Skip to main content
SpringerLink
Log in

New secure healthcare system using cloud of things

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Modern healthcare services are serving patients needs by using new technologies such as wearable devices or cloud of things. The new technology provides more facilities and enhancements to the existing healthcare services as it allows more flexibility in terms of monitoring patients records and remotely connecting with the patients via cloud of things. However, there are many security issues such as privacy and security of healthcare data which need to be considered once we introduce wearable devices to the healthcare service. Although some of the security issues were addressed by some researchers in the literature, they mainly addressed cloud of things security or healthcare security separately and their work still suffers from limited security protection and vulnerabilities to some security attacks. The proposed new healthcare system combines security of both healthcare and cloud of things technologies. It also addresses most of the security challenges that might face the healthcare services such as the man in the middle (MITM), eavesdropping, replay, repudiation, and modification attacks. Scyther verification tool was also used to verify the robustness and correctness of the proposed system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Abbas, A., Khan, S.U.: A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE J. Biomed. Health Inf. 18(4), 1431–1441 (2014). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6714376

  2. Ahmed, M., Vu, Q.H., Asal, R., Al Muhairi, H., Yeun, C.Y.: Lightweight secure storage model with fault-tolerance in cloud environment. Electron. Commerce Res. 14(3), 271–291 (2014)

    Article  Google Scholar 

  3. Al Alkeem, E., Yeun, C.Y., Zemerly, M.J.: Security and privacy framework for ubiquitous healthcare IoT devices. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 70–75. IEEE (2015). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7412059

  4. Al Ameen, M., Liu, J., Kwak, K.: Security and privacy issues in wireless sensor networks for healthcare applications. J. Med. Syst. 36(1), 93–101 (2012). doi:10.1007/s10916-010-9449-4

  5. Al-Qutayri, M., Yeun, C.Y., Belghuzooz, K.: Framework for secure wireless health monitoring and remote access system. Int. J. Internet Technol. Secur. Trans. 2(3-4), 380–398 (2010). doi:10.1504/IJITST.2010.03741

  6. Alkeem, E.A., Yeun, C.Y., Baek, J.: Secure nfc authentication protocol based on lte network. In: Ubiquitous Information Technologies and Applications, pp. 363–371. Springer (2014)

  7. Almulla, S.A., Yeun, C.Y.: New secure storage architecture for cloud computing. In: Park, J.J., Yang, L.T., Lee, C. (eds.) Future Information Technology. Communications in Computer and Information Science, vol. 184. Springer, Berlin, Heidelberg (2011)

  8. Appari, A., Johnson, M.E.: Information security and privacy in healthcare: current state of research. Int. J. Internet Enterp. Manage. 6(4), 279–314 (2010). doi:10.1504/IJIEM.2010.035624

  9. Azfar, A., Choo, K.K.R., Liu, L.: Forensic taxonomy of popular android mhealth apps. arXiv:1505.02905 (2015). Preprint

  10. Azfar, A., Choo, K.K.R., Liu, L.: An android social app forensics adversary model. In: System Sciences (HICSS), 2016 49th Hawaii International Conference on, pp. 5597–5606. IEEE (2016)

  11. Bahga, A., Madisetti, V.K.: A cloud-based approach for interoperable electronic health records (EHRs). Biomed Heal Informatics, IEEE J. 17(5), 894–906 (2013)

    Article  Google Scholar 

  12. Bar-On, R., Tranel, D., Denburg, N.L., Bechara, A.: Exploring the neurological substrate of emotional and social intelligence. Brain 126(8), 1790–1800 (2003). http://brain.oxfordjournals.org/content/126/8/1790.short

  13. Bui, N., Zorzi, M.: Health care applications: a solution based on the internet of things, Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, pp. 1–5. Barcelona, Spain (2011)

  14. Butt, S., Phillips, J.G.: Personality and self reported mobile phone use. Comput. Hum. Behav. 24(2), 346–360 (2008). http://www.sciencedirect.com/science/article/pii/S0747563207000295

  15. Castillejo, P., Martinez, J.F., Lopez, L., Rubio, G.: An internet of things approach for managing smart services provided by wearable devices. Int. J. Distrib. Sens. Netw. 2013 (2013). http://www.hindawi.com/journals/ijdsn/2013/190813/abs/

  16. Chiuchisan, I., Costin, H.N., Geman, O.: Adopting the internet of things technologies in health care systems. In: Electrical and Power Engineering (EPE), 2014 International Conference and Exposition on, pp. 532–535. IEEE (2014). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6969965

  17. Choi, Y.B., Capitan, K.E., Krause, J.S., Streeper, M.M.: Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. J. Med. Syst. 30(1), 57–64 (2006). doi:10.1007/s10916-006-7405-0

  18. Choo, K.K.R.: New payment methods: a review of 2010–2012 fatf mutual evaluation reports. Comput. Secur. 36, 12–26 (2013)

    Article  Google Scholar 

  19. Choo, K.K.R.: Cryptocurrency and virtual currency: corruption and money laundering/terrorism financing risks? Handbook of Digital Currency: Bitcoin, Innovation, Financial Instruments, and Big Data, p. 283 (2015)

  20. Choo, K.K.R., Nam, J., Won, D.: A mechanical approach to derive identity-based protocols from Diffie–Hellman-based protocols. Inf. Sci. 281, 182–200 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  21. Chown, P.: Advanced encryption standard (AES) ciphersuites for transport layer security (TLS). Tech. Rep. (2002). https://www.rfc-editor.org/info/rfc3268

  22. Dierks, M.M., Christian, C.K., Roth, E.M., Sheridan, T.B.: Healthcare safety: the impact of Disabling“ safety” protocols. IEEE Trans. Syst. Man Cybern. Part A: Syst. Hum. 34(6), 693–698 (2004). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1344117

  23. Do, Q., Martini, B., Choo, K.K.R.: Exfiltrating data from android devices. Comput. Secur. 48, 74–91 (2015)

    Article  Google Scholar 

  24. Do, Q., Martini, B., Choo, K.K.R.: A forensically sound adversary model for mobile devices. PloS ONE 10(9), e0138–e0449 (2015)

  25. Do, Q., Martini, B., Choo, K.K.R.: Is the data on your wearable device secure? An android wear smartwatch case study. Softw. Pract. Exp. 47(3), 391–403 (2017)

  26. D’Orazio, C., Choo, K.K.R.: A generic process to identify vulnerabilities and design weaknesses in ios healthcare apps. In: System Sciences (HICSS), 2015 48th Hawaii International Conference on, pp. 5175–5184. IEEE (2015)

  27. D’Orazio, C., Choo, K.K.R.: An adversary model to evaluate drm protection of video contents on ios devices. Comput. Secur. 56, 94–110 (2016)

    Article  Google Scholar 

  28. D’Orazio, C.J., Choo, K.K.R.: A technique to circumvent SSL/TLS validations on IOS devices. Future Generation Computer Systems (2016). doi:10.1016/j.future.2016.08.019

  29. D’Orazio, C.J., Lu, R., Choo, K.K.R., Vasilakos, A.V.: A markov adversary model to detect vulnerable ios devices and vulnerabilities in ios apps. Appl. Math. Comput. 293, 523–544 (2017)

    MathSciNet  Google Scholar 

  30. Doukas, C., Maglogiannis, I.: Bringing IoT and cloud computing towards pervasive healthcare. In: Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on, pp. 922–926. IEEE (2012). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6296978

  31. Duquette, A., Michaud, F., Mercier, H.: Exploring the use of a mobile robot as an imitation agent with children with low-functioning autism. Auton. Robots 24(2), 147–157 (2008). doi:10.1007/s10514-007-9056-5

  32. Elmisery, A.M., Fu, H.: Privacy preserving distributed learning clustering of healthcare data using cryptography protocols. In: Computer Software and Applications Conference Workshops (COMPSACW), 2010 IEEE 34th Annual, pp. 140–145. IEEE (2010). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5615770

  33. Ge, M., Choo, K.K.R.: A novel hybrid key revocation scheme for wireless sensor networks. In: International Conference on Network and System Security, pp. 462–475. Springer, Berlin (2014)

  34. Ge, M., Choo, K.K.R., Wu, H., Yu, Y.: Survey on key revocation mechanisms in wireless sensor networks. J. Netw. Comput. Appl. 63, 24–38 (2016)

    Article  Google Scholar 

  35. Gope, P., Hwang, T.: BSN-care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16(5), 1368–1376 (2016). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7332745

  36. Gostin, L.O., Turek-Brezina, J., Powers, M., Kozloff, R.: Privacy and security of health information in the emerging health care system. Health Matrix 5, 1 (1995). http://heinonline.org/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/hmax5&section=8

  37. Guan, S., Zhang, Y., Ji, Y.: Privacy-preserving health data collection for preschool children. Comput. Math. Methods Med. 2013 (2013). doi:10.1155/2013/501607. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3830827/

  38. Gul, O., Al-Qutayri, M., Yeun, C.Y., Vu, Q.H.: Framework of a national level electronic health record system. In: Cloud Computing Technologies, Applications and Management (ICCCTAM), 2012 International Conference on, pp. 60–65. IEEE (2012). http://ieeexplore.ieee.org/xpls/ab_all.jsp?arnumber=6488072

  39. Guo, C., Zhuang, R., Jie, Y., Ren, Y., Wu, T., Choo, K.K.R.: Fine-grained database field search using attribute-based encryption for e-healthcare clouds. J. Med. Syst. 40(11), 235 (2016)

    Article  Google Scholar 

  40. Han, K., Mun, H., Shon, T., Yeun, C.Y., Park, J.J.J.H.: Secure and efficient public key management in next generation mobile networks. Pers. Ubiquitous Comput. 16(6), 677–685 (2012)

    Article  Google Scholar 

  41. Harding, K., Cutting, K., Price, P.: The cost-effectiveness of wound management protocols of care. Br. J. Nurs. 9(Sup3), S6–S24 (2000). doi:10.12968/bjon.2000.9.Sup3.12483

  42. He, D., Kumar, N., Wang, H., Wang, L., Choo, K.K.R., Vinel, A.: A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans. Depend. Secure Comput. (2016). doi:10.1109/TDSC.2016.2596286

  43. He, D., Zeadally, S.: An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J. 2(1), 72–83 (2015). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6907930

  44. Hiremath, S., Yang, G., Mankodiya, K.: Wearable Internet of Things: concept, architectural components and promises for person-centered healthcare. In: Wireless Mobile Communication and Healthcare (Mobihealth), 2014 EAI 4th International Conference on, pp. 304–307. IEEE (2014). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7015971

  45. Hu, J., Chen, H.H., Hou, T.W.: A hybrid public key infrastructure solution (hpki) for HIPAA privacy/security regulations. Computer Standards & Interfaces 32(56), 274 – 280 (2010). 10.1016/j.csi.2009.04.005. http://www.sciencedirect.com/science/article/pii/S0920548909000324

  46. Hu, J., Chen, H.H., Hou, T.W.: A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Comput. Stand. Interf. 32(5), 274–280 (2010)

    Article  Google Scholar 

  47. Huang, J.H., Lin, Y.R., Chuang, S.T.: Elucidating user behavior of mobile learning: A perspective of the extended technology acceptance model. Electron. Libr. 25(5), 585–598 (2007). doi:10.1108/02640470710829569

  48. Huang, L.C., Chu, H.C., Lien, C.Y., Hsiao, C.H., Kao, T.: Privacy preservation and information security protection for patients portable electronic health records. Comput. Biol. Med. 39(9), 743–750 (2009). http://www.sciencedirect.com/science/article/pii/S0010482509001085

  49. Liu, X., Choo, R., Deng, R., Lu, R., Weng, J.: Efficient and privacy-preserving outsourced calculation of rational numbers. IEEE Trans. Depend. Secure Comput. (2016). doi:10.1109/TDSC.2016.2536601

  50. Lo, N.W., Yeh, K.H., Yeun, C.Y.: New mutual agreement protocol to secure mobile RFID-enabled devices. Inf. Secur. Tech. Rep. 13(3), 151–157 (2008). http://www.sciencedirect.com/science/article/pii/S1363412708000423

  51. Nepal, S., Ranjan, R., Choo, K.K.R.: Trustworthy processing of healthcare big data in hybrid clouds. IEEE Cloud Comput. 2(2), 78–84 (2015)

    Article  Google Scholar 

  52. Rachuri, K.K., Efstratiou, C., Leontiadis, I., Mascolo, C., Rentfrow, P.J.: METIS: Exploring mobile phone sensing offloading for efficiently supporting social sensing applications. In: Pervasive Computing and Communications (PerCom), 2013 IEEE International Conference on, pp. 85–93. IEEE (2013). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6526718

  53. Seo, W.J., Islam, R., Khan, M.K., Choo, K.K.R., et al.: A secure cross-domain sip solution for mobile ad hoc network using dynamic clustering. In: International Conference on Security and Privacy in Communication Systems, pp. 649–664. Springer, Heidelberg (2015)

  54. Sepehri, M., Cimato, S., Damiani, E., Yeun, C.Y.: Data sharing on the cloud: A scalable proxy-based protocol for privacy-preserving queries. In: Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 1357–1362. IEEE (2015)

  55. Shemaili, M., Yeun, C., Zemerly, M., Mubarak, K.: Enhancing the security of the shrinking generator based lightweight mutual authentication rfid protocol. Int. J. Adv. Logis. 1(1), 33–50 (2012)

    Article  Google Scholar 

  56. Shemaili, M.A.B., Yeun, C.Y., Zemerly, M.J.: Lightweight mutual authentication protocol for securing RFID applications. Int. J. Internet Technol. Secur. Trans. 2(3–4), 205–221 (2010)

    Article  Google Scholar 

  57. Shemaili, M.A.B., Yeun, C.Y., Zemerly, M.J., Mubarak, K.: A novel hybrid cellular automata based cipher system for internet of things. In: Future Information Technology, pp. 269–276. Springer, Heidelberg (2014). doi:10.1007/978-3-642-40861-8_40

  58. Smith, E., Eloff, J.H.P.: Security in health-care information systemscurrent trends. Int. J. Med. Inf. 54(1), 39–54 (1999). http://www.sciencedirect.com/science/article/pii/S1386505698001683

  59. Srivastava, L.: Mobile phones and the evolution of social behaviour. Behav. Inf. Technol. 24(2), 111–129 (2005). doi:10.1080/01449290512331321910

  60. Swan, M.: Sensor mania! the internet of things, wearable computing, objective metrics, and the quantified self 2.0. J. Sens. Actuator Netw. 1(3), 217–253 (2012). http://www.mdpi.com/2224-2708/1/3/217

  61. Toninelli, A., Montanari, R., Corradi, A.: Enabling secure service discovery in mobile healthcare enterprise networks. IEEE Wireless Commun. 16(3), 24–32 (2009). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5109461

  62. Wang, S., Cao, Z., Choo, K.K.R., Wang, L.: An improved identity-based key agreement protocol and its security proof. Inf. Sci. 179(3), 307–318 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  63. Yeun, C.Y., Han, K., Vo, D.L., Kim, K.: Secure authenticated group key agreement protocol in the manet environment. Inf. Secur. Tech. Rep. 13(3), 158–164 (2008)

    Article  Google Scholar 

  64. Yksel, B., Kp, A., Zkasap, Z.: Research issues for privacy and security of electronic health services. Future Gen. Comput. Syst. 68, 1–13 (2017). http://www.sciencedirect.com/science/article/pii/S0167739X16302667

  65. Zhang, K., Yang, K., Liang, X., Su, Z., Shen, X., Luo, H.H.: Security and privacy for mobile healthcare networks: from a quality of protection perspective. IEEE Wireless Commun. 22(4), 104–112 (2015). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7224734

  66. Zhang, M., Raghunathan, A., Jha, N.K.: MedMon: Securing medical devices through wireless monitoring and anomaly detection. IEEE Trans. Biomed. Circuits Syst. 7(6), 871–881 (2013). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6507636

Download references

Author information

Authors and Affiliations

  1. Khalifa Unversity of Science and Technology, Electrical and Computer Engineering, PO Box 127788, Abu Dhabi, UAE

    Ebrahim Al Alkeem, Dina Shehada, Chan Yeob Yeun & M. Jamal Zemerly

  2. School of Engineering and Information Technology, UNSW Canberra (Australian Defence Force Academy), PO Box 7916, Canberra BC, ACT, 2610, Australia

    Jiankun Hu

Authors
  1. Ebrahim Al Alkeem
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dina Shehada
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chan Yeob Yeun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M. Jamal Zemerly
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jiankun Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ebrahim Al Alkeem.

Appendix A

Appendix A

usertype TimeStamp,Data,Request,Key,nonce,challenge,identity;

secret kDS,kSA,kDi;

protocol MEM(DPC ,DAS,SP)

{

role DPC

{

var Ri:challenge ;

fresh RD:challenge ;

fresh i:identity ;

var kDS:Key;

var D:identity ;

var KDi:Key;

var kSA:Key;

var kDS:Key;

fresh kDA:Key;

var kDS:Key;

recv_1(SP,DPC , {Ri,SP,DPC}kDS );

send_2(DPC ,DAS,{Ri,RD ,i,DAS,DPC}kDA );

recv_3(DAS ,DPC,{RD,kDS,i,DPC,DAS}kDA ,{Ri,KDi,D,DAS,DPC}kSA);

send_4(DPC, SP,{RD,Ri,i,SP,DPC,DAS}kDS ,{Ri,kDS,D,DAS,DAS}kSA);

recv_5 (SP,DPC, {RD,Ri,i,SP,DPC}kDS );

claim_DPC1(DPC,Nisynch);

claim_DPC2(DPC,Niagree);

claim_DPC3(DPC,Secret,Ri);

claim_DPC4(DPC,Secret,RD);

claim_DPC5(DPC,Secret,i);

claim_DPC6(DPC,Secret,SP);

claim_DPC7(DPC,Secret,DPC);

claim_DPC8(DPC,Secret,kDS);

claim_DPC9(DPC,Secret,kSA);

claim_DPC10(DPC,Secret,D);

}

role DAS

{

var Ri:challenge ;

var RD:challenge ;

var i:identity ;

fresh D:identity ;

fresh KDi:Key;

var kDA:Key;

fresh kSA:Key;

fresh kDS:Key;

recv_2(DPC ,DAS,{Ri,RD ,i,DAS,DPC}kDA);

send_3(DAS ,DPC,{RD,kDS,i,DPC,DAS}kDA ,{Ri,KDi,D,DAS,DPC}kSA);

claim_DAS2(DAS,Niagree);

claim_DAS3(DAS,Secret,Ri);

claim_DAS4(DAS,Secret,RD);

claim_DAS5(DAS,Secret,i);

claim_DAS6(DAS,Secret,SP);

claim_DAS7(DAS,Secret,DPC);

claim_DAS8(DAS,Secret,kDS);

claim_DAS9(DAS,Secret,kSA);

claim_DAS10(DAS,Secret,D);

claim_DAS11(DAS,Secret,D);

}

role SP

{

fresh Ri:challenge ;

fresh RD:challenge ;

var D:identity ;

var i:identity ;

fresh kDS:Key;

var kSA:Key;

send_1(SP,DPC , {Ri,SP,DPC}kDS );

recv_4(DPC, SP,{RD,Ri,i,SP,DPC,DAS}kDS ,{Ri,kDS,D,DAS,DAS}kSA);

send_5 (SP,DPC, {RD,Ri,i,SP,DPC}kDS );

claim_SP1(SP,Nisynch);

claim_SP2(SP,Niagree);

claim_SP3(SP,Secret,Ri);

claim_SP4(SP,Secret,RD);

claim_SP5(SP,Secret,i);

claim_SP6(SP,Secret,SP);

claim_SP7(SP,Secret,DPC);

claim_SP8(SP,Secret,kDS);

claim_SP9(SP,Secret,kSA);

claim_SP10(SP,Secret,D);

}

}

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alkeem, E.A., Shehada, D., Yeun, C.Y. et al. New secure healthcare system using cloud of things. Cluster Comput 20, 2211–2229 (2017). https://doi.org/10.1007/s10586-017-0872-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0872-x

Keywords

Search

Navigation