1

CHAPTER 1

INTRODUCTION

This chapter introduces and describes IoT and challenges faced to provide
security and privacy in medical health care system. Section 1.1 Explains basics
concept of Internet of Things (IoT), Section 1.2 Introduce security issue in IoT and
challenges of IoT, Section 1.3 Describes health care monitoring system, Section 1.4
explains Health care monitoring using IoT, Section 1.5 Narrate recent trends in health
care monitoring system. Section 1.6 Gives security issues in health care monitoring
systems. Section 1.7 Delineates motives of the research, Section 1.8 Explains research
objective in detail. Section 1.9 Describes Contribution of Thesis. 1.10 Presents the
Organization of Thesis.

1.1 Internet of Things

The Internet of Things (IoT) can define as inter connection of objects and
providing services to peoples, data will be shared in order to fulfill various type of
application. The elementary intent of IoT is to meet our daily life schedule by
performing various tasks, the various types of application from day-to-day life to
industry. IoT network [1] are highly distributed and provide wide application. IoT is a
fundamental domain in which data stream are generated with the rapid development
of health care system. Studies have shown wearable devices, fitness App form a major
role in common citizen in the globe. They also predict that in the succeeding years the
technology aided health care will be most trending, more and more updated smart
watches, heart rate monitors and other fitness trackers will come into market in
coming times.

Even though the concept of combining the sensors computer and networks
the key technologies [2] are now accompany the application of Internet of Things.
The three main characteristics of IoT are: first, the utilization of sensors. Second,
 2

availability of wide variety of networks and finally intelligent technologies can be

used for storing the data. The work focused on IoT solution applied to healthcare
ecosystem, the main trend to enhance in IoT and health care system are product and
personalized service in term of wearable devices. Layered approach is identified in
IoT for effective communication [3] like Hardware layer, Security layer,
Communication layer and Application layer.

The technology used in IoT are [4] RFID tags, sensors, mobile phones and
actuators, these devices communicate with each other’s collect medical data. Key
trend in IoT is commercial wearable products and mobile application enables for
collecting medical health data, apart from wearable technology sensor technology is
also widely implemented.

In IoT, the layered architecture defines by functions and different device

are implemented in these layers [5]. The IoT operates in three different layers: Sensor
layer, Network layer and Application layer. Figure 1.1 explains basic three-layered
framework of IoT

Figure 1.1: Three Layer IoT Architecture

 3

• Sensor layer

The sensor layer in IoT architecture deployed different type of sensors in

the network; the purpose of this layer is to collect data from the environment [6] with
the help of actuators and sensors. The main functionality of this layer is to detect the
data, later collect, process and followed by transmission to next layer. Actuator are
kind of motor that can control or move a device, the different types of sensors are

o Accelerometer sensor

o Temperature sensor

o Rain sensor

o GPS sensor

o Light sensor

o Humidity sensor

o Proximity sensor

o Soil moisture sensor

The accelerometer sensor measures linear acceleration based on vibration,

temperature sensor, sense and measure temperature and convert to an electronic
signal, rain and GPS sensor are [7] used to collect data related to rain and position
respectively. Light sensor used to get information on light source, humidity sensor
widely used to collection of humidity in surroundings, without any physical contact
the proximity sensor able to detect the presence of object and soil moisture sensor
used for get data from soil moisture.

• Network layer

The network layer of IoT provides the function of routing data and
transmission to different IoT devices, at this layer [10] routing, switching and gateway
are operated using traditional technologies like WiFi, Bluetooth, Zigbee etc., a detail
study is explained in Table 1.1. The gateway serves as mediator to collect data from
the sensors.
 4

Table 1.1: Networking Technology used in IoT

Network Connectivity Use case

WiFi Wireless, Short range Smart home, office

Ethernet Wired, Short range Fixed equipment application

Bluetooth Wireless Short range Wearable devices

Zigbee Wireless Short range Home, health care industry

• Application

The application layer is the place where the user interacts with and this
layer is responsible for delivering application specific to user. At this layer the
purpose of layer is to create a smart environment. The service may vary with different
application because the service depends on data collected.

The hierarchy of all different types of architecture is given in Figure 1.2

which shows three, four and five layers respectively.

Figure 1.2: Layered architecture of IoT

 5

The three-layer architecture [12] is the most basic architecture, due to the
continuous evolution of technology and in order to fulfill the requirement a four layer
and followed by adding support layer to become a five layered architecture [15],
along with security mechanism to make more secure environment.

• Support Layer

The concept of security is introduced in the fourth layer, the information

send is directly to network layer may cause of getting threats. The information coming
from sensor layer has to two major responsibilities [16] i) authentic user sends
information ii) sending data to network layer.

• Processing Layer

It is also called as middleware layer; this layer collect data coming from
transport layer. The processing of collected data in done in this layer, removing of
unwanted information and extract useful information is executed in this layer.
However, it also deals with Big- data [17] in IoT concepts.

• Business Layer

The indent behavior of application layer brings top most layer called
Business layer and it is similar to manage a complete system. The major duties are to
control and manage application, this layer is also concern with security factors. This
layer has an ability to store and manage the information.

The number of IoT devices are increasing each and every day, likely
health care monitoring application also getting popularize in the recent era due to
providing better comfort and medical treatment to patient. It has been reported that the
e-health care system in 2020 has more than tripled since 2010; Figure 1.3 [20] will
show the increase of e-health system from 2010 to 2020.
 6

Figure 1.3: Number of e-health system from 2010 to 2020

People use IoT due to the popularity and benefits provided by the
technology. IoT allows people to automate, control and achieve ask that are essential
for life.

1.2 Security issues and Challenges in IoT

Along with the growth of IoT, new security issues arise while traditional
security issues become more severe. The main reasons are the heterogeneity and the
large scale of the objects. The factors of security can be further divided into two
categories: the diversity of the “Things” diversity means different thing to different
people and the communication of the “Things” shows how the devices are connected.
To provide quality healthcare system to the patient, the IoT network must secure
enough. Each IoT layer faces different attacks and threats, attack can be classified into
two: i) active attack ii) passive attack. The active attack stops the services and the
passive attack monitors IoT network without effecting the services. There are many
[21] challenges in IoT like energy efficiency, poor management, security and privacy
etc.

The main IoT security are from the heterogeneity and the large scale of
objects.

1) Object Identification: The main challenge of object identification is to

 7

ensure the integrity of records used in the naming architecture. Although the Domain
Name System (DNS) provides name translation services to Internet users, it is an
insecure naming system. It remains vulnerable to various attacks, such as DNS cache
poisoning attack, and man-in-the-middle attack.

2) Authentication and Authorization: public-key cryptosystems have

advantage for constructing authentication schemes or authorization systems, the lack
of a global root certificate authority (global root CA) hinders many theoretically
feasible schemes from actually being deployed. Without the global root CA, it
becomes very challenging to design an authentication system.

3) Software Vulnerability and Backdoor analysis: Dynamic analysis is an

effective approach to the discovery of vulnerabilities before product release. Due to
resource constraints, dynamic analysis may be inefficient to deploy in an IoT device.
Therefore, the emulation, which can emulate the behavior of devices in a server with
more computing power, is needed to make dynamic analysis applicable.

4) Security issues from Android: devices connect to the Android system

forming personal area network (PAN), the security issues specifically for Android
will be brought into IoT. The main concern is sensitive data leakage. The current
permission protection only provides course-grain management, namely all-or-nothing
choice, to restrict the type of connected devices and disable the runtime control.

The major security attack in different layer of IoT architecture, in sensor

layer the major the major security threats are

• Node capture: An attacker gains complete dominion aloft key node or

gateway node this attack may cause leaked every valid data in the network

• Eavesdropping: it is an unauthorized real time attack; it steals private

information in the network

• Malicious node: here attacker act as a node in the network and provide
fake data

• Timing attack: this type of attack occurred when a system with week
computing capability
 8

• Reply attack: the other name is playback attack; an intruder eavesdrops

the conversation and take valid information.

The main priority of health care system is to protect patient health

information from different threats. The prominent security issues [22] in network
layer are integrity and authenticity of information, the major threats are

• Denial of Service (DoS): The attacker prevents authentic user from

accessing network or devices, this can be done by flooding targeting
devices and make feel that all user is authentic to them.

• Man in The Middle (MiTM): MiTM attack where attackers interrupt and
alter communication between device and they believe that they are
communicating with each other. Her the communication is controlled by
attacker so that he can alter the message according their needs.

• Exploit attack: An illegal attack from a software or using sequence of

commands, by taking security vulnerability in an application. This type of
attack usually gain control over system or network.

• Storage attack: The valid information of the users is kept safe in cloud or
storage device, here this attack occurred in either cloud or storage devices.

The application layer faces may threat from inside and outside from the
environment, the major security threats faced in [23] application layers are

• Malicious code attack: the code contains any part of the software that
causes damage to the system. This type may control the use of anti-virus
by activating itself.

• Cross cite scripting: the attacker can change the content by insert a client-
side script in trusted site of the user, it’s also called as injection attack.

The various attack that occurs in support layer are DoS attack, Malicious
node unauthorized access etc., likely the attack that effect processing layer that effect
performance is
 9

• Exhaustion: the exhaustion occurs after effect of attack like DoS attack,
this may cause exhaust the system resources.

• Malwares: the confidentiality of the users is the prime focus of attacker,

this refers to virus, spyware, Trojans interact the systems.

The major problems occur in the business layer are in the security issues,
they are

• Business logic attack: this attack uses the advantage of flaw in the
programming, this type controls the information between user and
database

• Zero-day attack: the attack refers to a problem in an application that is

unfamiliar to the vendor, without the knowledge of the user the attacker
take control over user.

1.2.1 Security issues in IoT communication technology

IoT starts with connectivity, the most common technology [24] used for
communication IoT are:

1) Bluetooth technology: Bluetooth used in the application are used for

communication in short distance, there are many securities mechanism
provided for the communication between sender and receiver. There are
many threats that effect in Bluetooth communication, the most common is
blue jacking. Bluesnarfing is the other one, it allows unauthorized access
of information in calendar, message etc.

2) Radio frequency identification (RFID): Uses electromagnetic frequency

waves for the communication, the main part of RFID are tag, reader and
database. When triggered by a communication, tags are attached to the
objects, reader used to read the information from the tag and database
used to store the information. RFID does not provide any security aspects
to data that read from tags, there should be a solution to block malicious
user to read tag. Problem of truthfulness is maintained.

3) WiFi (Wireless Fidelity): radio waves are used for communication; it does
 10

not provide any encryption mechanism so easy for attacker to get into.
Eavesdropping is another major threat in this technology. 4) ZigBee
Technology: this provides personal area network (PAN), provides low
power conception with maximum number of users. MAC layer in the
ZigBee provide security, access control, encryption and integrity are the
different service provided for security. 5) Wireless Sensor Network
(WSN): sensor is spatially distributed in the network, sensors battery,
microcontroller and memory are the components [25] in the WSN. The
main functionality is to collect information from sensor and store in
memory, the major security attack in WSN are DoS, Service attack, DoS
etc.

A brief comparison on different communication technology in Internet of

Things is given in Table 1.2,

Table 1.2: Comparison of communication technology

Technology Method Application Security Drawback

Mobile Phone, Encryption, Blue jacking,

Bluetooth Wireless
Laptop Authentication Bluesnarfing

Frequency Encryption
RFID Health care No authorization
waves (AES, DES)

Camera, PC, Authorization,

WiFi Radio Signals Eavesdropping
Mobile phone Authentication

Home, Encryption,
ZigBee Wireless Fixed key
Industries, PA Integrity

Health care, Key, Encryption,

WSN Wireless DoS
Building Authentication

1.2.2 Security challenges in IoT

With regards to privacy in IoT, every solution or framework must address the
following challenges (1) Profiling and Tracking. Association of an identity with a
 11

certain individual is a threat as this may lead to profiling and tracking. Hence, one of
the major challenges is to disallow such activity in IoT and take some preventive
measures. (2) Localization and Tracking. Localization is another threat as systems try
to determine and record person’s location through time and space. One of the major
challenges of security solutions for IoT is to design protocols for interactions with IoT
that discourages such activity. Profiling information related to a certain individual to
infer interests by correlation between other profiles and data is very common in e-
commerce applications. Huge challenge lies in balancing interests of businesses for
profiling and data analysis with user’s privacy requirements. (3) Secure Data
Transmission. Yet another security is to ensure that data are transmitted in a secure
manner through the public medium without concealing information to anyone and
thereby prevent unauthorized collection of information about things and people.

Access Control

Privacy Authentication

Secure
Mobile Security
Middleware

Confidentiality

Figure 1.4: IoT Security Challenges

The Internet of Things faces different challenges in security, Figure 1.4

describes most security challenges faced in the IoT ecosystem. Major security
challenges are Access Control, Authentication, Mobile Security, Confidentiality,
Secure Middleware, Privacy.

1.2.3 IoT Security mechanism

Without proper security it is very difficult to utilize the technology well,

there are different mechanism are there to provide security in IoT.
 12

• Encryption and Hashing technique: Information shared through the

internet may attacked, so there should be a mechanism to prevent this
attack. Encryption and hashing technique are the common method used.
Here the message is converted in to cipher text by using a key and that is
shared to receiver, the receiver re-constructs the message using the key.
These processes make the system more secure.

• Public key infrastructure (PKI): Authorization and authentication is

executed to provide security in another mechanism. Authorization [26]
describe that the user has right to access the information from the
resources. Authentication is the process of permitting by confirming the
user identity. A PKI mechanism is the combination of mechanism like
encryption, authentication and authorization.

• Symmetric key cryptographic algorithm: In this type of encryption uses

sender and receiver share common key, there are different types of
symmetric key encryption key algorithm are there. Advance Encryption
Standard (AES), data encryption standard (DES), Blowfish etc. One of the
main disadvantages of this encryption is both sender and beneficiary
should share same key used for encoding and decoding.

• Public key cryptographic algorithm: It is also known as asymmetric key

encryption algorithm, here a message is converted into cipher text by
public key while a private key decrypt it. RSA and ECC are the common
types in this group.

• Hash functions: Hash function provide many aspects in security like

digital signature, data integrity checks. Hash value can be described as a
block of data or message etc. the distribution of secret key is based on
polynomial based or an alternative protocol.

1.3 Health care monitoring system

Health care monitoring devices are developed for empowering idea and
technique for remote monitoring, diagnostics and other health related activity. Health
monitoring should be a continuous tracking of patient’s health status and provide data
to the medical team for diagnosis. This will help elderly and patients in case of
 13

emergency without going hospital. Most of the developed and under developed
countries have shortage of human resource in the health care sectors; therefore, new
model of health care system is required for the public. The senior citizen doesn’t
frequently visit the hospital as they cannot move easily, advance technique can be
used for their well wishes.

The advanced development focused on design based on WBAN’S

(wireless body area network) [27] that is implanted or in wearable devices to collect
the health data of a person. The wireless sensor technology is the nucleus part of this
environment, the gathered data is transmitted wirelessly to receiving station where
data are processed and provide security and privacy.

The basic structure of a health monitoring is described in Figure 1.5, a

patient with wearable technology or sensors are implanted to his body to collect
health information like blood pressure, temperature, ECG etc. the collected health
data are forwarded to a [28] gateway and stored in a cloud platform.

Figure 1.5: Health care monitoring system

The different components in the health care monitoring system are

• Wearable sensor and Central node: These sensors are used to measure
physiological condition, like pulse, blood pressure, vital condition etc.
Some special purpose sensors like motion detection, angle sensor are also
used in the health monitoring system; the central node receives data from
the sensor node and forward to external devices. A dedicated central node
is implemented to improve the functionality in the health monitoring
system.
 14

• Short range communication: sensor to communicate with center node a

short-range communication is required this include the effect on human
body, data security etc. the chosen method should not have any negative
impact on human body, like cause of any other health related disease.
These methods also provide a strong security mechanism to patient health
data, likely system need to monitor heath condition on real time basis.

• Long range communication: data obtained by the central node should

forward to cloud platform where a relevant parties can access the health
data. For a long-range communication standard should meet security,
error correction and availability need to be considered. Strong security
parameter needs to be taken care for sensitive data of patent. High quality
error correction capacity and delay in communication effect on patient
health status.

Due to numerous nodes in the environment the data transmitted through a

short-range radio frequency, the commonly used [30] MICS (Medical
Implant Communication Service) with 10-meter coverage and 402-405
MHz frequency band is used for body area application due to low
transmission power. Similarly, the energy consumption is also to be
consider, if a short life time of nodes, then the patient needs to charge the
battery frequently.

1.4 Health care monitoring using IoT

Many health care monitoring environments are based in IoT, innovation

and developments in this area are rapidly developing day to day life. Health care
monitoring ensure treatment of patients by connecting devices to IoT network, the
popularity of health monitoring reduces cost, improve the quality and access to care.
Health monitoring IoT is also preventing spreading disease as well as to get proper
diagnosis even though the doctor is far distance. In most of the rural area medical
facility is far in a hand reach for the natives, so normally people visit physician,
hospital and diagnosis the procedure. Once health issue has increased up to critical
stage, then it will easy to take any medical assistance. When an epidemic spread in an
area where the doctor cannot reach easily, health can be monitor easily without
spreading the disease.
 15

1.4.1 Threats in IoT health monitoring system

IoT health monitoring system has many vulnerable threats, the different types are

• Energy optimization: In health care system sensors are significant devices,

that measure and analyze the health data. Energy consumption in these
devices is major concern because senor is small device that collect data
continuously. The life of battery is not sufficient to perform the sensing
continuously, these are the major concern in IoT health care systems.

• Physical attack: The gathering data from an unprotected environment so

there will be a physical security attack occurred. Attacker can easily
reconfigure and manipulate data send by IoT device. Hardware tampering,
software manipulation is some form of attack faced in IoT network.

• Privacy: IoT device collect data from a remote access mechanism this
have major concern in security and privacy. Data collected through the
sensor are collected and stored in cloud through internet; IoT device and
internet are threatened heath data. Health data is shared by different nodes
and each node should provide privacy and security.

• Data manipulation: Data is very important in health care application and it

is use in all levels of application, because health data is personally
identifiable. Attacker can manipulate data in order to redirect what
attacker wants and doctor give wrong decision and treatment because of
data manipulated this may lead endanger the life of a patient.

There are few disadvantages in remote health care monitoring, but the
issue is largely solved and these systems are designed for many emergencies purpose.

1.4.2 Cloud based IoT health care system

Cloud technology is widely used due to the usefulness in Bigdata

management, the complex computation offloaded from low resource to high power
cloud to get better results. The benefits of cloud focus in [32] three primary services
provided by cloud in health care systems i) Software as Services (SaaS): this provides
application part e-health system, which perform work and perform relevant task. ii)
Platform as Service (PaaS): this provides tools to virtualization data management and
 16

more. iii) Infrastructure as Service (IaaS): provides physical infrastructure like

storage, server etc. these services are used to gain different tasks especially in data
processing and Bigdata management

Data processing are different types in cloud technology, in that most

popular are data offloading and machine learning. By sending aw or unprocessed data
to the cloud, the computation resources are used for processing. Sensor node such as
blood pressure, ECG accelerometer exhibit complicated sensing process these nodes
also get the benefits of computational offloading. A low powered sensor [33] node
may not able to analyze the ECG reading using machine learning algorithm to
determine the patient health status, in such cases raw data was offloaded to cloud and
performed high end processing to determine ECG reading and identify the health
status of a patient. The computation offloading in data processing is invaluable in e-
health systems; data processing is also aid in storing health data to generate meaning
full health information.

Machine learning can also use for obtain from large dataset to identify the
disease based on previous patient diagnosis results and developing exact treatment
plan. Cloud platform enables machine learning for providing huge database and high
computational power, sensor nodes and mobile devices would not have much storage
capacity or resources to analyze data through machine learning thus it need of cloud
technology is essential to achieve this. The data obtained from machine learning
include trends in disease, development of treatment plan and connectivity of disease.
It is also possible to implement classification algorithm in cloud to get better results,
but there is no best machine learning algorithm rather than some are suitable for one
context but not suitable for other.

1.5 Recent trends and future in health care monitoring system

Health care monitoring system has signifying breakthrough with the

development of IoT, which have been revolutionized next generation health care
system. The current era is cut-throat competition leads to stress and followed by
detection of various diseases, more over citizens become more conscious in health
care activity. Wearable technology is proficient of monitoring some of everyday
physiological condition like pressure, pulse, temperature etc. Continuous and long-
 17

term health monitoring for elder people or patient with clinical disease is another
aspects, thus proper monitoring and follow-up can provide by doctor through the e-
health system.

There is various e-health monitoring popular in present years, wireless

body area network (WBAN’s) based health monitoring system is one among
prominent application. IEEE802.15.6 standard for wireless body area network [35], it
consists of numerous sensors are placed in different parts of body that can be
wearable or implanted. These sensors are communicated through a centralized device,
the data rate and power consumption are 1Mbps and 0.1mW respectively. ProeTEX
(protective electronic textile): smart wearable garments or health recording system
mounted on garments has been developed.

Cellular and smart phone-based health care monitoring system is a mob

care health system, web-based server, Bluetooth enable sensors and user interface
included in this framework. A mobi ECG will send [36] exceptional ECG data over
mobile network to doctors or care takers. Cellular based patient health monitoring
system C-SMART, an android based health monitoring system for diagnosing fall
detection of patient. A virtual tele-monitoring and tele-treatment-based body sensor
network using next generation public network is popularized. Daily mood assessment
using mobile phone, Smartphone based sleep quality measuring are some of the other
research development

Cloud based e-health system has emerged recently, the location of patient
data changed. E-health applications provide services along with cloud technology,
data security compression of data are some additional challenges faced. Thus, hybrid
cloud addressed to overcome the drawback for existing scenario. Intelligence in health
monitoring [37] is another segment; an intelligent system is capable of carrying out
processing by perform analysis of previous experience or hypothesis. The prediction
and assessment of future health state and control the individual to become patient in
future. A number of method and technique in Artificial Intelligence (AI) used to
develop intelligence in health care systems. Artificial neural network, fuzzy logic is
also can consider developing intelligent health care systems.

The trends in health care system can be categorized as 1) ageing person

 18

vulnerable to chronic disease is driving the market, according to World Health

Organization the number of people aged 55 is projected to grow. ii) Health care
industry is shifting to value based patient centric outcome. iii) Technology based
health monitoring has huge impact in all ways. iv) Remote monitoring and health care
application are getting general access to common people. The paradigm has shifted to
health care monitoring by intergrading wireless and wearable technology.

1.6 Security issue in health care monitoring system

Ageing of human being leads to new challenge for society and health care
environment, technology provide assistance to disable people and support daily
activity. An efficient health monitoring system should exhibit basic security services
like confidentiality, privacy, authentication etc. The following are major challenges
and security concern in health care monitoring system.

• Sensor data quality: quality of sensor data collected from the sensor
should ensure, like noisy or false data leads to wrong diagnosis of disease.
Sensor may collect sensor data due to unexpected hardware failure or
interception of third parties due to unreadable communication.

• Usability: lack of user-friendly interface or application doctors or staff is

one of the major factors that affect the implementation stage, Human
computer interaction require unique design and GUI for meet the usability
of data generated in medical network

• Privacy and security for health data: To guarantee security and privacy for
patient health data is one of the major issues in e health care systems.
Another major security issue is distributed data storage and access to
sensitive private patient health information, for example i) MAC spoofing
attack, ii) Blue over attack iii) Brute Force attack iv) DoS attack etc.

• Application data security: data confidentiality, data access control, no

repudiation is some of core concern while communicating. Data
confidentiality describes the collected stored and transmitted data need to
keep strictly private hence the data cannot be accessed by an unauthorized
person. On the other hand, a centralized advisory can monitor within the
system and this can be achieved by an encryption and decryption. Non-
 19

repudiation is the way of guarantee the communication network, using

digital signature this can achieved. Data access policy explains the privacy
policy of patient health data.

• Security requirement in communication: In data communication secure

transmission is one of the major requirements in communication level.
Data authentication, data integrity, data availability is some of the
important pillars to make sure that communication provide a secure
environment.

• Routing threats in health care systems: In a health monitoring architecture

which is a multi-hope environment from body sensor to remote cloud
storage, an attacker can modify or steal the information transmitted to
cloud storage. The different routing attack in a [39] multi hope network
are i) selective forwarding, this is happened when an attacker includes
routing packets. For example, if a sensor sends packets 1,2,3…and 9 to
the net hope. But the attacker captures and drop some packets and forward
only 4,5,6…and 10 to next hope, this may cause wrong decision in
diagnosis of patient heath condition. ii) Sybil attack: these types of attack
provide fake identity to neighboring node iii) Masquerade: in this case an
illegal node will act as a legal node this led to false alarm, a masquerade
node can easily attack by denial of service and can disrupt the application.
Figure 1.6 will explain security and privacy requirement in health care
s
y
s
t
e
m
.

Figure 1.6: security requirement

 20

There are several methods are in the market to perform a secure

communication, such method uses unique features to the patient body to generate
health data for communication. The increasing wearable devices and health
monitoring leads to a new segment called wearable Internet of Things is emerging in
recent years, this will lead to increase in sensing and communication capability.
Additionally, other issue like sensor node failure, removal of node, environment
interference, and power should carefully address while designing a health care
monitoring system.

1.7 Motivation of research

Research is conducted to find solution to security and privacy in e-health

data monitoring system; it is also aiming to find best method to solve problems and
also to share the knowledge to another researcher. The results to be benefits to
community, the development of smart health care monitoring systems and services is
driven by the development of the Internet of Things (IoT). Rapid development of IoT
leads to changes in the field of the health care system. As IoT domain grows, it is
essential to secure medical health data and to provide a safer environment to the
health care systems.

The factor that motivated to devise the proposed system are; (i) IoT network faces lot
of challenges in providing security and privacy like data security and user privacy. (ii)
Unsecured storage and transmission of heath related data, (iii) public access of update
mechanism leads to more unsecure environment. (iv) user interface application is
needed to address the privacy. To overcome these issues, the proposed system is
devised.

1.8 Research Objective

The objective of the proposed system is

Objective 1: To design a secured architecture for storing and transmitting medical

data without compromising security and privacy of patient.

Objective 2: Ensures the anonymity and traceability of both medical node and user.
 21

Objective 3: A light weight policy update mechanism is built.

Objective 4: To provide a user-friendly interface or application for easy access of

health record by authorized users (users may be doctors and attendee).

1.9 Contribution of Thesis

The contribution of the proposed system is narrated as follows; A secured

architecture is proposed to ensure security and privacy in storing and accessing the
medical data in medical health care systems. In order to provide the security and
privacy, an authentication unit (AU) is devised and deployed in the proposed system.
The AU accomplishes its task in three phases. In phase 1, the AU runs medical
electronic health record (MEHR) algorithm which generates and provides the global
secret key (GSK) to the medical nodes (MNs) and users during while they register
with the AU.

The intension of generating the GSK is to ensure privacy of patient data

and anonymity and node traceability of MN. When the MNs attain medical data from
patients and send the medical data to AU then AU compare the GSK of mobile nodes
which had already registered with AU and the GSK received from the mobile node to
determine that whether the MN is authorized node or anonymous node. If it is
identified as authorized node then AU receives data from MN for further process.
Otherwise, the MN is removed or blocked from the home network by AU.

In phase 2, when AU identifies a MN as authorized node in first phase

then AU collects the medical data from MN and applies the modified AES encryption
and decryption algorithm for securing data to be stored in the cloud storage. In phase
3, when the user (doctor or attendee) accesses the medical data of patient using
mobile application then it ensures that whether the user is authorized or anonymous
user. If it is identified as authorized user then employs decryption algorithm to
provide original medical data of patient.

The performance of the proposed system, computational over head is

evaluated by considering the metric amount of time taken to encrypt or decrypt the
medical data/cipher text. The proposed system is also compared with the existing
 22

systems and achieves better performance.

The limitation existing approach [39-41] are (i) IoT network faces lot of
challenges in providing security and privacy like data security and user privacy. (ii)
Unsecured storage and transmission of heath related data, (iii) public access of update
mechanism leads to more unsecure environment. (iv) user interface application is
needed to address the privacy. The research gap is addressed by introducing privacy
and security in 3 Phases, through a secure architecture for storing and forwarding
medical health data. In addition, a mobile application is also introduced to make the
system more secure and robust.

1.10 Organization of Thesis

The organization of the Thesis as follows

Chapter 2: Discusses on existing research works in the health care monitoring

system based on Internet of Things and the limitations of the existing
systems as well as the recent development in health monitoring system
that are available in the medical ecosystem.

Chapter 3: Describes the proposed security architecture and the components of the
architecture

Chapter 4: Provides the detailed analysis on security and evaluation of the

proposed system. Various challenges in the proposed system and
different analysis are described followed by comparison.

Chapter 5: Gives a detailed performance analysis of the proposed system as well

as the performance of the proposed system is compared with the
performance of the existing systems.

Chapter 6: Concludes the research work with the scope for future work in health
monitoring system.