Abstract
This paper reports research into mitigating security vulnerability in IoT medical devices by inserting forensic readiness states into the network system and preparing mitigation for security failure. A design is built and tested, and then validated by expert feedback. The contribution of this research is to present a novel conceptual design for a digital forensic readiness framework for WMedSys, which can be easily implemented and integrated into existing IoT and wireless networks in the healthcare sector.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baldoni, R., Montanari, L.: Italian Cyber Security Report 2015 - A national framework. Capienza Università di Roma and CINI Cyber Security National Lab, Roma (2016)
Brownlee, N., Guttman, E.: Expectations for Computer Security Incident Response. The Internet Society, Reston (1998)
Reggiani, M.: A brief introduction to Forensic Readiness (2016). http://resources.infosecinstitute.com/a-brief-introduction-to-forensic-readiness/#gref. Accessed 13 Mar 2019
Napier, J.: NICS forensic readiness guidelines (2011). http://studyres.com/download/4392801. Accessed 14 Mar 2019
Quinn, S.: Hospital pays $55,000 ransom; no patient data stolen (2018). http://www.greenfieldreporter.com/2018/01/16/01162018dr_hancock_health_pays_ransom/. Accessed 14 Mar 2019
Ehlinger, S.: Former employee reportedly steals mental health data on 28,434 Bexar County patients (2017). https://www.expressnews.com/business/local/article/Former-employee-reportedly-steals-mental-health-12405113.php. Accessed 14 Mar 2019
Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defenses. In: IEEE Symposium on Security and Privacy, Oakland (2008)
Radcliffe, J.: Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System (2011). https://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf. Accessed 14 Mar 2019
Li, C., Zhang, M., Raghunathan, A., Jha, N.K.: Attacking and defending a diabetes therapy system. In: Burleson, W., Carrara, S. (eds.) Security and Privacy for Implantable Medical Devices, pp. 175–193. Springer, New York (2014). https://doi.org/10.1007/978-1-4614-1674-6_8
Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D., Fu, K.: They can hear your heartbeats: non-invasive security for implantable medical devices. In: ACM SIGCOMM 2011 Conference, New York, NY (2011)
Clark, S.S., Fu, K.: Recent results in computer security for medical devices. In: Nikita, K.S., Lin, J.C., Fotiadis, D.I., Arredondo Waldmeyer, M.-T. (eds.) MobiHealth 2011. LNICST, vol. 83, pp. 111–118. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29734-2_16
Burleson, W., Clark, S.S., Ransford, B., Fu, K.: Design challenges for secure implantable medical devices. In: 49th ACM/EDAC/IEEE Design Automation Conference (DAC), San Francisco (2012)
Hermans, J., Tinholt, H.W., de Wit, J.: Achieving digital forensic readiness (2015). https://assets.kpmg.com/content/dam/kpmg/pdf/2016/03/Achieving-Digital-Forensic-Readiness-12-9-2015.pdf. Accessed 13 Mar 2019
Alenezi, A., Hussein, R.K., Walters, R.J., Wills, G.J.: A framework for cloud forensic readiness in organizations. In: 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), San Francisco (2017)
Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.K.: Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 1(3), 50–59 (2016)
Raju, B.K., Geethakumari, G.: An advanced forensic readiness model for the cloud environment. In: International Conference on Computing, Communication and Automation (ICCCA), Noida, India (2016)
De Marco, L., Ferrucci, F., Kechadi, M.: Reference architecture for a cloud forensic readiness system. In: EAI Endorsed Transactions on Security and Safety, pp. 1–9 (2014)
Kebande, V.R., Venter, H.S.: A cloud forensic readiness model using a Botnet as a Service. In: International Conference on Digital Security and Forensics (DigitalSec2014), Ostrava, Czech Republic (2014)
Harbawi, M., Varol, A.: An improved digital evidence acquisition model for the Internet of Things forensic I: a theoretical framework. In: 5th International Symposium on Digital Forensic and Security (ISDFS), Tirgu Mures, Romania (2017)
Endicott-Popovsky, B., Frincke, D.A., Taylor, C.A.: A theoretical framework for organizational network forensic readiness. J. Comput. 2(3), 1–11 (2007)
Kebande, V.R., Karie, N.M., Venter, H.S.: A generic digital forensic readiness model for BYOD using honeypot technology. In: IST-Africa Week Conference, Durban, South Africa (2016)
Kebande, V.R., Karie, N.M., Omeleze, S.: A mobile forensic readiness model aimed at minimising cyber bullying. Int. J. Comput. Appl. 140(1), 28–33 (2016)
Barske, D., Stander, A., Jordaan, J.: A digital forensic readiness framework for South African SME’s. In: Information Security for South Africa (ISSA), Sandton, Johannesburg, South Africa (2010)
Ngobeni, S., Venter, H., Burke, I.: A forensic readiness model for wireless networks. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IFIPAICT, vol. 337, pp. 107–117. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15506-2_8
Rahman, A.F.A., Ahmad, R., Ramli, S.N.: Forensic readiness for wireless body area network (WBAN) system. In: 16th International Conference on Advanced Communication Technology, Pyeongchang (2014)
Cusack, B., Kyaw, A.K.: Forensic readiness for wireless medical systems. In: 10th Australian Digital Forensics Conference, Perth, Western Australia (2012)
Ieong, R.S.C.: FORZA – digital forensics investigation framework that incorporate legal issues. Digit. Invest. 3S, S29–S36 (2006)
Reggiani, M.: A brief introduction to Forensic Readiness (2016). https://resources.infosecinstitute.com/a-brief-introduction-to-forensic-readiness/#gref. Accessed 14 Mar 2019
Kent, K., Chevalier, S., Grance, T., Dang, H.: NIST Special Publication 800-86: Guide to Integrating Forensic Techniques into Incident Response. National Institute of Standards and Technology, Gaithersburg (2006)
Given, L.: The SAGE Encyclopaedia of Qualitative Research Methods. SAGE Publications, London (2008)
Kebande, V.R., Venter, H.S.: A functional architecture for cloud forensic readiness large-scale potential evidence analysis. In: 4th European Conference on Cyber Warfare and Security (ECCWS), Hertfordshire, Hatfield (2015)
Grobler, C.P., Louwrens, C.P.: Digital forensic readiness as a component of information security best practice. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) SEC 2007. IIFIP, vol. 232, pp. 13–24. Springer, Boston, MA (2007). https://doi.org/10.1007/978-0-387-72367-9_2
Rowlingson, R.: A ten step process for forensic readiness. Int. J. Digit. Evid. 2(3), 1–28 (2004)
Sule, D.: Importance of forensic readiness. ISACA J. 1(2014), 1–5 (2014)
CYFOR: Specialists in Organisational Forensic Readiness Planning and Implementation (2018). http://cyfor.co.uk/digital-forensics/forensic-readiness-planning/. Accessed 13 Mar 2019
Makutsoane, M.P., Leonard, A.: A conceptual framework to determine the digital forensic readiness of a Cloud Service Provider. In: Portland International Conference on Management of Engineering & Technology (PICMET), Kanazawa, Japan (2014)
Reddy, K., Venter, H.: A forensic framework for handling information privacy incidents. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IFIPAICT, vol. 306, pp. 143–155. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04155-6_11
Mouhtaropoulos, A., Dimotikalis, P., Li, C.T.: Applying a digital forensic readiness framework: three case studies. In: IEEE International Conference on Technologies for Homeland Security (HST), Waltham, MA (2013)
Kebande, V.R., Ntsamo, H.S., Venter, H.S.: Towards a prototype for achieving digital forensic readiness in the cloud using a distributed NMB solution. In: 15th European Conference on Cyber Warfare and Security (ECCWS), Munich (2016)
Kebande, V.R., Venter, H.S.: Requirements for achieving digital forensic readiness in the cloud environment using an NMB solution. In: 11th International Conference on Cyber Warfare and Security, Boston (2016)
Mouhtaropoulos, A., Li, C.T., Grobler, M.: Digital forensic readiness: are we there yet? J. Int. Commer. Law Technol. 9(3), 173–179 (2014)
Pooe, A., Labuschagne, L.: Cognitive approaches for digital forensic readiness planning. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IFIPAICT, vol. 410, pp. 53–66. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41148-9_4
Ngobeni, S.J., Venter, H.S.: The design of a wireless forensic readiness model (WFRM). In: Information Security South Africa Conference, Johannesburg, South Africa (2009)
Lalla, H., Flowerday, S., Sanyamahwe, T., Tarwireyi, P.: A log file digital forensic model. In: 8th International Conference on Digital Forensics (DF), Pretoria, South Africa (2012)
Alrajeh, D., Pasquale, L., Nuseibeh, B.: On evidence preservation requirements for forensic-ready systems. In: 11th Joint Meeting on Foundations of Software Engineering, Paderborn (2017)
Fleming, R.F.: Towards the analysis of information environment resilience for real enterprises (Doctoral thesis). The University of New South Wales, Canberra, Australia (2010)
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)
Vaismoradi, M., Turunen, H., Bondas, T.: Content analysis and thematic analysis: implications for conducting a qualitative descriptive study. Nurs. Health Sci. 15(1), 398–405 (2013)
Boyatzis, R.: Transforing Qualitative Information: Thematic Analysis and Code Development. SAGE Publications, Thousand Oaks (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kyaw, A.K., Tian, Z., Cusack, B. (2020). Design and Evaluation for Digital Forensic Ready Wireless Medical Systems. In: Garcia, N., Pires, I., Goleva, R. (eds) IoT Technologies for HealthCare. HealthyIoT 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 314. Springer, Cham. https://doi.org/10.1007/978-3-030-42029-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-42029-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42028-4
Online ISBN: 978-3-030-42029-1
eBook Packages: Computer ScienceComputer Science (R0)