eHealth Systems, M2M Communication & Security

With Berg Insight analysts forecasting that the global market for home monitoring devices integrated with cellular connectivity will grow at a compound annual growth rate (CAGR) of 45.4 per cent in the next five years to reach 19.2 million in 2020 (Bergl Insight, 2015). This has major impacts on security of data gathered as well as security of the networks used to transmit this data. This also impacts on how those networks will be used or integrated into a national eHealth monitoring system. There are several domains that are being explored for the use of M2M to enable the IoT. The domains according to Minoli are:

• Public services and smart cities
• Automotive, fleet management, asset tracking
• Commercial markets * Embedded networking systems in the smart home and smart office

The embedded networking systems can be further broken down to being:

• Smart appliances
• Automated home
• Smart meters,
• eHealth – assisted Living and in home health services (including remote monitoring and remote diagnostics)
• Security and emergency services

(Minoli, 2013)

The research will be focusing on the eHealth segment of embedded networking systems, with a particular look at the Cyber-Physical Systems and the various novel data security measures proposed through various articles in literature to date. Sebestyen, Hangan, Oniga, and Zoltán Gál maintain that the eHealth domain “should set some requirements regarding data acquisition, access control, security and safety.” (Sebestyen, Hangan, Ongia, & Gál, 2014) especially as examples in this domain often purport the connection of devices to remotely monitor the elderly living at home for supervision and lifestyle enablement. This does not need to be an automated ubiquitous system, however that may be a point of contention between patient and medical staff.

In the paper “The Internet of Things for Health Care: A Comprehensive Survey” the authors propose that there are three main issues in delivery of eHealth networks. These are:

1. The network topology as it refers to the different elements in eHealth and the various case study scenarios that it has been applied to already;
2. The architecture of applications in regards to their physical elements, the functionality and working principles plus techniques;
3. The platform, referring to both the network model and computing platform.

(Riazul Islam, Kwak, Houssain, Kwak, & Kabir, 2015)

This bears investigation in light of the rise of Cyber-Physical Systems (CPS) being introduced into eHealth services and the ubiquitous solutions proposed by some providers of eHealth services for the care of patients and in home monitoring. Celentano and Röning state that “dependable services need to be implemented in a resource efficient and safe way … Security is a must when dealing with personal information.” (Celentano & Röning, 2015). They expound that it may not just be the health providers that would require access to the information collected. The information may be used in forensic investigations, the smart insurance industry as well as governments to determine population well-being etc.

Riazul Islam, Kwak, Kabir Houssain and Kwak provide a conceptual model of ubiquitous healthcare solution in their paper and this is shown below in Figure 1.This is a high level view of the elements required in this model. This model describes a heterogeneous computing environment where data is collected on such items as blood pressure, body temperature, electrocardiograms and even oxygen saturation via sensors and vital signs. This collected data can end up being an enormous amount to store. This model is based on Grid computing and transforms the static and mobile devices such as laptops, tablets and smartphones, into a hybrid of type.

Figure 1: A conceptual diagram of IoT-based ubiquitous healthcare solution (Riazul Islam, Kwak, Houssain, Kwak, & Kabir, 2015)

Cyber-Physical System(CPS) is defined as where the virtual world intersects with the physical world. It is a System that integrates physical devices, such as sensors, with cyber components so that have an inbuilt analytical system which is able to respond intelligently to dynamic changes. Research into the CPS area was determined to be a key area in 2008 by the US National Science Foundation as well as being listed as a number one research priority by the US President’s Council of Advisors on Science and Technology (Wang, Adid, Lee, Shu, & Xia, 2011) Until now, CPS research and development has predominately been in the Smart Grid, automotive and traffic management domains in the IoT. Now this research is moving into the realm of eHealth due to advances made in the last five years in wireless sensor networks (WSNs), medical sensors and cloud computing. This makes CPS one of the major candidates for healthcare application solutions specifically in in-hospital and in-home patient care according to Milenkovic, Otto, and Jovanov. (Milenkovic, Otto, & Jovanov, 2006).

The advantages of having a CPS are: that there is network integration as the networking architecture would comply with standards already in place; it would provide interaction between humans and the system to provide better decision making; having a valid and trustworthy system as it behaves in a known way in existing environments and is able to work in new and unreliable environments as well; system performance is better as the sensors are able to provide better feedback and end-user maintenance; it is scalable to large amount of users due to access to cloud computing infrastructure; It could provide autonomy due to the sensor-cloud integration; it would be flexible; and provide better response times. (Haque, Aziz, & Rhaman, 2014) Sawand, Djahel, Zhang and Naït-Abesselam, proposed a CPS framework for eHealth monitoring that encompassed four major components. These components were: * Situational awareness sensors * Communication networks * Medical Data processing servers and * Clinical Terminals. They also asserted that “the quality of eHealth care service relies on the seamless integration of the above essential components” (Ajmal, Djahel, Zhang, & Naït-Abdesselam, 2014). “energy efficiency and patient privacy are always among the top concerns of eHealth care services”. (Ajmal, Djahel, Zhang, & Naït-Abdesselam, 2014) is also of importance in the development of eHealth CPS. Figure 2 is a diagram of the proposed CPS Architecture for eHealth Monitoring proposed in their paper.

Figure 2: CPS Architecture for eHealth Monitoring

Security and privacy have also been highlighted in the existing literature, although Ajmal, Djahel, Zhang, and Naït-Abesselam have gone deeper and identified that security and privacy requirements for this technology space “must be taken into account from scratch of data collection, avoiding any post-processing with the purpose of enhancing security or privacy.” (Ajmal, Djahel, Zhang, & Naït-Abdesselam, 2014) This paper details some novel ways of protecting eHealth data by the use of Biometric cryptography in WBAN interconnection, as well as advance signal and image processing “to achieve privacy-aware cloud-assisted healthcare monitoring system. … significantly benefit … improving secure and efficient eHealth monitoring system.” (Ajmal, Djahel, Zhang, & Naït-Abdesselam, 2014)

Chen and Chang highlighted that “security and privacy issues must be addressed before CPS can be widely deployed” in diverse areas including assisted living and health care. (Chen & Chang, 2012). Chen and Chang also purported that existing policies dealing with traditional application would be inadequate for CPS applications in all domains. They have provided their own architecture for a secure CPS that can be used across domains.

There are numerous threats to eHealth systems whether they be a CPS system or a Grid Hybrid system. These threats are similar to those already experienced on the internet in terms of physical security, social engineering as well as software attacks and direct access to the data. Habib and Leister have provided a comprehensive set of tables outlining not only threats; the identification of key assets and vulnerabilities, in the IoT paradigm. Other threats identified were data impairment; dropped data; counterfeit data; data collision and compromised data routing. Vulnerabilities revolve around usability of the application; unprotected environment as well as insufficient awareness by both patient and staff. Habib and Leister also agree with Chen and Change in regards to existing policies and security mechanism not being up to the task of eHealth in IoT. (Habib & Leister, 2015)

To this end adaptive security technology is being developed for the IoT and eHealth applications. One of the major thoughts in this area of research is that of context aware security. One of the major trade-offs is that devices in eHealth have limited computing power, and limited energy resources. Hamdi and Abie propose a system using Markov game theory to balance the “trade-off between improving the mitigation capabilities of the BAN and extending the lifetime of the smart things.” (Hamdi & Abie, 2014) The usefulness of this approach for sensors in Body Area Networks where security effectiveness should be prioritised at a granular level.

For a completely secure system in eHealth we believe the use-cases as described in the ETSI Technical Report, require a multilayer approach to ensure patient and data security and confidentiality. (ETSI, 2013). No one approach has the golden bullet for securing eHealth applications however this is not to say that implementing a cross-section of approaches would not be out of reach.