Regulations and Standards Aware Framework for Recording of mHealth App Vulnerabilities

The authors describe a standards-based security framework for the purposes of recording security and privacy vulnerabilities discovered in mHealth apps. The proposed framework is compliant with the international standard for software architecture descriptions, ISO/IEC/IEEE 42010, relevant state-agency regulations, and US federal healthcare mandates, as well as computing standards for data interchange formats. Future real-life implementations are envisioned to consists of three key components: (1) design and implementation of a repository that links vulnerabilities to concepts from the taxonomy used by legislative and standardization bodies; (2) population of the repository with security vulnerability descriptions that follow a standard format, such as JavaScript Object Notation (JSON); and (3) implementation of a searchable user interface (e.g., Google's Firebase UI), which allows for aggregation statistics, data analytics, as well as public access to the repository. The proposed framework design promotes timely updates of regulations, standardization drafts, and app development platforms.

Download Full-text

Public Access Defibrillation in real-life settings

Resuscitation ◽

10.1016/j.resuscitation.2012.08.032 ◽

2012 ◽

Vol 83 ◽

pp. e12

Author(s):

Anne Møller Nielsen ◽

Fredrik Folke ◽

Freddy Lippert ◽

Lars Rasmussen

Keyword(s):

Real Life ◽

Public Access ◽

Public Access Defibrillation

Download Full-text

A Framework for Leveraging Image Security in Cloud with Simultaneous Compression and Encryption Using Compressive Sensing

Revue d intelligence artificielle ◽

10.18280/ria.350110 ◽

2021 ◽

Vol 35 (1) ◽

pp. 85-91

Author(s):

Naga Raju Hari Manikyam ◽

Munisamy Shyamala Devi

Keyword(s):

Compressive Sensing ◽

Image Data ◽

Input Image ◽

Security And Privacy ◽

Cloud Infrastructure ◽

Security Framework ◽

Image Security ◽

Compression Performance ◽

Security Algorithm ◽

Simultaneous Sensing

In the contemporary era, technological innovations like cloud computing and Internet of Things (IoT) pave way for diversified applications producing multimedia content. Especially large volumes of image data, in medical and other domains, are produced. Cloud infrastructure is widely used to reap benefits such as scalability and availability. However, security and privacy of imagery is in jeopardy when outsourced it to cloud directly. Many compression and encryption techniques came into existence to improve performance and security. Nevertheless, in the wake of emergence of quantum computing in future, there is need for more secure means with multiple transformations of data. Compressive sensing (CS) used in existing methods to improve security. However, most of the schemes suffer from the problem of inability to perform compression and encryption simultaneously besides ending up with large key size. In this paper, we proposed a framework known as Cloud Image Security Framework (CISF) leveraging outsourced image security. The framework has an underlying algorithm known as Hybrid Image Security Algorithm (HISA). It is based on compressive sensing, simultaneous sensing and encryption besides random pixel exchange to ensure multiple transformations of input image. The empirical study revealed that the CISF is more effective, secure with acceptable compression performance over the state of the art methods.

Download Full-text

Efficient Cyber Security Framework for Smart Cities

Secure Cyber-Physical Systems for Smart Cities - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-7189-6.ch006 ◽

2019 ◽

pp. 130-157 ◽

Cited By ~ 2

Author(s):

Amtul Waheed ◽

Jana Shafi

Keyword(s):

Cyber Security ◽

Smart City ◽

Smart Cities ◽

Cost Effective ◽

Cyber Attacks ◽

Security And Privacy ◽

Sensitive Information ◽

Security Framework ◽

Smart Transportation ◽

Security Issues

Smart cities are established on some smart components such as smart governances, smart economy, science and technology, smart politics, smart transportation, and smart life. Each and every smart object is interconnected through the internet, challenging the security and privacy of citizen's sensitive information. A secure framework for smart cities is the only solution for better and smart living. This can be achieved through IoT infrastructure and cloud computing. The combination of IoT and Cloud also increases the storage capacity and computational power and make services pervasive, cost-effective, and accessed from anywhere and any device. This chapter will discuss security issues and challenges of smart city along with cyber security framework and architecture of smart cities for smart infrastructures and smart applications. It also presents a general study about security mechanism for smart city applications and security protection methodology using IOT service to stand against cyber-attacks.

Download Full-text

Theoretical Analysis and Experimental Study

International Journal of Interdisciplinary Telecommunications and Networking ◽

10.4018/jitn.2013040106 ◽

2013 ◽

Vol 5 (2) ◽

pp. 66-82

Author(s):

Eralda Caushaj ◽

Huirong Fu ◽

Ishwar Sethi ◽

Haissam Badih ◽

Dion Watson ◽

...

Keyword(s):

Cellular Network ◽

Real Life ◽

Text Messages ◽

Cellular Communication ◽

Security And Privacy ◽

The Internet ◽

Security Attacks ◽

Daily Lives ◽

Voice Communication ◽

Privacy Issues

The importance of wireless cellular communication in our daily lives has grown considerably in the last decade. The smartphones are widely used nowadays, besides voice communication; the authors routinely use them to access the internet, conduct monetary transactions, send text messages and query a lot of useful information regarding the location of specific places of interest. The use of smartphones in their day-to-day communication raises many unresolved security and privacy issues. In this paper they identify relevant security attacks in Wireless Cellular Network. The authors conduct experiments in four different platforms such as Iphone, Android, Windows and Blackberry. The packets captured through Wireshark for approximately 24 minutes, giving them a lot of information regarding security and privacy issues involving the users. A lot of useful apps installed and used by the end-users have serious issues in terms of privacy and the information exposed. Which is the better platform comparing all four and what exactly do they expose from the user’s information? What are the threats and countermeasures that the users should be aware of? The aim of the authors’ paper is to give answers to the above questions based on the data captured by conducting real-life scenarios.

Download Full-text

Ethics of Digital Government

Encyclopedia of Digital Government ◽

10.4018/978-1-59140-789-8.ch113 ◽

2011 ◽

pp. 745-748

Author(s):

N. Kapucu

Keyword(s):

Information Technology ◽

Private Information ◽

Ethical Issues ◽

Leading Edge ◽

Public Access ◽

Security And Privacy ◽

Digital Government ◽

And Migration ◽

New Policies ◽

Privacy And Confidentiality

The Internet is at once a new communications medium and a new locus for social organization on a global basis. A digital government will allow public access to government information and services, and group participation in discussions at any time and from anywhere on the globe. Digital government is regarded as the most recent development in the evolving application of electronic information technology to the performance of government. The development and migration of the technologies, as well as applications of information technology in support of government operations are other important aspects. New policies have been passed by legislative bodies to ensure the proper management and implementations of these technologies and the systems they serve, their protection from physical harm, and the security and privacy of their information. The growth of digital government has increased governments’ ability to collect, store, analyze, and disclose private personal and organizational information (Fountain, 2001). In the rapidly evolving environments of digital technology, it is impossible to anticipate the leading-edge ethical issues. However, there are solid ethical imperatives to use these principles ethical behavior for resolution of the issues (Anderson, 2004). This article will focus on privacy and confidentiality of individual private information in digital environment.

Download Full-text

Development of the mHealth App Trustworthiness checklist

Digital Health ◽

10.1177/2055207619886463 ◽

2019 ◽

Vol 5 ◽

pp. 205520761988646 ◽

Cited By ~ 5

Author(s):

Afua van Haasteren ◽

Felix Gille ◽

Marta Fadda ◽

Effy Vayena

Keyword(s):

Focus Group ◽

Digital Literacy ◽

Real Life ◽

Evidence Base ◽

End Users ◽

Safety Standards ◽

Health Technologies ◽

Control Factors ◽

Mobile Health Applications ◽

Mhealth Apps

Background Mobile health applications (mHealth apps) currently lack a consensus on substantial quality and safety standards. As such, the number of individuals engaging with untrustworthy mHealth apps continues to grow at a steady pace. Objective The purpose of this study was to investigate end-users’ opinions on the features or actions necessary for trustworthy mHealth apps; and to convey this information to app developers via a succinct but informative checklist: the mHealth app trustworthiness checklist. Methods The checklist was formulated in three stages: (a) a literature review of studies identified the desirable features of the most prolific mHealth apps (health and fitness apps); (b) four focus group sessions with past or current users of these apps ( n = 20); and (c) expert feedback on whether the checklist items are conceivable in a real-life setting ( n = 6). Results Five major themes emerged from the focus group discussions: informational content, organizational attributes, societal influence, technology-related features, and user control factors. The mHealth app trustworthiness checklist was developed to incorporate these five themes and subsequently modified following expert consultation. In addition to the trustworthiness themes, we identified features that lie between trust and mistrust (limited digital literacy and indifference) as well as 10 features and actions that cause end-users to mistrust mHealth apps. Conclusion This study contributes to the evidence base on the attributes of trustworthy mHealth apps. The mHealth app trustworthiness checklist is a useful tool in advancing continued efforts to ensure that health technologies are trustworthy.

Download Full-text

Robust Data Security Framework for IoT Network using Integrated Techniques

International Journal of Applied Mathematics and Machine Learning ◽

10.18642/ijamml_7100122152 ◽

2020 ◽

Vol 13 (1) ◽

pp. 5-23

Author(s):

Fadele Ayotunde Alaba ◽

◽

Abayomi Jegede ◽

Christopher Ifeanyi Eke ◽

◽

...

Keyword(s):

Rapid Development ◽

Cost Effective ◽

Security Protocol ◽

Security And Privacy ◽

Security Framework ◽

Resource Constrained ◽

Iot Devices ◽

Lightweight Authentication ◽

Resource Constrained Devices ◽

Constrained Devices

The Internet of Things (IoT) expects to improve human lives with the rapid development of resource-constrained devices and with the increased connectivity of physical embedded devices that make use of current Internet infrastructure to communicate. The major challenging in such an interconnected world of resource-constrained devices and sensors are security and privacy features. IoT is demand new approaches to security like a secure lightweight authentication technique, scalable approaches to continuous monitoring and threat mitigation, and new ways of detecting and blocking active threats. This paper presents the proposed security framework for IoT network. A detail understanding of the existing solutions leads to the development of security framework for IoT network. The framework was developed using cost effective design approach. Two components are used in developing the protocol. The components are Capability Design (mainly a ticket, token or key that provides authorization to access a device) and Advanced Encryption Standard (AES)-Galois Counter Mode (GCM) (a-security protocol for constrained IoT devices). AES-GCM is an encryption process that is based on authentication and well suitable IoT.

Download Full-text

A security framework for mHealth apps on Android platform

Computers & Security ◽

10.1016/j.cose.2018.02.003 ◽

2018 ◽

Vol 75 ◽

pp. 191-217 ◽

Cited By ~ 44

Author(s):

Muzammil Hussain ◽

Ahmed Al-Haiqi ◽

A.A. Zaidan ◽

B.B. Zaidan ◽

M. Kiah ◽

...

Keyword(s):

Security Framework ◽

Android Platform ◽

Mhealth Apps

Download Full-text

A Security Framework for Electronic Medical Record

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit20634 ◽

2020 ◽

pp. 01-11

Author(s):

Obaloje Nkem Daniel

Keyword(s):

Access Control ◽

Medical Record ◽

Electronic Medical Record ◽

Health Sector ◽

Security And Privacy ◽

Role Based Access Control ◽

Security Framework ◽

Record System ◽

Wide Range ◽

Role Based

Electronic Medical Record (EMR) is basically the digital equivalent of paper records, or charts at a clinician’s office. EMR assist and make easier the services rendered by a wide range of medical practitioners such as physicians, nurses, pharmacists and many others, hence, increasing the safety of patients. It's importance in the health sector cannot be overemphasized. The designed framework aims at identifying security challenges in the use and adoption of EMR, to design and implement a framework that will address issues identified in the use and adoption of EMR. This study presented a security framework to improve the security and privacy issues of EMRs by adopting Role Based Access Control and RSA cryptography. Role Based Access Control (RBAC) model was used because of its flexibility to support minimal functionality and its simplistic mode of assigning roles and permissions to users. In conclusion, this research was able to improve the security of EMRs and hence will increase its acceptance by health institutions which will bring about improved health services, especially in developing countries were manual record system are still prominent.

Download Full-text

Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

Journal of Healthcare Engineering ◽

10.1155/2020/5601068 ◽

2020 ◽

Vol 2020 ◽

pp. 1-14

Author(s):

Pedro Moura ◽

Paulo Fazendeiro ◽

Pedro R. M. Inácio ◽

Pedro Vieira-Marques ◽

Ana Ferreira

Keyword(s):

Risk Factors ◽

Risk Assessment ◽

Access Control ◽

Delphi Study ◽

Mobile Apps ◽

Real Life ◽

Health Data ◽

Security And Privacy ◽

Risk Level ◽

Healthcare Data

Background. Smartphones can tackle healthcare stakeholders’ diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.

Download Full-text