enabling data protection through pki encryption in iot m-health devices
DESCRIPTION
Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineeringTRANSCRIPT
![Page 1: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/1.jpg)
S
Enabling Data Protection through PKI encryption in
IoT m-Health DevicesCharalampos Doukas, Ilias Maglogiannis, Vassiliki
Koufi, Flora Malamateniou, George Vassilacopoulos
![Page 2: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/2.jpg)
Introduction
Population Aging
Increasing Survival Rates
increase in the proportion of the population with impairments, disabilities or
chronic illnesses
![Page 3: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/3.jpg)
Introduction
Population Aging
Increasing Survival Rates
increase in the proportion of the population with impairments, disabilities or
chronic illnesses
Ambient Assisted Living
SupportIndependent and
safe lifestyle
![Page 4: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/4.jpg)
Introduction
AAL Services
Sensor devices
Wireless Technologies
Data Mining
Internet of
Things
![Page 5: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/5.jpg)
Introduction
Emerging global information service architecture
Providing Internet access to devices Sensors Actuators
Collaboration of services and integration of information between different resources
Internet of
Things
![Page 6: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/6.jpg)
Introduction
Great impact on healthcare:
Patient context and status awareness
Critical information retrieval (e.g., medical record)
Smart actions: Recommendations for better living (nutrition,
activity, etc.) Emergency care
Internet of
Things
![Page 7: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/7.jpg)
Challenges
Many:
Interoperability Information retrieval from different resources
Ethical
Business models => different entities involved
Security
Internet of
Things
HealthCare
![Page 8: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/8.jpg)
Challenges
Data encryption Limited resources for many sensor devices
Proper authentication User authentication Device authentication
Integrity, confidentiality, etc.
Security
![Page 9: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/9.jpg)
The presented work
A prototype Cloud-based system, which complies with the IoT concept
Manages data collected by wearable – textile sensors
Utilizes the IoT gateway notion Data encryption, user access control and secure
transmission PKI technology
![Page 10: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/10.jpg)
Some Related Work
Growing interest in the utilization of IoT-based systems in a wide range of applications, including homecare applications
Most works address sensor, data collection and networking issues
Data encryption and confidentiality: Some solutions utilize hop-by-hop encrypted data
aggregation some end-to-end encrypted data aggregation
Most works present proprietary and ‘closed’ sensor systems
![Page 11: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/11.jpg)
PKI for IoT Devices
Hop-by-hop encryption of data
Secure hop-by-hop data aggregation protocol (SEDAN)
What about intermediate nodes? hold decrypted sensor data Easy to tamper with
This vulnerability can be addressed by end-to-end techniques for data encryption
A key is shared among all sensors and the system where aggregated data are transmitted to
![Page 12: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/12.jpg)
PKI for IoT Devices
PKI (Public Key Encryption) constitutes an effective approach to data encryption
If one key is used to encrypt information, then only the related key can decrypt that information
In case the public key gets compromised, still it is not computationally feasible to retrieve the private key
![Page 13: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/13.jpg)
PKI for IoT Devices
For IoT and Healthcare:
Devices that generate patient-related information can encrypt data using a public key
health monitoring applications can use the private key to decrypt the data
Using also PKI digital certificates the proper authentication of the devices can be achieved, in addition to the secure data transmission.
Main Challenge:
Even the encryption process with the public key requires computational and memory resources
Existing wireless sensor technologies do not provide, especially when frequent data transmission is required (e.g., heart signal transmission) Typical sensor microcontroller
unit: 32MHz, 512Kb memory
![Page 14: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/14.jpg)
The Proposed Solution
Introduction of IoT Gateways
Have the computational resources (>1 GHz CPU, >500MB RAM) to perform PKI
Come with additional network interfaces
Communication with wireless sensor networks
No issues with power consumption
Can be easily installed (similar to home routers)
![Page 15: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/15.jpg)
The Proposed Solution
Can also address an additional security issue for IoT devices: registration of new sensor devices and key management
When a new monitoring device is introduced, the device needs to have access to the public key
By using an IoT gateway key management is essential only for the gateway device itself and not every sensor device connecting to the latter
The communication between the IoT gateway and the sensor device can be secured using symmetric encryption (which is less computational intensive than PKI)
In addition, the gateway has the ability to receive a new key if required since it is a central communication point always connected to the Internet
![Page 16: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/16.jpg)
The Proposed Solution
Mainly of three components; the mobile and contextual sensors, the IoT gateways and the Back-end infrastructure
![Page 17: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/17.jpg)
Mobile & Contextual Sensors
Continuously or periodically sense data about the patient status heart/pulse rate, temperature, etc.
Patient context room temperature, air quality, lighting conditions,
etc.
Sensor Devices = MCUs + Analog/Digital Sensors + Wireless Interfaces (ZigBee, Bluetooth, etc.)
![Page 18: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/18.jpg)
IoT Gateways
Computational devices RaspberryPi, Beagleboard, etc. Typical price range: 25$ - 150$
Complete OS (Linux)
Networking Interfaces WiFi or Ethernet (Communication to the Internet) ZigBee Bluetooth Zwave, RF, etc.
![Page 19: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/19.jpg)
IoT Gateways
Computational resources: Perform proper data encryption Authentication (PKI) Used for Data processing
Sensor data filtering Data mining
I/O ports Connecting wireless interfaces
![Page 20: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/20.jpg)
IoT Gateways
![Page 21: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/21.jpg)
Cloud (Back-end) Infrastructure
Convenient, on-demand network access to shared group of configurable computing resources CPU Storage (Scalability) Services Pay as you go model Maintenance-free
![Page 22: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/22.jpg)
Cloud (Back-end) Infrastructure
Suitable model for back-end infrastructures
Support data management and visualization of IoT m-health devices
Resources for PKI and key management
![Page 23: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/23.jpg)
System Overview
IoT Gateway
DecryptPreproce
ss
Encrypt
Medical devices
Symmetrically encrypted data
Public Key
Certification
Authorities
Cloud Infrastructure
Certificates
![Page 24: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/24.jpg)
Initial System Evaluation
Prototype implementation Wireless (Bluetooth) Pulse Oxymeter A contextual sensor (temp, humidity, air quality and
light) An IoT Gateway A Cloud-back end system for data management
![Page 25: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/25.jpg)
Initial System Evaluation
Contextual sensor Arduino microcontroller A digital temperature sensor A digital humidity sensor An analog light sensor An analog air quality sensor.
The Arduino can be connected to the home network of the user either through Ethernet of WiFi network interfaces.
![Page 26: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/26.jpg)
Initial System Evaluation
The IoT gateway An open source, WiFi enabled gateway board properly modified to
host additional wireless interfaces (like Bluetooth and ZigBee) A Beagle board Linux board computer.
The gateway board collects all information and forwards the data to the Beagleboard using a serial interface.
The Beagleboard runs a Python script that accepts data from the UART interface and then applies PKI encryption using a pre-stored public key (1024 bit key length).
Then encrypted data are forwarded to a sample Cloud application using a REST Web Service. The Cloud application decrypts the data using the private key and presents sensor data to users.
![Page 27: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/27.jpg)
Initial System Evaluation
Data (average sensor values) are transmitted in 1-minute intervals
The Python script that encrypts the data has been modified to provide information about the time needed to encrypt the sensor readings (total message length less than 100Kb).
Respectively, the J2EE application on the Cloud has been modified to present the time needed to decrypt the data before presenting them to users.
According to initial metrics, the total encryption process adds a 24.5% overhead in the total transmission time (about 800msec) and less than 1 second overhead in data decryption.
The latter overhead is acceptable in both cases for mobile health applications.
![Page 28: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/28.jpg)
Conclusion
The Internet of Things can lead to more accurate and instant diagnosis of health incidents
Data protection is also weak since sensor devices lack the resources for anonymity,
proper authentication and data encryption
In this paper we presented the conceptual design and prototype implementation of a system based on IoT gateways that aggregate health sensor data and resolve security issues through digital certificates and PKI data encryption
![Page 29: Enabling Data Protection through PKI encryption in IoT m-Health Devices](https://reader030.vdocuments.net/reader030/viewer/2022012916/554bb728b4c90594278b49d1/html5/thumbnails/29.jpg)
Conclusion
The IoT gateway can both resolve sensor communication interoperability issues and provide a less vulnerable mean for securely authenticating to services and sending patient data
Future work: extended evaluation of the system with more
sensors in a real environment private key management and access control should
be further investigated.