Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of privacy loss and security issues. To secure the IoT devices, many research works have been conducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the user’s privacy and security requirements. The survey consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the security issues in different layers.

A Survey on Security and Privacy Issues in Internet-of-Things

Life expectancy in most countries has been increasing continually over the several few decades thanks to significant improvements in medicine, public health, as well as personal and environmental hygiene. However, increased life expectancy combined with falling birth rates are expected to engender a large aging demographic in the near future that would impose significant burdens on the socio-economic structure of these countries. Therefore, it is essential to develop cost-effective, easy-to-use systems for the sake of elderly healthcare and well-being. Remote health monitoring, based on non-invasive and wearable sensors, actuators and modern communication and information technologies offers an efficient and cost-effective solution that allows the elderly to continue to live in their comfortable home environment instead of expensive healthcare facilities. These systems will also allow healthcare personnel to monitor important physiological signs of their patients in real time, assess health conditions and provide feedback from distant facilities. In this paper, we have presented and compared several low-cost and non-invasive health and activity monitoring systems that were reported in recent years. A survey on textile-based sensors that can potentially be used in wearable systems is also presented. Finally, compatibility of several communication technologies as well as future perspectives and research challenges in remote monitoring systems will be discussed.

Wearable Sensors for Remote Health Monitoring.

Blockchain in healthcare applications: Research challenges and opportunities

Advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless body area network (WBAN) to become a promising networking paradigm. Over the last decade, as an important part of the Internet of Things, we have witnessed WBANs playing an increasing role in modern medical systems because of its capabilities to collect real-time biomedical data through intelligent medical sensors in or around the patients’ body and send the collected data to remote medical personnel for clinical diagnostics. WBANs not only bring us conveniences but also bring along the challenge of keeping data’s confidentiality and preserving patients’ privacy. In the past few years, several anonymous authentication (AA) schemes for WBANs were proposed to enhance security by protecting patients’ identities and by encrypting medical data. However, many of these schemes are not secure enough. First, we review the most recent AA scheme for WBANs and point out that it is not secure for medical applications by proposing an impersonation attack. After that, we propose a new AA scheme for WBANs and prove that it is provably secure. Our detailed analysis results demonstrate that our proposed AA scheme not only overcomes the security weaknesses in previous schemes but also has the same computation costs at a client side.

Anonymous Authentication for Wireless Body Area Networks With Provable Security

Healthcare applications are considered as promising fields for wireless sensor networks, where patients can be monitored using wireless medical sensor networks (WMSNs). Current WMSN healthcare research trends focus on patient reliable communication, patient mobility, and energy-efficient routing, as a few examples. However, deploying new technologies in healthcare applications without considering security makes patient privacy vulnerable. Moreover, the physiological data of an individual are highly sensitive. Therefore, security is a paramount requirement of healthcare applications, especially in the case of patient privacy, if the patient has an embarrassing disease. This paper discusses the security and privacy issues in healthcare application using WMSNs. We highlight some popular healthcare projects using wireless medical sensor networks, and discuss their security. Our aim is to instigate discussion on these critical issues since the success of healthcare application depends directly on patient security and privacy, for ethic as well as legal reasons. In addition, we discuss the issues with existing security mechanisms, and sketch out the important security requirements for such applications. In addition, the paper reviews existing schemes that have been recently proposed to provide security solutions in wireless healthcare scenarios. Finally, the paper ends up with a summary of open security research issues that need to be explored for future healthcare applications using WMSNs.

https://www.mdpi.com/1424-8220/12/1/55/pdf

Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey

The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures.

/pdf/security-and-privacy-issues-in-wireless-sensor-networks-for-e1xpys4ggu.pdf

Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications

Wireless body area network (WBAN) has been recognized as one of the promising wireless sensor technologies for improving healthcare service, thanks to its capability of seamlessly and continuously exchanging medical information in real time. However, the lack of a clear in-depth defense line in such a new networking paradigm would make its potential users worry about the leakage of their private information, especially to those unauthenticated or even malicious adversaries. In this paper, we present a pair of efficient and light-weight authentication protocols to enable remote WBAN users to anonymously enjoy healthcare service. In particular, our authentication protocols are rooted with a novel certificateless signature (CLS) scheme, which is computational, efficient, and provably secure against existential forgery on adaptively chosen message attack in the random oracle model. Also, our designs ensure that application or service providers have no privilege to disclose the real identities of users. Even the network manager, which serves as private key generator in the authentication protocols, is prevented from impersonating legitimate users. The performance of our designs is evaluated through both theoretic analysis and experimental simulations, and the comparative studies demonstrate that they outperform the existing schemes in terms of better trade-off between desirable security properties and computational overhead, nicely meeting the needs of WBANs.

Certificateless Remote Anonymous Authentication Schemes for WirelessBody Area Networks

Wireless body area network (WBAN) is one of the most promising wireless sensor technologies, significantly enhancing the quality of service of healthcare. But the potential users' worries about privacy leakage impede its wider application. To alleviate such worries, we present a remote anonymous authentication protocol to enable client terminals/application to securely access WBAN services. In particular, our protocol is rooted in a novel certificateless cryptosystem, which has negligible computational cost and a number of security properties that are especially desirable in WBANs. Our protocol ensures that even the application providers (APs) cannot recover the user's real identity given all the session information. Also, the network manager (NM), who plays the role of private key generator (PKG), can be prevented from impersonating any legitimate users. We theoretically validate that our protocol can achieve a better tradeoff than most of existing schemes in terms of essential security properties and computational overhead.

An efficient certificateless remote anonymous authentication scheme for wireless body area networks

Applications of sensor networks in healthcare have undergone major changes in recent times. Implanted wireless sensor devices inside the human body to monitor the activities are a reality now. A new field called the Wireless Body Area Networks (WBAN or BAN) has emerged as a hot research area. To fulfill the needs for a common standard and solve the issues in this emerging field, IEEE has proposed a new task group, the IEEE 802.15.6 TG6. To control the communications from implanted devices in both PHY and MAC point of view is still a major challenge. An efficient MAC protocol can help manage and control the communication. In this paper, we propose one such MAC protocol to control the communication in implant devices. Our method of using wakeup table for normal communication and radio based wakeup for emergency communication is found to be efficient in terms of energy consumption, and delay.

A power efficient MAC protocol for implant device communication in Wireless Body Area Networks

Network life time and hence device life time is one of the fundamental metrics in wireless body area networks (WBAN). To prolong it, especially those of implanted sensors, each node must conserve its energy as much as possible. While a variety of wake-up/sleep mechanisms have been proposed, the wake-up radio potentially serves as a vehicle to introduce vulnerabilities and attacks to WBAN, eventually resulting in its malfunctions. In this paper, we propose a novel secure wake-up scheme, in which a wake-up authentication code (WAC) is employed to ensure that a BAN Node (BN) is woken up by the correct BAN Network Controller (BNC) rather than unintended users or malicious attackers. The scheme is thus particularly implemented by a two-radio architecture. We show that our scheme provides higher security while consuming less energy than the existing schemes.

Jingwei Liu

Papers

Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications

Certificateless Remote Anonymous Authentication Schemes for WirelessBody Area Networks

An efficient certificateless remote anonymous authentication scheme for wireless body area networks

A power efficient MAC protocol for implant device communication in Wireless Body Area Networks

Secure Wake-Up Scheme for WBANs