Cluster Computing

, Volume 20, Issue 3, pp 2211–2229 | Cite as

New secure healthcare system using cloud of things

  • Ebrahim Al AlkeemEmail author
  • Dina Shehada
  • Chan Yeob Yeun
  • M. Jamal Zemerly
  • Jiankun Hu


Modern healthcare services are serving patients needs by using new technologies such as wearable devices or cloud of things. The new technology provides more facilities and enhancements to the existing healthcare services as it allows more flexibility in terms of monitoring patients records and remotely connecting with the patients via cloud of things. However, there are many security issues such as privacy and security of healthcare data which need to be considered once we introduce wearable devices to the healthcare service. Although some of the security issues were addressed by some researchers in the literature, they mainly addressed cloud of things security or healthcare security separately and their work still suffers from limited security protection and vulnerabilities to some security attacks. The proposed new healthcare system combines security of both healthcare and cloud of things technologies. It also addresses most of the security challenges that might face the healthcare services such as the man in the middle (MITM), eavesdropping, replay, repudiation, and modification attacks. Scyther verification tool was also used to verify the robustness and correctness of the proposed system.


Security Privacy Internet of Things Wireless sensor network Wireless body area networks Role based access control Cloud of things 


  1. 1.
    Abbas, A., Khan, S.U.: A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inf. 18(4), 1431–1441 (2014).
  2. 2.
    Ahmed, M., Vu, Q.H., Asal, R., Al Muhairi, H., Yeun, C.Y.: Lightweight secure storage model with fault-tolerance in cloud environment. Electron. Commerce Res. 14(3), 271–291 (2014)CrossRefGoogle Scholar
  3. 3.
    Al Alkeem, E., Yeun, C.Y., Zemerly, M.J.: Security and privacy framework for ubiquitous healthcare IoT devices. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 70–75. IEEE (2015).
  4. 4.
    Al Ameen, M., Liu, J., Kwak, K.: Security and privacy issues in wireless sensor networks for healthcare applications. J. Med. Syst. 36(1), 93–101 (2012). doi: 10.1007/s10916-010-9449-4
  5. 5.
    Al-Qutayri, M., Yeun, C.Y., Belghuzooz, K.: Framework for secure wireless health monitoring and remote access system. Int. J. Internet Technol. Secur. Trans. 2(3-4), 380–398 (2010). doi: 10.1504/IJITST.2010.03741
  6. 6.
    Alkeem, E.A., Yeun, C.Y., Baek, J.: Secure nfc authentication protocol based on lte network. In: Ubiquitous Information Technologies and Applications, pp. 363–371. Springer (2014)Google Scholar
  7. 7.
    Almulla, S.A., Yeun, C.Y.: New secure storage architecture for cloud computing. In: Park, J.J., Yang, L.T., Lee, C. (eds.) Future Information Technology. Communications in Computer and Information Science, vol. 184. Springer, Berlin, Heidelberg (2011)Google Scholar
  8. 8.
    Appari, A., Johnson, M.E.: Information security and privacy in healthcare: current state of research. Int. J. Internet Enterp. Manage. 6(4), 279–314 (2010). doi: 10.1504/IJIEM.2010.035624
  9. 9.
    Azfar, A., Choo, K.K.R., Liu, L.: Forensic taxonomy of popular android mhealth apps. arXiv:1505.02905 (2015). Preprint
  10. 10.
    Azfar, A., Choo, K.K.R., Liu, L.: An android social app forensics adversary model. In: System Sciences (HICSS), 2016 49th Hawaii International Conference on, pp. 5597–5606. IEEE (2016)Google Scholar
  11. 11.
    Bahga, A., Madisetti, V.K.: A cloud-based approach for interoperable electronic health records (EHRs). Biomed Heal Informatics, IEEE J. 17(5), 894–906 (2013)CrossRefGoogle Scholar
  12. 12.
    Bar-On, R., Tranel, D., Denburg, N.L., Bechara, A.: Exploring the neurological substrate of emotional and social intelligence. Brain 126(8), 1790–1800 (2003).
  13. 13.
    Bui, N., Zorzi, M.: Health care applications: a solution based on the internet of things, Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, pp. 1–5. Barcelona, Spain (2011)Google Scholar
  14. 14.
    Butt, S., Phillips, J.G.: Personality and self reported mobile phone use. Comput. Hum. Behav. 24(2), 346–360 (2008).
  15. 15.
    Castillejo, P., Martinez, J.F., Lopez, L., Rubio, G.: An internet of things approach for managing smart services provided by wearable devices. Int. J. Distrib. Sens. Netw. 2013 (2013).
  16. 16.
    Chiuchisan, I., Costin, H.N., Geman, O.: Adopting the internet of things technologies in health care systems. In: Electrical and Power Engineering (EPE), 2014 International Conference and Exposition on, pp. 532–535. IEEE (2014).
  17. 17.
    Choi, Y.B., Capitan, K.E., Krause, J.S., Streeper, M.M.: Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. J. Med. Syst. 30(1), 57–64 (2006). doi: 10.1007/s10916-006-7405-0
  18. 18.
    Choo, K.K.R.: New payment methods: a review of 2010–2012 fatf mutual evaluation reports. Comput. Secur. 36, 12–26 (2013)CrossRefGoogle Scholar
  19. 19.
    Choo, K.K.R.: Cryptocurrency and virtual currency: corruption and money laundering/terrorism financing risks? Handbook of Digital Currency: Bitcoin, Innovation, Financial Instruments, and Big Data, p. 283 (2015)Google Scholar
  20. 20.
    Choo, K.K.R., Nam, J., Won, D.: A mechanical approach to derive identity-based protocols from Diffie–Hellman-based protocols. Inf. Sci. 281, 182–200 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Chown, P.: Advanced encryption standard (AES) ciphersuites for transport layer security (TLS). Tech. Rep. (2002).
  22. 22.
    Dierks, M.M., Christian, C.K., Roth, E.M., Sheridan, T.B.: Healthcare safety: the impact of Disabling“ safety” protocols. IEEE Trans. Syst. Man Cybern. Part A: Syst. Hum. 34(6), 693–698 (2004).
  23. 23.
    Do, Q., Martini, B., Choo, K.K.R.: Exfiltrating data from android devices. Comput. Secur. 48, 74–91 (2015)CrossRefGoogle Scholar
  24. 24.
    Do, Q., Martini, B., Choo, K.K.R.: A forensically sound adversary model for mobile devices. PloS ONE 10(9), e0138–e0449 (2015)Google Scholar
  25. 25.
    Do, Q., Martini, B., Choo, K.K.R.: Is the data on your wearable device secure? An android wear smartwatch case study. Softw. Pract. Exp. 47(3), 391–403 (2017)Google Scholar
  26. 26.
    D’Orazio, C., Choo, K.K.R.: A generic process to identify vulnerabilities and design weaknesses in ios healthcare apps. In: System Sciences (HICSS), 2015 48th Hawaii International Conference on, pp. 5175–5184. IEEE (2015)Google Scholar
  27. 27.
    D’Orazio, C., Choo, K.K.R.: An adversary model to evaluate drm protection of video contents on ios devices. Comput. Secur. 56, 94–110 (2016)CrossRefGoogle Scholar
  28. 28.
    D’Orazio, C.J., Choo, K.K.R.: A technique to circumvent SSL/TLS validations on IOS devices. Future Generation Computer Systems (2016). doi: 10.1016/j.future.2016.08.019
  29. 29.
    D’Orazio, C.J., Lu, R., Choo, K.K.R., Vasilakos, A.V.: A markov adversary model to detect vulnerable ios devices and vulnerabilities in ios apps. Appl. Math. Comput. 293, 523–544 (2017)MathSciNetGoogle Scholar
  30. 30.
    Doukas, C., Maglogiannis, I.: Bringing IoT and cloud computing towards pervasive healthcare. In: Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on, pp. 922–926. IEEE (2012).
  31. 31.
    Duquette, A., Michaud, F., Mercier, H.: Exploring the use of a mobile robot as an imitation agent with children with low-functioning autism. Auton. Robots 24(2), 147–157 (2008). doi: 10.1007/s10514-007-9056-5
  32. 32.
    Elmisery, A.M., Fu, H.: Privacy preserving distributed learning clustering of healthcare data using cryptography protocols. In: Computer Software and Applications Conference Workshops (COMPSACW), 2010 IEEE 34th Annual, pp. 140–145. IEEE (2010).
  33. 33.
    Ge, M., Choo, K.K.R.: A novel hybrid key revocation scheme for wireless sensor networks. In: International Conference on Network and System Security, pp. 462–475. Springer, Berlin (2014)Google Scholar
  34. 34.
    Ge, M., Choo, K.K.R., Wu, H., Yu, Y.: Survey on key revocation mechanisms in wireless sensor networks. J. Netw. Comput. Appl. 63, 24–38 (2016)CrossRefGoogle Scholar
  35. 35.
    Gope, P., Hwang, T.: BSN-care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16(5), 1368–1376 (2016).
  36. 36.
    Gostin, L.O., Turek-Brezina, J., Powers, M., Kozloff, R.: Privacy and security of health information in the emerging health care system. Health Matrix 5, 1 (1995).
  37. 37.
    Guan, S., Zhang, Y., Ji, Y.: Privacy-preserving health data collection for preschool children. Comput. Math. Methods Med. 2013 (2013). doi: 10.1155/2013/501607.
  38. 38.
    Gul, O., Al-Qutayri, M., Yeun, C.Y., Vu, Q.H.: Framework of a national level electronic health record system. In: Cloud Computing Technologies, Applications and Management (ICCCTAM), 2012 International Conference on, pp. 60–65. IEEE (2012).
  39. 39.
    Guo, C., Zhuang, R., Jie, Y., Ren, Y., Wu, T., Choo, K.K.R.: Fine-grained database field search using attribute-based encryption for e-healthcare clouds. J. Med. Syst. 40(11), 235 (2016)CrossRefGoogle Scholar
  40. 40.
    Han, K., Mun, H., Shon, T., Yeun, C.Y., Park, J.J.J.H.: Secure and efficient public key management in next generation mobile networks. Pers. Ubiquitous Comput. 16(6), 677–685 (2012)CrossRefGoogle Scholar
  41. 41.
    Harding, K., Cutting, K., Price, P.: The cost-effectiveness of wound management protocols of care. Br. J. Nurs. 9(Sup3), S6–S24 (2000). doi: 10.12968/bjon.2000.9.Sup3.12483
  42. 42.
    He, D., Kumar, N., Wang, H., Wang, L., Choo, K.K.R., Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans. Depend. Secure Comput. (2016). doi: 10.1109/TDSC.2016.2596286
  43. 43.
    He, D., Zeadally, S.: An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J. 2(1), 72–83 (2015).
  44. 44.
    Hiremath, S., Yang, G., Mankodiya, K.: Wearable Internet of Things: concept, architectural components and promises for person-centered healthcare. In: Wireless Mobile Communication and Healthcare (Mobihealth), 2014 EAI 4th International Conference on, pp. 304–307. IEEE (2014).
  45. 45.
    Hu, J., Chen, H.H., Hou, T.W.: A hybrid public key infrastructure solution (hpki) for HIPAA privacy/security regulations. Computer Standards & Interfaces 32(56), 274 – 280 (2010).  10.1016/j.csi.2009.04.005.
  46. 46.
    Hu, J., Chen, H.H., Hou, T.W.: A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput. Stand. Interf. 32(5), 274–280 (2010)CrossRefGoogle Scholar
  47. 47.
    Huang, J.H., Lin, Y.R., Chuang, S.T.: Elucidating user behavior of mobile learning: A perspective of the extended technology acceptance model. Electron. Libr. 25(5), 585–598 (2007). doi: 10.1108/02640470710829569
  48. 48.
    Huang, L.C., Chu, H.C., Lien, C.Y., Hsiao, C.H., Kao, T.: Privacy preservation and information security protection for patients portable electronic health records. Comput. Biol. Med. 39(9), 743–750 (2009).
  49. 49.
    Liu, X., Choo, R., Deng, R., Lu, R., Weng, J.: Efficient and privacy-preserving outsourced calculation of rational numbers. IEEE Trans. Depend. Secure Comput. (2016). doi: 10.1109/TDSC.2016.2536601
  50. 50.
    Lo, N.W., Yeh, K.H., Yeun, C.Y.: New mutual agreement protocol to secure mobile RFID-enabled devices. Inf. Secur. Tech. Rep. 13(3), 151–157 (2008).
  51. 51.
    Nepal, S., Ranjan, R., Choo, K.K.R.: Trustworthy processing of healthcare big data in hybrid clouds. IEEE Cloud Comput. 2(2), 78–84 (2015)CrossRefGoogle Scholar
  52. 52.
    Rachuri, K.K., Efstratiou, C., Leontiadis, I., Mascolo, C., Rentfrow, P.J.: METIS: Exploring mobile phone sensing offloading for efficiently supporting social sensing applications. In: Pervasive Computing and Communications (PerCom), 2013 IEEE International Conference on, pp. 85–93. IEEE (2013).
  53. 53.
    Seo, W.J., Islam, R., Khan, M.K., Choo, K.K.R., et al.: A secure cross-domain sip solution for mobile ad hoc network using dynamic clustering. In: International Conference on Security and Privacy in Communication Systems, pp. 649–664. Springer, Heidelberg (2015)Google Scholar
  54. 54.
    Sepehri, M., Cimato, S., Damiani, E., Yeun, C.Y.: Data sharing on the cloud: A scalable proxy-based protocol for privacy-preserving queries. In: Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 1357–1362. IEEE (2015)Google Scholar
  55. 55.
    Shemaili, M., Yeun, C., Zemerly, M., Mubarak, K.: Enhancing the security of the shrinking generator based lightweight mutual authentication rfid protocol. Int. J. Adv. Logis. 1(1), 33–50 (2012)CrossRefGoogle Scholar
  56. 56.
    Shemaili, M.A.B., Yeun, C.Y., Zemerly, M.J.: Lightweight mutual authentication protocol for securing RFID applications. Int. J. Internet Technol. Secur. Trans. 2(3–4), 205–221 (2010)CrossRefGoogle Scholar
  57. 57.
    Shemaili, M.A.B., Yeun, C.Y., Zemerly, M.J., Mubarak, K.: A novel hybrid cellular automata based cipher system for internet of things. In: Future Information Technology, pp. 269–276. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-40861-8_40
  58. 58.
    Smith, E., Eloff, J.H.P.: Security in health-care information systemscurrent trends. Int. J. Med. Inf. 54(1), 39–54 (1999).
  59. 59.
    Srivastava, L.: Mobile phones and the evolution of social behaviour. Behav. Inf. Technol. 24(2), 111–129 (2005). doi: 10.1080/01449290512331321910
  60. 60.
    Swan, M.: Sensor mania! the internet of things, wearable computing, objective metrics, and the quantified self 2.0. J. Sens. Actuator Netw. 1(3), 217–253 (2012).
  61. 61.
    Toninelli, A., Montanari, R., Corradi, A.: Enabling secure service discovery in mobile healthcare enterprise networks. IEEE Wireless Commun. 16(3), 24–32 (2009).
  62. 62.
    Wang, S., Cao, Z., Choo, K.K.R., Wang, L.: An improved identity-based key agreement protocol and its security proof. Inf. Sci. 179(3), 307–318 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  63. 63.
    Yeun, C.Y., Han, K., Vo, D.L., Kim, K.: Secure authenticated group key agreement protocol in the manet environment. Inf. Secur. Tech. Rep. 13(3), 158–164 (2008)CrossRefGoogle Scholar
  64. 64.
    Yksel, B., Kp, A., Zkasap, Z.: Research issues for privacy and security of electronic health services. Future Gen. Comput. Syst. 68, 1–13 (2017).
  65. 65.
    Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., Luo, H.H.: Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Commun. 22(4), 104–112 (2015).
  66. 66.
    Zhang, M., Raghunathan, A., Jha, N.K.: MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Trans. Biomed. Circuits Syst. 7(6), 871–881 (2013).

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Khalifa Unversity of Science and TechnologyElectrical and Computer EngineeringAbu DhabiUAE
  2. 2.School of Engineering and Information TechnologyUNSW Canberra (Australian Defence Force Academy)Canberra BCAustralia

Personalised recommendations