Review ArticleSecurity and Privacy in the Medical Internet of Things: A Review

Wencheng Sun,1 Zhiping Cai ,1 Yangyang Li,2 Fang Liu,3

Shengqun Fang,1 and Guoyan Wang4

1College of Computer, National University of Defense Technology, Changsha 410073, China2Innovation Center, China Academy of Electronics and Information Technology, Beijing 100041, China3School of Data and Computer Science, Sun Yat-sen University, Guangzhou 510006, China4SysCan Biotechnology Company Limited, Suzhou 215000, China

Correspondence should be addressed to Zhiping Cai; zpcai@nudt.edu.cn

Received 2 October 2017; Revised 12 January 2018; Accepted 28 January 2018; Published 29 March 2018

Academic Editor: Huan Chen

Copyright © 2018 Wencheng Sun et al. This is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety,and care of billions of people after its showing up. Instead of going to the hospital for help, patients’ health-related parameterscan be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloudstorage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount of data handled byMIoT devices grows exponentially, which means higher exposure of sensitive data. The security and privacy of the data collectedfromMIoT devices, either during their transmission to a cloud or while stored in a cloud, are major unsolved concerns.This paperfocuses on the security and privacy requirements related to data flow in MIoT. In addition, we make in-depth study on the existingsolutions to security and privacy issues, together with the open challenges and research issues for future work.

1. Introduction

Medical Internet of Things is the group of devices connectedto Internet, to perform the processes and services thatsupport healthcare. MIoT has emerged as a new technologyfor e-healthcare that collects vital body parameters of patientsand monitors their pathological details by small wearabledevices or implantable sensors. MIoT has shown greatpotential in providing a better guarantee for people’s healthand supports a wide range of applications from implantablemedical devices to wireless body area network (WBAN).

Generally, theMIoT structure is composed of three layers:the perception layer, the network layer, and the applicationlayer, as shown in Figure 1. The major task of the perceptionlayer is to collect healthcare data with a variety of devices.The network layer, which is composed of wired and wirelesssystem and middleware, processes and transmits the inputobtained by the perception layer supported by technolog-ical platforms. Well-designed transport protocols not onlyimprove transmission efficiency and reduce energy consump-tion, but also ensure security and privacy. The application

layer integrates the medical information resources to providepersonalized medical services and satisfy the final users’needs, according to the actual situation of the target popu-lation and the service demand.

The security and privacy of patient-related data are twoindispensable concepts. By data security, we mean that datais stored and transferred securely, to guarantee its integrity,validity, and authenticity, and data privacy means the datacan only be accessed by the people who have authorizationto view and use it [1]. More reasonable protection strategiescould be developed according to different purposes andrequirements. The widespread use of MIoT devices providesa better guarantee for people’s health [2]; however, it alsoputs much pressure on information security and privacyprotection.

The successful development of MIoT must take securityand privacy as a core consideration. This paper proceeds asfollows. In Section 2, we discuss the security and privacyrequirements of medical data. In Section 3, we discuss sev-eral technical solutions and research status about securityand privacy issues. In Section 4, we compare 4 kinds of

HindawiSecurity and Communication NetworksVolume 2018, Article ID 5978636, 9 pageshttps://doi.org/10.1155/2018/5978636

2 Security and Communication Networks

Applicationlayer

Networklayer

Perceptionlayer

Data

Data

Figure 1: Structure of Medical Internet of Things.

𝐾-anonymity, to verify whether the division of dataset hasan impact on security of privacy data. Experiment resultsdemonstrate the effectiveness of the clustering𝐾-anonymity.In Section 5, we discuss the future research challenges and weconclude the survey in Section 6.

2. Security and Privacy Requirement

Although the majority of healthcare organizations do notspend enough resources to protect security and privacy [14],there is no doubt that security and privacy play a key role inMIoT. MIoT devices produce an increasingly large volume ofincreasingly diverse real-time data, which is highly sensitive.On the one hand, destroying the security ofmedical systemornetwork could cause disastrous consequences. On the otherhand, the patient’s privacy information exists at all stages ofdata collection, data transmission, cloud storage, and datarepublication. In developing medical Internet security andprivacy systems, the following four requirements should beconsidered.

2.1. Data Integrity. Data integrity refers to the fact that alldata values satisfy semantic standards without unauthorizedtampering. It includes two levels of accuracy and reliability.Data integrity can be divided into four categories, namely,entity integrity, domain integrity, referential integrity, anduser-defined integrity, which can be maintained by foreignkeys, constraints, rules, and triggers.

2.2. Data Usability. Data usability is to ensure that dataor data systems can be used by authorized users. Big databrings not only great benefits but also crucial challenges,such as dirty data and nonstandard data. In addition, datacorruption or data loss caused by unauthorized access alsofurther destroys data usability.

2.3. Data Auditing. Audit of medical data access is aneffective means to monitor the use of resources and a com-mon measure for finding and tracking abnormal events. In

Ciphertext PlaintextEncryption Decryption

Plaintext

Secret key Secret keyPublic

channel

Figure 2: Common model of data encryption and decryption.

addition, cloud service providers usually play untrusted roles,which require reasonable auditing methods. Audit contentgenerally includes users, cloud service providers, access, andoperation records.

2.4. Patient Information Privacy. Patient information can besubdivided into two categories: general records and sensitivedata. Sensitive data, which can also be called patient privacy,include mental status, sexual orientation, sexual functioning,infectious diseases, fertility status, drug addiction, geneticinformation, and identity information.We need tomake surethat the sensitive data is not leaked to unauthorized users, oreven if data is intercepted, the information expressed cannotbe understood by unauthorized users.

3. Existing Solutions

Since MIoT devices do not have sufficient memory, com-putation, and communication capabilities, they require apowerful and scalable high-performance computing andmassive storage infrastructure for real-time processing anddata storage. Currently, most MIoT institutions store thecollectedmedical data and deploy their application servers inthe cloud.The devices can offload their healthcare tasks to thecloud accordingly. Cloud services through their elasticity andfacility to access shared resources and common infrastructurein a ubiquitous and pervasive manner facilitate a promisingsolution for efficient management of pervasive healthcaredata.

3.1. Data Encryption. Cryptography is a security technologyfor information exchange and communication in accordancewith the agreed rules [15]. As shown in Figure 2, plaintext,also known as the original message, is encrypted into cipher-text by the encryption algorithm.Through the public channel,the message is transmitted from the sender to the receiver.The message is then decrypted into plaintext.

General data encryption can be implemented at threelevels of communication: link encryption, node encryption,and end-to-end encryption. For any intermediate node inlink encryption, the message received from the former linkwill be decrypted into plaintext and the plaintext will thenbe encrypted into ciphertext using the secret key of the nextlink. However, unlike link encryption, node encryption doesnot allow messages in plaintext form in the network node.Therefore, node encryption can provide high security for net-work data. When using end-to-end encryption, the messageis not decrypted until it is transmitted to the destination.Becausemessages are always present as ciphertext throughout

Security and Communication Networks 3

Table 1: Security and privacy mechanisms and proposals for data encryption.

Proposals Technologies Application Details

[3] Key management scheme Resource-constrained nodes Solving the issue of the limited resources availablethrough strong encryption and authentication means

[4] Lightweight privatealgorithm; DES Data transmission Strong encryption considering the characteristic of

IoT

[5] Cloud computing Monitoring the elder’s biologicaldata Reducing the waste of medical resource

[6] Authentication scheme Mobile emergency medical systems Guaranteeing the confidentiality of sensitive medicaldata

the transmission, there is no leakage of information even if anode is corrupted.

To secure e-health communications, key managementprotocols play a vital role in the security process. However,complex encryption algorithms or transmission protocolscan greatly affect the transmission rate and even fail to per-form data transmission. Furthermore, they need to occupyvaluable medical resources which are not available. Thetough balance between security protection and system energyconsumption needs to be solved with scientific and cautiousstep. Table 1 shows several data encryption proposals onMIoT.

Owing to the limited resources available and privacyconcerns, security issues have been major obstacles to thee-health applications that provide unobtrusive support forelderly and frail people. Abdmeziem and Tandjaoui [3]presented a lightweight end-to-end keymanagement scheme,which is ensuring key exchange with minimal resourceconsumption. In their proposal, the network is heteroge-neous combining nodes with different capabilities. Strongencryption methods and authentication means are used toestablish session keys for highly resources-constrained nodes.Theproposed protocol is based on collaboration by offloadingheavy asymmetric cryptographic operations to a set of thirdparties. Through security analysis, the scheme can providestrong security features, as well as the scarcity of resources.

Considering the characteristics of IoT and privacy pro-tection, Gong et al. [4] discussed the main problems incurrent smart healthcare system. Then they designed andcompleted a prototype system based on a lightweight privatehomomorphism algorithm and an encryption algorithmimproved from DES. Finally, based on the above work, theydesigned and completed a prototype system based on bothsoftware and hardware. Hu et al. [5] proposed a scheme withIoT sensor based on cloud computing which is related to thedigital envelope, digital certification, signature, time-stampmechanisms, and the asymmetric encryption technology, tomonitor the elder’s biological data and other personal infor-mation. The proposed scheme could provide more flexibleand accurate medical service as well as reducing the waste ofmedical resource.

Li et al. [6] proposed a secure authentication andkey agreement scheme for cloud-assisted WBAN systemusing extended chaotic maps, as shown in Figure 3. Thedesign of Chebyshev chaotic maps, based on the conceptof Diffie–Hellman key exchange, can create secure ways or

Doctors (D)Medical caregiver (MC)Wireless bodyarea network

Patient (P) Mobile devices Medical cloud center (C)

Health center (HC)

(1) (2)

(3)

(4)

(5)(6) (7)

(8)

Figure 3: The architecture of cloud-assisted wireless body areanetwork in mobile emergency medical care system.

channels for the system participants when they register. Themeasured health items collected frombody sensors ofWBANwould be encrypted before transmission. In order to supportreal-time analysis with continuous remote monitoring onstream-oriented health items, the monitored patient canauthorize medical caregivers to access his/her health itemsstored in a cloud, which not only provides home care butalso improves the life quality. Security and performanceanalyses showed that the proposedmechanism can effectivelyaddress the challenge of participant authentication in mobileemergency medical care systems.

3.2. Access Control. Access control is the means by which adata system defines the identity of a user and the predefinedpolicies which prevent access to resources by unauthorizedusers [16]. There are various encryption methods applied inaccess control, including symmetric key encryption (SKE),asymmetric key encryption (AKE), and attribute-basedencryption (ABE) [17].

According to general knowledge, cryptography relies onkeys. The size and generation mechanism of secret keys

4 Security and Communication Networks

Table 2: Security and privacy mechanisms and proposals for access control.

Proposals Technologies Application Details[7] ABE Access control Solving the revocation problem of emergency key[8] CP-ABE Medical sensor networks Supporting complex and dynamic security policies[9] ABE Access control to PHR Leveraging ABE to encrypt PHR files

HCO HCOPatient Patient

CAHCOs

public keys

Patientspublic keys

EHRs

HIE cloud

Secure encrypted communication channel

Figure 4: System components.

directly affect the security of the cryptosystem. Therefore,for a cryptosystem, key management mechanism determinesthe security system’s life cycle. Owing to the scalable keymanagement and flexible access control polices, ABE isgradually becoming one sort of mainstream method. Table 2shows some access control mechanisms.

In Health Information Exchange (HIE), patient healthinformation can be shared electronically with explicit autho-rization of information exchange in an auditable manner.However, existing approaches for authorization in healthinformation systems exhibit several drawbacks in meetingthe needs of HIE, with noncryptographic approaches lackinga secure and reliable mechanism for access policy enforce-ment, while cryptographic approaches being too expensive,complex, and limited in specifying policies. Chandrasekharet al. [18] proposed an authorization protocol for cloud-based HIEs which fills the gap between cryptographic andnoncryptographic approaches. The system consists of threemain components: the HIE cloud, healthcare organizations(HCOs), and the patients, as shown in Figure 4. They devel-oped a novel proxy signature-based protocol, based on anovel discrete log-based trapdoor hashing scheme, to enableauthenticated and authorized selective sharing of patienthealth information via a cloud-based HIE. According to theirdetailed security and performance analysis, the proposedprotocol, using their trapdoor hash-based proxy signaturescheme, achieves the best all-round performance while beingprovably secure.

Lounis et al. [7] presented an architecture based onattribute-based encryption (ABE), as shown in Figure 5.Since emergency access is temporary, it is crucial to revokeaccess rights given. However, revocation is a difficult issue in

(2.1) Emergency signaling

Cloud serversHealthcare center

Encryptedhealth data

Alert

(3) Rescind emergency right access

(2.2) Emergency access

(1) Send emergency alert

Figure 5: Example of emergency intervention.

ABE schemes and may generate high overhead. The integervalues and integer comparisons [19] were applied to solvethe revocation problem of emergency key. In addition, theypresented a numerical attribute which has a data value toexpress validity data of emergency key. Simulations on threescenarios showed that the proposed scheme can reduce therevocation cost and lessen the emergency response time,which means that the scheme can provide an efficient andfine-grained access control.

Lounis et al. [8] proposed a new cloud-based architectureformedical wireless sensor networks and developed an accesscontrol that supports complex and dynamic security policies,which relies on ciphertext-policy attribute-based encryption(CP-ABE). Simulation results showed that their access controlis efficient, fine-grained, and scalable. Li et al. [9] proposed anovel patient-centric framework and a suite of mechanismsfor data access control to PHRs stored in semitrusted servers.To achieve fine-grained and scalable data access controlfor PHRs, they leveraged attribute-based encryption (ABE)techniques to encrypt each patient’s PHR file and exploitedmultiauthority ABE to guarantee a high degree of patientprivacy.

3.3. TrustedThird Party Auditing. Cloud servers are not fullytrusted. The integrity and consistency of medical data storedin the cloud could be compromised if data corruption oreven deletion happenswithout user’s permission. For securityreasons, the data rules are typically specified by the user,so that the server provider does not have direct contactwith the source data. In addition, the Trusted Third Party(TTP) with great reputation which provides the unbiasedauditing results can be introduced properly, to enable theaccountability of the cloud service providers and protect thelegitimate benefits of the cloud users [20].The research issues

Security and Communication Networks 5

Table 3: Security and privacy mechanisms and proposals for data search.

Proposals Technologies Application Details

[10] Symmetric key Supporting privacy preserving stringmatching

Providing strong privacy guarantees against attacks from asemihonest adversary

[11] LKE Searching over encrypted image Better estimating of edges using smoothing kernels withedges information

[12] APKS Searching over encrypted PHR Allowing users to obtain query capabilities from localizedtrusted authorities according to their attributes

[13] CP-ABE Searching over encrypted PHR Supporting both fine-grained access control andmultikeyword search

of TTP consist of dynamic auditing, batch auditing, andauditing on performance metric.

Over the past decades, many auditingmethods have beenpresented. Several supervised machine learning approaches,such as logistic regression and support vector machine,have been applied to detect suspicious access [21]. However,relying toomuch on expected judgments and predefined tagsrestricts their large-scale promotion. Currently, unsupervisedapproaches attract more attention gradually.

Chen et al. [22] extended the relational learning methodsof Malin and colleagues, to construct the global networkof departmental interactions. Based on network structure,they proposed two measures to characterize departmentalrelationships. First, they applied certainty to characterizethe strength of departments’ interactions over time, whichwas designed to assess the extent to which changes in thenetwork influence departments’ affinity towards one another.Second, they applied reciprocity to measure the extent towhich departments exhibit similar behavior with respect toone another. They studied three months of access logs froma large academic medical center and results showed thatdepartmental interaction networks exhibit certain invariants,such as the number, strength, and reciprocity of relationships,and modeling operations at a higher level of granularitysuch as the departmental level are stable in the context of arelational network, which may enable more effective auditingstrategies.

Govaert et al. [23] conduct a preliminary review of therelationship between audits and operating costs. Accordingto their study, surgical auditing can function as a qualityinstrument and therefore as a tool to reduce costs and furtherstudies should be performed for investigation.

3.4. Data Search. For protecting data privacy, sensitive datahas to be encrypted before outsourcing, which obsoletes tra-ditional data utilization based on plaintext keyword search.Thus, enabling an encrypted cloud data search service isof paramount importance [24]. The major methods forsearchable encryption include searchable symmetric encryp-tion (SSE) and public-key encryption with keyword search(PEKS). And it should be noted that the more complexthe encryption measures are, the more difficult the data issearched and the more difficult the consistency of searchresults is checked. If the search results cannot be applied ina timely manner, then all security and privacy measures haveless meaning. Table 3 shows some data search mechanisms.

S(captain), S(ship), S(boat), S(sea)

S(captain), S(ship) S(boat), S(sea)

S(captain)S(ship) S(boat) S(sea)

Enc(L(“ship”)) Enc(L(“captain”)) Enc(L(“boat”)) Enc(L(“sea”))

Figure 6: PASS tree example.

To achieve rich querying functionality over the encrypteddata, Bezawada et al. [10] developed a symmetric key basedapproach to support privacy preserving string matching incloud computing. They developed an efficient and accurateindexing structure, the Pattern Aware Secure Search (PASS)tree, a highly balanced binary tree without revealing anycontent similarities of the keywords. The action processof PASS tree is shown in Figure 6. Furthermore, they alsodescribed a relevance ranking algorithm to return the mostrelevant documents to the user based on the pattern query.Experiments over large real-life data containing up to 100000keywords showed that the proposed algorithm can achievepattern search in less than a few milliseconds with 100%accuracy.

To enjoy the elastic resources and lesson computationalburden, personal health record (PHR) is gradually trans-ferred to the cloud storage. Miao et al. [11] designed a securecryptographic primitive called attribute-basedmultikeywordsearch over encrypted personal health records in multiownersetting to support both fine-grained access control andmultikeyword search via ciphertext-policy attribute-basedencryption (CP-ABE). Figure 7 provides an overview of m2-ABKS scheme. Empirical experiments over real-world datasetwere conducted to show its feasibility and practicality in abroad range of actual scenarios.

Methods based on kernel regression can restore the imagefrom its downsampled version with low computational cost,but with low quality around edges. Song et al. [12] proposed aLaplace guided kernel regression method (LKR), in which anovel weighted Laplace map is used to refine the smoothingkernel in KR, and the key insight of LKR is that KR basedmethods can better estimate edges when using smoothingkernels with edges information. Li et al. [13] formulated

6 Security and Communication Networks

TrapdoorResultsIndex Ciphertext

Private keyAccess tree

Records

Cloud server provider

Data owner Third trust server Data user

Figure 7: System model of m2-ABKS scheme.

and addressed the problem of authorized private keywordsearches (APKS) on encrypted personal health record incloud computing environments. They allow users to obtainquery capabilities from localized trusted authorities accord-ing to their attributes. In addition to document privacy andquery privacy, other salient features of our schemes includeefficiently support multidimensional and multiple keywordsearches with simple range query and allow delegation andrevocation of search capabilities.

3.5. Data Anonymization. Patient sensitive data can bedivided into three categories: explicit identifiers, quasi-identifiers, and privacy attributes. Explicit identifier canuniquely indicate a patient, such as an ID number, name,and cell phone number. A combination of quasi-identifierscan also uniquely indicate a patient, such as age, birthdata, and address. Privacy information refers to sensitiveattributes of a patient, including illness and income. In theprocess of data publication, while considering the distri-bution characteristics of the original data, it is necessaryto ensure that the individual attributes of the new datasetare properly processed, so as to protect the patient’s pri-vacy. At present, random perturbation technology and dataanonymous technology are usually used to solve these issuessuch as 𝑘-anonymity, 𝑙-diversity, and confidence bounding.In particular, the traditional 𝑘-anonymity is widely applied.However, the drawback is that it does not do any constraintson sensitive data, and attackers can use consistency attack andbackground knowledge attack to identify sensitive data andpersonal contact, which lead to loss of privacy.

After the study of the privacy concerns of sharing patientinformation between theHong Kong Red Cross Blood Trans-fusion Services (BTS) and the public hospitals,Miao et al. [11]found that there are three challenges, high dimensionality,data utility, and algorithm quality, which limit the applicationof traditional data anonymization methods. They proposeda new privacy model called LKC-privacy, using two algo-rithms with different adaptations, to address the problemsof centralized anonymization and distributed anonymization.The first adaptation maximizes the information preservedfor classification analysis, and the second one minimizes thedistortion on the anonymous data for general data analysis.

Privacy model(parameter k)

Dataset(ICD, age) Anonymization

framework

Clustering

AlignmentAnonymized

dataset

Figure 8: A general architecture of the longitudinal dataanonymization process.

The two algorithms were implemented on two real-lifedatasets, Blood and Adult. Results showed that the proposedalgorithms were flexible and scalable enough to handle largevolumes of blood transfusion data with numerical attributes.

Many clustering algorithms can be applied in dataanonymization for 𝑘-anonymous data. In the context oflongitudinal data, the challenge is to define a distancemetric for trajectories. Figure 8 provides an overview of thelongitudinal data anonymization process. Fung et al. [25]selected the Maximum Distance to Average Vector (MDAV)algorithm [26], an efficient heuristic for 𝑘-anonymity, todevelop their clustering algorithm. The proposed algorithmiteratively selects the most frequent trajectory in a longitudi-nal dataset and forms a cluster of at least 𝑘 records aroundthe latter. In addition, they define the distance between twotrajectories as the cost of their anonymization. Experimentson several patient cohorts derived from the EMR systemof the Vanderbilt University Medical Center showed thatthe proposed approach can generate anonymized data thatpermit effective biomedical analysis, using heuristics inspiredfrom sequence alignment and clustering methods.

Liu and Li [27] introduced a clustering method based𝐾-anonymity algorithm as the building block of privacypreserving for medical wearable devices. The clustering𝐾-anonymity would assign similar records into the sameequivalent set, while the similarity among these recordsmakeit harder to discriminate different identities than before.Then, they unify the quasi-identifiers in the same clustersby generalizing and suppressing operations. The output ofthis algorithm is a table that satisfies the principle of 𝐾-anonymity. All the records in the same equivalent set aresimilar to each other. In this way, it would be harder torecognize the users’ identities in one equivalent set, and theprivacy of these subjects would be securer.

4. Use Case

Security problems appear with the wide deployment ofmedical wearable devices. The most severe threat would bethe privacy leakage of medical wearable devices data. Aftercollecting data from the smart terminals, data holders ofmedical wearable devices are willing to share the data withapplication developers to enrich their services or obtainmon-etary benefits. The data collected contain abundant privacyinformation. In addition, when sharing the data recorded by

Security and Communication Networks 7

Table 4: Original data.

Height Weight Age Sensitive data172 63 27 Time serials178 75 34 Time serials180 72 26 Time serials185 77 22 Time serials

Table 5: Anonymity result of original data.

Height Weight Age Sensitive data17∗ ∗∗ ∗∗ Time serials17∗ ∗∗ ∗∗ Time serials18∗ 7∗ 2∗ Time serials18∗ 7∗ 2∗ Time serials∗ and ∗∗ represent anonymous information.

human-carriedwearable sensors, somepersonal information,such as age, height, and weight, may also be submittedunder warrant. Therefore, though the original intention ofdata sharing is always positive, the uncontrolled personalinformation may raise the risk of privacy disclosure.

In this section, we compare 4 kinds of 𝐾-anonymity,including Partial Datafly 𝐾-anonymity, Overall Datafly 𝐾-anonymity [28], 𝜇-Argus 𝐾-anonymity [29], and clustering𝐾-anonymity, which are different in the division of datasets.We want to verify whether the division of dataset has animpact on security of privacy data.The data is collected froma real hospital database. Experiment results demonstrate theeffectiveness of the clustering 𝐾-anonymity.

4.1. AnExample of PrivacyDisclosure. For example, as Table 4shows, Alice is an owner of a medical wearable device, andthe manufacturer of the device collects the data produced bythis device and the information about her age, height, andweight. Then the data holder shared a dataset (as Table 4shows) which contains Alice’s data. The adversary Evil getsthis information, and he knows that Alice is 178 cm, 75 kg,and at the age of 34. Therefore, Evil could get Alice’s sensitivedata readily by combining the dataset with the backgroundknowledge.

The data holder cuts the linkage between identity andsensitive data by generalizing the quasi-identifiers beforesharing according to 𝐾-anonymity. Table 5 shows the 2-anonymity result of Table 4. In Table 5, it would be hard torecognize Alice’s identity with link-attack. However, the datacontained in sensitive data could still disclose the identityof Alice. Specifically, if we extract proper feature of thesedata and put it into a suitable classifier, the identity could berecognized.

4.2. Comparative Results and Analysis

4.2.1. Comparative Results. Figure 9 shows the discriminat-ing rate of the identities in each equivalent set. The datasetis divided according to the principle of 2-anonymity. It isclear that the discriminating rate of clustering 2-anonymity

Overall Datafly K-anonymityClustering K-anonymityPartial K-anonymity-Argus K-anonymity

2 3 4 5 6 7 8 91 11 12 13 1410

The sequence of people

50

60

70

80

90

Disc

rimin

atin

g ra

te

Figure 9: The discriminating rate of 2-anonymity.

is relatively lower than other 2-anonymity. We can thus claimthat the clustering 2-anonymity is the most secure methodamong the four considered methods.

4.2.2. Analysis. In this experiment, the sensitive data of all therecords keep invariant. Because of the different combinationabout the equivalent set, the discriminating rate in eachequivalent set would be different. Reasonable assignment ofrecords improves security level of clustering𝐾-anonymity.

5. Future Challenges of Security andPrivacy in MIoT

Any developer in the development of the MIoT securityand privacy system will take into account the impact ofvarious factors, to get a better balance among them. In orderto achieve a better security environment, several challengesrequire special attention.

5.1. Insecure Network. Because of the convenience and lowcost, a number of devices and software services rely heavilyon wireless networks, such as WiFi, which are known tobe vulnerable to various intrusions including unauthorizedrouter access, man-in-the-middle attacks, spoofing, denialof service attacks, brute-force attacks, and traffic injections[30]. In addition, most free wireless networks in public place,which have not been certified, are untrusted networks [31].

5.2. Lightweight Protocols for Devices. Low-cost devices andsoftware applications based on sensors should follow specificpolicy and proxy rules to provide services. At present, ifwe want to provide high-grade security for the sensors, wemust apply the high-cost solutions. It is a conflict in MIoTsystem. Developing different levels of security protocolsaccording to application scenarios, especially lightweight

8 Security and Communication Networks

security protocols, is the main task of security protection inthe future.

5.3. Data Sharing. Despite the rapid development of medicalinformation technology, the phenomenon of informationisland is increasingly serious. The standards of the datagathered fromdevices of differentmanufacturers vary widely,which makes it difficult to unify management. However, theinformation collaboration and sharing among heterogeneoussystems of MIoT constitute the inevitable trend of thefuture.The privatization of patient information could be verydetrimental to the security of the MIoT system. Employinggeneral data policies to combine different data could providemore comprehensible information and enhance security andprivacy with hierarchical security model.

6. Conclusion

A variety of medical devices and software applications areapplied to improve the quality of medical services and alsogenerate large amounts of data. At present, the importance ofdata is self-evident. How to effectively protect data securityand privacy at all stages of data flowwill occupy an importantposition in future related research. Starting from the securityand privacy requirements of MIoT, this paper discusses thesecurity and privacy issues from five technical aspects andpresents the challenges of future research. MIoT has beengiven great attention; however, the related standards andtechnical specifications are still improving, especially thespecial application requirements of healthcare, and moresuccessful exploration is needed.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The authors would like to acknowledge the financial supportfrom the National Natural Science Foundation of China(no. 61379145) and the Joint Funds of CETC (Grant no.20166141B08020101).

References

[1] J. Tang, A. Liu, M. Zhao, and T. Wang, “An aggregate signaturebased trust routing for data gathering in sensor networks,”Security and Communication Networks, vol. 2018, Article ID6328504, 30 pages, 2018.

[2] W. Sun, Z. Cai, F. Liu et al., “A survey of data mining tech-nology on electronic medical records,” in Proceedings of theInternational Conference on E-Health Networking, Applicationand Services, pp. 1–6, 2017.

[3] M. R. Abdmeziem and D. Tandjaoui, “A cooperative end toend key management scheme for e-health applications in thecontext of internet of things,” in Ad-hoc Networks and Wireless,pp. 35–46, Springer, Berlin Heidelberg, 2014.

[4] T. Gong, H. Huang, P. Li, K. Zhang, and H. Jiang, “A MedicalHealthcare System for Privacy Protection Based on IoT,” inProceedings of the 7th International Symposium on Parallel

Architectures, Algorithms, and Programming, PAAP ’15, pp. 217–222, December 2015.

[5] J.-X. Hu, C.-L. Chen, C.-L. Fan, and K.-H.Wang, “An intelligentand secure health monitoring scheme using IoT sensor basedon cloud computing,” Journal of Sensors, vol. 2017, Article ID3734764, 11 pages, 2017.

[6] C.-T. Li, C.-C. Lee, and C.-Y. Weng, “A secure cloud-assistedwireless body area network in mobile emergency medical caresystem,” Journal of Medical Systems, vol. 40, no. 5, pp. 1–15, 2016.

[7] A. Lounis, A. Hadjidj, A. Bouabdallah, and Y. Challal, “Securemedical architecture on the cloud using wireless sensor net-works for emergency management,” in Proceedings of the 2013IEEE 8th International Conference on Broadband, WirelessComputing, Communication and Applications, BWCCA 2013,pp. 248–252, October 2013.

[8] A. Lounis, A. Hadjidj, A. Bouabdallah, and Y. Challal, “Healingon the cloud: secure cloud architecture for medical wirelesssensor networks,” Future Generation Computer Systems, vol. 55,pp. 266–277, 2016.

[9] M. Li, S. Yu, and Y. Zheng, “Scalable and secure sharing ofpersonal health records in cloud computing using attribute-based encryption,” IEEE Transactions on Parallel and Dis-tributed Systems, vol. 24, no. 1, pp. 131–143, 2012.

[10] B. Bezawada, A. X. Liu, B. Jayaraman, A. L. Wang, and R. Li,“Privacy Preserving String Matching for Cloud Computing,”in Proceedings of the 35th IEEE International Conference onDistributed Computing Systems, ICDCS ’15, pp. 609–618, July2015.

[11] Y. Miao, J. Ma, X. Liu, F. Wei, Z. Liu, and X. A. Wang, “m2-ABKS: attribute-based multi-keyword search over encryptedpersonal health records in multi-owner setting,” Journal ofMedical Systems, vol. 40, no. 11, article 246, 2016.

[12] C. Song, X. Lin, X. Shen et al., “Kernel regression basedencrypted images compression for e-healthcare systems,” inProceedings of the International Conference onWireless Commu-nications and Signal Processing, pp. 1–6, 2013.

[13] M. Li, S. Yu, N. Cao, and W. Lou, “Authorized private keywordsearch over encrypted data in cloud computing,” in Proceedingsof the 31st International Conference on Distributed ComputingSystems (ICDCS ’11), pp. 383–392, IEEE, Minneapolis, Minn,USA, July 2011.

[14] M. Huang, A. Liu, T. Wang, and C. Huang, “Green data gather-ing under delay differentiated services constraint for internet ofthings,” Wireless Communications and Mobile Computing, vol.2018, Article ID 9715428, 2018.

[15] Y. Zhao, “Identity-concealed authenticated encryption andkey exchange,” in Proceedings of the ACM Sigsac Conferenceon Computer and Communications Security, pp. 1464–1479,October 2016.

[16] E. Bacis, S. D. Vimercati, S. Foresti, S. Paraboschi, M. Rosa, andP. Samarati, “Mix and Slice: Efficient Access Revocation in theCloud,” in Proceedings of the 23rd ACMConference on Computerand Communications Security, CCS 2016, pp. 217–228, October2016.

[17] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypteddata,” in Proceedings of the 13th ACM Conference on Computerand Communications Security (CCS ’06), pp. 89–98, November2006.

[18] S. Chandrasekhar, A. Ibrahim, and M. Singhal, “A novel accesscontrol protocol using proxy signatures for cloud-based health

Security and Communication Networks 9

information exchange,” Computers & Security, vol. 67, pp. 73–88, 2017.

[19] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policyattribute-based encryption,” in Proceedings of the IEEE Sympo-sium on Security and Privacy (SP ’07), pp. 321–334, May 2007.

[20] V. Venkatesh and P. Parthasarathi, “Trusted third party auditingto improve the cloud storage security,”Wireless Communication,2013.

[21] A.A. Boxwala, K. Jihoon, J.M.Grillo et al., “Using statistical andmachine learning to help institutions detect suspicious accessto electronic health records,” Journal of the American MedicalInformatics Association, vol. 18, no. 4, pp. 498–505, 2011.

[22] Y. Chen, S. Nyemba, and B. Malin, “Auditing medical recordsaccesses via healthcare interaction networks,” in Proceedingsof the Annual Symposium proceedings. AMIA Symposium, vol.2012, p. 93, 2012.

[23] J. A. Govaert, A. C. M. Van Bommel, W. A. Van Dijk, N. J.Van Leersum, R. A. E. M. Tollenaar, and M. W. J. M. Wouters,“Reducing healthcare costs facilitated by surgical auditing: asystematic review,” World Journal of Surgery, vol. 39, no. 7, pp.1672–1680, 2015.

[24] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preserving multi-keyword ranked search over encrypted clouddata,” in Proceedings of the IEEE INFOCOM, pp. 829–837, April2011.

[25] B. C. M. Fung, P. C. K. Hung et al., “Centralized and distributedanonymization for high-dimensional healthcare data,” AcmTransactions on Knowledge Discovery from Data, vol. 4, no. 4,article 18, 2010.

[26] A. Tamersoy, G. Loukides,M. E. Nergiz, Y. Saygin, and B.Malin,“Anonymization of longitudinal electronic medical records,”IEEE Transactions on Information Technology in Biomedicine,vol. 16, no. 3, pp. 413–423, 2012.

[27] F. Liu and T. Li, “A clustering k-anonymity privacy-preservingmethod for wearable IoT devices,” Security and CommunicationNetworks, vol. 2018, pp. 1–8, 2018.

[28] J. Peng, C.-J. Tang, W.-Q. Cheng, B.-M. Shi, and S.-J. Qiao,“A hierarchy distance computing based clustering algorithm,”Chinese Journal of Computers, vol. 30, no. 5, pp. 786–795, 2007.

[29] L. Sweeney, “Guaranteeing anonymity when sharing medicaldata, the datafly system,” in Proceedings of the Conferenceof the American Medical Informatics Association Amia FallSymposium, vol. 51, 1997.

[30] S. Han, S. Zhao, Q. Li, C.-H. Ju, and W. Zhou, “PPM-HDA:privacy-preserving andmultifunctional health data aggregationwith fault tolerance,” IEEE Transactions on Information Foren-sics and Security, vol. 11, no. 9, pp. 1940–1955, 2016.

[31] H. Zhang, Z. Cai, Q. Liu et al., “A survey on security-awaremeasurement in SDN,” Security and Communication Network,vol. 2018, Article ID 2459154, 2018.

International Journal of

AerospaceEngineeringHindawiwww.hindawi.com Volume 2018

RoboticsJournal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Active and Passive Electronic Components

VLSI Design

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Shock and Vibration

Hindawiwww.hindawi.com Volume 2018

Civil EngineeringAdvances in

Acoustics and VibrationAdvances in

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwww.hindawi.com

Volume 2018

Hindawi Publishing Corporation http://www.hindawi.com Volume 2013Hindawiwww.hindawi.com

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com

Journal ofEngineeringVolume 2018

SensorsJournal of

Hindawiwww.hindawi.com Volume 2018

International Journal of

RotatingMachinery

Hindawiwww.hindawi.com Volume 2018

Modelling &Simulationin EngineeringHindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Chemical EngineeringInternational Journal of Antennas and

Propagation

International Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Navigation and Observation

International Journal of

Hindawi

www.hindawi.com Volume 2018

Advances in

Multimedia

Submit your manuscripts atwww.hindawi.com