a network of IoT healthcare will be consisted by several devices with limited battery
power. Those devices, for preserving their battery energy, they are automatically
switched into a standby mode, whenever their sensors are receiving any input. The
challenge that occurs through this limitation, is to find a security solution that
could take into consideration the battery consumption of those devices
significant limitation is the limited amount of memory that is available within
those devices. Thus, the execution of complicated security protocols through these
devices could be characterized as infeasible.
is expected that the IoT health devices are going to be equipped with low-speed
processors. In addition, their central-processing-unit(CPU) is lacking in terms
of speed. Moreover, those devices are designed to execute operations that
involve extreme computational load. All these limitations, simply occur, since
those devices were designed to act as a sensor or an actuator. As a result,
what is a necessity here, is the identification of a security solution, which
will be able to reduce the resource consumption but at the same time maximize
the security services performance.
all those requirement that we explained earlier, are not established or ensured
through several security techniques, the following security challenges arises.
requirement, implies that even in cases that a device which is part of a
healthcare IoT network run out of energy or fails, the remaining devices need
to be capable of overcoming this incident, by providing a minimum level of
fault tolerance requirement, implies the need for the existence of a security
scheme which is capable of providing its services even under unwanted
circumstances such as a software glitch or a device failure. On the other hand,
the resiliency, implies the need for the existence of security scheme which even
in cases that a medical device has been compromised is capable to protect the
related network, device or data from a potential attack.
Tolerance and Resiliency
authorization can serve three purposes. Primarily, it can ensure that a given
entity is who he claims to
In addition, it can ensure, that only authorized entities or nodes can access
and use the numerous services provided. Finally, it can provide resilience
against non-repudiation attacks, where a given entity denies responsibility of
previously committed actions.
data freshness term incorporates the means for ensuring data and key freshness.
Due to the fact that, the networks used within the healthcare IoT may provide
varying measurements from time to time, the need to ensure the message’s
freshness arises. Furthermore, through its usage, it can ensure that the
received data are fresh and that an attacker has not committed a replay attack,
where previously communicated data are re-used.
availability is used to ensure that the various healthcare services they will
be available to their intended users, whenever the need arises, even in cases
that those services are under Denial-of-Service attacks.
integrity could be used for achieving two goals. At first, it can ensure that
once a given entity is receiving various medical data, those data have not been
altered during their transmission by a potential attacker. Secondly it can be
used to ensure that the stored medical data and information will not be
compromised, through an attack.
confidentiality is the requirement which prevent unauthorized users from
accessing sensitive medical data. Furthermore, is capable to ensure that the
potential eavesdroppers will not be able to intercept the messages which
travels over the various networks used for revealing their contents.
following requirements are needed for being able to provide secure services
through the various devices and systems that are to be implemented within the
particular sector (Islam et al., 2015).
addition, due to the fact that, those devices will be intended to continuously
deal with sensitive information such as healthcare data, as well as being connected
to global information networks, they tend to be attractive to the eyes of
attackers. Through this chapter, we try to analyze the security and privacy
requirements, vulnerabilities and possible countermeasures that could impact
their adoption rate within the health sector.
we have already mentioned throughout this paper the IoT is expected to face a
tremendous growth over the next years. This growth, is expected to lead towards
an increased adaption rate of the IoT within the medical sector, which is going
to bombarded with numerous eHealth IoT devices and applications that will
Healthcare security and privacy