Professional Documents
Culture Documents
Seminar Finale
Seminar Finale
Submitted on…………………………..
DECLARATION
I KIPROP VICTOR hereby declare that this research proposal is my own work and as to the best
of my knowledge not been submitted to any other institution of higher learning.
Signature………………………. Date………………………….
This proposal has been submitted as a partial fulfillment of requirement for Bachelor of science
in Applied Computer Science of Chuka University with my approval as the supervisor
Supervisor……………………….
Signature………………………. Date…………………………
ACKNOWLEDGEMENT
This research and documentation would not have been successful without the support and
cooperation of several people. First, I would like to acknowledge and thank the almighty God for
the charitable time, strength and aptitude that enabled me to complete my research and come up
with the research documentation. Special thanks to my supervisor Mr. Charles K Gitonga for his
continuous advice and counsel. Finally, I would like to extend my heartfelt gratitude to my entire
family members for their continued support throughout my research period.
3
ABSTRACT
The promising power of the emerging Internet of Things (IoT) technology for nerve-connected
medical devices has played an important role in the next-generation health care industry with
advanced patient care. Due to the increase in the number of patients with serious illnesses, the
elderly and disabled people, there is an urgent need for real-time health monitoring infrastructure
to analyze patient’s health care data to avoid preventable deaths. However, smart health care
requires patients to share them physical information for online diagnosis and if the intelligent
health care information sharing system does not have effective security measures in place, this
sensitive information may be abused by malicious users. To address these issues, I propose the
integration of Artificial Intelligence in the intelligent health care information sharing systems. In
my model, each patient has a virtual machine dedicated to the data sharing system, each virtual
machine provides group data services that can be downloaded to those authorized IoT devices
which provides the customer’s services. In addition, the visible device is protected by AI-based
gateway which only confirms authorized items that can access the patient's visual device. Since
each item has a different MAC address, so my model can effectively validate IoT things
determined by resources and address issues caused by the identity theft.
4
TABLE OF CONTENTS
CHAPTER ONE: INTRODUCTION..............................................................................................1
1.1 Background to the Study.....................................................................................................1
1.2 Problem Statement..............................................................................................................2
1.3 Goals......................................................................................................................................3
1.4 Scope.....................................................................................................................................3
1.5 Justification / Significance..................................................................................................3
CHAPTER TWO: LITERATURE REVIEW..................................................................................4
2.0 Introduction..........................................................................................................................4
2.1 The current state of the art of IoT security.......................................................................4
2.2 SDN-Based Security Enforcement Framework................................................................9
2.2.1 Overview of the Framework........................................................................................9
2.3 Workflow of a System with a firewall including artificial intelligence.........................10
CHAPTER THREE: RESEARCH METHODOLOGY................................................................13
3.1 Research Design.................................................................................................................13
3.2 Research Tools and Procedures.......................................................................................13
3.2.1 Literature search........................................................................................................13
3.2.2 Case Analysis...............................................................................................................13
3.3 System Requirements........................................................................................................14
CHAPTER FOUR: RESULTS AND DISCUSSIONS..................................................................15
4.0 Introduction........................................................................................................................15
4.1 IoT architecture in healthcare..........................................................................................15
4.3 System Model.....................................................................................................................17
4.4 Main vulnerabilities of the healthcare IoT......................................................................18
CHAPTER FIVE: CONCLUSION, RECOMMENDATIONS, CHALLENGES AND FUTURE
WORK...........................................................................................................................................20
5.0 Challenges...........................................................................................................................20
5.1 Recommendation...............................................................................................................20
5.2 Future Work.......................................................................................................................20
5
5.3 Conclusion..........................................................................................................................20
REFERENCE................................................................................................................................21
List of Tables
Table 1: IoT security in healthcare using AI...................................................................................6
Table 2: Summary of related survey papers....................................................................................7
6
SP – Service Provider.
SC – Service Consumer.
SRM – Service Releasing Policy.
SM – Service Model.
SCM – Service Consumer Model.
IFM – Information Flow Model.
TM – Thing Model.
7
with some form of connectivity, from wearables such as smart watches, implantable devices such
as insulin infusion pumps, smart pens that are communicating patient data to and from healthcare
records systems, X-ray machines with Wi-Fi or Bluetooth, etc. IoT-enabled medical devices
provide critical data that assist health practitioners perform their jobs. Tasks such as remote
patient monitoring, treatment progress observation, and the housing of vaccines are all
capabilities of medical devices with integrated IoT.
IoT security refers to a security strategy and protection mechanism that specifically safeguards
from the possibility of cyberattacks on IoT devices that are connected to the network and
purposely built for a fixed set of functionalities. Without robust security, any connected IoT
device is vulnerable to getting breached, compromised and controlled by a bad actor to
ultimately steal the user data and bring down systems.
Smart healthcare requires patients to share their physiological information for real-time
monitoring or online analyzing. All physiological information is extremely sensitive information
for patients, thus if the data sharing system of smart healthcare lacks effective security
mechanisms, this information might be accessed by malicious insiders which will consequently
incur serious privacy leakage accidents and cause more serious psychological harms to patients.
According to a survey, only in the United States, the economic losses due to medical identity
theft has been nearly 41.3 billion dollars per year. And more than 78% participants worry about
the leakage or misusing of their medical personal information. If the hacker gets hold of the
patient’s information, they will be able to make a fake identity card to purchase medicines or
medical equipment for resale. In certain cases, the attacker may have direct control over IoT
equipment, which results in potentially fatal results. For example, Johnson & Johnson warned
patients about unsuspected insulin pumps that allow hackers to inject insulin injections without
permission.
Due to constrained resources, how to effectively validate IoT things within the smart healthcare
is a vast challenge for data sharing system because it is nearly impossible for a sensor to send a
password or verification code to system. At the same time, encryption-based data sharing
mechanisms, such as attribute-based encryption (ABE) are insufficient to define fine-grained
data
operations, i.e., if a user decrypts an encrypted file, then the user can do anything towards the
decrypted file. Moreover, authentication-based access control techniques, such as role-based
access control (RBAC) or identity-based access control (IBAC), are vulnerable when facing
identity theft, that is if a legal user’s identities have been cracked by an attacker, then attacker
will obtain all of legal authorizations accordingly.
Data sharing systems are key engines when dealing with IoT in healthcare sector hence its
security is very crucial. Currently, there is the use of SDN-Based Security Enforcement
8
Framework in data sharing systems. In this framework, each patient should have a dedicated
virtual machine in data sharing system and because virtual machine is an enclosed system, only
patients can access their personal data stored in virtual machine, while any others (including
storage provider) cannot. Virtual machine is protected by the SDN-based gateway which
provides a firewall mechanism and guarantees only authorized things can access patient’s virtual
machine. Due to the rapid advancement of technology and increasing adoption of IoT devices in
the healthcare sector, the attack surface continues to grow and evolve rapidly too. Attack surface
is directly proportional to the attacks from cybercriminals meaning that cyberattacks are also
increasing with the increasing adoption of IoT things. Therefore, there is a serious need to
integrate an intelligent mechanism in the gateway.
Several researchers have proposed different mechanisms of enforcing IoT security in healthcare
sector using different technologies. This paper provides a detailed review of the strategies used
by the previous researchers to curb IoT security concerns in healthcare. It also proposes a model
to be used in data sharing systems with a more intelligent gateway incorporated with AI rules.
1.3 Goals
1. To study and review IoT security technologies in healthcare sector that have been in use
over the recent past years.
2. To study the architecture of IoT in healthcare.
3. To study and review firewalls incorporated with artificial intelligence.
9
4. To propose a model that can be used to enhance the security of data sharing systems of
IoT devices in healthcare using artificial intelligence.
1.4 Scope
This research will mainly focus on the security of a data sharing system used by the IoT devices
in healthcare. The data sharing system with be more secure by the incorporation of artificial
intelligence with the existing gateway.
10
CHAPTER TWO: LITERATURE REVIEW
2.0 Introduction
Several kinds of research have been conducted to help in enhancement IoT security in the
healthcare sector. This chapter provides a detailed review of existing IoT security frameworks. It
later illustrates the different approaches which have been used by other researchers over the past
recent years to incorporate artificial intelligence with a firewall.
2.1 The current state of the art of IoT security
Yao et al. (2013) presented a lightweight multicast authentication scheme for small-scale IoT
applications. They exploited the specific characteristics of the fast accumulator proposed by
Nyberg (1996) i.e., the absorbency property and the one way and quasi-communicative property,
to construct a lightweight multicast authentication mechanism. To test their scheme’s
practicability, the authors evaluated seven principal criteria required by multicast authentications
for resource-constrained applications in the course of a performance analysis. The proposed
scheme was claimed to be more efficient and effective than other systems it was compared to.
Bello & Zeadally (2014) investigated the possibility of self-collaborated device-to-device
communications without any centralized control. Two challenges, namely the computation cost
of smart objects and network heterogeneity, were identified. After that, the authors analyzed the
state -of-the-art of communication mechanisms in licensed and unlicensed spectra and routing
techniques which are able to support intelligent inter-devices communications. In the course of
their analysis, four unresolved issues were identified: 1) maximizing the use of available network
resources; 2) route management optimization; 3) inter-device-based cooperation for load
balancing; and 4) security properties such as privacy, authentication, integrity and resistance to
new types of attack.
Cai et al. (2014) adopted 802.11 based sensors to construct an IoT-based device management
system with a centralized control mechanism. The principal technique was based on the IETF
Constrained Application Protocol (CoAP). To evaluate the scheme’s feasibility and
effectiveness, the authors implemented an experimental system consisting of an 802.11 enabled
sensor, a self-designed management server and an IoT application. The experimental results
showed that their proposed system is practicable. However, one limitation exists as the system
scalability cannot be guaranteed.
Keoh et al. (2014) presented an overview of the security solutions for IoT ecosystems proposed
by the Internet Engineering Task Force (IETF), in which CoAP and, in particular, Datagram
Transport Layer Security (DTLS) are examined. Based on their performance evaluation, these
authors developed a refined and lightweight DTLS capable of providing robust security
functionality for IoT objects. Even so, the authors identified some unresolved issues for future
work, i.e., device bootstrapping, key management, authorization, privacy and message
fragmentation issues in IoT networks.
11
Kawamoto et al. (2015) demonstrated an effective data collection scheme for location-based
authentication in IoT networks. In order to improve the authentication accuracy, parameters
related to network control are adjusted dynamically based on the real-time requirements from the
system and the surrounding network environment. In addition, optimization of authentication
accuracy was investigated. The authors finally suggested that future work could focus on
intelligently controlling the data distribution from inhomogeneous IoT devices.
Ning et al. (2015) proposed an aggregated proof based hierarchical authentication scheme for
layered unit and ubiquitous IoT(U2IoT) architecture to pursue security protection among
ubiquitous things. In the proposed scheme, security properties such as entity anonymity, mutual
authentication and hierarchical access control are achieved via the following techniques: user
authorization, aggregated-proof based verifications, homomorphism functions and Chebyshev
chaotic maps.
Gope & Hwang (2015) first presented an authentication protocol for distributed wireless sensor
networks. Their proposal not only is compatible with client-server-server (i.e., the sensor-
gateway-server) architecture, but also satisfies important security properties such as mutual
authentication, sensor anonymity and un-traceability, system scalability, and resistance to
12
impersonation attack, replay attack and cloning attack. The authors thus claimed the proposed
protocol is secure as well as efficient.
Gope & Hwang (2016) introduced two authentication schemes, i.e., BSN-Care and USM-IoT,
for IoT-based networks. These two authentication schemes are designed to fit the security
requirements for body sensor networks and distributed wireless sensor networks, respectively.
Accordingly, from the standpoint of authentication analysis, the underlying architectures can
respectively be characterized as being client-server and client-server-server. These researchers
further proposed an authentication mechanism for a distributed IoT-based healthcare system. The
proposed protocol is based on body sensor networks (BSNs), which consist of lightweight and
healthcare oriented smart objects. Lightweight crypto-modules, such as a one-way hash function
random number of generation function and bitwise exclusive-OR operation, are adopted to
simultaneously pursue system efficiency and security robustness. The authors then investigated
the security density and protocol efficiency via BAN logics analysis and computation cost
comparison.
Table 1: IoT security in healthcare using AI
13
of additional
security
mechanisms
14
surfaces of the network and
IoT system. In- application
depth review of security for IoT
Machine Learning devices and their
(ML) and recent inherent
advances in Deep vulnerabilities
Learning (DL) are ineffective.
methods for IoT Existing security
security methods need to
Application of be enhanced to
ML/DL for each secure the IoT
IoT layer, ecosystem
challenges, and effectively
future directions.
15
security of IoT devices and the
Networks. dynamic
Limitations of behavior of the
existing IoT networks.
network security
solutions that call
for DL and ML
techniques. In-
depth review of
the research
challenges of
ML/DL
techniques in IoT
16
Figure 1: SDN-Based Security Enforcement
Framework.
system components.
17
2.3 Workflow of a System with a firewall including artificial intelligence
The process of the proposed system has the minimum possibility of packet drops and can deeply
identify a packet is really containing rejected contents or not. That can free this system from
risks. The workflow of the system is discussed in following subsections:
Make up list categories for incoming packets. Here, Firewall list up the connection of packets
into three categories (fig 4). Established list contains the connections of trusted packets. Deny list
contains the connections are blocked. Third list is additional list containing the connections of
packets are not sure about those are safe or not
Ready for checking. A firewall normally set connection of a packet to the established list, if
anyhow it entered into the own system. If that packet has risk materials, then it became unable to
detect for a traditional firewall. To remove this risk condition this firewall always continue an
enquiry to check established connections (fig 5) are trusted or not. Here shown some rules are
produced for exceptional packets by the system itself according to a packet.
Figure 5: Connection
When a packet satisfies AI rules. After matching with all the AI rules, it assumes that the packet
is trusted (fig 6). Then the connection is made with the established list and give permission to
access the system. It assumes that the packet is not trusted.
18
Figure 6: If AI rules matched
When a packet does not satisfy AI rules. If anyhow the packet does not match the AI rules
because of unnecessary codes, following thing happens (shown in fig 7)
A traditional firewall basically does. It can’t produce AI rules by itself. Just can match some
Figure 8: Confusion with AI rules
predefined rules to the packet headers. If matched, then make a connection; otherwise block the
packet (fig 9)
Figure 3:Confusion with AI rules
19
Figure 9: Traditional Firewall Operations
20
3.3 System Requirements
Hardware requirements
1) Computers
2) Sensors
3) Router
4) Smartphone
Software Requirements
1) Gateway
2) Oracle VM VirtualBox
3) Windows 10 Operating System
4) Apple watch app
21
CHAPTER FOUR: RESULTS AND DISCUSSIONS
4.0 Introduction
In this chapter, the proposed model of Data Sharing System is illustrated. A general IoT
architecture in a healthcare environment is also shown as well as the functionality of the various
devices involved in the architecture. Later in the chapter, we shall also see the main
vulnerabilities of the healthcare IoT.
4.1 IoT architecture in healthcare
Figure 2: Pictorial representation of IoT architecture in healthcare
22
activity or sleep patterns
3) Smartphone – Used to host an application for uploading patient’s information, such as
blood glucose readings, to the doctor or health care team
4) Cloud – Used to store the voluminous amount of data generated by the IoT devices.
5) Sensors are used in electronics-based medical equipment to convert various forms of
stimuli into electrical signals for analysis. They can increase the intelligence of medical
equipment, such as life-supporting implants, and can enable bedside and remote
monitoring of vital signs and other health factors.
Key Sensors and Applications
Pressure sensors – They are used in infusion and insulin pumps, respiratory
monitoring and blood pressure monitoring equipment, surgical management
systems, sleep apnea machines, etc.
Temperature sensors - They are used in medical incubators, humidified
oxygen heater temperature monitoring and control equipment, neonatal
intensive care units to monitor patient temperature organ transplant system
temperature monitoring and control, etc.
Image sensor - They are used in radiography, external observation,
cardiology, etc.
Flow sensors, respiratory monitoring, gas mixing, and electro-surgery, destroy
tissue such as tumors, etc.
Biosensors - They are used in blood glucose and cholesterol testing, testing
for drug abuse, infectious diseases, and pregnancy, etc.
Accelerometers - They are used in heart pacemakers and defibrillators, patient
monitoring equipment, blood pressure monitors, etc.
Encoders can be found in X-ray machines, surgical robotics, medical imaging
systems, etc.
6) An IoT gateway device bridges the communication gap between IoT devices, sensors,
equipment, systems and the cloud.
23
4.3 System Model
Figure 3: Pictorial representation of data sharing system model incorporated with AI
In this model, each patient has a dedicated virtual machine in the data sharing system, thus
patient is a service provider (SP), i.e., the owner of services run in the virtual machine. Each
physician or an IoT thing is a service consumer (SC), i.e., the user of services run in the virtual
machine. As service provider, patient can regulate which service in her/his virtual machine could
be released to which physician or which thing. Only through the indicated service interfaces can
physicians access patient’s personal data stored in virtual machine.
Specifically, this model can be decomposed into two main layers, i.e., virtual machine (VM)
layer and AI-based gateway (Gateway) layer. The purpose of introducing virtual machine layer is
24
to tackle the problems caused by insider attacks.
Since virtual machine is an enclosed system, hence only patient can access the data stored in VM
while any other (including storage provider) cannot. In this way, we can prevent those malicious
insiders from accessing patient’s personal data illegally. The virtual machine layer can be further
decomposed as two sub-layers, policy layer and service layer. Service releasing policy (SRM) is
created by service provider in policy layer, which strictly regulates which service could be
accessed by which service consumer or which thing in system. After that, SRM and relative
system models, such as service model (SM), service consumer model (SCM) or thing model
(TM), will be converted into a corresponding information flow model (IFM) by system
automatically. IFM is a formal model which has underlying information of network, such as
MAC address of thing or IP address of virtual machine, which can assist the gateway to identify
which IoT thing is authorized or unauthorized. Patient doesn’t need to know this underlying
network information because they are provided by system models, and all system models are
created and updated by system not by patients. Service layer manages patient’s personal data and
a group service, such as online exploring data service, updating data service, downloading data
service or etc. Patient leverages SRM to regulate which service could be released or not.
25
Ownership of data - Countries have laws to protect patient data but they may
vary from state to state. Besides, in certain cases, such as in case with fitness
wearables, many people would think that the data tracked and collected is be
bound to be protected by legislation but in many cases it is not.
Location privacy - It is concerned with eavesdropping on a patient’s location.
Location privacy in WSNs, specifically hiding the message sender’s location, can
be achieved through routing to a randomly selected intermediate node
26
1) Getting a deep understanding of how data sharing systems work with various critical
policies involved.
2) Getting relevant journals to help in collecting essential data because most of the best
journals required payment fee to access.
3) Being the first time working on search paper, the whole research process was so
overwhelming.
5.1 Recommendation
On the plus side, I would recommend the healthcare sector to embrace artificial intelligence
systems and employ them because they get smarter with the more data they analyze, i.e., they
“learn” from experience as well as becoming increasingly capable and autonomous as they go.
5.2 Future Work
Although there have been numerous researches from several researchers on IoT security, there is
still a need to study how artificial intelligence and machine learning can help in the automation
of IoT security. In the future, there is still a need to further improve the robustness of the existing
frameworks by integrating the intrusion detecting functions towards distributed denial of service
attacks, such as the toolkits introduced by the proposals of (Li et al., 2009). In that way, when the
distributed denial of service attack occurs, the gateway can timely detect the malicious access
behaviors and block all of requests sent from those malicious hosts automatically, thereby
improving the robustness of the framework.
5.3 Conclusion
In this research paper, I proposed an AI-based security enforcement model for data sharing
system of smart healthcare. With this model, healthcare’s data sharing systems will be more
secure because artificial intelligence systems “learn” from experience, i.e., they learn how to deal
with cyberattacks the more it is attacked by cybercriminals. There will also be the enhancement
of IoT security in healthcare.
REFERENCE
1) Al-garadi, M. A., Mohamed, A., AL-ali, A., Du, X., & Guizani, M. (2018). A Survey
of Machine and Deep Learning Methods for Internet of Things (IoT) Security Polit.
2) Bello, O., & Zeadally, S. (2016). Intelligent device-to-device communication in the
Internet of Things, IEEE Syst. J., 10(3), 1172–1182.
27
3) Bringing the Internet of Things to healthcare, (2018, September 3). Retrieved from
https://Medicaldevice-network.com.
4) Cirani, S., Picone, M., Gonizzi, P., Veltri, L. & Ferrari, G. (2015). IoT-OAS: An
OAuth-based authorization service architecture for secure services in IoT scenarios,
IEEE Sensors J., 15(2), 1224–1234.
5) Ghosal, P., Das, D., & Das, I. (2018). Extensive survey on cloud-based IoT-healthcare
and security using machine learning Proc. - 2018 4th IEEE Int. Conf. Res. Comput.
Intell. Commun. Networks, ICRCICN 2018, pp. 1–5
28