Abstract
The Internet of Medical Things (IoMT) is one the most practical and useful applications of the Internet of Things (IoT), achieved by connecting medical devices and applications to the online healthcare system. IoMT, if fully and properly implemented, in our healthcare systems can save precious lives and can be a boon to healthcare professionals, especially when addressing challenges caused by pandemics such as COVID-19 and other communicable diseases. In an IoMT, machine-to machine connectivity is possible through short-range communication devices such as Bluetooth or long-range communications (using 5G communication). However security and privacy remain a major challenge faced by IoMT developers and stakeholders. Transmission of critical medical information to the cloud computing setup wirelessly without addressing security issues introduces the risk of hacking and data corruption. It is paramount that the potential security issues are identified and appropriate security measures are implemented. This chapter discussed the various security vulnerabilities that have been identified by researchers and also highlights innovative solutions that have been proposed by researchers. Various solutions such as malware detection, usage of multimodal feature-based biometric identification schemes, ontology-based recommendation tool for addressing various IoMT threat scenarios, and blockchain-enabled authentication techniques are some of the approaches that are discussed and summarized in this chapter.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
HIPAA Journal. https://www.hipaajournal.com/87pc-healthcare-organizations-adoptinternet-of-things-technology-2019-8712
Dharavath, K., Talukdar, F. A, & Laskar R. H. (2013). Study on biometric authentication systems, challenges and future trends. In IEEE International conference on computational intelligence and computing research, pp. 1–7.
Hussain, S., Kamal, A., Ahmad, S., Rasool, G., & Iqbal, S. (2014). Threat modelling methodologies: A survey. Sci. Int., 26(4), 1607.
Möckel, C., & Abdallah, A. E. (2010) 2010 6th International conference on information assurance and security, IAS 2010, pp. 149–154.
Johnstone, M. N. (2010). Threat modelling with stride and UML. In Australian information security management conference (November), vol. 18.
Larry, G. (2007). The security development lifecycle: Microsoft.
Wuyts, K., Scandariato, R., & Joosen, W. (2016). LINDDUN: A privacy threat analysis framework.
Mohsen Nia, A., & Jha, N. K. (2016). A comprehensive study of security of Internet-of-Things. IEEE Transactions on Emerging Topics in Computing, 5(4), 1.
Aufner, P. (2019). The IoT security gap: A look down into the valley between threat models and their implementation. International Journal of Information Security, 19, 3–14.
Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer System, 29(7), 1645.
Fleisch, E., Weinberger, M., & Wortmann, F. (2014). Business models for the Internet of Things (pp. 1–18). Zurich: Bosch IoT Lab.
Green, J. (2014). CTO data virtualization: IoT reference model white paper.
Challa, S., Wazid, M., Das, A., Kumar, N., Goutham Reddy, A., Yoon, E., & Yoo, K. (2017). Secure signature-based authenticated key establishment scheme for future IoT applications. IEEE Access, 5, 3028–3043.
Kumar, R., Zhang, X., Wang, W., Khan, R., Kumar, J., & Sharif, A. (2019). A multimodal malware detection technique for android IoT devices using various features. IEEE Access, 7, 64411–64430.
Wazid, M., Das, A., Odelu, V., Kumar, N., & Susilo, W. (2020). Secure remote user authenticated key establishment protocol for smart home environment. IEEE Transactions on Dependable and Secure Computing, 17, 391–406.
Alsubaei, F., Abuhussein, A., & Shiva, S. (2019). Ontology-based security recommendation for the Internet of medical things. IEEE Access, 7, 48948–48960.
Gatouillat, A., Badr, Y., Massot, B., & Sejdic, E. (2018). Internet of medical things: A review of recent contributions dealing with cyber-physical systems in medicine. IEEE Internet of Things Journal, 5, 3810–3822.
Kumar, P., Braeken, A., Gurtov, A., Iinatti, J., & Ha, P. (2017). Anonymous secure framework in connected smart home environments. IEEE Transactions on Information Forensics and Security, 12, 968–979.
Kumar, P., Gurtov, A., Iinatti, J., Ylianttila, M., & Sain, M. (2016). Lightweight and secure session-key establishment scheme in smart home environments. IEEE Sensors Journal, 16, 254–264.
Wazid, M., Das, A., Kumar, N., & Vasilakos, A. (2019). Design of secure key management and user authentication scheme for fog computing services. Future Generation Computer Systems, 91, 475–492.
Wazid, M., Das, A., Rodrigues, J., Shetty, S., & Park, Y. (2019). IoMT malware detection approaches: Analysis and research challenges. IEEE Access, 7, 182459–182476.
Wang, X., Wang, L., Li, Y., & Gai, K. (2018). Privacy-aware efficient fine-grained data access control in internet of medical things based fog computing. IEEE Access, 6, 47657–47665.
Yanambaka, V., Mohanty, S., Kougianos, E., & Puthal, D. (2019). PMsec: Physical Unclonable function-based robust and lightweight authentication in the internet of medical things. IEEE Transactions on Consumer Electronics, 65, 388–397.
Saleem, M., Mahmood, K., & Kumari, S. (2020). Comments on “AKM-IoV: Authenticated key management protocol in fog computing-based internet of vehicles deployment”. IEEE Internet of Things Journal, 7, 4671–4675.
Shen, S., Huang, L., Zhou, H., Yu, S., Fan, E., & Cao, Q. (2018). Multistage signaling game-based optimal detection strategies for suppressing malware diffusion in fog-cloud-based IoT networks. IEEE Internet of Things Journal, 5, 1043–1054.
Das, A., Zeadally, S., & He, D. (2018). Taxonomy and analysis of security protocols for Internet of Things. Future Generation Computer Systems, 89, 110–125.
Sun, Y., Lo, F., & Lo, B. (2019). Security and privacy for the Internet of Medical Things enabled healthcare systems: A survey. IEEE Access, 7, 183339–183355.
Stallings, W. Cryptography and network security. Upper Saddle River: Prentice Hall Press.
Takase, H., Kobayashi, R., Kato, M., & Ohmura, R. (2019). A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information. International Journal of Information Security, 19, 71–81.
Rudd, E., Rozsa, A., Gunther, M., & Boult, T. (2017). A survey of stealth malware attacks, mitigation measures, and steps toward autonomous open world solutions. IEEE Communications Surveys & Tutorials, 19, 1145–1172.
Kumar, G. (2016). Denial of service attacks – An updated perspective. Systems Science & Control Engineering, 4, 285–294.
Kao, Y., Huang, K., Gu, H., & Yuan, S. (2013). uCloud: A user-centric key management scheme for cloud data protection. IET Information Security, 7, 144–154.
Li, J., Chen, X., Li, M., Li, J., Lee, P., & Lou, W. (2014). Secure deduplication with efficient and reliable convergent key management. IEEE Transactions on Parallel and Distributed Systems, 25, 1615–1625.
Tysowski, P., & Hasan, M. (2013). Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE Transactions on Cloud Computing, 1, 172–186.
Jia Yu, Kui Ren, Cong Wang, & Varadharajan, V. (2015). Enabling cloud storage auditing with key-exposure resistance. IEEE Transactions on Information Forensics and Security, 10, 1167–1179.
Eschenauer, L., & Gligor, V. (2002). A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM conference on Computer and communications security – CCS ’02.
Haowen Chan, & Perrig, A. (2003). Security and privacy in sensor networks. Computer, 36, 103–105.
Du, W., Deng, J., Han, Y., Varshney, P., Katz, J., & Khalili, A. (2005). A pairwise key predistribution scheme for wireless sensor networks. ACM Transactions on Information and System Security (TISSEC), 8, 228–258.
Blundo, C., De Santis, A., Herzberg, A., Kutten, S., Vaccaro, U., & Yung, M. (1998). Perfectly secure key distribution for dynamic conferences. Information and Computation, 146, 1–23.
Messerges, T., Dabbish, E., & Sloan, R. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51, 541–552.
Wazid, M., Das, A., Kumar, N., & Rodrigues, J. (2017). Secure three-factor user authentication scheme for renewable-energy-based smart grid environment. IEEE Transactions on Industrial Informatics, 13, 3144–3153.
Wang, D., Cheng, H., He, D., & Wang, P. (2018). On the challenges in designing identity-based privacy-preserving authentication schemes for mobile devices. IEEE Systems Journal, 12, 916–925.
Wazid, M., Das, A., Kumari, S., & Khan, M. (2016). Design of sinkhole node detection mechanism for hierarchical wireless sensor networks. Security and Communication Networks, 9, 4596–4614.
An Enhanced Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services. (2017). KSII Transactions on Internet and Information Systems, 11
Wenliang Du, Jing Deng, Han, Y. S., & Varshney, P. (2006). A Key predistribution scheme for sensor networks using deployment knowledge. IEEE Transactions on Dependable and Secure Computing, 3, 62–77.
Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29, 198–208.
Canetti, R. (2000). Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 13, 143–202.
Canetti, R., & Herzog, J. (2010). Universally composable symbolic security analysis. Journal of Cryptology, 24, 83–147.
Roy, S., Chatterjee, S., Das, A., Chattopadhyay, S., Kumari, S., & Jo, M. (2018). Chaotic map-based anonymous user authentication scheme with user biometrics and fuzzy extractor for crowdsourcing Internet of Things. IEEE Internet of Things Journal, 5, 2884–2895.
Xin, Y., Kong, L., Liu, Z., Wang, C., Zhu, H., Gao, M., Zhao, C., & Xu, X. (2018). Multimodal feature-level fusion for biometrics identification system on IoMT platform. IEEE Access, 6, 21418–21426.
Pirbhulal, S., Wu, W., & Li, G. (2018). A biometric security model for wearable healthcare. In 2018 IEEE International Conference on Data Mining Workshops (ICDMW).
Challa, S., Das, A., Kumari, S., Odelu, V., Wu, F., & Li, X. (2016). Provably secure three-factor authentication and key agreement scheme for session initiation protocol. Security and Communication Networks, 9, 5412–5431.
Rajasegarar, S., Leckie, C., & Palaniswami, M. (2008). Anomaly detection in wireless sensor networks. IEEE Wireless Communications, 15, 34–40.
Garg, N., Wazid, M., Das, A. K., Singh, D. P., Rodrigues, J. J. P. C., & Park, Y. (2020). BAKMP-IoMT: Design of blockchain enabled authenticated key management protocol for ınternet of medical things deployment. IEEE Access, 8, 95956–95977.
Azaria, A., Ekblaw, A., Vieira, T., & Lippman, A. (2016). MedRec: Using blockchain for medical data access and permission management. In 2nd International conference on Open Big Data (OBD), pp. 25–30.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Jeyavel, J., Parameswaran, T., Mannan, J.M., Hariharan, U. (2021). Security Vulnerabilities and Intelligent Solutions for IoMT Systems. In: Hemanth, D.J., Anitha, J., Tsihrintzis, G.A. (eds) Internet of Medical Things. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-63937-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-63937-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63936-5
Online ISBN: 978-3-030-63937-2
eBook Packages: MedicineMedicine (R0)