Enabling Data Protection through PKI encryption in IoT m-Health Devices

2,535 views

Published on

Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,535
On SlideShare
0
From Embeds
0
Number of Embeds
14
Actions
Shares
0
Downloads
90
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Population ageing, along with the increasing survival rates from disabling accidents and illnesses, is expected to lead to an increase in the proportion of the population with impairments, disabilities or chronic illnesses.
  • Ambient Assisted Living services can provide support for these people in their daily routine to allow an independent and safe lifestyle for as long as possible
  • AAL services utilize mostly home-based assistive technologies (e.g. intelligent, highly personalized network embedded objects, such as wireless devices and sensors, wireless communication technologies and data mining for status awareness. These however are also the main components of a new notion knows as the Internet of Things
  • The “Internet of Things” is an emerging global information service architecture. Its notion is based on providing Internet connectivity to various devices (can be sensors, like medical sensors, or actuators, e.g., smart doors,power management systems, etc. The key feature of IoT is the collaboration of services and integration of information between different resources. How information from sensors, like current user status, information from external resources (like a medical record) can be combined to drive decsions: e.g, initiate a doctor visit.
  • So the impact of IoT in healthcare is very important since the key features can facilitate the proper identification of patient context and status awareness and through critical information retrieval can drive smart actions that improve patients living or even save their lives
  • However the realization of IoT and healthcare solutions has not been yet achieved. There are many challenges to overcome, like interoperability between devices, operators and services, ethical and privacy issues to resolve, even how to build effective pricing models with many entities involved, and of course security.
  • The term security subsumes a wide range of different concepts, chief among them authentication, confidentiality, integrity and authorization. The major challenge in this case are the limited computational resources of many sensor devices: no proper data encryption or authentication schemes can be applied on wearable heart rate or oxymeter devices.
  • This paper presents a prototype Cloud-based system, which complies with the IoT concept. The proposed system manages data collected by wearable – textile sensors (i.e. biosignals, motion data and contextual data (like location, ambient temperature, activity status, etc.), which, are forwarded to a gateway utilizing established techniques for IoT communication and then to the Cloud infrastructure. To resolve the aforementioned security challenges we have introduced the IoT gateway notion that provides proper data encryption, access control and transmission based on applying PKI technology.
  • The past few years a number of key distribution schemes have been proposed for hop-by-hop encryption of data. In addition, a secure hop-by-hop data aggregation protocol, namely SEDAN has been proposed, according to which each node can verify immediately the integrity of its two hops neighbors.However, all proposed approaches could be considered vulnerable since the intermediate aggregator nodes, which hold decrypted sensor data, are easy to tamper with.This vulnerability can be addressed by end-to-end techniques for data encryption. These techniques also use a key scheme.
  • Public Key Encryption constitutes an effective approach to data encryption as it can provide an increased level of confidence for exchanging information over an increasingly insecure environment, such as IoT. Public key cryptography uses a pair of mathematically related keys. If one key is used to encrypt information, then only the related key can decrypt that information. In case the public key gets compromised, still it is not computationally feasible to retrieve the private key.
  • In the case of IoT and healthcare, devices that generate patient-related information (like body sensor readings) can encrypt data using a public key and the health monitoring applications (e.g., cloud or web systems operated by caregivers or relatives) can use the private key to decrypt the data. Using also PKI digital certificates the proper authentication of the devices can be achieved, in addition to the secure data transmission.However the establishment of PKI in IoT systems introduces a major challenge: Even the encryption process with the public key requires computational and memory resources that existing wireless sensor technologies do not provide, especially when frequent data transmission is required (e.g., heart signal transmission
  • he proposed system addresses this issue by introducing IoT-enabled gateways. The IoT gateways are devices with computational abilities comparable to desktop computers, come with integrated full operating system (usually Linux) and have many communication interfaces
  • These gateways can also address an additional security issue for IoT devices: registration of new sensor devices and key management. When a new monitoring device that transmits data through the Internet is introduced, the device needs to have access to the public key for properly encrypting the data. The latter process raises key management and distribution issues. By using an IoT gateway key management is essential only for the gateway device itself and not every sensor device connecting to the latter. The communication between the IoT gateway and the sensor device can be secured using symmetric encryption (which is less computational intensive than PKI). In addition, the gateway has the ability to receive a new key if required since it is a central communication point always connected to the Internet.
  • The proposed system enables medical data collection from various mobile/wearable sensors, contextual data (like room conditions, user habits, etc.) collection and secure transmission to caregivers and family members using a Cloud-based infrastructure.The architecture consists mainly of three components; the mobile and contextual sensors, the IoT gateways and the Back-end infrastructure.
  • The gateways have better computational resources (usually come with at least 1GHz ARM processor and 512Mb or RAM memory) and host a complete operating system that provides PKI tools (like the OpenSSL).
  • So they can perform data encryption, authentication, ….
  • Data Flow Diagram illustrating the basic functionality of an IoT gateway.An additional feature is the ability to perform some initial data preprocessing (e.g., data filtering, compression or pattern analysis) before data is encrypted using PKI and forwarded to the Internet using a WiFi or an Ethernet network interface.
  • Cloud Computing is a model for enabling convenient, on-demand network access to a shared group of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
  • The latter features make Cloud computing a very suitable model for building back-end infrastructures that support data management and visualization of IoT m-health devices. In addition, Cloud resources can provide the essential requirements for PKI information encryption/decryption (like computational resources) and encryption/decryption key management
  • The Internet of Things enables the collective aggregation of patient data and patient information that can lead to more accurate and instant diagnosis of health incidents Data protection is also quite weak since sensor devices lack the resources for protecting user anonymity, and providing proper authentication and data encryption at the same time
  • Enabling Data Protection through PKI encryption in IoT m-Health Devices

    1. 1. Enabling Data Protection through PKI encryptionin IoT m-Health DevicesCharalampos Doukas, Ilias Maglogiannis, Vassiliki Koufi, Flora Malamateniou, George Vassilacopoulos S
    2. 2. Introduction
    3. 3. Introduction
    4. 4. Introduction
    5. 5. IntroductionS Emerging global information service architectureS Providing Internet access to devices S Sensors S ActuatorsS Collaboration of services and integration of information between different resources
    6. 6. IntroductionS Great impact on healthcare:S Patient context and status awarenessS Critical information retrieval (e.g., medical record)S Smart actions: S Recommendations for better living (nutrition, activity, etc.) S Emergency care
    7. 7. ChallengesS Many:S Interoperability S Information retrieval from different resourcesS EthicalS Business models => different entities involvedS Security
    8. 8. ChallengesSecurit yS Data encryption S Limited resources for many sensor devicesS Proper authentication S User authentication S Device authenticationS Integrity, confidentiality, etc.
    9. 9. The presented workS A prototype Cloud-based system, which complies with the IoT conceptS Manages data collected by wearable – textile sensorsS Utilizes the IoT gateway notion S Data encryption, user access control and secure transmission S PKI technology
    10. 10. Some Related WorkS Growing interest in the utilization of IoT-based systems in a wide range of applications, including homecare applicationsS Most works address sensor, data collection and networking issuesS Data encryption and confidentiality: S Some solutions utilize hop-by-hop encrypted data aggregation some end-to-end encrypted data aggregation S Most works present proprietary and ‘closed’ sensor systems
    11. 11. PKI for IoT DevicesS Hop-by-hop encryption of dataS Secure hop-by-hop data aggregation protocol (SEDAN)S What about intermediate nodes? S hold decrypted sensor data S Easy to tamper withS This vulnerability can be addressed by end-to-end techniques for data encryptionS A key is shared among all sensors and the system where aggregated data are transmitted to
    12. 12. PKI for IoT DevicesS PKI (Public Key Encryption) constitutes an effective approach to data encryptionS If one key is used to encrypt information, then only the related key can decrypt that informationS In case the public key gets compromised, still it is not computationally feasible to retrieve the private key
    13. 13. PKI for IoT DevicesS For IoT and Healthcare: S Main Challenge:S Devices that generate patient- S Even the encryption process related information can encrypt with the public key requires data using a public key computational and memory resourcesS health monitoring applications can use the private key to S Existing wireless sensor decrypt the data technologies do not provide, especially when frequent dataS Using also PKI digital transmission is required (e.g., certificates the proper heart signal transmission) authentication of the devices S Typical sensor can be achieved, in addition to microcontroller unit: 32MHz, the secure data transmission. 512Kb memory
    14. 14. The Proposed SolutionS Introduction of IoT GatewaysS Have the computational resources (>1 GHz CPU, >500MB RAM) to perform PKIS Come with additional network interfaces S Communication with wireless sensor networksS No issues with power consumptionS Can be easily installed (similar to home routers)
    15. 15. The Proposed SolutionS Can also address an additional security issue for IoT devices: registration of new sensor devices and key managementS When a new monitoring device is introduced, the device needs to have access to the public keyS By using an IoT gateway key management is essential only for the gateway device itself and not every sensor device connecting to the latterS The communication between the IoT gateway and the sensor device can be secured using symmetric encryption (which is less computational intensive than PKI)S In addition, the gateway has the ability to receive a new key if required since it is a central communication point always connected to the Internet
    16. 16. The Proposed SolutionS Mainly of three components; the mobile and contextual sensors, the IoT gateways and the Back-end infrastructure
    17. 17. Mobile & Contextual SensorsS Continuously or periodically sense data about the patient status S heart/pulse rate, temperature, etc.S Patient context S room temperature, air quality, lighting conditions, etc.S Sensor Devices = MCUs + Analog/Digital Sensors + Wireless Interfaces (ZigBee, Bluetooth, etc.)
    18. 18. IoT GatewaysS Computational devices S RaspberryPi, Beagleboard, etc. S Typical price range: 25$ - 150$S Complete OS (Linux)S Networking Interfaces S WiFi or Ethernet (Communication to the Internet) S ZigBee S Bluetooth S Zwave, RF, etc.
    19. 19. IoT GatewaysS Computational resources: S Perform proper data encryption S Authentication S (PKI) S Used for Data processing S Sensor data filtering S Data miningS I/O ports S Connecting wireless interfaces
    20. 20. IoT Gateways
    21. 21. Cloud (Back-end) InfrastructureS Convenient, on-demand network access to shared group of configurable computing resources S CPU S Storage (Scalability) S Services S Pay as you go model S Maintenance-free
    22. 22. Cloud (Back-end) InfrastructureS Suitable model for back-end infrastructuresS Support data management and visualization of IoT m- health devicesS Resources for PKI and key management
    23. 23. System Overview Cloud InfrastructureMedical devices Certificates Public Key Symmetrically encrypted data
    24. 24. Initial System EvaluationS Prototype implementation S Wireless (Bluetooth) Pulse Oxymeter S A contextual sensor (temp, humidity, air quality and light) S An IoT Gateway S A Cloud-back end system for data management
    25. 25. Initial System EvaluationS Contextual sensor S Arduino microcontroller S A digital temperature sensor S A digital humidity sensor S An analog light sensor S An analog air quality sensor.The Arduino can be connected to the home network of the usereither through Ethernet of WiFi network interfaces.
    26. 26. Initial System EvaluationS The IoT gateway S An open source, WiFi enabled gateway board properly modified to host additional wireless interfaces (like Bluetooth and ZigBee) S A Beagle board Linux board computer.S The gateway board collects all information and forwards the data to the Beagleboard using a serial interface.S The Beagleboard runs a Python script that accepts data from the UART interface and then applies PKI encryption using a pre-stored public key (1024 bit key length).S Then encrypted data are forwarded to a sample Cloud application using a REST Web Service. The Cloud application decrypts the data using the private key and presents sensor data to users.
    27. 27. Initial System EvaluationS Data (average sensor values) are transmitted in 1-minute intervalsS The Python script that encrypts the data has been modified to provide information about the time needed to encrypt the sensor readings (total message length less than 100Kb).S Respectively, the J2EE application on the Cloud has been modified to present the time needed to decrypt the data before presenting them to users.S According to initial metrics, the total encryption process adds a 24.5% overhead in the total transmission time (about 800msec) and less than 1 second overhead in data decryption.S The latter overhead is acceptable in both cases for mobile health applications.
    28. 28. ConclusionS The Internet of Things can lead to more accurate and instant diagnosis of health incidentsS Data protection is also weak since S sensor devices lack the resources for anonymity, proper authentication and data encryptionS In this paper we presented the conceptual design and prototype implementation of a system based on IoT gateways that aggregate health sensor data and resolve security issues through digital certificates and PKI data encryption
    29. 29. ConclusionS The IoT gateway can both resolve sensor communication interoperability issues and provide a less vulnerable mean for securely authenticating to services and sending patient dataS Future work: S extended evaluation of the system with more sensors S in a real environment S private key management and access control should be further investigated.

    ×