S

Enabling Data Protection through PKI encryption in

IoT m-Health DevicesCharalampos Doukas, Ilias Maglogiannis, Vassiliki

Koufi, Flora Malamateniou, George Vassilacopoulos

Introduction

Population Aging

Increasing Survival Rates

increase in the proportion of the population with impairments, disabilities or

chronic illnesses

Introduction

Population Aging

Increasing Survival Rates

increase in the proportion of the population with impairments, disabilities or

chronic illnesses

Ambient Assisted Living

SupportIndependent and

safe lifestyle

Introduction

AAL Services

Sensor devices

Wireless Technologies

Data Mining

Internet of

Things

Introduction

Emerging global information service architecture

Providing Internet access to devices Sensors Actuators

Collaboration of services and integration of information between different resources

Internet of

Things

Introduction

Great impact on healthcare:

Patient context and status awareness

Critical information retrieval (e.g., medical record)

Smart actions: Recommendations for better living (nutrition,

activity, etc.) Emergency care

Internet of

Things

Challenges

Many:

Interoperability Information retrieval from different resources

Ethical

Business models => different entities involved

Security

Internet of

Things

HealthCare

Challenges

Data encryption Limited resources for many sensor devices

Proper authentication User authentication Device authentication

Integrity, confidentiality, etc.

Security

The presented work

A prototype Cloud-based system, which complies with the IoT concept

Manages data collected by wearable – textile sensors

Utilizes the IoT gateway notion Data encryption, user access control and secure

transmission PKI technology

Some Related Work

Growing interest in the utilization of IoT-based systems in a wide range of applications, including homecare applications

Most works address sensor, data collection and networking issues

Data encryption and confidentiality: Some solutions utilize hop-by-hop encrypted data

aggregation some end-to-end encrypted data aggregation

Most works present proprietary and ‘closed’ sensor systems

PKI for IoT Devices

Hop-by-hop encryption of data

Secure hop-by-hop data aggregation protocol (SEDAN)

What about intermediate nodes? hold decrypted sensor data Easy to tamper with

This vulnerability can be addressed by end-to-end techniques for data encryption

A key is shared among all sensors and the system where aggregated data are transmitted to

PKI for IoT Devices

PKI (Public Key Encryption) constitutes an effective approach to data encryption

If one key is used to encrypt information, then only the related key can decrypt that information

In case the public key gets compromised, still it is not computationally feasible to retrieve the private key

PKI for IoT Devices

For IoT and Healthcare:

Devices that generate patient-related information can encrypt data using a public key

health monitoring applications can use the private key to decrypt the data

Using also PKI digital certificates the proper authentication of the devices can be achieved, in addition to the secure data transmission.

Main Challenge:

Even the encryption process with the public key requires computational and memory resources

Existing wireless sensor technologies do not provide, especially when frequent data transmission is required (e.g., heart signal transmission) Typical sensor microcontroller

unit: 32MHz, 512Kb memory

The Proposed Solution

Introduction of IoT Gateways

Have the computational resources (>1 GHz CPU, >500MB RAM) to perform PKI

Come with additional network interfaces

Communication with wireless sensor networks

No issues with power consumption

Can be easily installed (similar to home routers)

The Proposed Solution

Can also address an additional security issue for IoT devices: registration of new sensor devices and key management

When a new monitoring device is introduced, the device needs to have access to the public key

By using an IoT gateway key management is essential only for the gateway device itself and not every sensor device connecting to the latter

The communication between the IoT gateway and the sensor device can be secured using symmetric encryption (which is less computational intensive than PKI)

In addition, the gateway has the ability to receive a new key if required since it is a central communication point always connected to the Internet

The Proposed Solution

Mainly of three components; the mobile and contextual sensors, the IoT gateways and the Back-end infrastructure

Mobile & Contextual Sensors

Continuously or periodically sense data about the patient status heart/pulse rate, temperature, etc.

Patient context room temperature, air quality, lighting conditions,

etc.

Sensor Devices = MCUs + Analog/Digital Sensors + Wireless Interfaces (ZigBee, Bluetooth, etc.)

IoT Gateways

Computational devices RaspberryPi, Beagleboard, etc. Typical price range: 25$ - 150$

Complete OS (Linux)

Networking Interfaces WiFi or Ethernet (Communication to the Internet) ZigBee Bluetooth Zwave, RF, etc.

IoT Gateways

Computational resources: Perform proper data encryption Authentication (PKI) Used for Data processing

Sensor data filtering Data mining

I/O ports Connecting wireless interfaces

IoT Gateways

Cloud (Back-end) Infrastructure

Convenient, on-demand network access to shared group of configurable computing resources CPU Storage (Scalability) Services Pay as you go model Maintenance-free

Cloud (Back-end) Infrastructure

Suitable model for back-end infrastructures

Support data management and visualization of IoT m-health devices

Resources for PKI and key management

System Overview

IoT Gateway

DecryptPreproce

ss

Encrypt

Medical devices

Symmetrically encrypted data

Public Key

Certification

Authorities

Cloud Infrastructure

Certificates

Initial System Evaluation

Prototype implementation Wireless (Bluetooth) Pulse Oxymeter A contextual sensor (temp, humidity, air quality and

light) An IoT Gateway A Cloud-back end system for data management

Initial System Evaluation

Contextual sensor Arduino microcontroller A digital temperature sensor A digital humidity sensor An analog light sensor An analog air quality sensor.

The Arduino can be connected to the home network of the user either through Ethernet of WiFi network interfaces.

Initial System Evaluation

The IoT gateway An open source, WiFi enabled gateway board properly modified to

host additional wireless interfaces (like Bluetooth and ZigBee) A Beagle board Linux board computer.

The gateway board collects all information and forwards the data to the Beagleboard using a serial interface.

The Beagleboard runs a Python script that accepts data from the UART interface and then applies PKI encryption using a pre-stored public key (1024 bit key length).

Then encrypted data are forwarded to a sample Cloud application using a REST Web Service. The Cloud application decrypts the data using the private key and presents sensor data to users.

Initial System Evaluation

Data (average sensor values) are transmitted in 1-minute intervals

The Python script that encrypts the data has been modified to provide information about the time needed to encrypt the sensor readings (total message length less than 100Kb).

Respectively, the J2EE application on the Cloud has been modified to present the time needed to decrypt the data before presenting them to users.

According to initial metrics, the total encryption process adds a 24.5% overhead in the total transmission time (about 800msec) and less than 1 second overhead in data decryption.

The latter overhead is acceptable in both cases for mobile health applications.

Conclusion

The Internet of Things can lead to more accurate and instant diagnosis of health incidents

Data protection is also weak since sensor devices lack the resources for anonymity,

proper authentication and data encryption

In this paper we presented the conceptual design and prototype implementation of a system based on IoT gateways that aggregate health sensor data and resolve security issues through digital certificates and PKI data encryption

Conclusion

The IoT gateway can both resolve sensor communication interoperability issues and provide a less vulnerable mean for securely authenticating to services and sending patient data

Future work: extended evaluation of the system with more

sensors in a real environment private key management and access control should

be further investigated.