E-health frameworks and applications, which are characterized as remote systems connecting to healthcare services gadgets, are often subjected to security issues. Particularly, patient's sensitive health information prone to data security and privacy. Possible attacks include denial of service (DoS) attacks, Sybil attacks, and desynchronization attacks occurring in the network and transport layer of the open system interconnection (OSI) model. Strategic use of cryptographic nonces such as random numbers, sequence numbers and timestamps prevent possible attacks.
An e-health system is defined as a radio-frequency-based wireless networking technology that provides ubiquitous networking functionalities. It is based on the interconnection of tiny nodes enhanced with sensing and/or actuating capabilities planted or placed around the human body. E-health applications are context-aware, personal, dynamic, and anticipative by nature. As IoT is designed to meet these key characteristics, it provides a natural and suitable environment for their efficient deployment. In fact, an extensive research study on using IoT paradigm in e-health has been reported. Population aging and the increase of survival chances from disabling accidents and illnesses will lead to an increased demand from today's population that requires a continuous healthcare and monitoring.
E-health applications could spare a patient from being admitted in hospitals for a long period of time. Reducing the number of nights that a patient may spend in a hospital and the associated risks that may result is a key area of focus for the medical community. Additionally, a continuous monitoring capability, if available, can anticipate the need for an emergency intervention. Moreover, early stage diagnostics could also be achieved remotely. In brief, e-health applications in the context of IoT constitute a cost-effective and unobtrusive solution that is of best interest of today's patients.
Nevertheless, as an IoT application, e-health inherits the main IoT security threats and challenges. There is a huge literature on how security issues could hinder IoT deployment. In fact, studies have shown that security in any IoT application will be crucial as billions of intelligent things will cooperate with each other in a random and unpredictable way. It has also been shown that even though IoT infrastructure is expected to involve protocols and interfaces like those running on Internet, it will be daunting to directly handle IoT threats based on classical known countermeasures due to the following:
• The scarcity of both power and computational resources will hinder classical solutions deployment.
• Distributivity and heterogeneity of the devices that will compose IoT (constrained and non-constrained) might lead to gaps in end-to-end security.
• IoT will be highly scalable and dynamic, thus, traditional public key infrastructures need to be adapted to meet these requirements.
• Things will have to manage dynamic identities to deal with context-aware applications.
• Wireless connectivity will constitute the main media of communication, which could lead to different attacks such as eavesdropping and side channel attacks.
• Objects in IoT might be unattended for long period and thus are more vulnerable to physical attacks.
Moreover, studies by various authors have underlined that e-health applications might be more vulnerable to attacks compared to other IoT applications as the generated data is highly sensitive and private. The health-related records are always private in nature, and any security breach in the confidentiality of such data would seriously repulse patients from adopting e-health solutions. For instance, many people would not like their personal health information, such as early stage of pregnancy or details of certain medical conditions, be divulged to third parties. In fact, the eavesdropped communications could be used for several illegal purposes. Moreover, any eventual modification of health-related captured data could lead to disastrous consequences as it could engender wrong medical prescription or delay an emergency intervention.
Several attacks can threaten the establishment of secure channels. In the following, we focus on the attacks that are positioned in the network and transport layer of the Open System Interconnection model.
Ensuring key freshness is an important security concern. Indeed, the involved entities must be able to detect replayed messages. E-health applications might be more vulnerable facing this kind of attacks compared to other application scenarios; an outdated information could lead to inadequate medical interventions. To overcome this issue, nonces can be introduced in the different exchanged messages. In fact, these nonces could be implemented using one of the following strategies:
• Random numbers
• Sequence numbers
Random numbers might constitute a solution for e-health scenarios. A smart object can maintain a list of the previous received random values in its internal memory. Upon receiving a new message, it checks if the nonce has already been received. As a result, replayed messages are detected. This solution brings a drawback; the smart object must maintain a list of the received nonces in its internal memory. Nevertheless, due to recent advances in flash memory technology, smart objects now provide a considerable amount of storage space, which attenuates the storage issue. The second solution is based on sequence numbers, which do not require any data storage. Indeed, sequence numbers provide a sequential counter in the exchanged messages. In case where a message is replayed, its counter will be smaller or equal to the current one. Thus, the message will be dropped. However, if one of the involved entities goes down (e.g., reboot, hardware failure, etc.), this protection is no longer effective. In fact, the involved entity will lose track of the current counter value. Besides, to ensure message freshness, timestamps could also be used. This solution is highly energy consuming to be implemented for constrained entities, as synchronized clocks must be maintained.
Denial of Service (DoS) attacks could seriously threaten the availability of e-health application. In fact, the gathered health-related data should always be available even if the system is under a DoS attack. Indeed, if any of the involved entities is made unavailable, in the sense that it is no longer able to gather or process data, this situation would engender disastrous consequences. To illustrate this aspect, let us assume that a smart object is planted in the body of a patient suffering from a heart condition. In case where a heart-related value that indicates an impending heart attack is registered, it should immediately be transmitted to healthcare services. Any delay due to a DoS attack could be fatal. Several mechanisms can be implemented to mitigate DoS attacks. Each exchanged message must be authenticated upstream of any processing effort. In fact, no internal state is established before authenticating the different entities involved in an exchange. Besides, classical countermeasures could also be implemented such as rate-limiting and access control list. In addition, based on the sensitivity of e-health applications, redundancy can also be used. Whenever a smart object is made unavailable by a DoS attack, data exchanges carry on with the redundant node.
Sybil attacks, where a node claims multiple fake identities, could be highly harmful in the context of an e-health application. Through these attacks, an intruder could use feigned identities to send false information. As a result, either an actual emergency situation is skipped or ceaseless false emergency situations are thrown. Sybil attacks can be mitigated using different strategies based on the network model. Indeed, including the identity of the sender in the exchanged messages while ensuring authentication using a shared knowledge (i.e., key) is an efficient mechanism against Sybil attacks. Doing so, an attacker would not be able to use multiple identities authenticated with the same shared key. Sybil attacks can also be mitigated through the use of trusted certification to make sure that each entity is assigned exactly one identity.
Another point of interest with respect to the threat model of e-health applications is the attacks that aim to exhaust sensors energy making them unavailable. For instance, the desynchronization attack targets the sequence number of the exchanged messages. This will lead to infinite retransmissions, which waste both energy and bandwidth. Providing message integrity is the main security property that hinders this type of attacks. In fact, message authentication code messages can be computed and checked for each exchanged message ensuring that the included data has not been altered.
E-health applications are subject to several other attacks. In particular, routing attacks that can quickly hinder their functioning to the point of making them unavailable. Securing the routing process usually involves the introduction of intrusion detection systems.