Sanaz Rahimi Moosavi

End-to-end security scheme for mobility enabled healthcare Internet of Things

We propose an end-to-end security scheme for mobility enabled healthcare Internet of Things (IoT). The proposed scheme consists of (i) a secure and efficient end-user authentication and authorization architecture based on the certificate based DTLS handshake, (ii) secure end-to-end communication based on session resumption, and (iii) robust mobility based on interconnected smart gateways. The smart gateways act as an intermediate processing layer (called fog layer) between IoT devices and sensors (device layer) and cloud services (cloud layer). In our scheme, the fog layer facilitates ubiquitous mobility without requiring any reconfiguration at the device layer. The scheme is demonstrated by simulation and a full hardware/software prototype. Based on our analysis, our scheme has the most extensive set of security features in comparison to related approaches found in literature. Energy-performance evaluation results show that compared to existing approaches, our scheme reduces the communication overhead by 26% and the communication latency between smart gateways and end users by 16%. In addition, our scheme is approximately 97% faster than certificate based and 10% faster than symmetric key based DTLS. Compared to our scheme, certificate based DTLS consumes about 2.2 times more RAM and 2.9 times more ROM resources. On the other hand, the RAM and ROM requirements of our scheme are almost as low as in symmetric key-based DTLS. Analysis of our implementation revealed that the handover latency caused by mobility is low and the handover process does not incur any processing or communication overhead on the sensors.

SEA: A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways☆

In this paper, a secure and efficient authentication and authorization architecture for IoT-based healthcare is developed. Security and privacy of patients’ medical data are crucial for the accepta ...

On the Feasibility of Attribute-Based Encryption on Internet of Things Devices

The Internet of Things (IoT) is emerging with the pace of technology evolution, connecting people and things through the Internet. IoT devices enable large-scale data collection and sharing for a wide range of applications. However, it is challenging to securely manage interconnected IoT devices because the collected data could contain sensitive personal information. The authors believe that attribute-based encryption (ABE) could be an effective cryptographic tool for secure management of IoT devices. However, little research has addressed ABEs actual feasibility in the IoT thus far. This article investigates such feasibility considering well-known IoT platforms--specifically, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero. A thorough evaluation confirms that adopting ABE in the IoT is indeed feasible.

An Elliptic Curve-based Mutual Authentication Scheme for RFID Implant Systems☆

Abstract In this paper, a secure mutual authentication scheme for an RFID implant system is developed. An insecure communication channel between a tag and a reader makes the RFID implant system vulnerable to attacks and endangers the users safety and privacy. The proposed scheme relies on elliptic curve cryptography and the D-Quark lightweight hash design. Compared to the available public-key cryptosystems, elliptic curve-based cryptosystems are the best choice due to their small key sizes as well as their efficiency in computations. The D-Quark lightweight hash design is tailored for resource constrained pervasive devices, cost, and performance. The security analysis of the proposed authentication scheme revealed that it is secure against the relevant threat models and provides a higher security level than related work found in the literature. The computational performance comparison shows that our work has 48% less communication overhead compared to existing similar schemes. It also requires 24% less total memory than the other approaches. The required computational time of our scheme is generally similar to other existing schemes. Hence, the presented scheme is a well-suited choice for providing security for the resource-constrained RFID implant systems.

Session Resumption-Based End-to-End Security for Healthcare Internet-of-Things

In this paper, a session resumption-based end-to-end security scheme for healthcare Internet of things (IoT) is pro-posed. The proposed scheme is realized by employing certificate-based DTLS handshake between end-users and smart gateways as well as utilizing DTLS session resumption technique. Smart gateways enable the sensors to no longer need to authenticate and authorize remote end-users by handing over the necessary security context. Session resumption technique enables end-users and medical sensors to directly communicate without the need for establishing the communication from the initial handshake. Session resumption technique has an abbreviated form of DTLS handshake and neither requires certificate-related nor public-key funtionalities. This alleviates some burden of medical sensors tono longer need to perform expensive operations. The energy-performance evaluations of the proposed scheme are evaluated by developing a remote patient monitoring prototype based on healthcare IoT. The energy-performance evaluation results show that our scheme is about 97% and 10% faster than certificate-based and symmetric key-based DTLS, respectively. Also, the certificate-based DTLS consumes about 2.2X more RAM and 2.9X more ROM resources required by our scheme. While, our scheme and symmetric key-based DTLS have almost similar RAM and ROM requirements. The security analysis reveals that the proposed scheme fulfills the requirements of end-to-end security and provides higher security level than related approaches found in the literature. Thus, the presented scheme is a well-suited solution to provide end-to-end security for healthcare IoT.

Pervasive health monitoring based on Internet of Things: Two case studies

With the continuous evolution of wireless sensor networks and Internet of Things (IoT) various aspects of life will benefit. IoT based pervasive healthcare system has potential to provide error free medical data and alerting system in critical conditions with continuous monitoring. The system will minimize the need of dedicated medical personnel for patient monitoring and help the patients to lead a normal life besides providing them with high quality medical service. In this paper, we provide the implementation of IoT-based architectures for remote health monitoring based on two popular wireless technologies, Wi-Fi and ZigBee. We analyse the two architectures with the aim of identifying their pros and cons and discuss suitability of mentioned wireless communication technologies for different healthcare application domains.

Cryptographic key generation using ECG signal

In this paper, two different electrocardiogram (ECG) based cryptographic key generation approaches are proposed. The aim is to enhance the security of body area networks through robust key generation where keys are generated on the fly without requiring key pre-distribution solutions. The Interpulse Interval (IPI) feature of ECG underlays both of the proposed approaches. The first approach is realized by using a pseudo-random number and consecutive IPI sequences. The second approach is realized by utilizing the Advanced Encryption Standard (AES) algorithm and IPI as the seed generator for the AES algorithm. The efficiency of the proposed approaches is evaluated using real ECG data of 15 patients obtained from the MIT-BIH Arrhythmia dataset of PhysioBank. The security analyses of the generated keys are carried out in terms of distinctiveness, randomness, and temporal variance as well as using the NIST benchmark. The analyses show that our key generation approaches provide a higher security level in comparison to existing approaches relying only on singleton IPI sequences. The execution times required to generate the cryptographic keys on different processors are also examined. The results reveal that the security level improvement comes with a reasonable increase in key generation execution time. Comparing to existing IPI-based approaches, our approaches require 12.3% and 41.2% more execution time, respectively.

Enhancing Performance of 3D Interconnection Networks using Efficient Multicast Communication Protocol

Three-dimensional integrated circuits (3D ICs) offer greater device integration, reduced signal delay and reduced interconnect power. They also provide greater design flexibility by allowing heterogeneous integration. In order to exploit the intrinsic capability of reducing the wire length in 3D ICs, 3D NoC-Bus Hybrid mesh architecture was proposed. This architecture provides a seemingly significant platform to implement efficient multicast routings for 3D networks-on-chip. In this paper, we propose a novel multicast partitioning and routing strategy for the 3D NoC-Bus Hybrid mesh architectures to enhance the overall system performance and reduce the power consumption. The proposed architecture exploits the beneficial attribute of a single-hop (bus-based) interlayer communication of the 3D stacked mesh architecture to provide high-performance hardware multicast support. To this end, a customized partitioning method and an efficient routing algorithm are presented to reduce the average hop count and latency of the network. Compared to the recently proposed 3D NoC architectures being capable of supporting hardware multicasting, our extensive simulations with different traffic profiles reveal that our architecture using the proposed multicast routing strategy can help achieve significant performance improvements.

Low-Latency Approach for Secure ECG Feature Based Cryptographic Key Generation

We propose a low-latency approach for generating secure electrocardiogram (ECG) feature-based cryptographic keys. This is done by taking advantage of the uniqueness and randomness properties of ECG’s main features. This approach achieves a low-latency since the key generation relies on four reference-free ECG’s main features that can be acquired in short time. We call the approach several ECG features (SEF)-based cryptographic key generation. SEF consists of: 1) detecting the arrival time of ECG’s fiducial points using Daubechies wavelet transform to compute ECG’s main features accordingly; 2) using a dynamic technique to specify the optimum number of bits that can be extracted from each main ECG feature, comprising of PR, RR, PP, QT, and ST intervals; 3) generating cryptographic keys by exploiting the above-mentioned ECG features; and 4) consolidating and strengthening the SEF approach with cryptographically secure pseudo-random number generators. Fibonacci linear feedback shift register and advanced encryption standard algorithms are implemented as the pseudo-random number generator to enhance the security level of the generated cryptographic keys. Our approach is applied to 239 subjects’ ECG signals comprising of normal sinus rhythm, arrhythmia, atrial fibrillation, and myocardial infraction. The security analyses of the proposed approach are carried out in terms of distinctiveness, test of randomness, temporal variance, and using National Institute of Standards and Technology benchmark. The analyses reveal that the normal ECG rhythms have slightly better randomness compared with the abnormal ones. The analyses also show that the strengthened SEF key generation approach provides a higher security level in comparison to existing approaches that rely only on singleton ECG features. For the normal ECG rhythms, the SEF approach has in average the entropy of about 0.98 while cryptographic keys which are generated utilizing the strengthened SEF approach offer the entropy of ~1. The execution time required to generate the cryptographic keys on different processors is also examined. The results reveal that our SEF approach is in average 1.8 times faster than existing key generation approaches which only utilize the inter pulse interval feature of ECG.

Specification Analysis for Secure RFID Implant Systems

In this paper we derive an engineering specification for functionality, security, and implementation demands for RFID Implantable Medical Devices (IMD) requiring medical data storage and wireless communication. We illustrate the specification by sketching a secure communication protocol for RFID IMDs. The specification follows from our requirements analysis of application characteristics, legal restrictions, security requirements and ethical concerns of IMDs. In our analysis we have recognized three main types of IMD applications: identification, financial and medical/emergency. The hardware implementation constraints and security level requirements of IMD systems differ from mainstream applications of RFID. The presented specification that considers the special operating environment, delicate use cases and safety-critical functionality of IMD systems is aimed to be a conceptual platform for designing robust security schemes and long-term functional and physical