Security specification and implementation for mobile e-health services

Martí, Ramon; Delgado, Jaime; Perramon, Xavier

doi:10.1109/eee.2004.1287316

Cited by 23 publications

(10 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Li et al [38] look into the security weaknesses of glucose monitoring and insulin delivery systems and proposed the technologies for protecting those devices' operations using rolling-code and body-coupled communication. Also, Marti et al [39] lay out a few necessary requirements for building a secure mobile health care system. All such prior work focuses on the security problems of a specific health device or the communication protocol it uses, whereas our research aims at understanding the security implications of the way Android handles its external devices, in the presence of malicious apps running on the phone.…”

Section: Relatedworkmentioning

confidence: 99%

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Naveed

Zhou

Demetriou

et al. 2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Today's smartphones can be armed with many types of external devices, such as medical devices and credit card readers, that enrich their functionality and enable them to be used in application domains such as healthcare and retail. This new development comes with new security and privacy challenges. Existing phone-based operating systems, Android in particular, are not ready for protecting authorized use of these external devices: indeed, any app on an Android phone that acquires permission to utilize communication channels like Bluetooth and Near Field Communications is automatically given the access to devices communicating with the phone on these channels.In this paper, we present the first study on this new security issue, which we call external Device Mis-Bonding or DMB, under the context of Bluetooth-enabled Android devices. Our research shows that this problem is both realistic and serious: oftentimes an unauthorized app can download sensitive user data from an Android device and also help the adversary to deploy a spoofed device that injects fake data into the original device's official app on the phone. Specifically, we performed an in-depth analysis on four popular health/medical devices that collect sensitive user information and successfully built end-toend attacks that stealthily gathered sensitive user data and fed arbitrary information into the user's health/medical account, using nothing but Bluetooth permissions and public information disclosed by the phone. Our further study of 68 relevant deviceusing apps from Google Play confirms that the vast majority of the devices on the market are vulnerable to this new threat. To defend against it, we developed the first OS-level protection, called Dabinder. Our approach automatically generates secure bonding policies between a device and its official app, and enforces them when an app attempts to establish Bluetooth connections with a device and unpair the phone from the device (for resetting the Bluetooth link key). Our evaluation shows that this new technique effectively thwarts the DMB attacks and incurs only a negligible impact on the phone's normal operations.

show abstract

Section: Relatedworkmentioning

confidence: 99%

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Naveed

Zhou

Demetriou

et al. 2014

Proceedings 2014 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…there have been works done in the underlying networks and application security services integrated into health networks by looking for mobile specific requirements [52,53]. Due to the demand, IEEE 11,073 workgroup formed a sub-workgroup for cybersecurity to support secure health data exchange between personal health devices (PHD) and their clients.…”

Section: Diseases Based Geographic Areas Relationships Modelling Techmentioning

confidence: 99%

Systematic Predictive Analysis of Personalized Life Expectancy Using Smart Devices

Kang¹,

Adibi²

2018

Technologies

View full text Add to dashboard Cite

With the emergence of technologies such as electronic health and mobile health (eHealth/mHealth), cloud computing, big data, and the Internet of Things (IoT), health related data are increasing and many applications such as smartphone apps and wearable devices that provide wellness and fitness tracking are entering the market. Some apps provide health related data such as sleep monitoring, heart rate measuring, and calorie expenditure collected and processed by the devices and servers in the cloud. These requirements can be extended to provide a personalized life expectancy (PLE) for the purpose of wellbeing and encouraging lifestyle improvement. No existing works provide this PLE information that is developed and customized for the individual. This article is based on the concurrent models and methodologies to calculate and predict life expectancy (LE) and proposes an idea of using multi-phased approaches to the solution as the project requires an immense and broad range of work to accomplish. As a result, the current prediction of LE, which was found to be up to a maximum of five years could potentially be extended to a lifetime prediction by utilizing generic health data. In this article, the novel idea of the solution proposing a PLE on an individual basis, which can be extended to lifetime is presented in addition to the existing works.

show abstract

“…patient's name, address, etc. need to be cryptographically protected; not all [12]. For instance when transmitting a DICOM image file, it is not necessary to hide the raw image data (image data integrity is dealt at a different level using the specifications analyzed in Reference [20]), however it is imperative to secure the sensitive information included in the DICOM header.…”

Section: General Issuesmentioning

confidence: 99%

Enabling the provision of secure web based m‐health services utilizing XML based security models

Vouyioukas

Kambourakis

Rouskas

et al. 2008

Security Comm Networks

View full text Add to dashboard Cite

It has been generally agreed that the security of electronic patient records and generally e-health applications must meet or exceed the standard security that should be applied to paper medical records, yet the absence of clarity on the proper goals of protection has led to confusion. The primary purpose of this study was to investigate appropriate security mechanisms, which will help clinical professionals and patients discharge their ethical and legal responsibilities by selecting suitable systems and operating them safely and in short order. Thus, in this paper we propose a security model based on XML with the intention of developing a fast security policy mostly intended for mobile healthcare information systems. The proposed schema consists of a set of principles based on XML security models through the use of partial encryption, signature and integrity services and it was implemented by means of a web-based m-health application in a centralized three-tier architecture utilizing wireless networks environment. Several experiments took place with the aim of measuring the client response time implementing a number of m-health scenarios. The results showed that the response times required for the fulfilment of a client request with the XML security model are smaller compared to those corresponding to the conventional security mechanisms such as the application of SSL. By selectively applying confidentiality and integrity services either to the medical information as a whole or to some sensitive parts of it, the obtained results clearly demonstrate that XML security mechanisms overwhelm those of SSL and they are suitable for deployment in m-health applications.

show abstract

Security specification and implementation for mobile e-health services

Cited by 23 publications

References 1 publication

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Systematic Predictive Analysis of Personalized Life Expectancy Using Smart Devices

Enabling the provision of secure web based m‐health services utilizing XML based security models

Contact Info

Product

Resources

About