Advertisement

New Engineering Method for the Risk Assessment: Case Study Signal Jamming of the M-Health Networks

  • Kamel Karoui
  • Fakher Ben Ftima
Article
  • 12 Downloads

Abstract

The security of the Internet of Things networks is a crucial issue in the service offering of the mobile health (m-health). Any unavailability of a service can affect dangerously the health of patients. Thus, the security management of such networks is a delicate and complex task. It is due to the diversity of threats and the large number of assets to be protected. The criticality of attacks is due to their complexity and their repercussion on patients’ health. If we don’t anticipate protection, the network attacks become difficult to manage. So, ensuring a complete security of m-health systems is a difficult task. We need to give priority to certain important and vulnerable assets. Thus, it is helpful to assess the risks related to different threats for each asset. Depending on the risk level, we can decide which of the assets need a particular treatment. In this work, we propose a novel framework to facilitate the risk analysis. We adopt a methodology based on four steps: the assessment, the classification, the archiving, and the exchanging of risk parameters. First of all we have extended an already existent risk model to handle the m-health specificities. Then, for the risk assessment and classification we have introduced two new reversible metrics associated with the likelihood and the impacts of threats. For the archiving and the exchanging of the risk information, we have encoded the compound threat’s category that we call Onion Attacks. Finally, we have discussed the effectiveness of our approach by applying it to a particular Onion Attack. The quality of our results has been tested and confirmed by comparing them to those of the Weighted Average method.

Keywords

Risk analysis Mobile health Health and safety Communication system security Security management Bit Alternation reversible metrics Onion attacks 

Notes

Acknowledgements

We thank Dr. Olfa Karoui from the National Health Insurance Fund, and Dr. Hafedh Alioua from the National Social Security Fund, for their help. As practitioners, they have helped us understand the relationship between the mobility of a patient and its Impact on its health. We would like to thank the engineering students Akrem Riahi and Mourad Zaouche, from INSAT University, who have participated in the implementation of the “Bit Alternation” and the “Weighted Average” methods. This implementation has facilitated the comparison of the Risk results.

References

  1. 1.
    Pang Z (2013) Technologies architectures of the Internet-of-Things (IoT) for health well-being, M.S. thesis, Dept. Electron. Comput. Syst., KTH-Roy. Inst. Technol., StockholmGoogle Scholar
  2. 2.
    Wang M, Zhong RY, Dai Q et al (2016) A MPN-based scheduling model for IoT-enabled hybrid flow shop manufacturing. Adv Eng Inform 30(4):728–736CrossRefGoogle Scholar
  3. 3.
    Chang C-Y, Tsai M-D (2013) Knowledge-based navigation system for building health diagnosis. Adv Eng Inform 27(2):246–260CrossRefGoogle Scholar
  4. 4.
    Istepanian RSH, Jovanov E, Zhang YT (2004) Guest editorial introduction to the special section on m-health: Beyond seamless mobility for global wireless healthcare connectivity. IEEE Trans Inf Technol Biomed 8(4):405–412CrossRefGoogle Scholar
  5. 5.
    Moneo Gregorio D (2013) Mobile devices in applications for healthcare: systemstechnology Senior Design Research Project, Warsaw University of Technology, Faculty of Electronics Information Technology, Institute of Electronic SystemsGoogle Scholar
  6. 6.
    ISO (2014) Available: http://www.iso.org/iso/catalogue_detail?csnumber=43170, accessed 9 December 2014
  7. 7.
    OWASP (2014) The OWASP Risk Rating Methodology, Available: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, accessed 9 December 2014
  8. 8.
  9. 9.
    European Network Information Security Agency (ENISA) (2013) ENISA Threat Landscape- Midyear 2013. Available: http://www.enisa.europa.eu/activities/Risk-management/evolving-threat-environment/enisa-threat-landscape-mid-year-2013/at_download/fullReport, accessed 9 December 2014
  10. 10.
    Chen Xin Wang Xiao-Han Huang He, Research on multi-attribute information security Risk assessment method based on threat analysis, Computer Engineering Design journal, vol. 1, p. 012,2009Google Scholar
  11. 11.
    Hallikas J, Veli-Matti V, Tuominen M (2002) Risk analysis assessment in network environments: a dyadic case study. Int J Prod Econ 78(1):45–55CrossRefGoogle Scholar
  12. 12.
    Blanchard DC, Griebel G, Pobbe R, Blanchard RJ (2011) Risk assessment as an evolved threat detection analysis process. Neuroscience & Bio Behavioral Reviews Journal 35(4):991–998CrossRefGoogle Scholar
  13. 13.
    Nist KD (2014) Risk Management Framework Overview: NIST, FISMARMF Overview, Available: http://csrc.nist.gov/groups/SMA/fisma/documents/rmf_overview_6-9-14.pdf, Accessed 9 Dec 2014
  14. 14.
    Terje A (2008) A semi-quantitative approach to Risk analysis, as an alternative to QRAs. Journal Reliability Engineering & System Safety 93(6):790–797CrossRefGoogle Scholar
  15. 15.
    Krämer M, Aspinall D, Wolters M (2016) POSTER: Weighing in eHealth Security. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, p. 1832–1834Google Scholar
  16. 16.
    Wang Y, Attebury G, Ramamurthy B (2006) A survey of security issues in wireless sensor networks. IEEE Commun Surveys Tuts 8(2):2–23CrossRefGoogle Scholar
  17. 17.
    Wood D, Stankovic JA, Zhou G (2007) DEEJAM: Defeating Energy-Efficient Jamming in IEEE 802.15.4-based Wireless Networks in The 4th Annual IEEE Communications Society Conference on Sensor, Mesh Ad Hoc Communications Networks (SECON), San Diego, CA, pp. 60–69Google Scholar
  18. 18.
    Xu W, Trappe W, Zhang Y (2007) Channel surfing: defending wireless sensor networks from interference. In: Proc. 6th international conference on Information processing in sensor networks, New York, pp. 499–508Google Scholar
  19. 19.
    Cagalj M, Capkun S, Hubaux J-P (2006) Wormhole-Based Anti-Jamming Techniques in Sensor Networks, IEEE Trans. Mobile ComputingGoogle Scholar
  20. 20.
    Bhuiyan MZA, Wang G, Wu J et al (2017) Dependable structural health monitoring using wireless sensor networks. IEEE Transactions on Dependable and Secure Computing 14(4):363–376CrossRefGoogle Scholar
  21. 21.
    Shi E, Perrig A (December 2004) Designing secure sensor networks. Wireless Communication Magazine 11(6):38–43CrossRefGoogle Scholar
  22. 22.
    Cai Z, Yan H, Li P et al (2017) Towards secure and flexible EHR sharing in mobile health cloud under static assumptions. Clust Comput 20(3):2415–2422CrossRefGoogle Scholar
  23. 23.
    Zhang M, Raghunathan A, Jha NK (2013) MedMon: Securing medical devices through wireless monitoring anomaly detection. Biomedical CircuitsSystems, IEEE Transactions 7(6):871–881CrossRefGoogle Scholar
  24. 24.
    Hu C (2013) OPFKA: Secure efficient ordered physiological-feature-based key agreement for wireless body area networks. INFOCOM, 2013 Proceedings IEEE. IEEEGoogle Scholar
  25. 25.
    Rostami M (2013) Balancing security utility in medical devices?. Proceedings of the 50th Annual Design Automation Conference. ACMGoogle Scholar
  26. 26.
    Harries P (2014) The Prognosis for Healthcare Payers Providers: Rising Cyber security Risks Costs, Pricewaterhouse Coopers, December 17, http://usblogs.pwc.com/cybersecurity/the-prognosis-for-healthcare-payers-andproviders-rising-cybersecurity-Risks-and-costs
  27. 27.
    Sen J (2009) A survey on wireless sensor network security. arXiv preprint arXiv:1011.1529, 2010. International Journal of Communication Networks and Information Security (IJCNIS) 1(2):55–78 Google Scholar
  28. 28.
    Wood AD, Stankovic JA (2002) Denial of service in sensor networks. IEEE Computer 35(10):54–62CrossRefGoogle Scholar
  29. 29.
    Arora S, Yttri J, Nilsen W (2014) Privacy and security in mobile health (mHealth) research. Alcohol Research: Current Reviews 36(1):143Google Scholar
  30. 30.
    Xu W, Trappe W, Zhang Y, Wood T (2005) The Feasibility of Launching Detecting Jamming Attacks in Wireless Networks, Proceedings of MobihocGoogle Scholar
  31. 31.
    OAhmad Y, Elaiza AK, Saadiah YA (2012) Novel Framework for Jamming Detection Classification in Wireless Networks 2012 8th International Conference on Computing Networking Technology (ICCNT 2012), GyeongjuGoogle Scholar
  32. 32.
    Upma G, Gayatri B, Sandeep M (2013) A Dual Mechanism for defeating DDoS Attacks in Cloud Computing Model. International Journal of Application or Innovation in Engineering & Management (IJAIEM) 2(3):34–39Google Scholar
  33. 33.
    Ullah S, Henry H, Bart B, Benoit L, Chris B, Ingrid M (2012) A Comprehensive Survey of Wireless Body Area Networks On PHY, MAC. Network Layers Solutions Journal of Medical Systems 36(3):1065–1094Google Scholar
  34. 34.
    Van Deursen N, Buchanan WJ, Duff A (2013) Monitoring information security risks within health care. Computers & Security 37:31–45CrossRefGoogle Scholar
  35. 35.
    Handler DT, Hauge L, Spognardi A et al (2017) Security and Privacy Issues in Healthcare Monitoring Systems: A Case Study. BIOSTEC 2017:383Google Scholar
  36. 36.
    CMS (2009) CMS information security Risk assessment methodology. Cent Medimed Medicaid Serv 1(1):1–20Google Scholar
  37. 37.
    Samy GN, Ahmad R, Ismail Z (2012) Adopting Adapting Medical Approach in Risk Management Process for Analysing Information Security Risk. INTECH Open Access PublisherGoogle Scholar
  38. 38.
    Healey J, Pollard N, Woods B (2015) The Healthcare Internet of Things: Rewards Risks. Atlantic Council, March 18, 2015. http://www.mcafee.com/kr/resources/reports/rp-healthcare-iot-rewards-Risks.pdf. Accessed December 10, 2015
  39. 39.
    Abie H, Balasingham I (2012). Risk-based adaptive security for smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks (pp. 269–275). ICST (Institute for Computer Sciences, Social-Informatics Telecommunications Engineering)Google Scholar
  40. 40.
    Savola RM, Abie H (2013) Metrics-driven security objective decomposition for an e-health application with adaptive security management. Proceedings of the International Workshop on Adaptive Security. ACMGoogle Scholar
  41. 41.
    Aman W, Snekkenes E (2013) An empirical research on infosec Risk management in iot based ehealth. Third International Conference on Mobile Services, Resources, Users. MobilityGoogle Scholar
  42. 42.
    Savola RM (2015) Risk-driven security metrics development for an e-health IoT application. Information Security for South Africa (ISSA), IEEEGoogle Scholar
  43. 43.
    Fu K (2009) Inside Risks: Reducing Risks of implantable medical devices. Commun ACM 52(6):25–27CrossRefGoogle Scholar
  44. 44.
    Kuck DJ (1977) A survey of parallel machine organization programming. ACM Computing Surveys (CSUR) Journal 9(1):29–59MathSciNetCrossRefMATHGoogle Scholar
  45. 45.
    Yang Y, Yao SZ (2009) Risk assessment method of information security based on threat analysis. Computer Engineering Applications 45(3):94–96Google Scholar
  46. 46.
    Suhartana MP, Bens Soewito B (2014) Modeling of Risk Factors in Determining Network Security Level. International Journal of Security Its Applications 8(3):193–208.  https://doi.org/10.14257/ijsia.2014 CrossRefGoogle Scholar
  47. 47.
    T. Zia A. Zomaya (2006) Security issues in wireless sensor networks. In: Proc. IEEE Int. Conf. Syst. Netw. Commun, p. 40Google Scholar
  48. 48.
    Fan L, Lei X, Yang N et al (2016) Secure multiple amplify-and-forward relaying with cochannel interference. IEEE Journal of Selected Topics in Signal Processing 10(8):1494–1505CrossRefGoogle Scholar
  49. 49.
    Shen H, Gao C, He D et al (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834CrossRefGoogle Scholar
  50. 50.
    Fan L, Lei X, Yang N et al (2017) Secrecy cooperative networks with outdated relay selection over correlated fading channels. IEEE Trans Veh Technol 66(8):7599–7603CrossRefGoogle Scholar
  51. 51.
    Lai X, Zou W, Xie D et al (2017) DF Relaying Networks With Randomly Distributed Interferers. IEEE Access 5:18909–18917CrossRefGoogle Scholar
  52. 52.
    Yang L, Han Z, Huang Z, et al (2018) A remotely keyed file encryption scheme under mobile cloud computing. J Netw Comput Appl 106:90-99.  https://doi.org/10.1016/j.jnca.2017.12.017
  53. 53.
    Castiglione A, De Santis A, Masucci B et al (2016) Hierarchical and shared access control. IEEE Transactions on Information Forensics and Security 11(4):850–865Google Scholar
  54. 54.
    Meng W, Tischhauser EW, Wang Q et al (2018) When intrusion detection meets blockchain technology: a review. Ieee Access 6:10179–10188CrossRefGoogle Scholar
  55. 55.
    Peng S, Yang A, Cao L et al (2017) Social influence modeling using information theory in mobile social networks. Inf Sci 379:146–159CrossRefGoogle Scholar
  56. 56.
    Karoui K (2016) Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E-commerce web server. Int J Netw Manag 26(6):553–578CrossRefGoogle Scholar
  57. 57.
    Burgdorff HA, Jajodia S, Springsteel FN, Zalcstein Y (1987) Alternative methods for the reconstruction of trees from their traversals. BIT Numer Math 27(2):133–140MathSciNetCrossRefGoogle Scholar
  58. 58.
    Ramabadran TV, Gaitonde SS (1988) A tutorial on CRC computations. IEEE Micro 8(4):62–75CrossRefGoogle Scholar
  59. 59.
    Tan Y-a, Xue Y, Liang C et al (2018) A root privilege management scheme with revocable authorization for Android devices. J Netw Comput Appl 107:69–82CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.RIADI LaboratoryUniversity of ManoubaManoubaTunisia

Personalised recommendations