
medical data is a matter of life or death. This has led to the need of enhancement of IoT security
in healthcare sector. Since IoT devices need to share information, data sharing systems are very
crucial to any healthcare center which has employed IoT technology. Good security of this
system will enable the healthcare to keep the records of a healthcare away from unauthorized
access.
This research will help healthcare centers to improve the security of the data generated by their
IoT devices. Data is a very valuable asset to any given organization and thus the security of the
data sharing systems will add an advantage to them in any given competitive environment as
well as putting people’s lives in a secure place. Through the security of patients’ data, their
satisfaction will increase on the healthcare center and their level of trust will also increase

10
 CHAPTER TWO: LITERATURE REVIEW
2.0 Introduction
Several kinds of research have been conducted to help in enhancement IoT security in the
healthcare sector. This chapter provides a detailed review of existing IoT security frameworks. It
later illustrates the different approaches which have been used by other researchers over the past
recent years to incorporate artificial intelligence with a firewall.
2.1 The current state of the art of IoT security
Yao et al. (2013) presented a lightweight multicast authentication scheme for small-scale IoT
applications. They exploited the specific characteristics of the fast accumulator proposed by
Nyberg (1996) i.e., the absorbency property and the one way and quasi-communicative property,
to construct a lightweight multicast authentication mechanism. To test their scheme’s
practicability, the authors evaluated seven principal criteria required by multicast authentications
for resource-constrained applications in the course of a performance analysis. The proposed
scheme was claimed to be more efficient and effective than other systems it was compared to.
Bello & Zeadally (2014) investigated the possibility of self-collaborated device-to-device
communications without any centralized control. Two challenges, namely the computation cost
of smart objects and network heterogeneity, were identified. After that, the authors analyzed the
state -of-the-art of communication mechanisms in licensed and unlicensed spectra and routing
techniques which are able to support intelligent inter-devices communications. In the course of
their analysis, four unresolved issues were identified: 1) maximizing the use of available network
resources; 2) route management optimization; 3) inter-device-based cooperation for load
balancing; and 4) security properties such as privacy, authentication, integrity and resistance to
new types of attack.
Cai et al. (2014) adopted 802.11 based sensors to construct an IoT-based device management
system with a centralized control mechanism. The principal technique was based on the IETF
Constrained Application Protocol (CoAP). To evaluate the scheme’s feasibility and
effectiveness, the authors implemented an experimental system consisting of an 802.11 enabled
sensor, a self-designed management server and an IoT application. The experimental results
showed that their proposed system is practicable. However, one limitation exists as the system
scalability cannot be guaranteed.
Keoh et al. (2014) presented an overview of the security solutions for IoT ecosystems proposed
by the Internet Engineering Task Force (IETF), in which CoAP and, in particular, Datagram
Transport Layer Security (DTLS) are examined. Based on their performance evaluation, these
authors developed a refined and lightweight DTLS capable of providing robust security
functionality for IoT objects. Even so, the authors identified some unresolved issues for future
work, i.e., device bootstrapping, key management, authorization, privacy and message
fragmentation issues in IoT networks.

11
Kawamoto et al. (2015) demonstrated an effective data collection scheme for location-based
authentication in IoT networks. In order to improve the authentication accuracy, parameters
related to network control are adjusted dynamically based on the real-time requirements from the
system and the surrounding network environment. In addition, optimization of authentication
accuracy was investigated. The authors finally suggested that future work could focus on
intelligently controlling the data distribution from inhomogeneous IoT devices.

Cirani et al. (2015) introduced an authorization framework which is integrated with

HTTP/CoAP services and is even able to invoke an external OAuth (Open Authorization) based
service. In the proposed framework, an external client may access a remote service from a
network broker (with constrained smart objects) via HTTP/CoAP. Robust communication among
entities such as an external client, a network broker and smart objects was thus designed and
implemented. Performance evaluations were performed to examine the feasibility of the
proposed framework, with results showing that the proposed approach will increase the amount
of energy consumed to ensure compatibility with IEEE 802.15.4. In addition, the issues of
memory footprint and dynamic configuration make the OAuth logic-based scheme infeasible for
use with common smart objects

Ning et al. (2015) proposed an aggregated proof based hierarchical authentication scheme for
layered unit and ubiquitous IoT(U2IoT) architecture to pursue security protection among
ubiquitous things. In the proposed scheme, security properties such as entity anonymity, mutual
authentication and hierarchical access control are achieved via the following techniques: user
authorization, aggregated-proof based verifications, homomorphism functions and Chebyshev
chaotic maps.

Hernández-Ramos et al. (2015) developed a series of lightweight authentication and

authorization procedures which are compliant with the Architectural Reference Model (ARM)
from the EU FP7 IoT-A project, for use on constrained smart objects. The proposed schemes are
able to be combined with other standard technologies and form security plans for the life cycle of
IoT devices.

Gope & Hwang (2015) first presented an authentication protocol for distributed wireless sensor
networks. Their proposal not only is compatible with client-server-server (i.e., the sensor-
gateway-server) architecture, but also satisfies important security properties such as mutual
authentication, sensor anonymity and un-traceability, system scalability, and resistance to

12
impersonation attack, replay attack and cloning attack. The authors thus claimed the proposed
protocol is secure as well as efficient.
Gope & Hwang (2016) introduced two authentication schemes, i.e., BSN-Care and USM-IoT,
for IoT-based networks. These two authentication schemes are designed to fit the security
requirements for body sensor networks and distributed wireless sensor networks, respectively.
Accordingly, from the standpoint of authentication analysis, the underlying architectures can
respectively be characterized as being client-server and client-server-server. These researchers
further proposed an authentication mechanism for a distributed IoT-based healthcare system. The
proposed protocol is based on body sensor networks (BSNs), which consist of lightweight and
healthcare oriented smart objects. Lightweight crypto-modules, such as a one-way hash function
random number of generation function and bitwise exclusive-OR operation, are adopted to
simultaneously pursue system efficiency and security robustness. The authors then investigated
the security density and protocol efficiency via BAN logics analysis and computation cost
comparison.
Table 1: IoT security in healthcare using AI

Proposed Security Challenges AI Experimental Results

Framework Issues method/Algorithm Evaluation

MSCryptoNet to Privacy of Application of MultiScheme MSCryptoNet MSCryptoNet

enable scalability and IoT in multi-key Crypto Deep for privacy- shows no loss
conversion of neural healthcare homomorphic Neural Network preserving accuracy a
networks for system encryption, prediction and efficiency usi
preserving the converting comparison of dataset encrypt
privacy of the deep FHE scheme diabetes with differe
learning scheme. into multikey progression schemes or keys
MK-FHE, for patients
privacy, and using multiple
stability of the datasets
training model

A trust-based Insider Threshold, Bayesian Performance The propos

approach using attacks Behavioral Algorithm evaluation in approach
Bayesian inference to profile, large simulated and feasible a
find malicious traffic volume, real HC SDN effective
devices in healthcare IT experts in environments detecting
environment HC area, malicious H
security policy devices compar
enforcement, to another ID
implementation mechanism.

13
 of additional
security
mechanisms

Domain deep patient Security Biometric user Deep Evaluation of Framework

ECG image learning and privacy identification Convolutional the achieves 97.2
framework to of smart in ECG Neural Network framework accuracy and
overcome biometric health scenarios using two outperforms oth
user identification public existing
challenges databases frameworks

EDPDCS based on Personal Trade-off k-means algorithm Comparison The propos

MapReduce information between of NICV framework c
framework to enable privacy accuracy and clustering improve
clustering analysis privacy in results of the efficiency
for privacy privacy- proposed accuracy of t
preservation preserving method with 2 clustering
clustering datasets algorithm
algorithms.

Learning-based Deep Security, Privacy Deep Q Learning NS2 Framework

Q n/w to manage privacy and challenges and simulation of achieves
health data and reliability requirements in framework minimum err
reduce malware of the IoT Healthcare. security rate and
attacks healthcare analysis is increase in t
system. conducted and malware detecti
compared rate
with other ML
algorithms.

Table 2: Summary of related survey papers

Contributions Technology/Techniques Type of Security Issues Industry Paper

Security
Ref

A comprehensive IoT, Machine Learning, Application Security All (Al-garadi et

discussion on the Deep Learning, Big Data and measures like Industries al., 2018)
potential Network encryption,
vulnerabilities Security authentication,
and attack access control,

14
surfaces of the network and
IoT system. In- application
depth review of security for IoT
Machine Learning devices and their
(ML) and recent inherent
advances in Deep vulnerabilities
Learning (DL) are ineffective.
methods for IoT Existing security
security methods need to
Application of be enhanced to
ML/DL for each secure the IoT
IoT layer, ecosystem
challenges, and effectively
future directions.

Extensive Survey IoT, Cloud, Machine Information Gathering and Healthcare

on different Learning Security processing of
(Ghosal &
cloud-based IoT large amounts of
Das, 2018,
HC systems that data from
p.1)
use Machine wearable sensors
Learning for can cause many
analyzing data. security issues
Review of for cloud-based
different ML IoT healthcare
approaches used systems.
in cybersecurity
A Standard model
is proposed.

An in-depth IoT, Machine Learning, Network Unique All

systematic and Deep Learning Security characteristics of Industries
(Hussain et
comprehensive IoT render
al., 2019)
survey of the role existing solutions
of Machine insufficient
Learning and because of
Deep Learning in resource
IoT. State of the constraints,
art results on heterogeneity,
ML/DL that massive real-
focuses on time data
privacy and generated by IoT

15
 security of IoT devices and the
Networks. dynamic
Limitations of behavior of the
existing IoT networks.
network security
solutions that call
for DL and ML
techniques. In-
depth review of
the research
challenges of
ML/DL
techniques in IoT

2.2 SDN-Based Security Enforcement Framework

2.2.1 Overview of the Framework
In this framework, each patient has a dedicated virtual machine in data sharing system, thus
patient is a service provider (SP), i.e., the owner of services run in the virtual machine. Each
physician or an IoT thing is a service consumer (SC), i.e., the user of services run in the virtual
machine. As service provider, patient can regulate which service in her/his virtual machine could
be released to which physician or which thing. Only through the indicated service interfaces can
physicians access patient’s personal data stored in virtual machine. Specifically, the framework
can be decomposed as two main layers, i.e., virtual machine (VM) layer and SDN-based gateway
(Gateway) layer. The purpose of introducing virtual machine layer is to tackle the problems
caused by insider attacks. Since virtual machine is an enclosed system, thus only patient can
access the data stored in VM while any others (including storage provider) cannot. In this way,
we can prevent those malicious insiders from accessing patient’s personal data illegally. The
virtual machine layer can be further decomposed as two sub-layers, policy layer and service
layer. Service releasing policy (SRM) is created by service provider in policy layer, which
strictly regulates which service could be accessed by which service consumer or which thing in
system. After that, SRM and relative system models, such as service model (SM), service
consumer model (SCM) or thing model (TM), will be converted into a corresponding
information flow model (IFM) by system automatically. IFM is a formal model which has
underlying information of network, such as MAC address of thing or IP address of virtual
machine, which can assist the gateway to identify which IoT thing is authorized or unauthorized.
Patient doesn’t need to know the underlying network information because they are provided by
system models, and all system models are created and updated by system not by patients. Service
layer manages patient’s personal data and a group service, such as online exploring data service,
updating data service, downloading data service or etc.

16
Figure 1: SDN-Based Security Enforcement
Framework.

 yellow components- services or models

created by service provide

 deep blue components- system models or

system components.

17
2.3 Workflow of a System with a firewall including artificial intelligence
The process of the proposed system has the minimum possibility of packet drops and can deeply
identify a packet is really containing rejected contents or not. That can free this system from
risks. The workflow of the system is discussed in following subsections:
Make up list categories for incoming packets. Here, Firewall list up the connection of packets
into three categories (fig 4). Established list contains the connections of trusted packets. Deny list
contains the connections are blocked. Third list is additional list containing the connections of
packets are not sure about those are safe or not

Figure 4: List categories

Ready for checking. A firewall normally set connection of a packet to the established list, if
anyhow it entered into the own system. If that packet has risk materials, then it became unable to
detect for a traditional firewall. To remove this risk condition this firewall always continue an
enquiry to check established connections (fig 5) are trusted or not. Here shown some rules are
produced for exceptional packets by the system itself according to a packet.

Figure 5: Connection

When a packet satisfies AI rules. After matching with all the AI rules, it assumes that the packet
is trusted (fig 6). Then the connection is made with the established list and give permission to
access the system. It assumes that the packet is not trusted.

18
 Figure 6: If AI rules matched

When a packet does not satisfy AI rules. If anyhow the packet does not match the AI rules
because of unnecessary codes, following thing happens (shown in fig 7)

Figure 7: Mismatched with AI rules

If a packet is not understandable. A packet which is not understandable with the entire
processing rules including AI rules, it will not be dropped. This packet will be stored in a new
file for further checking if somehow AI can process it later by some rules (fig 8).

A traditional firewall basically does. It can’t produce AI rules by itself. Just can match some
Figure 8: Confusion with AI rules
predefined rules to the packet headers. If matched, then make a connection; otherwise block the
packet (fig 9)
Figure 3:Confusion with AI rules

19
 Figure 9: Traditional Firewall Operations

CHAPTER THREE: RESEARCH METHODOLOGY

3.1 Research Design
In this research, explanatory research design is employed. Explanatory research is defined as a
research design conducted to get a better understanding of an existing problem. It is also used to
elaborate on the unexplored aspects of a particular topic and try to explain the missing pieces. In
this type of research design, the researcher begins with a general idea and uses the research as a
medium to identify issues that can be the focus for future research.
3.2 Research Tools and Procedures
3.2.1 Literature search
A literature search is one of the most inexpensive methods that can be used to discover a
hypothesis and provide valid information about the subject at hand. Under literature search,
journals, survey papers, and articles from google scholar are the sources of information in this
research paper.
The literature search focus on:
1) Doing comprehensive research on the vulnerabilities of the healthcare IoT.
2) Understanding how data sharing system of IoT devices in the healthcare works.
3) Understanding how the current frameworks of data sharing systems have been designed.
4) Studying how to improve IoT security in healthcare data sharing systems by integrating
artificial intelligence with an existing framework. (SDN-Based Security Enforcement
Framework for Data Sharing Systems of Smart Healthcare)

3.2.2 Case Analysis

A case analysis is a research strategy and an empirical inquiry that investigates a phenomenon
within its context. A case study can help a researcher with more information through carefully
analyzing existing cases which have gone through a similar problem. This research will involve
analyzing different case studies which have been done over the recent past years, by different
researchers on IoT security in healthcare sector using artificial intelligence. This will help
identify whether my gap is valid.

20
3.3 System Requirements
Hardware requirements
1) Computers
2) Sensors
3) Router
4) Smartphone

Software Requirements
1) Gateway
2) Oracle VM VirtualBox
3) Windows 10 Operating System
4) Apple watch app

21
 CHAPTER FOUR: RESULTS AND DISCUSSIONS
4.0 Introduction
In this chapter, the proposed model of Data Sharing System is illustrated. A general IoT
architecture in a healthcare environment is also shown as well as the functionality of the various
devices involved in the architecture. Later in the chapter, we shall also see the main
vulnerabilities of the healthcare IoT.
4.1 IoT architecture in healthcare
Figure 2: Pictorial representation of IoT architecture in healthcare

4.2 IoT devices in the architecture

1) Computer – It is used for multiple tasks such as maintaining the information of patients,
records, live monitoring of patients, X-rays, etc. They are also helpful to configure lab
tools, monitoring the blood pressure and heart rate, etc.

2) Smart watch – It is a wearable device that automatically record and transmit

information, such as heart rate, blood glucose, gait, posture control, tremors, physical

22
 activity or sleep patterns
3) Smartphone – Used to host an application for uploading patient’s information, such as
blood glucose readings, to the doctor or health care team
4) Cloud – Used to store the voluminous amount of data generated by the IoT devices.
5) Sensors are used in electronics-based medical equipment to convert various forms of
stimuli into electrical signals for analysis. They can increase the intelligence of medical
equipment, such as life-supporting implants, and can enable bedside and remote
monitoring of vital signs and other health factors.
Key Sensors and Applications
 Pressure sensors – They are used in infusion and insulin pumps, respiratory
monitoring and blood pressure monitoring equipment, surgical management
systems, sleep apnea machines, etc.
 Temperature sensors - They are used in medical incubators, humidified
oxygen heater temperature monitoring and control equipment, neonatal
intensive care units to monitor patient temperature organ transplant system
temperature monitoring and control, etc.
 Image sensor - They are used in radiography, external observation,
cardiology, etc.
 Flow sensors, respiratory monitoring, gas mixing, and electro-surgery, destroy
tissue such as tumors, etc.
 Biosensors - They are used in blood glucose and cholesterol testing, testing
for drug abuse, infectious diseases, and pregnancy, etc.
 Accelerometers - They are used in heart pacemakers and defibrillators, patient
monitoring equipment, blood pressure monitors, etc.
 Encoders can be found in X-ray machines, surgical robotics, medical imaging
systems, etc.

6) An IoT gateway device bridges the communication gap between IoT devices, sensors,
equipment, systems and the cloud.

23
4.3 System Model
Figure 3: Pictorial representation of data sharing system model incorporated with AI

In this model, each patient has a dedicated virtual machine in the data sharing system, thus
patient is a service provider (SP), i.e., the owner of services run in the virtual machine. Each
physician or an IoT thing is a service consumer (SC), i.e., the user of services run in the virtual
machine. As service provider, patient can regulate which service in her/his virtual machine could
be released to which physician or which thing. Only through the indicated service interfaces can
physicians access patient’s personal data stored in virtual machine.
Specifically, this model can be decomposed into two main layers, i.e., virtual machine (VM)
layer and AI-based gateway (Gateway) layer. The purpose of introducing virtual machine layer is

24
to tackle the problems caused by insider attacks.
Since virtual machine is an enclosed system, hence only patient can access the data stored in VM
while any other (including storage provider) cannot. In this way, we can prevent those malicious
insiders from accessing patient’s personal data illegally. The virtual machine layer can be further
decomposed as two sub-layers, policy layer and service layer. Service releasing policy (SRM) is
created by service provider in policy layer, which strictly regulates which service could be
accessed by which service consumer or which thing in system. After that, SRM and relative
system models, such as service model (SM), service consumer model (SCM) or thing model
(TM), will be converted into a corresponding information flow model (IFM) by system
automatically. IFM is a formal model which has underlying information of network, such as
MAC address of thing or IP address of virtual machine, which can assist the gateway to identify
which IoT thing is authorized or unauthorized. Patient doesn’t need to know this underlying
network information because they are provided by system models, and all system models are
created and updated by system not by patients. Service layer manages patient’s personal data and
a group service, such as online exploring data service, updating data service, downloading data
service or etc. Patient leverages SRM to regulate which service could be released or not.

4.4 Main vulnerabilities of the healthcare IoT

Connected devices in healthcare offer many advantages, however, the same devices pose
increased risks to both to privacy and security. Some possible risks include:
a) Attacks on other systems;
b) Privacy risks. –

Privacy issues may include;

 Risks of Patients’ Privacy Exposure - The primary privacy issue is to keep the
patient’s’ Personal Health Records confidential. A Personal Health Record
(PHR) is “an individual electronic record of health-related information that
conforms to the nationally recognized interoperability standards.” (Khan et al.,
2009). PHRs are drawn from multiple sources and are reported directly to the e-
health center directly. Containing personal information, they can become the
target for cyberattacks ending in the exposure of private data.
 Data Eavesdropping - Generally, the health data of patients are available only to
authorized caregivers. However, such data can be eavesdropped while flowing
over the wireless links. For example, a popular IoT-based glucose monitoring and
insulin delivery system utilizes wireless communication links, which are
frequently used to launch privacy attacks and therefore needs sufficient
protection of the transferred data.

25
  Ownership of data - Countries have laws to protect patient data but they may
vary from state to state. Besides, in certain cases, such as in case with fitness
wearables, many people would think that the data tracked and collected is be
bound to be protected by legislation but in many cases it is not.
 Location privacy - It is concerned with eavesdropping on a patient’s location.
Location privacy in WSNs, specifically hiding the message sender’s location, can
be achieved through routing to a randomly selected intermediate node

c) Risks to personal safety;

Security issues
Considering, the sophisticated architecture of the healthcare IoT, data transmitted from and
received by connected devices can be subject to cyber-attacks on different levels, from physical
objects to applications and cloud databases. However, the biggest challenge lies in the
interoperability of devices which can lead to a network being exposed to new security
vulnerabilities and additional risk. These security issues may include;
 Distributed denial of service (DDoS) - DDoS is an attack where multiple compromised
systems are used to target a single system causing a denial of service and causing that
system to crash making data unavailable.
 Medjacking - In June 2015, TrapX, a security company, reported that most healthcare
organizations are vulnerable to medical device hijacking also called “medjacking”.
Currently many medical devices allow hackers easy access to steal massive numbers of
sensitive data from healthcare provider’s systems. With some connected medical devices
being able send and receive data, they can be compromised to be used as a portal to
access medical data. Besides, having access to a connected medical device, a hacker has
means to access and change the drug dosage to give a patient too little or a lethal amount.
 Unauthorized data access/ access control Different users are assigned for different
applications, and each application will have a big number of users. With much data stored
in cloud, the need for effective authentication technology to prevent the illegal user
involvement and unauthorized data access becomes even more crucial. Moreover, access
control is essential to prevent unauthorized entities from accessing to system’s resources
(data, services hardware, etc.)

CHAPTER FIVE: CONCLUSION, RECOMMENDATIONS, CHALLENGES AND

FUTURE WORK
5.0 Challenges
A number of challenges were encountered in compiling the ideas to come up with this research
paper. Among these include the following:

26
 1) Getting a deep understanding of how data sharing systems work with various critical
policies involved.
2) Getting relevant journals to help in collecting essential data because most of the best
journals required payment fee to access.
3) Being the first time working on search paper, the whole research process was so
overwhelming.

5.1 Recommendation
On the plus side, I would recommend the healthcare sector to embrace artificial intelligence
systems and employ them because they get smarter with the more data they analyze, i.e., they
“learn” from experience as well as becoming increasingly capable and autonomous as they go.
5.2 Future Work
Although there have been numerous researches from several researchers on IoT security, there is
still a need to study how artificial intelligence and machine learning can help in the automation
of IoT security. In the future, there is still a need to further improve the robustness of the existing
frameworks by integrating the intrusion detecting functions towards distributed denial of service
attacks, such as the toolkits introduced by the proposals of (Li et al., 2009). In that way, when the
distributed denial of service attack occurs, the gateway can timely detect the malicious access
behaviors and block all of requests sent from those malicious hosts automatically, thereby
improving the robustness of the framework.
5.3 Conclusion
In this research paper, I proposed an AI-based security enforcement model for data sharing
system of smart healthcare. With this model, healthcare’s data sharing systems will be more
secure because artificial intelligence systems “learn” from experience, i.e., they learn how to deal
with cyberattacks the more it is attacked by cybercriminals. There will also be the enhancement
of IoT security in healthcare.

REFERENCE
1) Al-garadi, M. A., Mohamed, A., AL-ali, A., Du, X., & Guizani, M. (2018). A Survey
of Machine and Deep Learning Methods for Internet of Things (IoT) Security Polit.
2) Bello, O., & Zeadally, S. (2016). Intelligent device-to-device communication in the
Internet of Things, IEEE Syst. J., 10(3), 1172–1182.

27
3) Bringing the Internet of Things to healthcare, (2018, September 3). Retrieved from
https://Medicaldevice-network.com.
4) Cirani, S., Picone, M., Gonizzi, P., Veltri, L. & Ferrari, G. (2015). IoT-OAS: An
OAuth-based authorization service architecture for secure services in IoT scenarios,
IEEE Sensors J., 15(2), 1224–1234.
5) Ghosal, P., Das, D., & Das, I. (2018). Extensive survey on cloud-based IoT-healthcare
and security using machine learning Proc. - 2018 4th IEEE Int. Conf. Res. Comput.
Intell. Commun. Networks, ICRCICN 2018, pp. 1–5

28