Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices

The growth of IoT technology, increasing prevalence of embedded devices, and advancements in biomedical technology have led to the emergence of numerous wearable health monitoring devices (WHMDs) in clinical settings and in the community. The majority of these devices are Bluetooth Low Energy (BLE) enabled. Though the advantages offered by BLE-enabled WHMDs in tracking, diagnosing, and intervening with patients are substantial, the risk of cyberattacks on these devices is likely to increase with device complexity and new communication protocols. Furthermore, vendors face risk and financial tradeoffs between speed to market and ensuring device security in all situations. Previous research has explored the security and privacy of such devices by manually testing popular BLE-enabled WHMDs in the market and generally discussed categories of possible attacks, while mostly focused on IP devices. In this work, we propose a new semi-automated framework that can be used to identify and discover both known and unknown vulnerabilities in WHMDs. To demonstrate its implementation, we validate it with a number of commercially available BLE-enabled enabled wearable devices. Our results show that the devices are vulnerable to a number of attacks, including eavesdropping, data manipulation, and denial of service attacks. The proposed framework could therefore be used to evaluate potential devices before adoption into a secure network or, ideally, during the design and implementation of new devices.

Download Full-text

A Study on Situational Awareness Security and Privacy of Wearable Health Monitoring Devices

International Journal on Cyber Situational Awareness ◽

10.22619/ijcsa.2016.100104 ◽

2016 ◽

Vol 1 (1) ◽

pp. 74-96 ◽

Cited By ~ 6

Author(s):

Xavier Bellekens ◽

Kamila Nieradzinska ◽

Alexandra Bellekens ◽

Preetila Seeam ◽

Andrew Hamilton ◽

...

Keyword(s):

Health Monitoring ◽

Situational Awareness ◽

Security And Privacy ◽

Monitoring Devices

Download Full-text

Development of remote health monitoring devices: towards IoT for manic-depressive, ageing and obese people

Anais do V Congresso Brasileiro de Eletromiografia e Cinesiologia e X Simpósio de Engenharia Biomédica ◽

10.29327/cobecseb.78809 ◽

2018 ◽

Author(s):

Y. Coelho ◽

E. Vervloet ◽

G. Gaspar ◽

T. Bastos

Keyword(s):

Health Monitoring ◽

Remote Health Monitoring ◽

Obese People ◽

Manic Depressive ◽

Monitoring Devices ◽

Remote Health

Download Full-text

Automatic Vulnerability Detection in Embedded Devices and Firmware

ACM Computing Surveys ◽

10.1145/3432893 ◽

2021 ◽

Vol 54 (2) ◽

pp. 1-42

Author(s):

Abdullah Qasem ◽

Paria Shirani ◽

Mourad Debbabi ◽

Lingyu Wang ◽

Bernard Lebel ◽

...

Keyword(s):

Embedded Systems ◽

Symbolic Execution ◽

Vital Role ◽

Security And Privacy ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Future Directions ◽

Hybrid Approaches ◽

Wide Range ◽

The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

Download Full-text

Cyber security in industrial control system

WEENTECH Proceedings in Energy ◽

10.32438/wpe.432021 ◽

2021 ◽

pp. 481-493

Author(s):

Sarika Singh ◽

Gargi Phadke

Keyword(s):

Control System ◽

Control Systems ◽

Communication Networks ◽

Cyber Security ◽

Denial Of Service ◽

Mitigation Measures ◽

Security Assessment ◽

Industrial Control System ◽

Industrial Control ◽

Smart Grid Communication

For any system to secure them industrial control system plays an important role in it. It helps to design the isolated procure system, specialized communication mechanisms is used to help for the setup. And with the help of this setup the flexibility, safety, threats, and vulnerabilities are the most important things to make. To secure them from risk assessment and other protection measurement need to specify with good instruments and security. The paper describes technical aspects on Denial of Service (Dos) attack. We also identify how smart grid communication networks works in security technical implementation guides of the different countries as a defense information systems agency. A brief chronicle of cyber storm on ICS; common challenges, some mitigation of those challenge, all levels of the multi-layered ICS architecture. This paper demonstrates railway control systems (RCS) compliance estimation of immovable control system design, operational scenarios that can be used for mitigation measures and security assessment.

Download Full-text

Proposed Back Propagation Deep Neural Network for Intrusion Detection in Internet of Things Fog Computing

International Journal of Emerging Trends in Engineering Research ◽

10.30534/ijeter/2021/23942021 ◽

2021 ◽

Vol 9 (4) ◽

pp. 464-469

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Intrusion Detection ◽

Fog Computing ◽

Denial Of Service ◽

Back Propagation ◽

Security And Privacy ◽

Brute Force ◽

Iot Platform ◽

Proposed Model

Internet of things (IoT) is an emerging concept which aims to connect billions of devices with each other anytime regardless of their location. Sadly, these IoT devices do not have enough computing resources to process huge amount of data. Therefore, Cloud computing is relied on to provide these resources. However, cloud computing based architecture fails in applications that demand very low and predictable latency, therefore the need for fog computing which is a new paradigm that is regarded as an extension of cloud computing to provide services between end users and the cloud user. Unfortunately, Fog-IoT is confronted with various security and privacy risks and prone to several cyberattacks which is a serious challenge. The purpose of this work is to present security and privacy threats towards Fog-IoT platform and discuss the security and privacy requirements in fog computing. We then proceed to propose an Intrusion Detection System (IDS) model using Standard Deep Neural Network's Back Propagation algorithm (BPDNN) to mitigate intrusions that attack Fog-IoT platform. The experimental Dataset for the proposed model is obtained from the Canadian Institute for Cybersecurity 2017 Dataset. Each instance of the attack in the dataset is separated into separate files, which are DoS (Denial of Service), DDoS (Distributed Denial of Service), Web Attack, Brute Force FTP, Brute Force SSH, Heartbleed, Infiltration and Botnet (Bot Network) Attack. The proposed model is trained using a 3-layer BP-DNN

Download Full-text

Energy Harvesting from Human Biomechanical Energy for Health-monitoring Devices

IETE Journal of Research ◽

10.1080/03772063.2018.1530074 ◽

2018 ◽

pp. 1-8 ◽

Cited By ~ 5

Author(s):

Parul Chaudhary ◽

Puneet Azad

Keyword(s):

Energy Harvesting ◽

Health Monitoring ◽

Monitoring Devices

Download Full-text

Whirligig-inspired triboelectric nanogenerator with ultrahigh specific output as reliable portable instant power supply for personal health monitoring devices

Nano Energy ◽

10.1016/j.nanoen.2018.02.039 ◽

2018 ◽

Vol 47 ◽

pp. 74-80 ◽

Cited By ~ 56

Author(s):

Qian Tang ◽

Min-Hsin Yeh ◽

Guanlin Liu ◽

Shengming Li ◽

Jie Chen ◽

...

Keyword(s):

Health Monitoring ◽

Power Supply ◽

Personal Health ◽

Triboelectric Nanogenerator ◽

Specific Output ◽

Instant Power ◽

Personal Health Monitoring ◽

Monitoring Devices

Download Full-text

Study of Medicine Dispensing Machine and Health Monitoring Devices

Cybernetics, Cognition and Machine Learning Applications - Algorithms for Intelligent Systems ◽

10.1007/978-981-33-6691-6_33 ◽

2021 ◽

pp. 297-305

Author(s):

Aditi Sanjay Bhosale ◽

Swapnil Sanjay Jadhav ◽

Hemangi Sunil Ahire ◽

Avinash Yuvraj Jaybhay ◽

K. Rajeswari

Keyword(s):

Health Monitoring ◽

Study Of Medicine ◽

Monitoring Devices

Download Full-text

Information Security in Software Systems

Cryptographic Primitives in Blockchain Technology ◽

10.1093/oso/9780198862840.003.0004 ◽

2020 ◽

pp. 135-142

Author(s):

Andreas Bolfing

Keyword(s):

Distributed Systems ◽

Information Security ◽

Defense Mechanism ◽

Denial Of Service ◽

Security And Privacy ◽

Software Systems ◽

Rapid Progress ◽

Sybil Attack ◽

Authentication And Authorization ◽

Information And Communication

The rapid progress of Information and Communication Technology (ICT) continuously intensifies the interest in the two disciplines of security and privacy. This chapter introduces the most important concepts of information security, which essentially include the three major security mechanisms identification, authentication and authorization. These mechanisms are used to obtain the most important security goals, namely confidentiality, integrity, availability and non-repudiation, which are standardized by many international organisations. The next section deals with the possible attacks against distributed systems, which are mainly the Denial-of-Service (DoS) and the Sybil attack. The chapter then concludes by introducing one possible defense mechanism against such attacks, which is now publicly known as Proof-of-Work (PoW).

Download Full-text

Provably Secure Crossdomain Multifactor Authentication Protocol for Wearable Health Monitoring Systems

Wireless Communications and Mobile Computing ◽

10.1155/2020/8818704 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Hui Zhang ◽

Yuanyuan Qian ◽

Qi Jiang

Keyword(s):

Health Monitoring ◽

Security Analysis ◽

Wearable Devices ◽

Authentication Protocol ◽

Security And Privacy ◽

Monitoring Systems ◽

Multifactor Authentication ◽

Health Monitoring Systems ◽

Wearable Health Monitoring Systems ◽

Provably Secure

Wearable health monitoring systems (WHMSs) have become the most effective and practical solutions to provide users with low-cost, noninvasive, long-term continuous health monitoring. Authentication is one of the key means to ensure physiological information security and privacy. Although numerous authentication protocols have been proposed, few of them cater to crossdomain WHMSs. In this paper, we present an efficient and provably secure crossdomain multifactor authentication protocol for WHMSs. First, we propose a ticket-based authentication model for multidomain WHMSs. Specifically, a mobile device of one domain can request a ticket from the cloud server of another domain with which wearable devices are registered and remotely access the wearable devices with the ticket. Secondly, we propose a crossdomain three-factor authentication scheme based on the above model. Only a doctor who can present all three factors can request a legitimate ticket and use it to access the wearable devices. Finally, a comprehensive security analysis of the proposed scheme is carried out. In particular, we give a provable security analysis in the random oracle model. The comparisons of security and efficiency with the related schemes demonstrate that the proposed scheme is secure and practical.

Download Full-text