Secure Model for IoT-Based Systems: Health Care Example

IoT Case Study: Wearable Devices for Health Care

As time passes, devices and technologies continue to advance, one such being “wearable devices." These have become a part of many people’s everyday life, from making calls to tracking vital signs. Wearable technologies include glasses, watches, sleep trackers, fitness trackers, and many more, including “smart contact lenses,” which are currently in development. The concept of wearable devices is to provide people with all the functions that they get from their computer or smartphone, without the inconvenience of the devices being too big or bulky. Instead, a person can just look at their watch to check the time and also see whether they have received missed calls or messages. They could go so far as to check how many steps they have taken, or w'hether their sleeping pattern the previous night showed any irregular activity. Smart glasses are used in the same way, except that they can turn a view of the world into augmented reality, showing a screen in front of the user’s face, to display a “to-do” list for the day or to allow the user to browse the internet. Considering there are so many types of wearable devices, multiple policies have been put into effect to account for the dangers of these devices [34].

Since the average person has access to such devices, companies, as well as governments, these devices can be seen as a way to regulate the general public. While such public regulation in the future seems likely, information security policies should be put into place. Information security policies should be developed to protect the data being collected from the users, especially in the case of health care applications. For example, wearable devices that track vital signs could be important for doctors, giving them the ability to check on their patients. On the other hand it would not be necessary for doctors to collect information being tracked from someone’s jog around the block. Other policies have been put into effect with third party vendors. When companies work with third parties, they need to communicate with those vendors to control how' the data will be used and w'hether or not it will be distributed.

Although not perfect, most of these policies provide guidelines as to w'hat a company should seek to do, and what they could improve on. One advantage these policies have provided to users has been the ability to trust their health care provider to allow' them a safeguard, so that they know they are being looked after. Health care companies invest in wearables to improve workforce productivity, cut absenteeism, and reduce health care costs [35]. Wearables give users the freedom to post, or update, w'hat they want to social media without being limited in what they can and cannot share.

While health care providers are working to keep customers and patients satisfied with their services, some issues still need to be addressed. One concerns the storage of users’ data and the procedures to be followed when data is exposed to a third party for legitimate or illegitimate reasons. This task entirely depends on the health care provider, which should develop and impose data privacy policies to identify the responsibilities of third-party vendors. Similar polices are required to clearly indicate a patient’s rights and how to protect their confidentiality. In many cases, third parties, for example, insurance companies, can receive a user’s information if that has been “consented” to. This might include exposing confidential patient information that is not required to carry out the operations involved by the third-party employee, making this private data vulnerable to unauthorized access.

IoT Layers and Health Care System Model

Figure 2.1 below shows the top-level design of the IoT health care system model. As seen in the figure, the model is composed of three layers: a cloud layer, a device layer, and an end-user layer. The cloud layer hosts the data gathered by sensors, in order to process it. The processing step includes feature extraction and noise removal.

This data will be fed at a later stage into a decision-support system that applies data mining and machine intelligence techniques to extract appropriate decisions for health care providers, in terms of the patient’s health.

On the other hand, the device layer is composed of a pool of sensors. These sensing devices are connected to the internet though wireless technologies (4G/WiFi). This layer also has circuitry for data acquisition and communication protocols that enable sending the data to storage to be processed. These sensing devices enable users to collect data at different acquisition frequencies, in real time.

FIGURE 2.1 The generic architecture of the IoT health care model.

The end-user layer consists of the receiving user and can take different forms. One of these forms, that of smart devices, poses great challenges for security and privacy. Within the boundaries of these three layers, a list of sub-layers or modules can be added to ensure the robustness of the health care decision support system. For example, this step ensures that data is sent and processed in a timely manner for critical health decisions that cannot wait until data has been sent to the cloud. In this section, we propose the capability of edge computing. This feature (through a completely new edge layer) performs more than one task on the collected data, at the same time: it sends a copy of the cloud layer for processing and long-term storage, and conducts decision making bases on the allied data. Sometimes, we need to send commands or instructions to wearable devices to update their acquisition rate, or to perform a certain functionality, which requires another protocol and security procedure.

As can be seen from Figure 2.2, the top-level design of the proposed IoT model contains the new' additional edge layer. This layer serves two purposes: first, it overcomes the extra delay due to complete dependency on the services provided by the cloud layer. Second, it enables faster decision making, especially in time-constrained environments. The edge computing layer is helpful in IoT systems w'here devices have sensors attached or w'here sensors are very close to the IoT device. The proposed edge layer can manage the sources collecting data and provide decisions to users in real time. Moreover, the edge layer can transfer sensed data to all other layers, for purposes such as storage, fusion, and analysis. Edge computing tasks are more powerful when physically more distant from the sources and sensors collecting data; but at the same time, the edge is connected to local area networks. These advantages impose additional information privacy challenges.

FIGURE 2.2 Top-level design of the proposed IoT model: Wearable devices case study.

AWS Platform

The Amazon company has provided a platform for cloud and related technologies implementation, such as edge and IoT implementation environments. The service is called the Amazon Web Service (AWS). This service can either be free (providing limited options) or paid, through subscriptions determined by company or personal needs and requirements. Users can benefit from AWS services such as storage, computing, networking, and tools to support developing simulations of IoT and edge computing environments. One well-known service is the EC2, which is the main cloud platform provided by Amazon [36]. By using the EC2, users can create virtual machines with different computing, networking, and memory characteristics, as required by the tasks to be executed.

Besides EC2, another useful service by Amazon for IoT platforms is AWS-IoT. This platform has many options for users to choose from, including a broker for the messages, gateways, and engine to set up certain rules as needed by the design constraints. Also, AWS-IoT provides a secure development platform for different IoT devices, including actuators, sensors, and even home smart devices. These devices are allowed to interact with the AWS Cloud and with other components in the network using secure protocols such as HTTPs and MQTT. Moreover, and as an extra measure of security, authentication must be completed for each device before connecting it to the system. For authentication purposes, certificates are used (X.509).

There are also other powerful features that can be utilized to increase efficiency and facilitate the management of the implemented IoT system. For example, the registry feature allows the user to manage devices easily though grouping related devices with their certificates and resources. In other words, this feature can be used to gather many devices and manage them at once, with minimal effort and overhead. Also, users can create mobile applications to manage their IoT devices and monitor their activities (data acquisition for example) from anywhere, at any time. For details on the characteristics and features of this platform, please see the company's documentation [36].

Enhanced AWSACIoT Model

In this section, the enhanced AWSACIoT layers and the configuration of a simple health care case study are shown, using the AWS Platform. In order to enhance security and make more real-time decisions, we add the edge computing concept to the proposed models. To utilize the AWS cloud provider platform services successfully, we need to create an account on it. Then, we use the AWS management console, which is shown in Figure 2.3.

In this proposed model, as shown in Figure 2.4, the cloud level is proposed using the AWS platform like a virtual machine with a specific Amazon Machine Image (AMI) and specific characteristics, such as CPU and memory storage. Each physical device, such as sensors, is proposed as an IoT virtual machine. We have three sensors, as an example, collecting specific patients’ data. Each IoT virtual machine has specific characteristics, such as device type and device attributes. This information about each virtual machine is set during the IoT machine launching and can be changed. Also, each device has its own X.509 certificate, which is used to authenticate by AWS cloud services.

FIGURE 2.3 AWS management Console.

FIGURE 2.4 Simple health care case study using the AWS Platform: Enhanced AWSACIoT.

We used a policy-based access control mechanism, JavaScript Object Notation file (JSON). The JSON file contains three main components:

• 1. Effect: Means permission type (Allow, Deny).
• 2. Action: The actions allowed for the device.
• 3. Resources: Specific AWS resources that can be accessed by the device.
• 4. Optionally, the file can also contain conditions.

However, all sensors use the MQTT protocol to communicate with AWS IoT services, and this should be simulated as MQTT Clients using the MQTT.fx tool. The edge concept can be proposed as a device shadow' or as another virtual machine.