Essential Cybersecurity Measures for Healthcare IoT

Internet of Things is transforming the daily lives of people through its applications in almost every race of life. The most common applications of IoT include smart cities, smart health, E-governance, and smart transportation just to name a few. Mckinsey predicts that IoT companies' economic impact will increase from $4 trillion today to $11 trillion by 2025. In this era of pandemic and lockdown situation, the healthcare industry's adoption of IoT has shown rapid growth. This growth is fueled by the availability of high-speed internet, low-cost sensors, and the need for social distancing and remote healthcare.

Yet to provide quality healthcare to patients, H-IoT must itself be ‘healthy’. The technological aspects of IoT enabled healthcare needs to be secure enough. The devices are consistently connected to the internet which provides an open door to cyber attacks. A zero-day exploit can endanger a person’s life if the devices are not manufactured with cybersecurity in mind. FDA is working aggressively to reduce the risk factors of IoT based medical devices. FDA has also provided guidelines to the medical device manufacturers to design and maintain cybersecurity in their devices.

IoT architecture contains heterogeneous devices and networking protocols. A three-layered architecture presents the fundamental building blocks and simplifies the myriad bits that build a complete end-to-end IoT architecture.

The perception layer includes the sensors and actuators that are responsible for collecting data of vital health parameters. The most popular sensors used in H-IoT systems are accelerometers which can be used to measure glucose levels. Another example is Gyroscope which is used for detecting tilt in the body and fall detection; there are also ECG sensors, temperature sensors, and heart rate sensors. These sensors are specially designed with wireless communication enabled antennas. The purpose of these sensors is to collect data from the human body and send it to the healthcare provider through gateway devices.

The network represents the communication between the perception layer and gateway devices. Network layer devices include smartphones, PDA, and other handheld wireless communication enabled devices. Smartphones are powerful gadgets that possess powerful computational resources and have been used as a gateway device in many IoT applications.

Communication technologies that have low range and power are generally utilized for perception to network layer communication. Near Field Communication (NFC) (13.56 MHz), Bluetooth Low Energy (LE) (2.4 GHz), Zigbee (2.4 GHz), and WiFi Direct (2.4 GHz) are some of the technologies that can be utilized for communication in this layer. UHF RFID has also been proposed as a potential candidate for implantable RFID tags whose communication range is between 0.1 to 0.5m. Conductive properties of the human body have also been explored to propose the human body as a communication channel. The latest standard at this level is the IEEE 802.15.6 that aims to provide reliable and low power communication within the surrounding area of a human body.

Gateway devices act as relay devices to send the gathered sensory data to the cloud and medical server at the application layer for further processing. This includes all communications between gateway devices and the application layer. At this layer communication protocols are well defined and there a lot of options in which gateway devices can communicate with the Medical server. The gateway can get connected to the medical server via 3G/4G WiFi links or even through other communication protocols defined for wireless sensor networks, such as SigFox, Low Power Wide Area Network (LPWAN), and IEEE 802.16.

With the advent of IoT enabled healthcare there is an increased amount of sensors generated data. This data is processed and archived in the cloud platforms. The application layer includes cloud services for data processing and provides a seamless interface between patient and healthcare provider. Remote healthcare provider examines online reports and sends prescriptions through online portals enabled through the application layer. There are a number of IoT-enabled applications e-g glucose monitoring, cardiac monitoring, asthma monitoring, ambient assisted living, and sleep monitoring to mention a few.

Although H-IoT provides many beneficial applications, yet the security and privacy in these devices are often looked at. H-IoT comprises heterogeneous devices and network protocols at each layer of it architecture. Not only security is required at each layer, but also end-to-end security primitives are needed to make these applications practical.

This section presents security threats in gateway devices. Smartphones are usually used as gateway devices in healthcare applications of IoT. Thus, we have explored threats and attacks related to smartphone devices. Gateway devices and smartphones are used interchangeably referring to the same device.

Hackers develop attractive mobile applications with malicious intent and upload them to the app stores so that consumers can download them for free. Once the application is downloaded on the handset, it steals the personal information of the mobile users such as contacts, account information, login passwords, and other files and sends them to hackers.

Botnets are a set of malicious devices that work in a distributed manner to launch DDoS (Distributed Denial of Service), steal the owner's personal information, and allows an attacker to access the smart device and its connection without knowledge of the owner. Botnets are fatal for the healthcare applications of IoBNT in the scenario where the gateway device (smartphone) is hacked and altered sensory data is sent to the medical server which in response will send incorrect diagnosis and treatment to the in-body networks. Authentication and access control mechanisms must be implemented to secure devices from botnet attacks.

Malware is software that is designed to interfere with the normal operation of devices. Malware might be used for DoS attacks to risk the availability of gateway devices.

In this type of attack, malicious software is created and the hidden access point is created inside the user’s smartphone so that the hackers might listen to calls, view messages and e-mails, and even track the user’s location through GPRS. Spyware attack directly targets and sabotages the data privacy of patients. Firewalls and SPAM filters must be implemented to protect devices from Spyware.

Most H-IoT devices use Bluetooth technology for communication between sensors and gateway devices. The Bluetooth technology itself host attacks if it is not configured properly. Unauthorized devices might broadcast their presence, allow uninvited connections and even start data transmission. Other types of Bluetooth attacks include Bluejacking, Bluespamming, Warchalking, Bluestumbling, Bluesnarfing, Bluebugging, Blue tracking, Bluesnipping, and Man in the middle attack. In situations where Bluetooth is used for data transmission, the devices must be properly configured with secure API prior to the transmission session.

H-IoT supports patient’s mobility, however, the exact location must be reachable to the medical staff in case of an emergency. Generally, location-tracking systems are based on radio frequency, ultrasound, received signal strength indicator, or some other technology. Location and GPS features of smartphones can be exploited to use as a tool to locate the patient. The location privacy of individuals can be sabotaged by the attackers by various attempts on the GPS feature provided in the smart-phone.

When gateway device uses WiFi as communication technology, diverse attacks are faced to the users as WiFi architecture lacks encryption to protect encrypted data. The attacker intercepts the transmission between the WiFi hotspot and the smartphone user. Moreover, hackers can also set up a fake WiFi hotspot that mimics a high-speed connection; as soon as the user connects to the hotspot, the hacker starts controlling the user’s traffic. Defense mechanisms for WiFi attacks include SPAM filters, Secure API, and Firewalls.

Gateway devices may be befooled by attackers to send collected data from illegitimate devices, whereas data is meant to be collected from the Bio cyber interface.

Routing attacks like selective forwarding, route spoofing, sinkhole, and wormhole attacks can be launched by attackers to interrupt the transmission.

The usability issue can arise when the monitoring application complexity level is too high for patients. Usability should be kept in mind while designing mobile healthcare applications.

Medjacking attack is specific for the medical devices in IoT. Hackers can attack and manipulate the software of medical sensors to act maliciously. For example, the infusion pump of insulin may seem like an innocent, unhackable device, but the delivery pump can be hijacked to inject an abnormal dosage of insulin into the human body. This attack can pose serious and even life-threatening consequences.

The security goals of any paradigm can be measured with the CIA (Confidentiality, Integrity, Availability) triad. CIA must be ensured so that H-IoT remains secure. We have identified some additional security goals, 'Authenticity' and 'Data freshness', that must be ensured in the case of H-IoT.

Confidentiality ensures that the attacker should not learn the content of the message and data must only be accessible to authorized personnel. Moreover, confidentiality must be ensured during the transmission session until the end.  In the domain of IoT confidentiality must be ensured at each layer e-g through encryption techniques such as  AES and RSA.

Integrity ensures that an attacker should not modify the data. Moreover, the source of the message is verifiable and the receiver must be able to distinguish if the message is modified. Integrity checks must be applied
at each layer of IoT. Integrity checks such as cryptographic hash functions or MAC (Message Authentication Code) can be applied. Integrity guarantees that the received information is correct.

Availability ensures that the attacker must not disrupt the communication or affect it negatively during transmission. Availability assures that information is available at every time. Considering the healthcare applications of IoT availability is a very critical security objective as violating this objective can be fatal. Adaptive self-organizing solutions
are needed to cope with this challenge.

Authentication ensures that the data is coming from the authorized source and that unauthorized users cannot access or modify the data. Authentication needs to be done on the users as well as the message. The modified message can be disastrous as it may contain false dosage values in the case of a drug delivery system. Authentication is applicable to all the
users of the system even after they have been authorized from the regular login process.

Authentication can be ensured by implementing finely grained access control mechanisms that describe the resources list an authorized user has right to access and which resource cannot be accessed by a user even he/she is authorized. For example, a nurse is a legitimate user of the healthcare system and is authorized to use the system. But he/she does not have the right to access the drug delivery operation, which must be accessed by primary only. 

In healthcare applications of IoT, data freshness is a primary security goal due to the sensitive application nature. The attacks on data freshness through message replay are unaffordable, where treatment is prescribed upon recent physiological parameters of the patient’s body. There are two kinds of freshness: weak freshness, which gives partial message ordering but does not carry time-delay information; and strong freshness
gives a total order on a request-response pair and allows for delay estimation.

Confidentiality, integrity, and authenticity solutions are available for
classic communication networks in the form of authentication, encryption, or integrity protection and cryptographic mechanisms such as symmetric and asymmetric ciphers or cryptographic hash functions. 

The weakest link in cyber security happens to be the human user of the system. Training and education sessions must be delivered to the end users of the system so that they do not get into hacker's trap.

Remember H-IoT must itself be healthy before it takes care of someonelse's health.