Computer Methods and Programs in Biomedicine Update 2 (2022) 100071

Contents lists available at ScienceDirect

Computer Methods and Programs in Biomedicine Update

journal homepage:
www.sciencedirect.com/journal/computer-methods-and-programs-in-biomedicine-update

Security and privacy in the internet of things healthcare systems: Toward a

robust solution in real-life deployment
Ibrahim Sadek a,b ,∗, Josué Codjo a ,1 , Shafiq Ul Rehman c ,1 , Bessam Abdulrazak a
a
AMI-Lab, Computer Science Department, Faculty of Science, University of Sherbrooke, Sherbrooke, QC, Canada
b
Biomedical Engineering Department, Faculty of Engineering, Helwan University, Cairo, Egypt
c
Amity Institute of Information Technology, Amity University Rajasthan, Jaipur, India

ARTICLE INFO ABSTRACT

Keywords: The internet of things (IoT) technology can be nowadays used to track user activity in daily living and health-
Internet of things related quality of life. IoT healthcare sensors can play a great role in reducing health-related costs. It helps
Healthcare users to assess their health progression. Nonetheless, these IoT solutions add security challenges due to their
Security
direct access to numerous personal information and their close integration into user activities. As such, this
Data privacy
IoT technology is always a viable target for cybercriminals. More importantly, any adversarial attacks on an
Cybersecurity
Ambient assisted living
individual IoT node undermine the overall security of the concerned networks. In this study, we present the
privacy and security issues of IoT healthcare devices. Moreover, we address possible attack models needed
to verify the robustness of such devices. Finally, we present our deployed AMbient Intelligence (AMI) Lab
architecture, and we compare its performance to current IoT solutions.

1. Introduction healthcare professionals and caregivers to access a patient’s medical

The increasing amount of high-profile nationwide breaches insin-
uates that not only are the number of security breaches going up —
they are increasing in severity, as well. Cyberattacks and data breaches
are among the top five threats we are encountering in today’s world
following the 2019 ‘‘World Economic Forum global’’ risk report [1]. It
is the second year in a row that these threats have been added to the
list of risks. Recently, different healthcare organizations were severely
hit by a massive ransomware attack that disrupted and delayed services
in various departments and as a result, put patient safety in jeopardy.
Fig. 1 shows the annual number of data breaches and exposed records
in the United States from 2005 to 2019.
Healthcare organizations are making a great effort to grant patients
the same level of service and personalization anticipated in other
aspects of life. At the same time, they are under increased strain due
to the various emerging issues in the healthcare industry. Among these
issues of global concern that currently face the medical sector are; (a)
rising healthcare costs, (b) data security, (c) workforce shortage, (d) the
growing number of seniors, (e) new and reemerging infectious diseases,
and (f) rediscovery of life-related health issues [2,3]. Contact-free and
remote monitoring of seniors via IoT-based systems can enhance their
clinical outcome, while at the same time reducing costs, and optimiz-
ing healthcare personnel productivity [4]. The concept of IoT allows
history, vitals, lab results, medical and prescription histories either on-
site or remotely via tablets or smartphones. Additionally, patients can
be monitored and advised from anywhere [5]. IoT-based solutions aim
at recording patient health information from various sensors securely.
Eventually, advanced algorithms can be applied to analyze the data
and then circulate it over wireless connectivity with medical special-
ists who can make suitable health tips. Examples of off-the-shelf IoT
devices in the healthcare domain are implantable cardiac monitors
and infusion pumps that we can use to deliver a preplanned level of
fluids, medications, or nutrients into a patient’s circulatory system.
Millions of other Internet-connected devices are likewise available,
such as pacemakers, insulin pumps, and cochlear implants. Some of
these devices, for example, the pacemaker, can only send information
via a wireless connection, while others can send and receive data.
Wearable devices (viz, Fitbit, Apple watch, smart bracelets, smart rings)
can record vital signs information including heart rate, sleep stages, and
daily activities information (i.e., the number of steps taken, or calories
burned). The data at this point is synced with the wearable device for
further data analysis and to keep track of the monitored person [6].
The benefit of these devices is that they can monitor several vari-
ables from individuals in their own homes without disturbing their
daily activities. Besides, they can observe trends in physiological data

∗ Corresponding author at: AMI-Lab, Computer Science Department, Faculty of Science, University of Sherbrooke, Sherbrooke, QC, Canada.
E-mail addresses: ibrahim.sadek@usherbrooke.ca, ibrahim_ibrahim@h-eng.helwan.edu.eg (I. Sadek).
1
Authors contributed equally.

https://doi.org/10.1016/j.cmpbup.2022.100071
Received 23 September 2021; Received in revised form 17 July 2022; Accepted 25 September 2022
Available online 1 October 2022
2666-9900/© 2022 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-
nc-nd/4.0/).
I. Sadek et al.
Fig. 1. Annual number of data breaches and exposed records in the United States from 2005 to 2019.
Source: Identify Theft Resource Center.
© 2020 Statista.
over an extended time as well as automatically alert healthcare pro-
fessionals or caregivers in emergencies such as falls in the case of se-
niors [7]. IoT-based wearable systems can also benefit pharmaceutical
companies by reducing clinical trial tests through enhanced data col-
lection mechanisms [4]. According to the ‘‘World Population Prospects
2019’’, the global population is expected to reach 8.5 billion in 2030,
and to increase further to 9.7 billion in 2050 and 10.9 billion by
2100. More importunately, it is predicted that in 2050 the 1.5 billion
people aged 65 years or over worldwide will exceed younger people
aged 15 to 24 years, i.e., 1.3 billion. Furthermore, Healthcare costs are
projected to grow at an alarmingly high rate and people are concerned
about these skyrocketing costs. In 2016, the world consumes US$7.5
trillion on health or 10% of global domestic products (GDP). High-
income countries have the highest health share of GDP, i.e., 8.2%.
Low and middle-income countries have a lower health share of GDP,
i.e., 6.3% [8].
Technology becomes more ubiquitous in people’s lives due to the
introduction of IoT-based systems. A large amount of personnel data
(e.g., activities and health status) will be collected and analyzed. Cyber-
security is becoming important not just because of the growing number
of threats, vulnerabilities, and bad actors, but because technology is
becoming intuitively more sensitive, potentially impacting every area
of a person’s life.
The contribution of this study is twofold. First, we highlight the
security and privacy concerns associated with IoT-healthcare systems.
Second, we give an insight into how specific mechanisms or approaches
can be applied to prevent or mitigate such adversarial attempts. We
anticipate this to guide future research to use and implement con-
crete solutions for IoT in healthcare problems based on the proposed
approaches and mechanisms by security experts.
We have organized the rest of the paper as follows. First, IoT
benefits and existing IoT security techniques are addressed in Sec-
tion 2. Second, we introduced an IoT-based case study, i.e., AMbient
Intelligence (AMI) Lab architecture in Section 4. Third, we reviewed
the security requirements of existing IoT schemes in Section 5. Fourth,
we presented a performance analysis of current state-of-the-art IoT
solutions in Section 5. At last, we concluded the paper Section 5.
2. Related work
Following our discussion on healthcare-related challenges, we dis-
cuss the most common security concerns that could affect IoT health-
care systems (Section 2.1). Also, we explore existing IoT security tech-
nologies (Section 2.2).
2
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
2.1. Security concerns in IoT healthcare systems
According to the ‘‘ABI (Allied Business Intelligence, Inc) Research
report’’ [9], more than 10 billion wirelessly connected IoT devices
are currently available. Also, this number will overreach 30 billion
devices by 2026. The deployment of IoT devices will open doors to
a massive amount of applications that would genuinely enhance our
daily life. E-health applications are one of these applications that
are gaining more and more attention to [10]. Nonetheless, different
issues have been raised because of integrating IoT technology in the
healthcare domain. These issues include, but are not limited to, data
storage and data management, data transfer between devices, privacy,
and security, ubiquitous, and unified access [11]. Data breaches can
severally influence both individual users’ and companies’ reputations.
Moreover, intruders will be able to monitor users’ private lives actively
if they successfully compromised users’ IoT devices.
Though IoT keeps spreading at a high pace, the problem of security
is still there. Several applications, especially in the healthcare domain
are arising due to the IoT evolution. However, healthcare is linked to
personal data, i.e., privacy and relevant health information of a patient.
As a result, the security of such systems becomes a real concern.
IoT is powered by the Internet, which means that the flow of infor-
mation recorded by sensors is highly exposed. Therefore, dealing with
large-scale deployment, involves that IoT goes through secured com-
munications while another issue is the security of the database itself
where all information is kept leading to data profiling or data stealing.
IoT healthcare systems face numerous issues in terms of security. They
are mainly confidentiality, integrity, the privacy of data, authentication
between devices, tracks of the flow of information transfer, and the
persistence of information transfer [11].
In the case of environmental nodes which are sensors, actuators,
and gateways, data stealing, data privacy, and confidentiality prevail.
In this configuration, attackers steal the information they need through
the unsecured home network, then sell that information. Data profiling
is another common issue where the adversary intends to know who
the person is through data stealing and how he can hurt him. These
two issues are present in the overall healthcare-based IoT system. To
achieve their goal, attackers use various techniques to prevent IoT
systems from working properly. We can present these attacks into five
main categories [12,13] as depicted below:
1. Selective-Forwarding Attacks: With selective-forwarding at-
tacks [14] it is possible to launch Denial of Service (DoS) attacks
where malicious nodes selectively forward packets. The target of
this attack is to disrupt routing paths. For example, by using this
I. Sadek et al.
technique, attackers prevent systems to generate an alert when
a sensor detects that a person is in a critical situation (e.g., heart
attack).
2. Sinkhole Attacks: This type of attack implies that a malicious
node advertises an artificial beneficial routing path and attracts
nearby nodes to route traffic through it. This attack does not
necessarily disrupt the network operation; However, when cou-
pled with another attack (e.g., selective-forwarding attacks), it
becomes very powerful. Given this situation, all the information
is sent to attackers instead of legitimate healthcare organiza-
tions (i.e., responsible for storing and processing the recorded
data). Hence, attackers will be able to steal sensitive patient
information and eventually profile this patient through his in-
formation [14].
3. Jamming: It is a classified machine-to-machine attack that oc-
cupies the wireless spectrum blocking the communication across
IoT devices, as a result of a noise signal used for interference
with wireless communication [15].
4. Flooding: The attacker attempts to drain the target’s resources
(e.g., battery, processor, bandwidth, memory). As an example,
attackers establish numerous connection requests to deplete bat-
teries and occupy the bandwidth. The consequence of this tech-
nique is to disturb the continuous transmission and recording of
the information (e.g., sensor data) [15].
5. Phishing: It is most commonly used to steal a person’s informa-
tion and consequently, data gathered by environmental nodes
can be hacked. One way of this type of attack is asking for
information from users (e.g., Wi-Fi password) so the attackers
will be granted access to IoT resources.
These security concerns prevent IoT nodes to function correctly
and can be spread across IoT healthcare systems, which limits their
adoption on a large scale. Nevertheless, several solutions are under
investigation to address such concerns as depicted in the next section
(Section 2.2).
2.2. IoT security solutions
Privacy and security are considered major concerns in IoT architec-
tures. Hence, an extensive number of studies have been conducted to
find solutions for these concerns [6]. Following, we briefly describe
some of the existing solutions:
• Gupta et al. [16] proposed a lightweight authentication scheme
for wearable devices using simple cryptographic hash functions
to ensure secure communication over the network. Since these
devices operate on limited resources (e.g., limited memory and
computation capacity). Therefore, regular security and privacy
solutions are not well suited to run on wearable devices. The pro-
posed scheme uses XOR and hashes function to hide the identity
of the devices to provide anonymity and privacy preservation.
• Gope and Sikdar [17] proposed a lightweight two-factor authen-
tication scheme to preserve the privacy of IoT devices. Authors
have given more emphasis on device authentication considering
the open and public deployment of IoT devices, thus making
them vulnerable to physical and closing attacks. This scheme uses
certain one-way hash values and physically unclonable functions
(PUFs), which are made of Integrated Circuits (ICs) to generate
random physical variations into the micro-structure of IC, thus
making it unique.
• The Internet Protocol version 6 (IPv6) has been specifically de-
signed to connect a future generation of devices (i.e., IoT) over the
Internet. Since it provides a larger address space than the legacy
IPv4 Internet Protocol and many new features [18]. However, due
to its designed nature, it is vulnerable to DoS attacks during the
IP address configuration, which can disrupt the communication
3
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
between the two nodes in a network [19]. To address this issue,
Liu et al. [18] proposed a new model called Addressless IoT Server
to secure communication between the IoT client and IoT server.
Likewise, Rehman and Manickam have designed a lightweight
mechanism known as Secure-DAD to be deployed on IPv6-enabled
IoT devices during the time of the installation to ensure only
authenticated devices can communicate with each other. Thus,
can enable secure communication between the devices in an IoT
environment [20].
• Sharma et al. [21] proposed a privacy-preserving model for IoT
healthcare-based systems based on data-mining algorithms to
monitor healthcare information systems [22]. In this study, re-
searchers have used kHealth [22] which is an IoT-based health-
care information monitoring system to analyze various privacy
issues and challenges while collecting patient data. Later, the
authors recommended possible solutions to encounter such prob-
lems while developing practical privacy-preserving data analytics
for IoT-based healthcare systems.
• Wang et al. [23] proposed a data processing system to improve
network reliability and speed in sharing patient data over the IoT
architecture known as Reduced sensor Data Processing Frame-
work (REDPF). This system is based on fog computing, the authors
have used Reduced Variable Neighborhood Search (RVNS) algo-
rithm to enhance the reliability in data transmission and effective
load balancing. The introduced framework has a self-adaptive
filter to recollect missing or inaccurate data automatically. Thus,
making it a fault-tolerant system.
• Srinivas et al. [24] proposed a cloud-based user authentication
scheme for secure authentication of medical data in the IoT
healthcare monitoring system. This scheme creates a secret ses-
sion key to secure communications between the authorized user
and the wearable sensor node. The authors applied Real-Or-
Random (ROR) model to perform a security analysis of the de-
signed mechanism to test its resilience against some well-known
attacks.
• Raifa Akkaoui [25] proposed a decentralized authentication
scheme for IoT healthcare systems to minimize the impact of
distributed denial of services attacks (DDoS) on IoT environments
by leveraging blockchain decentralized features. The author has
tested the mechanism over the Ethereum platform for security and
privacy analysis. According to the researcher, the scheme ensures
confidentiality, integrity, anonymity, and privacy of IoT devices
and users.
After elaborating on the common IoT security and privacy concerns,
and some possible solutions, we discuss our proposed AMI architecture
as an attempt to address these concerns. (Section 4). Also, we provide
a critical analysis of our proposed architecture compared to existing
solutions.
3. Security benchmark for IoT architecture
The basic IoT architecture consists of three main layers i.e. Physical
aka Perception layer, Network layer, and Application layer. Unfor-
tunately, the existing IoT architecture does not come with security
features. Therefore, in this study, we define a security benchmark
for IoT architecture based on core information and network security
principles and what applies to real-life IoT deployment.
This benchmark comprises a set of standard security parameters
against which the security strength of various IoT systems can be
compared. These requirements will primarily specify the criteria of
IoT systems evaluation before deploying the solution in a real-world
environment. The resulted evaluation score will determine the security
strength of the proposed solution designed for IoT architecture. The
higher the score, the more secure the solution.
I. Sadek et al.
The work in this paper starts from the observation that by default
existing IoT architecture lacks security features. Therefore, our secu-
rity benchmark for IoT architecture first maps its basic three layers
i.e. Physical, Network, and Application as follows.
• Physical layer lies in IoT-end devices such as sensors, actuators,
smart wearable devices, etc. which act as a subscriber as well as
the publisher in an IoT environment.
• At the Network layer, routers are deployed as gateways to trans-
mit the processed data from IoT end-devices to cloud servers for
data storage and analytics purpose.
• Application layer provides various services to IoT users/IoT de-
vices including data processing and analytics, messaging, and
storage, and delivers other specific subscription-based application
services to IoT users.
We then instantiated the core security requirements [26] and added
some new requirements to the IoT architecture based on the three
defined layered [11,27]. Following the standard security principles,
our security recommendations cover confidentiality, integrity, access
control attributes, and other security attributes to make IoT systems
robust against possible attack vectors. Emphasizing such security char-
acteristics, we define the following security requirements.
• [R1] Authentication: IoT devices have to be recognized and
validated in advance of entering the network. Each entity must
have a unique key or a global unique identifier (UID).
• [R2] Confidentiality: It makes sure that information is protected
from unauthorized users. Moreover, sensitive information must
be stored securely and must not be exposed to unauthorized
identities.
• [R3] Integrity: Message integrity has to be maintained to ensure
the information transferred over the network has not been altered
or modified undetectably.
• [R4] Self-Healing: In a case, a node encounters a failure, might
be on a system-level or a service level, the system should be aware
of the environment and take proper action to restore the working
state with the same level of security or the least.
• [R5] Fault Tolerance: If a crash happens in the network follow-
ing an attack, the system should keep working. A failed compo-
nent should not refrain the overall system to continue working.
Some failures can be foreseen and avoided or ignored by letting
the system or the nodes provide the services they have been set
for.
• [R6] Resilience: In a case, there are several damaged points in
the IoT network, the system still prevents incoming attacks. Even
if the nodes face system failure or service failure, the security
implemented should not be impacted. The same level of security
before the failure should prevail.
• [R7] Data Freshness: In a system where monitoring takes place,
whenever a party wants to access the data it should be the latest
and updated information. Thus, data analysis would be more
accurate
• [R8] Trust: The concept of trust can have different meanings and
it is used in various domains. Though its importance is widely
recognized due to data privacy, trust is a complex concept that
is yet to be well described. Moreover, the satisfaction of trust
requirements is highly related to identity management and access
control issues. In general terms, users, i.e., patients need to be
assured that their private information or data will not be leaked
and then misused in an IoT network.
• [R9] Configure Firewalls to Restrict Access: Enable iptables,
minimize allowed IPs and ports to necessary services only, and do
not manually tamper iptables once configured (Network layer).
• [R10] Use TLS/SSL where Possible: All services and communi-
cations should be accessible over encrypted channels only (Net-
work and Application layer). Moreover, every application of-
fered by the cloud should offer services over TLS/SSL channels
(Perception layer).
4
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
• [R11] Do Not Use Default Self-Signed Certificates: All cer-
tificates should be signed by a certification authority (Physical,
Network, and Application layers).
• [R12] Evaluate Possible Attack Vector Scenarios and Miti-
gations: Mitigation systems should be placed in front of critical
assets. Rate-limiting from the application server should be con-
figured, IDS should be installed and configured to detect attacks,
and blacklisting systems for SSH connection should be enabled
(Network layer).
• [R13] Regular Software Check/Updates: Continuously
check/update the version of installed software including cloud
services (Physical, Network, and Application layers).
4. Case study: AMI architecture
We present in this section our proposed AMI architecture [28,29]
to address the existing discussed security concerns. This architecture
Fig. 2 is composed of the three main elements commonly found in an
IoT architecture, i.e., the End-user environment layer, Network layer,
and Cloud layer. The following describes the architecture in its entirety
before elaborating on each part separately.
4.1. IoT architecture
The physical architecture proposed by AMI-lab is composed of
sensors (e.g., sleep mat, door, smartwatch, scale, oxygen, contact,
and motion sensors), gateways, servers, and database operating in the
cloud layer and gateway servers Fig. 2. Its logical structure defines
the distribution and relationship across the different layers (i.e. from
environmental nodes to the cloud layer servers) and the involved
security. The proposed architecture implements the concept of mi-
croservices and as a result, the architecture is modular and easily
operated. Through the architecture’s scalability, improvement and in-
tegration of a set of services are possible. The gateway is in charge
of the communication with the devices in the end user’s environment.
A middleware component is used to efficiently handle the connected
devices through interoperability, subscription, and notification. This
middleware provides an interface to manage connected objects. An
access protocol management module based on the IEEE standard has
been used to manage the diverse communication protocols. Using the
802.15.x and short-distance transmission protocols (e.g., Zigbee, Z-
Wave), the gateway enables the communication with the connected
devices to carry a small amount of data over a short distance. Once data
is received at the gateway, it will be sent to the cloud over 802.11 IEEE
protocol through the Internet. The connectivity protocol module in
charge of sending the information from the gateway over the Internet is
created to be an extremely lightweight published/subscribed messaging
transport protocol. Within IoT systems, it is a serviceable protocol
for remote connections where a small code is needed to perform the
transmission and lighten the bandwidth.
To conclusively ensure security, several mechanisms have been
implemented:
• The data is being sent through a secured channel between the
environmental nodes and the cloud nodes. This secured chan-
nel, which requires authentication from both sides is actively
sustained for the connection.
• Though a secured channel has been provided, the security re-
mains a problem within a local area network (i.e., end user’s
environment). Accordingly, each gateway has been configured
with a firewall to restrict all other communications apart from
the gateway’s peer to subscribe to the published information
and every other communication is denied, limiting the risk of
intrusion.
I. Sadek et al.
Fig. 2. Physical architecture of the IoT components of AMI-lab.
• Moreover, another security concern encountered in the IoT is
data-stealing or data profiling through the identification of the
owner of the device. To avert this threat, anonymity is prefaced
using the address of the gateways instead of the personal identity
of the user.
• Furthermore, a middle server that is responsible for the forward-
ing limits the communication to a unique peer, between a unique
node (environment peer) in the end user’s environment and a
unique node in the cloud (server peer). No other communication
can be forwarded. Once the information reaches the node in
the cloud, the information is confirmed and then stored in the
database.
• The cloud servers have their own firewall rules, denying all,
but accepting communication from the authorized parties. In
this way, connections to the cloud servers are user restricted
and channel restricted. Every gathered information benefits from
persistence and security.
To visualize the final stored data, another secured channel for access
is required to be eligible to see the dashboard. Nonetheless, privacy
and confidentiality prevail even after reaching the dashboard. Thus, the
dashboard is also user restricted, a person is only authorized to view
the information he has the right to access, letting all other information
impossible to consult.
Technically, to consolidate the security, security agents (based on
scripts) are deployed on the environmental nodes and on the cloud
servers to sense and be aware of the environment. Once an intrusion has
been disclosed, e.g., someone logging into the environmental gateway,
the attacker is automatically logged out of the system. If it is a change
in the rule table that is not entered by the administrator, the firewall
table will be flushed and reconfigured to maintain the same level
of security before the intrusion. Every other aspect of the breach of
security leading to a defective or overloaded gateway/server is also
monitored to react in time and prevent a breach in the system.
4.1.1. End-user environment
This part is composed of the environmental nodes which are sensors,
actuators, and gateways. Sensors acquire environmental information
(e.g., user motion, door state, vital signs), then send them to the
gateway to be processed and stored in a specific data model. The
gateway is the only device exposed to the Internet and it uses a pub-
lished/subscribed protocol to publish the gathered information through
a secure tunnel. The gateway is embedded with a proper firewall table
5
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
that dismisses all but forwards the proper information to the proper
peer.
4.1.2. Network
In the network, two servers are acting for securing the commu-
nication channel over the Internet. Those servers are accountable for
creating the Secure Socket Layer (SSL) certificates for the peers in the
cloud and the gateways in the end-user’s environment. They are also
liable for ascertaining the tunnel from the end-user’s environment to
the cloud securing the communication between the entities. To enhance
security, various propositions have been taken:
• Compared to the UDP protocol, which is fast but lacks acknowl-
edgment, TCP which has been used in the architecture is slower
but reliable offering an error-correction technique and guaran-
teeing delivery. In this way, our information will always get to
the other side. VPNs are about the encryption of the control
channel and the encryption of the data channel and to ensure
good security both channels’ security should be strong.
• To prevent attacks such as man-in-the-middle attacks, data au-
thentication is used through SHA (Secure Hash Algorithm), cre-
ating a unique fingerprint of a valid TLS certificate that can be
validated by the VPN client. We used a recommended version of
SHA such as SHA-2 which is secured compared to SHA-1.
• Moreover, since normal HTTPS traffic uses TCP port 443, com-
bining this port with our VPN server, means it becomes difficult
to distinguish VPN connections from other connections used by
email providers, and online banking sites. It means the VPN
connection is hard to block.
• For securely encrypting a handshake, we prevail Elliptic Curve
Diffie–Hellman (ECDH) combined with ECDSA signature over
Diffie–Hellman, to provide perfect forward secrecy. Finally, we
provided an industry-wide standard symmetric key cipher which
is AES with a 256-bit key size. Coupled with the uniqueness of
each connection, our middle element gets a secure path from the
end-user’s environment to the cloud architecture.
4.1.3. Cloud architecture
This part consists of servers based on a redundant and scalable
architecture. In this configuration, we have a master that is the control
plane and five nodes supporting the cloud nodes and the database for
the final storage. A published/subscribed protocol is used to acquire
I. Sadek et al.
Table 1
Performance analysis of AMI architecture with current stat-of-the-art IoT solutions based on security features.
IoT solutions Authentication Confidentiality
[16] ✓ ✓
[17] ✓ ✓
[18] ✓ ✓
[20] ✓ ✓
[21] ✗ ✓
[23] ✗ ✗
[24] ✓ ✓
[25] ✓ ✓
AMI architecture ✓ ✓
the information sent by the gateway (in the end-user’s environment)
and the server peer stores the information in the database. An IT
component monitoring tool based on Zabbix is used to track the overall
architecture and give notifications whenever a problem occurs (in the
cloud servers and/or the environmental nodes). Further information
on how we address the AMI architecture verification can be found in
Supplementary Material.
5. Critical analysis
In this section, we present the performance analysis of current state-
of-the-art IoT solutions designed for the IoT environment. Some of these
solutions are specifically designed for IoT healthcare systems while
others are generic IoT schemes that are also applicable to the healthcare
domain.
As we strive to achieve reliability, therefore, the analysis of these
IoT solutions is evaluated based on the security characteristics men-
tioned in the subsection. Table 1 depicts the performance comparison
of our proposed solution i.e. AMI architecture with existing solutions
based on key security features, namely authentication, confidentiality,
self-healing, fault tolerance, resilience, data freshness, and trust.
Authentication ensures that only legitimate users/devices can par-
ticipate in the IoT-healthcare environment. This process can effectively
mitigate the security issues related to impersonation attacks, where an
adversary acts as a genuine host by masquerading the identity of a valid
host. AMI architecture and most of the existing IoT solutions [16–18,
20,24,25] provide this service.
Confidentiality is the process of protecting sensitive data from unau-
thorized access. It can prevent any attempts of message modification at-
tacks by maintaining the integrity of the information while transmitting
over the public networks. AMI architecture and security schemes that
offer this feature [16–18,20,21,24,25] can be employed to maintain
privacy in IoT-healthcare systems.
Trust management in terms of data privacy, identity management,
and access control are crucial in IoT-healthcare systems. Since the
data/information about patients/users are sensitive by nature. There-
fore, providing these services is essential in IoT-healthcare systems.
To do so, apart from our proposed solution, existing solutions that
can provide these services are [16–18,20,21,24,25]. This makes them
applicable to the IoT-healthcare domain.
Resilience is the property that ensures the system is available to
the users during any malicious incident. This feature can mitigate any
attempts of DoS attacks on IoT healthcare systems. AMI architecture
and those solutions that can provide this feature are [18,20,24,25].
Data freshness is the feature that ensures the information is recent
and no adversary has re-used it to gain access to a network. By provid-
ing this service, any attempt to reply to attacks and Man-in-the-middle
attacks can be prevented in an IoT healthcare system. AMI architecture
and other solutions that can offer this service are [18,20,23–25].
Fault tolerance capability enables the IoT networks to deliver unin-
terrupted services to the users during an event of a system failure or any
adversarial attacks such as DoS/DDoS attacks. Some of the IoT Schemes
that can provide this feature are AMI architecture [18,20,23,25]. Thus,
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
Self-healing Fault tolerance Resilience Data freshness Trust
✗ ✗ ✗ ✗ ✓
✗ ✗ ✗ ✗ ✓
✗ ✗ ✓ ✓ ✓
✗ ✗ ✓ ✓ ✓
✗ ✗ ✗ ✗ ✓
✓ ✓ ✗ ✗ ✗
✗ ✗ ✓ ✗ ✓
✗ ✓ ✓ ✓ ✓
✓ ✓ ✓ ✓ ✓
IoT-healthcare systems can employ such schemes to ensure continuous
services are available to their subscribed hosts.
Self-healing is the potentiality of an IoT network to restore the
system during an event of node or system failure, application errors,
etc. This feature is deployed at the gateway level to monitor the
activities of the entire IoT network to detect and restore any faulty node
in the system while providing uninterrupted services to the nodes. Due
to the scalability of IoT healthcare systems, this feature is mandatory
to ensure proper communication between the publisher and subscriber
node in an IoT network. From our analysis, we conclude that AMI
architecture [23] solution provides this service.
Referring to Table 1, it is clear that most of the proposed IoT
solutions regarding security concerns lack fault tolerance and self-
healing components. Emphasizing the definition of self-healing in this
precise context, which is the aptitude of a system to be aware of its
environment and act upon failure, implies that reliability is not just
about setting up a highly secured environment but goes beyond that
fact. Therefore, reliability comes from a highly secured and stable sys-
tem and from the aptitude of the system to recover from an unexpected
situation with the same level of security.
As a result, Gupta et al. [16] work which focuses on IoT systems
with authentication and confidentiality features does not have a recov-
ery plan regarding an unexpected failure in this feature to enable the
continuous reliability of the systems. Though most of the solutions [17,
30,31] are based on strong security features such as authentication,
confidentiality, trust, and resilience to render reliability at its peak,
there is still a lack in the next step to take when an unexpected situation
happens. However, our work is to bring together features built into the
solutions and add a possible recovery plan upon the unforeseen event.
By doing so, a system is not just reliable until a situation happens.
However, it keeps being reliable after a certain situation occurs.
From Table 1, we can deduce the importance of the self-healing
component in a reliable IoT architecture. For healthcare applications,
reliability is not an accessory, it is a must. Surely, applications in-
cluding elders’ monitoring require persistence of the incoming data
and a secured way to access them. In this case, a system that fails in
terms of security aspects is a system unable to keep track of the older
information and maintain the previous security level creating breaches
in the system.
The findings from this work demonstrate that no existing IoT
scheme can provide an end-to-end solution. Each IoT solution has its
advantages and certain limitations. Therefore, to provide a reliable IoT
system for the healthcare domain, an interoperable mechanism needs
to be deployed that can integrate these schemes to provide security
services for IoT systems at all three layers i.e. physical, network, and
application layers. However, that is very challenging as these schemes
are designed based on different protocols and algorithms thus making
them incompatible to work with each other. Therefore, interoperability
among IoT systems is an open issue that needs to be addressed shortly
to attain sustainability in the IoT ecosystem.
Considering the fact, that AMI architecture is designed to offer
an end-to-end solution by providing security services at the physical,
network, and application layers for IoT systems. According to our per-
formance analysis results, as depicted in Table 1, only AMI architecture
6
I. Sadek et al.
fulfilled most if not all the security parameters. This study intended
to investigate the reliability of existing IoT security solutions to be
employed in the Healthcare domain based on core security principles.
The diversity and openness of the IoT environment make it vulnerable
to various attack vectors. Therefore, to determine the robustness of the
existing IoT security mechanisms, we evaluated each of these schemes
based on their security characteristics. After we analyzed these IoT
schemes, it was found that most of these solutions were specifically fo-
cused to design the lightweight mechanism for resource-constrained IoT
wearable devices while addressing some security issues by providing
features like authentication, confidentiality, and trust in IoT systems.
Surely, implementing such schemes is essential and can provide
some mitigation against possible attacks. However, considering the
scalability and heterogeneous nature of the IoT ecosystem these so-
lutions with limited features may not be feasible enough to prevent
intruders from compromising the IoT network. Therefore, some re-
searchers have proposed other solutions with more advanced features
such as self-healing, resilience, fault-tolerance, and data freshness at
the network and application layers to ensure secure communication,
uninterrupted services, and sharing of the latest information between
the nodes in an IoT environment. Thus, can provide more resilience to
possible attack vectors.
In this article, we introduced AMI architecture aiming to pro-
vide end-to-end security services at all three layers of IoT healthcare
systems. We also discussed other security solutions designed for IoT
healthcare. We found that the existing schemes offer a partial solution,
each one of those schemes has its pros and cons. From our comparative
analysis, we conclude that our AMI architecture fulfilled the security
criteria. It offers robustness against the possible attack vectors and
hence makes it a reliable solution for IoT healthcare systems.
Although AMI architecture fulfilled raised security concerns, it is
worth mentioning that securing communication between gateways and
off-the-shelf sensors/nodes in the user environment is an open is-
sue. This communication depends on the type of used protocol in
wireless sensor networks. Additionally, commercial sensors/nodes use
proprietary protocols not accessible for further investigation.
In future work, we plan to add more resilience to our system so that
it can counter zero-day attacks.
Declaration of competing interest
The authors declare that they have no known competing finan-
cial interests or personal relationships that could have appeared to
influence the work reported in this paper.
Appendix A. Supplementary data
Supplementary material related to this article can be found online
at https://doi.org/10.1016/j.cmpbup.2022.100071.
References
[1] World Economic Forum, World economic forum: Global risks report
2019, Comput. Fraud Secur. 2019 (2) (2019) 4, http://dx.doi.org/10.1016/
S1361-3723(19)30016-8, URL: http://www.sciencedirect.com/science/article/
pii/S1361372319300168.
[2] C.D. Blendon, Robert J., Future health care challenges, Issues Sci. Technol. 4
(19) (2003) URL: https://issues.org/blendon/.
[3] I. Sadek, A. Demarasse, M. Mokhtari, Internet of things for sleep tracking:
wearables vs. nonwearables, Health Technol. (2019) http://dx.doi.org/10.1007/
s12553-019-00318-3.
[4] D. Minoli, K. Sohraby, B. Occhiogrosso, IoT security (IoTSec) mechanisms for
e-Health and ambient assisted living applications, in: 2017 IEEE/ACM Interna-
tional Conference on Connected Health: Applications, Systems and Engineering
Technologies, CHASE, 2017, pp. 13–18, http://dx.doi.org/10.1109/CHASE.2017.
53.
7
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
[5] D.V. Dimitrov, Medical internet of things and big data in healthcare, Healthc.
Inform. Res. 22 (3) (2016) 156–163, http://dx.doi.org/10.4258/hir.2016.22.3.
156.
[6] A. Chacko, T. Hayajneh, Security and privacy issues with IoT in healthcare, in:
EAI Endorsed Transactions on Pervasive Health and Technology, Vol. 4, (14)
EAI, 2018, http://dx.doi.org/10.4108/eai.13-7-2018.155079.
[7] I. Korhonen, J. Parkka, M. Van Gils, Health monitoring in the home of the
future, IEEE Eng. Med. Biol. Mag. 22 (3) (2003) 66–73, http://dx.doi.org/10.
1109/MEMB.2003.1213628.
[8] World Health Organization, Public Spending on Health: a Closer Look at Global
Trends, Technical documents, World Health Organization, 2018, p. 56.
[9] A. Castillo O’Sullivan, A.D. Thierer, Projecting the growth and economic impact
of the internet of things, SSRN Electr. J. (2015) 10, http://dx.doi.org/10.2139/
ssrn.2618794.
[10] I. Romdhani, Chapter 9 - confidentiality and security for IoT based healthcare, in:
S. Li, L.D. Xu (Eds.), Securing the Internet of Things, Syngress, Boston, 2017, pp.
133–139, http://dx.doi.org/10.1016/B978-0-12-804458-2.00009-3, URL: http:
//www.sciencedirect.com/science/article/pii/B9780128044582000093.
[11] L.M. Dang, M.J. Piran, D. Han, K. Min, H. Moon, A survey on internet of things
and cloud computing for healthcare, Electronics 8 (7) (2019) 768, http://dx.doi.
org/10.3390/electronics8070768, URL: https://www.mdpi.com/2079-9292/8/7/
768.
[12] S. Raza, L. Wallgren, T. Voigt, SVELTE: Real-time intrusion detection in the
internet of things, Ad Hoc Netw. 11 (8) (2013) 2661–2674, http://dx.doi.org/10.
1016/j.adhoc.2013.04.014, URL: http://www.sciencedirect.com/science/article/
pii/S1570870513001005.
[13] L. Wallgren, S. Raza, T. Voigt, Routing attacks and countermeasures in the
RPL-based internet of things, Int. J. Distrib. Sens. Netw. 9 (8) (2013) 794326,
http://dx.doi.org/10.1155/2013/794326.
[14] C. Karlof, D. Wagner, Secure routing in wireless sensor networks: attacks and
countermeasures, in: Proceedings of the First IEEE International Workshop on
Sensor Network Protocols and Applications, 2003, 2003, pp. 113–127, http:
//dx.doi.org/10.1109/SNPA.2003.1203362.
[15] J.X. Zhang, K. Hoshino, Chapter 8 - implantable and wearable sensors, in:
J.X. Zhang, K. Hoshino (Eds.), Molecular Sensors and Nanodevices (Second
Edition), second ed., in: Micro and Nano Technologies, Academic Press, 2019, pp.
489–545, http://dx.doi.org/10.1016/B978-0-12-814862-4.00008-9, URL: http:
//www.sciencedirect.com/science/article/pii/B9780128148624000089.
[16] A. Gupta, M. Tripathi, T.J. Shaikh, A. Sharma, A lightweight anonymous user
authentication and key establishment scheme for wearable devices, Comput.
Netw. 149 (2019) 29–42, http://dx.doi.org/10.1016/j.comnet.2018.11.021, URL:
https://www.sciencedirect.com/science/article/pii/S1389128618304389.
[17] P. Gope, B. Sikdar, Lightweight and privacy-preserving two-factor authentication
scheme for IoT devices, IEEE Internet Things J. 6 (1) (2019) 580–589, http:
//dx.doi.org/10.1109/JIOT.2018.2846299.
[18] R. Liu, Z. Weng, S. Hao, D. Chang, C. Bao, X. Li, Addressless: enhancing IoT
server security using IPv6, IEEE Access 8 (2020) 90294–90315.
[19] S.U. Rehman, S. Manickam, Denial of service attack in IPv6 duplicate address
detection process, Int. J. Adv. Comput. Sci. Appl. 7 (2016) 232–238, http:
//dx.doi.org/10.14569/IJACSA.2016.070630.
[20] S.U. Rehman, S. Manickam, Improved mechanism to prevent denial of service
attack in IPv6 duplicate address detection process, Int. J. Adv. Comput. Sci. Appl.
8 (2) (2017) 63–70, http://dx.doi.org/10.14569/IJACSA.2017.080209.
[21] S. Sharma, K. Chen, A. Sheth, Toward practical privacy-preserving analytics for
IoT and cloud-based healthcare systems, IEEE Internet Comput. 22 (2) (2018)
42–51, http://dx.doi.org/10.1109/MIC.2018.112102519.
[22] P. Anantharam, T. Banerjee, A. Sheth, K. Thirunarayan, S. Marupudi, V. Srid-
haran, S.G. Forbis, Knowledge-driven personalized contextual mhealth service
for asthma management in children, in: 2015 IEEE International Conference on
Mobile Services, 2015, pp. 284–291, http://dx.doi.org/10.1109/MobServ.2015.
48.
[23] K. Wang, Y. Shao, L. Xie, J. Wu, S. Guo, Adaptive and fault-tolerant data
processing in healthcare IoT based on fog computing, IEEE Trans. Netw. Sci.
Eng. 7 (1) (2020) 263–273, http://dx.doi.org/10.1109/TNSE.2018.2859307.
[24] J. Srinivas, A.K. Das, N. Kumar, J.J.P.C. Rodrigues, Cloud centric authen-
tication for wearable healthcare monitoring system, IEEE Trans. Dependable
Secure Comput. 17 (5) (2020) 942–956, http://dx.doi.org/10.1109/TDSC.2018.
2828306.
[25] R. Akkaoui, Blockchain for the management of internet of things devices in the
medical industry, IEEE Trans. Eng. Manage. (2021).
[26] C. Easttom, Computer Security Fundamentals, in: Pearson IT Cybersecurity
Curriculum (ITCC), Pearson Education, 2019, URL: https://books.google.com.eg/
books?id=erauDwAAQBAJ.
[27] T.A. Ahanger, A. Aljumah, Internet of things: A comprehensive study of security
issues and defense mechanisms, IEEE Access 7 (2019) 11020–11028, http://dx.
doi.org/10.1109/ACCESS.2018.2876939.
I. Sadek et al.
[28] I. Sadek, S.U. Rehman, J. Codjo, B. Abdulrazak, Privacy and security of IoT based
healthcare systems: Concerns, solutions, and recommendations, in: J. Pagán, M.
Mokhtari, H. Aloulou, B. Abdulrazak, M.F. Cabrera (Eds.), How AI Impacts Urban
Living and Public Health, Springer International Publishing, Cham, 2019, pp.
3–17.
[29] B. Abdulrazak, S. Paul, S. Maraoui, A. Rezaei, T. Xiao, IoT architecture with plug
and play for fast deployment and system reliability: AMI platform, in: H. Aloulou,
B. Abdulrazak, A. de Marassé-Enouf, M. Mokhtari (Eds.), Participative Urban
Health and Healthy Aging in the Age of AI, Springer International Publishing,
Cham, 2022, pp. 43–57.
Computer Methods and Programs in Biomedicine Update 2 (2022) 100071
[30] A. Esfahani, G. Mantas, R. Matischek, F.B. Saghezchi, J. Rodriguez, A. Bicaku,
S. Maksuti, M.G. Tauber, C. Schmittner, J. Bastos, A lightweight authentication
mechanism for M2M communications in industrial IoT environment, IEEE In-
ternet Things J. 6 (1) (2019) 288–296, http://dx.doi.org/10.1109/JIOT.2017.
2737630.
[31] M. Saravanan, R. Shubha, A.M. Marks, V. Iyer, SMEAD: A secured mobile enabled
assisting device for diabetics monitoring, in: 2017 IEEE International Conference
on Advanced Networks and Telecommunications Systems, ANTS, 2017, pp. 1–6,
http://dx.doi.org/10.1109/ANTS.2017.8384099.