Upload
charalampos-doukas
View
1.319
Download
9
Embed Size (px)
DESCRIPTION
Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering
Citation preview
S
Enabling Data Protection through PKI encryption in
IoT m-Health DevicesCharalampos Doukas, Ilias Maglogiannis, Vassiliki
Koufi, Flora Malamateniou, George Vassilacopoulos
Introduction
Population Aging
Increasing Survival Rates
increase in the proportion of the population with impairments, disabilities or
chronic illnesses
Introduction
Population Aging
Increasing Survival Rates
increase in the proportion of the population with impairments, disabilities or
chronic illnesses
Ambient Assisted Living
SupportIndependent and
safe lifestyle
Introduction
AAL Services
Sensor devices
Wireless Technologies
Data Mining
Internet of
Things
Introduction
Emerging global information service architecture
Providing Internet access to devices Sensors Actuators
Collaboration of services and integration of information between different resources
Internet of
Things
Introduction
Great impact on healthcare:
Patient context and status awareness
Critical information retrieval (e.g., medical record)
Smart actions: Recommendations for better living (nutrition,
activity, etc.) Emergency care
Internet of
Things
Challenges
Many:
Interoperability Information retrieval from different resources
Ethical
Business models => different entities involved
Security
Internet of
Things
HealthCare
Challenges
Data encryption Limited resources for many sensor devices
Proper authentication User authentication Device authentication
Integrity, confidentiality, etc.
Security
The presented work
A prototype Cloud-based system, which complies with the IoT concept
Manages data collected by wearable – textile sensors
Utilizes the IoT gateway notion Data encryption, user access control and secure
transmission PKI technology
Some Related Work
Growing interest in the utilization of IoT-based systems in a wide range of applications, including homecare applications
Most works address sensor, data collection and networking issues
Data encryption and confidentiality: Some solutions utilize hop-by-hop encrypted data
aggregation some end-to-end encrypted data aggregation
Most works present proprietary and ‘closed’ sensor systems
PKI for IoT Devices
Hop-by-hop encryption of data
Secure hop-by-hop data aggregation protocol (SEDAN)
What about intermediate nodes? hold decrypted sensor data Easy to tamper with
This vulnerability can be addressed by end-to-end techniques for data encryption
A key is shared among all sensors and the system where aggregated data are transmitted to
PKI for IoT Devices
PKI (Public Key Encryption) constitutes an effective approach to data encryption
If one key is used to encrypt information, then only the related key can decrypt that information
In case the public key gets compromised, still it is not computationally feasible to retrieve the private key
PKI for IoT Devices
For IoT and Healthcare:
Devices that generate patient-related information can encrypt data using a public key
health monitoring applications can use the private key to decrypt the data
Using also PKI digital certificates the proper authentication of the devices can be achieved, in addition to the secure data transmission.
Main Challenge:
Even the encryption process with the public key requires computational and memory resources
Existing wireless sensor technologies do not provide, especially when frequent data transmission is required (e.g., heart signal transmission) Typical sensor microcontroller
unit: 32MHz, 512Kb memory
The Proposed Solution
Introduction of IoT Gateways
Have the computational resources (>1 GHz CPU, >500MB RAM) to perform PKI
Come with additional network interfaces
Communication with wireless sensor networks
No issues with power consumption
Can be easily installed (similar to home routers)
The Proposed Solution
Can also address an additional security issue for IoT devices: registration of new sensor devices and key management
When a new monitoring device is introduced, the device needs to have access to the public key
By using an IoT gateway key management is essential only for the gateway device itself and not every sensor device connecting to the latter
The communication between the IoT gateway and the sensor device can be secured using symmetric encryption (which is less computational intensive than PKI)
In addition, the gateway has the ability to receive a new key if required since it is a central communication point always connected to the Internet
The Proposed Solution
Mainly of three components; the mobile and contextual sensors, the IoT gateways and the Back-end infrastructure
Mobile & Contextual Sensors
Continuously or periodically sense data about the patient status heart/pulse rate, temperature, etc.
Patient context room temperature, air quality, lighting conditions,
etc.
Sensor Devices = MCUs + Analog/Digital Sensors + Wireless Interfaces (ZigBee, Bluetooth, etc.)
IoT Gateways
Computational devices RaspberryPi, Beagleboard, etc. Typical price range: 25$ - 150$
Complete OS (Linux)
Networking Interfaces WiFi or Ethernet (Communication to the Internet) ZigBee Bluetooth Zwave, RF, etc.
IoT Gateways
Computational resources: Perform proper data encryption Authentication (PKI) Used for Data processing
Sensor data filtering Data mining
I/O ports Connecting wireless interfaces
IoT Gateways
Cloud (Back-end) Infrastructure
Convenient, on-demand network access to shared group of configurable computing resources CPU Storage (Scalability) Services Pay as you go model Maintenance-free
Cloud (Back-end) Infrastructure
Suitable model for back-end infrastructures
Support data management and visualization of IoT m-health devices
Resources for PKI and key management
System Overview
IoT Gateway
DecryptPreproce
ss
Encrypt
Medical devices
Symmetrically encrypted data
Public Key
Certification
Authorities
Cloud Infrastructure
Certificates
Initial System Evaluation
Prototype implementation Wireless (Bluetooth) Pulse Oxymeter A contextual sensor (temp, humidity, air quality and
light) An IoT Gateway A Cloud-back end system for data management
Initial System Evaluation
Contextual sensor Arduino microcontroller A digital temperature sensor A digital humidity sensor An analog light sensor An analog air quality sensor.
The Arduino can be connected to the home network of the user either through Ethernet of WiFi network interfaces.
Initial System Evaluation
The IoT gateway An open source, WiFi enabled gateway board properly modified to
host additional wireless interfaces (like Bluetooth and ZigBee) A Beagle board Linux board computer.
The gateway board collects all information and forwards the data to the Beagleboard using a serial interface.
The Beagleboard runs a Python script that accepts data from the UART interface and then applies PKI encryption using a pre-stored public key (1024 bit key length).
Then encrypted data are forwarded to a sample Cloud application using a REST Web Service. The Cloud application decrypts the data using the private key and presents sensor data to users.
Initial System Evaluation
Data (average sensor values) are transmitted in 1-minute intervals
The Python script that encrypts the data has been modified to provide information about the time needed to encrypt the sensor readings (total message length less than 100Kb).
Respectively, the J2EE application on the Cloud has been modified to present the time needed to decrypt the data before presenting them to users.
According to initial metrics, the total encryption process adds a 24.5% overhead in the total transmission time (about 800msec) and less than 1 second overhead in data decryption.
The latter overhead is acceptable in both cases for mobile health applications.
Conclusion
The Internet of Things can lead to more accurate and instant diagnosis of health incidents
Data protection is also weak since sensor devices lack the resources for anonymity,
proper authentication and data encryption
In this paper we presented the conceptual design and prototype implementation of a system based on IoT gateways that aggregate health sensor data and resolve security issues through digital certificates and PKI data encryption
Conclusion
The IoT gateway can both resolve sensor communication interoperability issues and provide a less vulnerable mean for securely authenticating to services and sending patient data
Future work: extended evaluation of the system with more
sensors in a real environment private key management and access control should
be further investigated.