Advertisement

A Framework for Ranking IoMT Solutions Based on Measuring Security and Privacy

  • Faisal AlsubaeiEmail author
  • Abdullah Abuhussein
  • Sajjan Shiva
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 880)

Abstract

Internet of Medical Things (IoMT) is now growing rapidly, with Internet-enabled devices helping people to track and monitor their health, early diagnosis of their health issues, treat their illness, and administer therapy. Because of its increasing demand and its accessibility to high Internet speed, IoMT has opened doors for security vulnerabilities to healthcare systems. The lack of security awareness among IoMT users can provoke serious and perhaps fatal security issues. The disastrous consequences of these issues will not only disrupt medical services (e.g., ransomware) causing financial losses but will also put the patients’ lives at risk. This paper proposes a framework to compare and rank IoMT solutions based on their protection and defense capability using the Analytic Hierarchy Process. The proposed framework measures the security, including privacy, in the compared IoMT solutions against a set of user requirements and using a detailed set of assessment criteria. This works aims to help in determining and avoiding risks associated with insecure IoMT solutions and reduce the gap between solution providers and consumers by increasing the security awareness and transparency.

Keywords

IoMT Quantitative evaluation Security Assessment Metrics Measurements Privacy 

References

  1. 1.
  2. 2.
    87% of Healthcare Organizations Will Adopt Internet of Things Technology by 2019 (2017). https://www.hipaajournal.com/87pc-healthcare-organizations-adopt-internet-of-things-technology-2019–8712/
  3. 3.
    Alsubaei, F., Abuhussein, A., Shiva, S.: Security and privacy in the internet of medical things: taxonomy and risk assessment. In: 2017 IEEE 42nd Conference on Local Computer Networks Workshops (LCN Workshops), pp. 112–120 (2017)Google Scholar
  4. 4.
    Cyber Risk Services|Deloitte US|Enterprise Risk Services. https://www2.deloitte.com/us/en/pages/risk/solutions/cyber-risk-services.html
  5. 5.
    Inc, S.: Synopsys and Ponemon study highlights critical security deficiencies in medical devices. https://www.prnewswire.com/news-releases/synopsys-and-ponemon-study-highlights-critical-security-deficiencies-in-medical-devices-300463669.html
  6. 6.
    Medical Devices are the Next Security Nightmare. https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
  7. 7.
    Hamlyn-Harris, J.H.: Three Reasons Why Pacemakers are Vulnerable to Hacking. http://theconversation.com/three-reasons-why-pacemakers-are-vulnerable-to-hacking-83362
  8. 8.
    Jalali, M.S., Kaiser, J.P.: Cybersecurity in hospitals: a systematic, organizational perspective. J. Med. Internet Res. 28, 10059 (2018)CrossRefGoogle Scholar
  9. 9.
  10. 10.
    Abie, H., Balasingham, I.: Risk-based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, pp. 269–275. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2012)Google Scholar
  11. 11.
    Savola, R.M., Savolainen, P., Evesti, A., Abie, H., Sihvonen, M.: Risk-driven security metrics development for an e-health IoT application. In: Information Security for South Africa (ISSA), pp. 1–6. IEEE (2015)Google Scholar
  12. 12.
    Food and Drug Administration: Postmarket Management of Cybersecurity in Medical Devices (2016). https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf
  13. 13.
    MDRAP|Home Page. https://mdrap.mdiss.org/
  14. 14.
    McMahon, E., Williams, R., El, M., Samtani, S., Patton, M., Chen, H.: Assessing medical device vulnerabilities on the Internet of Things. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 176–178. IEEE (2017)Google Scholar
  15. 15.
    Medical Equipment in General. https://www.iso.org/ics/11.040.01/x/
  16. 16.
  17. 17.
  18. 18.
    [Press Release WP29] Opinion on the Internet of Things|CNIL. https://www.cnil.fr/en/press-release-wp29-opinion-internet-things
  19. 19.
    GSMA IoT Security Guidelines-Complete Document Set. https://www.gsma.com/iot/gsma-iot-security-guidelines-complete-document-set/
  20. 20.
    Laplante, P.A., Kassab, M., Laplante, N.L., Voas, J.M.: Building caring healthcare systems in the internet of things. IEEE Syst. J. 12, 1–8 (2017)Google Scholar
  21. 21.
    Islam, S.M.R., Kwak, D., Kabir, M.H., Hossain, M., Kwak, K.S.: The internet of things for health care: a comprehensive survey. IEEE Access. 3, 678–708 (2015)CrossRefGoogle Scholar
  22. 22.
    Williams, P.A., Woodward, A.J.: Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem. Med. Devices Auckl. NZ. 8, 305–316 (2015)Google Scholar
  23. 23.
    Leister, W., Hamdi, M., Abie, H., Poslad, S.: An evaluation framework for adaptive security for the iot in ehealth. Int. J. Adv. Secur. 7(3&4), 93–109 (2014)Google Scholar
  24. 24.
    Wu, T., Zhao, G.: A novel risk assessment model for privacy security in Internet of Things. Wuhan Univ. J. Nat. Sci. 19, 398–404 (2014)CrossRefGoogle Scholar
  25. 25.
    Caldiera, V., Rombach, H.D.: The goal question metric approach. Encycl. Softw. Eng. 2, 528–532 (1994)Google Scholar
  26. 26.
    Bayuk, J., Mostashari, A.: Measuring systems security. Syst. Eng. 16, 1–14 (2013)CrossRefGoogle Scholar
  27. 27.
  28. 28.
    Health, C. for D. and R.: Digital Health-Cybersecurity. https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm
  29. 29.
    Naval Medical Logistics Command (NMLC): Medical Device Risk Assessment Questionnaire Version 3.0. (2016). http://www.med.navy.mil/sites/nmlc/Public_Docs/Solicitations/RFP/MDRA%203.0-20160815RX.PDF
  30. 30.
    Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1, 83–98 (2008)MathSciNetGoogle Scholar
  31. 31.
    Cheng, Y., Deng, J., Li, J., DeLoach, S.A., Singhal, A., Ou, X.: Metrics of Security. In: Kott, A., Wang, C., Erbacher, R.F. (eds.) Cyber Defense and Situational Awareness, pp. 263–295. Springer International Publishing, Cham (2014)Google Scholar
  32. 32.
    Saaty, T.L.: Decision-making with the AHP: why is the principal eigenvector necessary. Eur. J. Oper. Res. 145, 85–91 (2003)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A)|ICS-CERT. https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
  34. 34.
    Alsubaei, F., Abuhussein, A., Shiva, S.: Quantifying security and privacy in Internet of Things solutions. In: NOMS 2018–2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–6 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Faisal Alsubaei
    • 1
    • 2
    Email author
  • Abdullah Abuhussein
    • 3
  • Sajjan Shiva
    • 1
  1. 1.University of MemphisMemphisUSA
  2. 2.University of JeddahJeddahSaudi Arabia
  3. 3.St. Cloud State UniversitySt. CloudUSA

Personalised recommendations