MAIN PAPER & STRUCTURE of Survey

SECURITY FUNDAMENTALS OF INTERNET OF THINGS AT THE EDGE SIDE LAYER

I INTRODUCTION
INTRODUCTION
The drive for a virtualized physical world of no bodily contact between o
bjects and needless of human intervention in a densely sensory but heterogenous w
ireless interconnectivity of animate and inanimate things is what has fuelled th
e emergence of Internet of Things (IoT). In contrast to already known Internet an
d Cloud computing that powers outsourced network of integrated computer applicati
on and mobile services from data centers, IoT is a step further to the functiona
lity of sensors and actuators in consumers devices and the earth ecosystem in a
neural data exchange. In such a community of things, not much concentration will
be giving to the media, people and content. The fixation in objects and human w
ith internet connectivity offers opportunity not only to track the objects and g
ather data but to generate knowledge capable to perform a far more intelligent o
versight functions.[1], [2].
The proliferation and miniaturization of personal medical devices (PMDs) has gra
dually falls into the technology of IoT. the PMDs are small, resource constraine
d electronic devices that have a modest hardware and a small firmware. [A. Mohan
, "Cyber Security for Personal Medical Devices Internet of Things," 2014 IEEE In
ternational Conference on Distributed Computing in Sensor Systems, Marina Del Re
y, CA, 2014, pp. 372-374. : http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumb
er=6846193&isnumber=6846129 doi: 10.1109/DCOSS.2014.49] it enable patients to be
mobile and independent much longer thereby delaying need for assisted living for
them. These devices typically have a wireless interface to communicate with a b
ase station that is used to read medical reports from the devices, read device s
tatus, change the parameters, or update the firmware on the device. These wirele
ss interface expose the device to security threats and raises security and priva
cy concerns for the patient [ K. Fu and J. Blum, Inside Risks Controlling for Cyb
ersecurity Risks of Medical Device Software , Communications of the ACM, Vol. 56,
No. 10, October 2013. Online: http://www.csl.sri.com/users/neumann/cacm231.pdf]
IoT has brought an era where aggregation of data enable objects to perfor
m routine task at convenience and proactively; creating inftrastructure, objects
perform actions IoT can be defined as physical objects that connect to the inte
rnet through embedded systems and sensors, interacting with it to generate meani
ngful results and convenience to the end-user community [http://www.ey.com/Publi
cation/vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecu
rity-and-the-internet-of-things.pdf] Refers to as network of sensors that uses Ra
dio frequency identification (RFID) is a major prerequisite to the IoT that iden
tifies an object attached with an RFID tag using radio waves [http://0-ieeexplor
e.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?arnumber=7721738]
The potential for it to enable any aspect of our lives is what is encoura
ging this idea to become established and flourish. The new IPv6 makes it possibl
e to assign a communications address to billions of devices. These are Edge devi
ces and simplified devices with limited resources that are used within an IoT sys
tem in massive quantities. An edge device is a limited resource device typically
designed to perform a single function
[Mine] Internet of things (IoT) medical care is a practice for collection an
d transfers of patients information using sensors and communication network techn
ology. It also involve remote control, administration and monitoring of patience
health care system[J. Caedo and A. Skjellum, "Adding scalability to Internet of
Things gateways using parallel computation of edge device data," 2016 IEEE High
Performance Extreme Computing Conference (HPEC), Waltham, MA, USA, 2016, pp. 1-5
.
doi: 10.1109/HPEC.2016.7761601 http://0-ieeexplore.ieee.org.brum.beds.ac.u
k/stamp/stamp.jsp?tp=&arnumber=7761601&isnumber=7761574]. A technological attack
on the health system is an attack to life of connected patience, it could both
result to financial loss and death. It is such a sensitive technological innovati
on that require cross-wide research and cautious implementation.
USE THIS ... IoT [Paraphrase to last sentence] Networks of sensors measure and rec
ord everything from temperature, light, and motion to biohazards and physical in
dicators from the body. Sensor-enabled devices communicate with each other throu
gh the internet of things, ingestible sensors monitor the body from the inside, an
d intelligent swarms of sensors co-ordinate with each other to collect data. Dec
lining costs and advancements in sensor technology make it accessible, widely us
ed and an integral part of the 2020 s digital ecosystem. [Gov2020: A Journey into
the Future of Government 17, By William D. Eggers and Paul Macmillan]
Sun [2] defines IoT based on the use of technologies such as infrared sens
ors, global positioning systems (GPS), laser scanners, and radio frequency ident
ification (RFID) to connect any object to the internet in order to communicate a
nd exchange information, making it possible to identify, monitor, track, and man
age a network intelligently. Currently, these technologies have been widely used
in industrial and business environments, providing greater efficiency and speed
to operations [C. Sun , Application of RFID technology for logistics on Interne
t of Things , AASRI Procedia , vol. 1 , pp. 106 111 , 2012]. What happens when hu
man body becomes part of the network? In which case a sensor device is planted i
n the body or within range of interactivity to what [D. Kune , Ghost talk: Mitigat
ing EMI signal injection attacks against analog sensors,?? in Proc. IEEE Symp. S
ecurity Privacy, pp-145-159,May 2013] identified as Wireless Body Area Networks
(WBANs) responsible for the transmission of physical, chemical and sensory behav
iours a person. [J. Siddiquee, A. Roy, A. Datta, P. Sarkar, S. Saha and S. S. Bi
swas, "Smart asthma attack prediction system using Internet of Things," 2016 IEE
E 7th Annual Information Technology, Electronics and Mobile Communication Confer
ence (IEMCON), Vancouver, BC, Canada, 2016, pp. 1-4.] doi: 10.1109/IEMCON.2016.7
746252 http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?tp=&arnumber=
7746252&isnumber=7746074 ] successfully implemented Smart Asthma Attack Predicti
on System. An IoT system which will help an asthma patient to avoid some situati
ons which cause breathing trouble. Whenever he or she is about to have an asthma
attack, a warning is sent to their smart phone as a notification. Thus the pers
on moves away to some safe zone free from factors which can trigger the attack [
paraphrase]
However, the aggregation of computing devices and applications in a wirele
ss environment poses not only an interoperability trust issues, but as well scalab
le security threats to the infrastructure and data flowing between sensible cons
umers devices, edge of computing nodes and at the data centers. More worrisome i
s preservation of security and privacy of data at the edge of computing devices
at which point data is first processed and could serve as an entry point by atta
ckers to other nods of IoT system.
The study discuss emerging security threats and privacy issues at the edg
e of IoT consumers where there is an uphill to physically secure smart devices,
to ensure trust and privacy of data exchange at the user's network.
security considerations of IOT. This
includes physical and information security. While the physical
security deals with the Bluetooth and GPS security, on the
other hand, information security handles the RFID and
wireless sensor security

http://www.infoworld.com/category/security/
http://www.infoworld.com/article/3144362/devops/10-key-security-terms-dev
ops-ninjas-need-to-know.html//
[Paraphrase the paragrapgh: ReWrite in your own words] However, the integrati
on of these smart things into the standard Internet , Moreover, commercializatio
n of IoT has led to public security concerns, including personal privacy issues,
threat of cyber attacks, and organized crime. , this survey attempts to provide
a comprehensive list of vulnerabilities and countermeasures against services on
 the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii
) communication, and (iii) edge computing. To achieve this goal, a brief discuss
ion of three widely-known IoT reference models and definition of security in the
context of IoT healthcare is made. Second, we discuss the possible applications
of IoT and potential motivations of the attackers who target this new paradigm.
Third, we discuss different attacks and threats [Arsalan Mohsen Nia, Student Mem
ber, IEEE and Niraj K. Jha, A Comprehensive Study of Security of Internet-of-Thin
gs Fellow, IEEEhttp://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?arnum
ber=7562568]
[Mine]Consideration for preservation of security at the edge of computing
devices at which point data is processed and Your insecure product may not be th
e ultimate target but could provide the pivot point for an attack elsewhere in t
he system.The study survey models and standard of IoT in the healthcare practice
s and identifies emerging security threats and privacy issues at the edge of IoT
consumer patience where there is an uphill to physically secure smart devices, h
ealth safety, to ensure trust and privacy of data exchange on the patience netwo
rk. This paper surveys both physical and data security issues, including privacy
concern at the edge side layer of IoT. [Mine]. The paper is more concerned with
IoT consumer technologies involving the technologies and the users. Emphasis is
placed on security of human medical health systems at the edge side layer of Io
T reference model.
A. Mohsen Nia; N. K. Jha, "A Comprehensive Study of Security of Internet-
of-Things," in IEEE Transactions on Emerging Topics in Computing , vol.PP, no.99
, pp.1-1 doi: 10.1109/TETC.2016.2606384
II THE IoT SYSTEM MODEL
For knowledge of security challenges in IoT system, it is imperative to understa
nd the building block with regard to functionality and requirement. The survey c
onsiders the CISCO seven layers model in [A. Mohsen Nia; N. K. Jha, "A Comprehen
sive Study of Security of Internet-of-Things," in IEEE Transactions on Emerging
Topics in Computing , vol.PP, no.99, pp.1-1 doi: 10.1109/TETC.2016.2606384 [Mine]
http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?arnumber=7562568&ta
g=1 ]

* Level 1-Edge devices: The first level of this reference model typically consis
ts of computing nodes, e.g., smart controllers, sensors, RFID readers, etc., and
different versions of RFID tags. Data confidentiality and integrity must be tak
en into account from this level upwards.
* Level 2-Communication: The communication level consists of all the components
that enable transmission of information or commands: (i) communication between d
evices in the first level, (ii) communication between the components in the secon
d level, and (iii) transmission of information between the first and third level
s (edge computing level).
* Level 3-Edge computing: Edge computing, also called fog computing, is the thir
d level of the model in which simple data processing is initiated. This is essen
tial for reducing the computation load in the higher level as well as providing
a fast response. Most real-time applications need to perform computations as clo
se to the edge of the network as possible. The amount of processing in this leve
l depends on the computing power of the service providers, servers, and computin
g nodes. Typically, simple signal processing and learning algorithms are utilize
d here.
* Level 4-Data accumulation: Most of the applications may not need instant data
processing. This level enables conversion of data in motion to data at rest, i.e
., it allows us to store the data for future analysis or to share with high-leve
l computing servers. The main tasks of this level are converting the format from
network packets to database tables, reducing data through filtering and selecti
ve storing, and determining whether the data are of interest to higher levels.
* Level 5-Data abstraction: This level provides the opportunity to render and st
ore data such that further processing becomes simpler or more efficient. The com
mon tasks of entities at this level include normalization, denormalization, inde
xing and consolidating data into one place, and providing access to multiple dat
a stores.
* Level 6-Applications: The application level provides information interpretatio
n, where software cooperates with data accumulation and data abstraction levels.
The applications of IoT are numerous and may vary significantly across markets
and industrial needs.
* Level 7-Users and centers: The highest level of the IoT is where the users are
. Users make use of the applications and their analytical data.normalization, in
dexing and consolidating data into one place, and providing access to multiple d
ata stores. Level 6-Applications: The application level provides information int
erpretation, where software cooperates with data accumulation and data abstracti
on levels. The applications of IoT are numerous and may vary significantly acros
s markets and industrial needs. Level 7-Users and centers: The highest level of
the IoT is where the users are. Users make use of the applications and their ana
lytical data.
HOWEVER, this paper places more emphasis on security and privacy at the edge sid
e layers; namely; the perception and network layers. [Q. Jing et al., Security of
the Internet of Things: Perspectives and Challenges, Wireless Networks, vol. 20,
no. 8, 2014, pp. 2481 2501.]The perception layer deals with low-level data transmi
ssion (device level) and whereas the network layer deals with Internet-level dat
a transmission.
TECHNOLOGICAL OUTLOOK OF INTERNET OF THINGS
* A solution is remote monitoring or telemonitoring that helps the physicians to
follow up the progress of the patient and decide if a medical assistant or a do
ctor must be present or if the patient will be transported to another medical fa
cility. In this way patients retain the quality of medical services but at lower
cost.
* The 2net Platform is designed for maximum security and interoperability offeri
ng a menu of plug-and-play wireless health solutions that work within an FDA-lis
ted enterprise grade infrastructure. Solutions developed using this platform can
be rapidly deployed and scaled so that organizations can quickly meet their rem
ote monitoring and care management goals.Patient self-management combined with c
onnectivity to a care network is an emerging model that enables scalable chronic
disease management for patients and providers. [Jon Markman, The IoT Is Coming
To Healthcare http://www.forbes.com/sites/jonmarkman/2016/09/15/the-iot-is-coming
-to-healthcare/#14140e075036 , 2016.
* Edisse has a prototype wearable sensor for real-time tracking, fall detection,
and alerts. It basically combines the GPS, mobile data, short messaging service
s (SMSs), and an accelerometer to detect unusual movements such as a fall and th
en reports them to a third party such as adult children or other caregivers [108
]
* Edisse has a prototype wearable sensor for real-time tracking, fall detection,
and alerts. It basically combines the GPS, mobile data, short messaging service
s (SMSs), and an accelerometer to detect unusual movements such as a fall and th
en reports them to a third party such as adult children or other caregivers [108
]
* This wrist band sends to the user s smartphone this vital information. A group o
f researchers in Korea has introduced a sufficiently compact and subtle wearable
BP sensor that can be used to deliver nonstop monitoring for a long period with
out disturbing the daily activity of the user [116]. An iHealth Lab team has dev
eloped a set of IoT healthcare devices including a wireless BP wrist monitor, a
BP dock, a wireless body analysis scale, iHealth Lite, iHealth Edge, a wireless
pulse oximeter, iHealth Align, and a wireless smart glucose-monitoring system [1
17]
* S. M. R. Islam, D. Kwak, M. H. Kabir, M. Hossain and K. S. Kwak, "The Internet
of Things for Health Care: A Comprehensive Survey," in IEEE Access, vol. 3, no.
, pp. 678-708, 2015.
doi: 10.1109/ACCESS.2015.2437951 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&
arnumber=7113786&isnumber=7042252
* GLUCOSE LEVEL SENSING: Diabetes is a group of metabolic diseases in which ther
e are high blood glucose (sugar) levels over a prolonged period. Blood glucose m
onitoring reveals individual patterns of blood glucose changes and helps in the
planning of meals, activities, and medication times. An m-IoT configuration meth
od for noninvasive glucose sensing on a real-time basis is proposed in [28]. In
this method, sensors from patients are linked through IPv6 connectivity to relev
ant healthcare providers. The utility model in [65] unveils a transmission devic
e for the transmission of collected somatic data on blood glucose based on IoT n
etworks. This device includes a blood glucose collector, a mobile phone or a com
puter, and a background processor. A similar innovation is found in [66]. In add
ition, a generic IoT-based medical acquisition detector that can be used to moni
tor the glucose level is proposed in [67].
* Wheelchair Management: Many researchers have worked to develop smart wheelchai
rs with full automation for disabled people. The IoT has the potential to accele
rate the pace of work. A healthcare system for wheelchair users based on the IoT
technology is proposed in [40]. The design comes with WBANs integrated with var
ious sensors whose functions are tailored to IoT requirements. A medical support
system considering peer-to-peer (P2P) and the IoT technology is implemented in
[91]. This system provides for chair vibration control and can detect the status
of the wheelchair user. Another noteworthy example of IoT-based wheelchair deve
lopment is the connected wheelchair designed by Intel s IoT department [92]. This
development eventually shows that standard things can evolve into connected machin
es driven by data. This device can monitor vitals of the individual sitting in t
he chair and collect data on the user s surroundings, allowing for the rating of a
location s accessibility.
*
* MEDICATION MANAGEMENT: The noncompliance problem in medication poses a serious
threat to public health and causes huge financial waste across the world. To ad
dress this issue, the IoT offers some promising solutions. An intelligent packag
ing method for medicine boxes for IoT-based medication management is proposed in
[89]. This method entails a prototype system of the I2Pack and the iMedBox and
verifies the system by field trials. This packaging method comes with controlled
sealing based on delamination materials controlled by wireless communications.
The eHealth service architecture based on RFID tags for a medication control sys
tem over the IoT network is presented in [90]. Here the prototype implementation
is demonstrated, and this ubiquitous medication control system is designed spec
ifically for providing AAL solutions.
* 2) ELECTROCARDIOGRAM MONITORING: The monitoring of the electrocardiogram (ECG)
, that is, the electrical activity of the heart recorded by electrocardiography,
includes the measurement of the simple heart rate and the determination of the
basic rhythm as well as the diagnosis of multifaceted arrhythmias, myocardial is
chemia, and prolonged QT intervals [68]. The application of the IoT to ECG monit
oring has the potential to give maximum information and can be used to its fulle
st extent [69]. A number of studies [20], [31], [33], [35], [40], [56], [70] hav
e explicitly discussed IoT-based ECG monitoring. The innovation in [71] introduc
es an IoT-based ECG monitoring system composed of a portable wireless acquisitio
n transmitter and a wireless receiving processor. The system integrates a search
automation method to detect abnormal data such that cardiac function can be ide
ntified on a real-time basis. There exists a comprehensive detection algorithm o
f ECG signals at the application layer of the IoT network for ECG monitoring [72
].
* OXYGEN SATURATION MONITORING: Pulse oximetry is suitable for the noninvasive n
onstop monitoring of blood oxygen saturation. The integration of the IoT with pu
lse oximetry is useful for technology-driven medical healthcare applications. A
survey of CoAP-based healthcare services discusses the potential of IoT-based pu
lse oximetry [80]. The function of the wearable pulse oximeter Wrist OX2 by Noni
n is illustrated in [31]. This device comes with connectivity based on a Bluetoo
th health device profile, and the sensor connects directly to the Monere platfor
m. An IoT-optimized low-power/low-cost pulse oximeter for remote patient monitor
ing is proposed in [81]. This device can be used to continuously monitor the pat
ient s health over an IoT network. An integrated pulse oximeter system for telemed
icine applications is described in [82]. A wearable pulse oximeter for health mo
nitoring using the WSN can be adapted to the IoT network [83].
* 3) BLOOD PRESSURE MONITORING: The question of how the combination of a KIT blo
od pressure (BP) meter and an NFC-enabled KIT mobile phone becomes part of BP mo
nitoring based on the IoT is addressed in [47]. A motivating scenario in which B
P must be regularly controlled remotely is presented by showing the communicatio
ns structure between a health post and the health center in [73]. The question o
f how the Withings BP device operates depends on the connection to an Apple mobi
le computing device is addressed in [74]. A device for BP data collection and tr
ansmission over an IoT network is proposed in [75]. This device is composed of a
BP apparatus body with a communication module. A location-intelligent terminal
for carry-on BP monitoring based on the IoT is proposed in [76].
* Rehabilitation System: Because physical medicine and rehabilitation can enhance
and restore the functional ability and quality of life of those with some physi
cal impairment or disability, they represent a vital branch of medicine. The IoT
has the potential to enhance rehabilitation systems in terms of mitigating prob
lems linked to aging populations and the shortage of health experts. An ontology
-based automating design method for IoT-based smart rehabilitation systems is pr
oposed in [42]. This design successfully demonstrates that the IoT can be an eff
ective platform for connecting all necessary resources to offer real-time inform
ation interactions. IoT-based technologies can form a worthwhile infrastructure
to support effective remote consultation in comprehensive rehabilitation [84]. T
here are many IoT-based rehabilitation systems such as an integrated application
system for prisons [85], the rehabilitation training of hemiplegic patients [86
], a smart city medical rehabilitation system [87], and a language-training syst
em for childhood autism [88].
*
* Asthma Monitoring: Observation is the key to asthma management. When, where an
d what triggers an attack is very critical to maintain an adequate environment a
nd alleviating symptoms. Peak flow meter is a simple hand-held device for asthma
monitoring. A wearable stethoscope to continuously monitor the patients with as
thma or other pulmonary diseases is described by [17]. The system transmitting t
he signals via a wireless sensor attach to the skin. A wearable sensor system co
nsisting of a wristband and chest patch for understanding impacts of ozone on ch
ronic asthma conditions is described by [18]. The data from the device is stream
ed and transferred to a server for cloud storage. The battery life of wristband
is around 15 hours and the chest patch is around 36 hours.
*
* Nowadays, there are a wide variety of AmI systems [4], such as ambient assiste
d living ((AAL),
]
Philips is developing HealthSuite, a cloud-enabled connected health ecosystem of
devices, apps and digital tools that will work seamlessly together to empower p
ersonalized health and continuous care. HealthSuite is purpose-built to benefit
consumers, patients and populations across the health continuum, from healthy li
ving and prevention to diagnosis, treatment and home care.
As well as helping to improve the efficiency and personalization of healthcare,
our aim is to make consumers feel empowered. So instead of health being somethin
g monitored and treated by healthcare professionals where the consumer is only i
nformed and not involved they are empowered to take more proactive ownership of
their own health.
II SECURITY REQUIREMENT OF IoT IN THE CONTEXT OF HEALTH CARE
INTRO: The security of the thing is only as secure as the network in which it resides:
this includes the people, processes and technologies involved in its developmen
t, delivery modes (hardware and software) and usage[Mine]. [Christian Lesjak, Dan
iel Hein & Johannes Winter, Hardware-Security Technologies for Industrial IoT: T
rustZone and Security Controller Industrial Electronics Society, IECON 2015 - 41st
Annual Conference of the IEEE, Issue Date: 9-12 Nov. 2015,
http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?arnumber=7392493&ta
g=1]
Thus, for a secure IoT there must be a functional requirements and [M. Zhang, A.
Raghunathan, and N. K. Jha, Trustworthiness of medical devices and body area netw
orks, Proceedings of the IEEE, vol. 102, no. 8, pp. 1174 1188, 2014. http://0-ieeex
plore.ieee.org.brum.beds.ac.uk/xpls/icp.jsp?arnumber=6827202#at-glance ] identif
ied the following requirement that characterized a secure system:
* Reliability:
* Confidentiality
* Integrity
* Availability
* privacy
Security requirements are broken down into three main categories: (i) confidenti
ality, (ii) integrity, and (iii) availability, referred to as the CIA-triad. Con
fidentiality entails applying a set of rules to limit unauthorized access to cer
tain information. It is crucial for IoT devices because they might handle critic
al personal information, e.g., medical records and prescription. For instance, a
n unauthorized access to personal health devices may reveal personal health info
rmation or even lead to life-threatening situations [11]. Integrity is also nece
ssary for providing a reliable service. The device must ensure that the received
commands and collected information are legitimate.
Cherdantseva et al. show that the CIA-triad does not address new threats that em
erge in a collaborative security environment [Y. Cherdantseva and J. Hilton, A re
ference model of information assurance & security, in Proc. IEEE 8th Int. Conf. A
vailability, Reliability and Security, 2013, pp. 546 555]. They provide a comprehe
nsive list of security requirements by analyzing and examining a variety of info
rmation, assurance, and security literature. This list is called the IAS-octave
and is proposed as an extension to CIAtriad.
EXPLANATION but paraphrasse accordingly
[M. Zhang, A. Raghunathan, and N. K. Jha, Trustworthiness of medical devices and
body area networks, Proceedings of the IEEE, vol. 102, no. 8, pp. 1174 1188, 2014]
[Explain in detail each of this...] a technology is classified insecure if these
requirements are lacking.
First, a remote, or software, attacker gains privileged access to the industrial
equipment's processor via a network connection. This attacker does not have phy
sical access to the equipment hardware. But after a successful software attack h
e can arbitrarily access the data authentication mechanisms, and even worse, ext
ract cryptographic keys, such as the secret snapshot authentication key. Second,
a local attacker has physical access to the industrial equipment's electronics.
Such an attacker may be an insider attacker, like a disgruntled employee, or an
intruder into company facilities. Upon success a local attacker may read out th
e equipment's memory to extract cryptographic credentials.
Bot frameworks, machine learning, and cognitive services all three are part of t
he Cortana Intelligence Suite, Microsoft s ambition to transform data into intelli
gent action
For fig below: [A. Mohsen Nia; N. K. Jha, "A Comprehensive Study of Security of Int
ernet-of-Things," in IEEE Transactions on Emerging Topics in Computing , vol.PP,
no.99, pp.1-1
doi: 10.1109/TETC.2016.2606384, [Mine]
http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?arnumber=7562568 ]
III. IoT HEALTH CARE SYSTEM
The IoT medical devices falls under the classification of U.S. Food and Drug Adm
inistration for standard medical devices. Each device approved by the FDA is clas
sified into general and special control. Challenges abound for medication requiri
ng special control and IoI are right on hand with IWMDs of two kinds: sensors tha
t monitor the patient s ECG, temperature, blood glucose and oxygen levels, etc., a
nd actuators that deliver therapies, such as cardiac pacing and drug injection [
M. Zhang, A. Raghunathan, and N. K. Jha, Trustworthiness of medical devices and b
ody area networks, Proceedings of the IEEE, vol. 102, no. 8, pp. 1174 1188, 2014].
However, [. M. R. Islam, D. Kwak, M. H. Kabir, M. Hossain and K. S. Kwak, "The I
nternet of Things for Health Care: A Comprehensive Survey," in IEEE Access, vol.
3, no. , pp. 678-708, 2015. doi: 10.1109/ACCESS.2015.2437951
keywords: {Biological system modeling;Internet of things;Market research;Medical
services;Network architecture;Network security;Applications;Architectures;Chall
enges;Health Care;Industries;Internet of Things;Networks;Platforms;Policies;Secu
rity;Services;Technologies},
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7113786&isnumber=70
42252]
Others are replacement heart valves, cardiac pacemakers, and neurostimulators. De
vices with a minimal risk, such as tongue depressors and handheld surgical instr
uments. wheelchairs, surgical needles, and infusion pumps
[M. Mozaffari-Kermani, M. Zhang, A. Raghunathan, and N. K. Jha, Emerging frontier
s in embedded security, in Proc. IEEE Int. Conf. VLSI Design, 2013, pp. 203 208 htt
p://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?tp=&arnumber=7562568&t
ag=1 ]. IoT-based longterm personal health monitoring and drug delivery systems,
in which various physiological signals are captured, analyzed, and stored for fu
ture use, provide a fundamentally new approach to healthcare.
An actuator is usually equipped with a programmer to change configurations or is
sue commands wirelessly. For certain devices, such as pacemakers, programmers ar
e available only in clinics or hospitals, and the patient must visit a qualified
healthcare provider for device tuning. For other devices, such as insulin pumps
, patient programmers are available that allow patients to adjust the devices to
meet their needs at any time.
However, due to their increasing functional complexity, ensuring the reliability
of IWMDs is more challenging than ever. As devices become increasingly smaller
in size, but more complex in both software and hardware, their design, testing,
and eventual regulatory approval are becoming much more expensive for medical de
vice manufacturers, both in terms of time and cost. The number of devices that h
ave recently been recalled due to software and hardware defects is increasing at
an alarming rate.
Thus, the ToT healthcare domain deals with object tracking, identification/authe
ntication of people, and automatic data collection/sensing [D. Puthal, S. Nepal,
R. Ranjan and J. Chen, "Threats to Networking Cloud and Edge Datacenters in the
Internet of Things," in IEEE Cloud Computing, vol. 3, no. 3, pp. 64-71, May-Jun
e 2016.
doi: 10.1109/MCC.2016.63 http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.
jsp?tp=&arnumber=7503493&isnumber=7503478 ]
III SOURCES OF ATTACK
The overall IoT system is prone to both physical and cyber threats. Sources of a
ttacks in IoT
1. Apps: personal details your whereabouts and daily routines financial informat
ion, such as bank account.
2. Communication system: disruption and non availability of network system. An a
ttack on a segment of the network could affect other section of the network[Mine
].
3. Smart infrastructure systems; Door and window security alarms wifi and Intern
et access central heating lighting. And for business include: door and window se
curity alarms wifi and Internet access heating, ventilation & air conditioning s
erver room chillers and power supplies lifts lighting refrigeration
4.
IV FORMS OF ATTACK ON IoT HEALTH SERVICES OR SECURITY ISSUES IN IOT HEALTH CARE S
Using the IoT reference mode, method of attack at the perception layer is consid
ered, namely; the device, network and actuators.
1. Perception Device:
Physical Tampering: An adversary can physically tamper with (for example,
switch off, restart) the node and steal keys, code, and data. may extract on-dev
ice program codes, keys, and data. An attacker may reprogram compromised devices
with malicious codes
Eavesdropping: tool installed on computers without permission. Sensor devi
ce capture. An adversary can collect information about the EDC by eavesdropping
on the wireless medium and use this information to hack sensor devices. https://
www.theguardian.com/technology/2015/jun/23/google-eavesdropping-tool-installed-c
omputers-without-permission
Sybil attack: An attacker can forge the identities of more than one sensor
device, resulting in
2. Edge Computing: Edge computing nodes: We begin with attacks against the edge
computing nodes, e.g., RFID readers, sensor nodes, and compact controlling node
s. The following are possible attacks at the perception network layer in an (EDC
);
In man-in-the-middle attacks, intruders secretly introduce themselves and alter
the communication link between source sensor device, gateways, in-transit networ
k devices, and the CDC.
Jamming: occurs if the malicious device broadcasts radio signals on the same freq
uency as the source sensor device, overpowering the original signal. The jam sig
nal results in additional collisions to other frames and leads to excessive wait
times for non transmitting devices.
In a timing attack: an attacker can obtain the secret and shared key information
by analyzing the encryption algorithm. An attacker can predict how much time he
or she needs to get all possible secret keys and use each key to decrypt the enc
rypted data packets.
A replay attack: which is mainly employed during authentication, destroys the cer
tificate s validity. In this type of attack, the intruder can provide a false resp
onse on behalf of the destination node to get access to the trusted properties o
f the source-sensing device.
In routing threats: an attacker can create routing loops by tampering with and re
sending or blocking the routing information. This type of attack blocks data pac
ket transmission via the network layer, leading to aggravated delays.
3. Actuator networks:
Involves loss of privacy or incorrect or delayed data. There are common in health
care, position and animal tracking, and transportation [D. Puthal, S. Nepal, R.
Ranjan and J. Chen, "Threats to Networking Cloud and Edge Datacenters in the Int
ernet of Things," in IEEE Cloud Computing, vol. 3, no. 3, pp. 64-71, May-June 20
16.
doi: 10.1109/MCC.2016.63]. Common security challenges at the edge computing nodes
are;
* Malware and Trojan attack: [Mine]This type of attack involve vicious alteratio
n of software codes, changes in integrated circuits (ICs) of sensors and encryption
keys of IoT systems. The modus operandi is to trigger a malicious attack on a set
time when a condition is met. [ S. Bhasin and F. Regazzoni, A survey on hardware
Trojan detection techniques, in Proc. IEEE Int. Symp. Circuits and Systems, 2015
, pp. 2021 2024.]. While the software trojan horse (STH) are found in operating sy
stem to harm and steal privileged information, the hardware trojans are embedded
in chips of host devices. Their it creates backdoor to undermine the system and
hijack sensitive information [Mine]. Others are Trojans, keyloggers, botnets, an
d rootkits, have emerged and keep evolving and adapting to new platforms. Smartp
hone platforms, such as Android and iOS, have been breached by mobile malware [6
1], [62][Search online for reference].
[Arsalan Mohsen Nia, Student Member, IEEE and Niraj K. Jha, A Comprehensive Study
of Security of Internet-of-Things, Published in Transactions on Emerging Topics
in Computing, 2016,]. Hardware Trojans have emerged as a major security concern
for integrated circuits [17] [21].Security of a computer system has been tradition
ally related to the security of the software or the information being processed.
The underlying hardware used for information processing has been considered tru
sted. The emergence of hardware Trojan attacks violates this root of trust. Thes
e attacks, in the form of malicious modifications of electronic hardware at diff
erent stages of its life cycle, pose major security concerns in the electronics
industry. An adversary can mount such an attack with an objective to cause opera
tional failure or to leak secret information from inside a chip-e.g., the key in
a cryptographic chip, during field operation[ S. Bhunia, M. S. Hsiao, M. Banga,
and S. Narasimhan, Hardware Trojan attacks: Threat analysis and countermeasures,
Proceedings of the IEEE, vol. 102, no. 8, pp. 1229 1247, 2014.].
* Non-network side-channel attacks: Side-channel attacks exploit information lea
ked through physical channels, such as power consumption, execution time, electr
omagnetic emission. The schedule of health sessions and video calls, for example
, could be deduced from monitoring the network traffic flow [M. Zhang, A. Raghun
athan and N. K. Jha, "Trustworthiness of Medical Devices and Body Area Networks,
" in Proceedings of the IEEE, vol. 102, no. 8, pp. 1174-1188, Aug. 2014. doi: 10.
1109/JPROC.2014.2322103 http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6827
202]
Each node may reveal critical information under normal operation, even when not
using any wireless communication to transmit data. For example, the electromagne
tic (EM) signature, i.e., the EM waves emitted by the node, can provide valuable
information about the status of the device. In this case, known signal and prot
ocol could be tapped and transmitting information and content decoded at the det
riment of the user [A. M. Nia, S. Sur-Kolay, A. Raghunathan, and N. K. Jha, Physi
ological information leakage: A new frontier in health information security, acce
pted for publication in IEEE Trans. Emerging Topics in Computing].
IoT live video surveillance system has been observed to be prone to side channel
as users can access live video footage using smart devices at convenience[ Mine
]. [H. Li, Y. He, L. Sun, X. Cheng and J. Yu, "Side-channel information leakage
of encrypted video stream in video surveillance systems," IEEE INFOCOM 2016 - Th
e 35th Annual IEEE International Conference on Computer Communications, San Fran
cisco, CA, 2016, pp. 1-9. doi: 10.1109/INFOCOM.2016.7524621].Our findings indica
te that the traffic patterns of a camera differ significantly when a user perfor
ms different activities of daily living such as dressing, styling hair, moving,
and eating. By exploiting this side-channel information leakage, we developed a
method to infer a user's activities of daily living based only on the size of th
e encrypted traffic of a video stream. Our experimental results demonstrate that
one can easily recognize a user's daily activities with high accuracy.
Another example of side channel attack is Energy attack, also known as power ana
lysis attack, is currently the most successful example of the side channel attac
k technology. For cryptographic chip in processing, there will always be some le
akage information such as sound, running time, temperature, power consumption, e
lectromagnetic radiation etc. combined with the input, output and design details
of the algorithm, the cryptanalyst can easily carry on further analysis. Power
Attack on devices.: Differential power analysis attack and efficient countermeasur
es on PRESENT [X. Duan, Q. Cui, S. Wang, H. Fang and G. She, "Differential power
analysis attack and efficient countermeasures on PRESENT," 2016 8th IEEE Intern
ational Conference on Communication Software and Networks (ICCSN), Beijing, 2016
, pp. 8-12. doi: 10.1109/ICCSN.2016.7586627]
Next is vampire attack [A. A. Patel and S. J. Soni, "A Novel Proposal for Defend
ing against Vampire Attack in WSN," 2015 Fifth International Conference on Commu
nication Systems and Network Technologies, Gwalior, 2015, pp. 624-627.
doi: 10.1109/CSNT.2015.94]which occurring at network layer. It leads to resource
depletion (energy) at each sensor nodes, by reducing the battery power of any n
ode. resource consumption attacks that use routing protocols to permanently disab
le ad hoc wireless sensor networks by depleting nodes battery power.
* In man-in-the-middle attacks: intruders secretly introduce themselves and alter
the communication link between source sensor device, gateways, in-transit netwo
rk devices, and the CDC.
*
* In a HELLO flood: a laptop-class attacker broadcasts information with enough tr
ansmission power to convince every node in the network that it s a neighbor. Becau
se the transmission medium is wireless, the affected node selects the attacker a
s its neighbor for future data transmission
* Denial of Service (DoS) attacks: Occur due to constraints in power life of IoT
devices. A smaller battery life and power capacity means that any modification
could trigger lost of service. The system is characterised insecure once communi
cation and functionalities are unavailable. A denial-of-service (DoS) attack is
produced by the unintentional failure of nodes or malicious action and can sever
ely limit a wireless sensor network s value. [D. Puthal, S. Nepal, R. Ranjan and J
. Chen, "Threats to Networking Cloud and Edge Datacenters in the Internet of Thi
ngs," in IEEE Cloud Computing, vol. 3, no. 3, pp. 64-71, May-June 2016. Source d
evice authentication problems and delay of sensor device.
doi: 10.1109/MCC.2016.63 http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stam
p.jsp?tp=&arnumber=7503493&isnumber=7503478
]There are three well known types of DoS attacks against edge computing nodes: b
attery draining, sleep deprivation, and outage attacks. [H. Li, Y. He, L. Sun, X
. Cheng and J. Yu, "Side-channel information leakage of encrypted video stream i
n video surveillance systems," IEEE INFOCOM 2016 - The 35th Annual IEEE Internat
ional Conference on Computer Communications, San Francisco, CA, 2016, pp. 1-9. d
oi: 10.1109/INFOCOM.2016.7524621]
*
Battery Draining:
Sleep Deprivation:
Outage attack:
* In a collision: An intruder alters the transmission octets to disrupt packets.
* Data Rate Attacks
* If the amount of data being transferred from a remote medical sensor depends o
n any physiological parameters, then an attacker may be able to learn some healt
h information simply from the data transfer rate. For example, if a packet is se
nt after every heart beat, the heart rate can be easily inferred from the number
of packets being sent per minute. Defense against this type of attack involves
using techniques such as padding to maintain the same data rate independent of p
hysiological events.
* Routing diversion attack
* In an exploit attack, an intruder takes advantage of an existing vulnerability an
d introduces a surprising behavior to confuse data senders and receivers.
* A Fault-Tolerant:
* Heartbleed: An OpenSSL vunerability in an era openly connected things. [Queal,
Zachary D. "Necessary Implementation of Adjustable Work Factor Ciphers in Moder
n Cryptographic Algorithms as it Relates to HeartBleed and OpenSSL." 2014]The pu
rpose of Heartbeat in internet communication is to ensure the end-to-end monitor
ing the connection health. Heartbeat is a process of signaling that I am Alive to
the connected client by a server or server by a client Heartbleed is a very leth
al attack since it steals-away memory of a system in plaintext, An embedded devi
ce can lose its complete RAM in few seconds which may include passwords and secu
rity keys [I. Ghafoor, I. Jattala, S. Durrani and C. Muhammad Tahir, "Analysis o
f OpenSSL Heartbleed vulnerability for embedded systems," 17th IEEE Internationa
l Multi Topic Conference 2014, Karachi, 2014, pp. 314-319. doi: 10.1109/INMIC.201
4.7097358]
* location cheating attack: which allows an attacker to spoof other users to anot
her location and make them query the database with wrong location, or allows a m
alicious user to forge location arbitrarily and query the database for services.
Privacy-Preserving Location Proof for Securing Large-Scale Database-Driven Cognit
ive Radio Networks http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?
arnumber=7275115
* Side channel attack: A more dangerous type of side-channel attack exploits ele
ctromagnetic interference (EMI) and differential power analysis (DPA) attack.
In EMI, an attacker inducing voltage on conductors. Analog sensors in IWMDs are
particularly susceptible. It has been shown that EMI can inhibit pacing and indu
ce defibrillation shocks on implantable cardiac devices at a close distance [D.
Kune et al., Ghost talk: Mitigating EMI signal injection attacks against analog se
nsors, in Proc. IEEE Symp. Security Privacy, May 2013.]
A DPA attack can extract secret keys from extremely noisy signals and is very di
fficult to guard against. It employs statistical analysis of measured power cons
umption traces, which are correlated with the data handled by the physical devic
e [[M. Zhang, A. Raghunathan and N. K. Jha, "Trustworthiness of Medical Devices
and Body Area Networks," in Proceedings of the IEEE, vol. 102, no. 8, pp. 1174-1
188, Aug. 2014. doi: 10.1109/JPROC.2014.2322103 http://ieeexplore.ieee.org/stamp/
stamp.jsp?arnumber=6827202]]
* Insecure encryption and authentication for wireless: [[https://www.pwc.com/ca/e
n/consulting/publications/2016-01-18-pwc-cyber-savvy-securing-operational-techno
logy-assets.pdf ]. In some instances, radio telemetry technologies such as WiMAX
and LTE are used to connect remote stations and field devices when physical com
munication channels are not available. It is not uncommon for the deployed wirel
ess equipment in OT networks to use deprecated security protocols or technologie
s, leaving them vulnerable to modern eavesdropping and authentication bypass att
acks.
Another type of attack could stem from the fact that actual sensed data is encry
pted but the sensor device ID is sent unencrypted. This could trigger a chain of
new attacks based on some well-known vulnerability of the device type in questi
on. A. P. Johnson, S. Patranabis, R. S. Chakraborty and D. Mukhopadhyay, "Remote
Dynamic Clock Reconfiguration Based Attacks on Internet of Things Applications,
" 2016 Euromicro Conference on Digital System Design (DSD), Limassol, 2016, pp.
431-438.
doi: 10.1109/DSD.2016.16
* Missing security updates Availability:The inherent danger of this approach is
that OT systems end up running outdated software versions with known security vu
lnerabilities, leading to increased risk of compromise by an attacker
[http://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-and-the-internet-of-t
hings/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf] page 7
HARDWARE-BASED SECURITY
[M. Sabt, M. Achemlal and A. Bouabdallah The dual-execution-environment approach:
Analysis and comparative evaluation ICT Systems Security and Privacy Protection,
pp. 557-570, 2015].
List kinds of attack AND APPROACHES in IoT
Section II of the paper highlight prevailing security challenges of IoT [Mine].
audio surveillance device for miscreant hackers.

[PARAPHRASE] Hello Barbie, a novel IoT-based commercial product for children,

reveals a potential privacy threat which allows an attacker to spy on consumers
, their families and everything in the house. billed as the world s first interacti
ve doll capable of listening to a child and responding via voice, in a similar wa
y to Apple s Siri, Google s Now and Microsoft s Cortana.
The attack is based on specific functionalities, namely the camera and voice
-interaction, which support the operation of the IoT product and its interactive
applications. The information stored by the doll could allow hackers to take ov
er a home Wi-Fi network and from there gain access to other internet connected d
evices, steal personal information and cause other problems for the owners, pote
ntially without their knowledge.
[Kuo-Hui Yeh,, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7779108]t
HE ORIGINAL IS FOUND IN AND REFERENCE AS [Samuel Gibbs, Hackers can hijack Wi-Fi
Hello Barbie to spy on your children, November 2015. (Retrieved at 5th December
2016) http://www.theguardian.com/technology/2015/nov/26/hackers-can-hijac k-wi-f
i-hello-barbie-to-spy-on-your-children]-

Disposable
Areas
Threats
Implication
of Threat
Technologies
on IoT & INSTANCES

Methods of attack
Integrity is among the three classical security goals, besides confidentiality a
nd availability. In this work, cryptography enables data authenticity, which imp
lies both origin integrity and data integrity. To provide origin integrity, data
origin authentication cryptographically corroborates that the source of the rec
eived data is as claimed. The data integrity property allows to detect accidenta
l as well as unauthorized modifications of the received data.
Digital signatures provide data authentication, including non-repudiation. Using
asymmetric cryptography such as Elliptic Curve Cryptography (ECC), a message ha
sh is signed with a private key. With a signer's public key the message recipien
t can verify the signature for origin and data integrity. The Schnorr signature
scheme [10] efficiently generates short signatures and is provable secure in the
random oracle model.

III PRIVACY AND TRUST ISSUES OF IoT

Kinds of Privacy Issues in IoT
Concern on Users Privacy
Identified privacy risks associated with IoT are; our activiies in an enclosure
is amde open without our consent. Some of these risks involve the direct collect
ion of sensitive personal information, such as precise geolocation, financial ac
count numbers, or health information risks already presented by traditional Inte
rnet and mobile commerce. Others arise from the collection of personal informati
on, habits, locations, and physical conditions over time,58 which may allow an e
ntity that has not directly collected sensitive information to infer it{ FTC Sta
ff Report January 2015. Privacy and security in a connected world.
The explosion of data from from IoTs means every data about one's life and activ
ities resides and flows through the network. IoT will be in the hand of insuranc
e companies, employers, manufactures, health service providers, and potential en
emies[Mine]. but such uses could be problematic if they occurred without consume
rs knowledge or consent, or without ensuring accuracy of the data
https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staf
f-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pd
f}
Therefore, in the following, we describe the key security and privacy properties
which must be guaranteed in an IoT-based healthcare system. First, mutual authe
ntication among communication entities is required to protect against malicious
data access and entity spoofing. Second, the system has to achieve anonymity and
untraceability for the bio-sensors in IoT-based healthcare systems to guard aga
inst the disclosure of an individual's personal health status or private informa
tion. Third, the resistance against forgery attack and replay attack during syst
em operations must be embedded into the IoT-based healthcare system [Kuo-Hui Yeh
, Senior Member, IEEE, A Secure IoT-based Healthcare System with Body Sensor Net
works http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7779108]
9 In addition, a company should do a privacy or security risk assessment, consci
ously considering the risks presented by the collection and retention of consume
r information.120 As part of this process, companies should incorporate the use
of smart defaults, such as requiring consumers to change default passwords if th
ey use default passwords at all during the set-up process. 12 [https://www.ftc.g
ov/system/files/documents/reports/federal-trade-commission-staff-report-november
-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf]

TRUST:
This enlist confidentiality, integrity in all interactiveness within the IoT. Ho
wever, autonomous interaction of equipment requires trust in communication gatew
ay of users at the edge and in the integrity of the data[Mine] [Christian Lesjak,
Daniel Hein & Johannes Winter, Hardware-Security Technologies for Industrial Io
T: TrustZone and Security Controller Industrial Electronics Society, IECON 2015 -
41st Annual Conference of the IEEE, Issue Date: 9-12 Nov. 2015, http://0-ieeexplo
re.ieee.org.brum.beds.ac.uk/stamp/stamp.jsp?arnumber=7392493&tag=1]
Otherwise, data may be maliciously modified by factory outsiders or insiders, in
order to sabotage processes. Thus, a major challenge to be addressed is trust i
n automated process entities.

Finally, some participants pointed out that perceived risks to privacy and secur
ity, even if not realized, could undermine the consumer confidence necessary for
the technologies to meet their full potential and may result in less widespread
adoption.

V. COUNTER SECURITY MEASURE OF SECURITY AND PRIVACY

INTRO: Section IV present counter security measures for IoT. of the paper highlight
iling security challenges of IoT major security requirements for IoT-based commu
nication systems.
A SECURITY
First, companies should implement security by design by building security into the
ir devices at the outset, rather than as an afterthought. https://www.ftc.gov/sy
stem/files/documents/reports/federal-trade-commission-staff-report-november-2013
-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.
Several solutions have been proposed to overcome network layer security threats
in an EDC. These solutions include network encryption technologies, authenticati
on and key management, ad hoc network routing protocols, multipath routing, iden
tity verification, authenticated broadcast, data encryption (symmetric, asymmetr
ic), and digest algorithm [A. P. Johnson, S. Patranabis, R. S. Chakraborty and D
. Mukhopadhyay, "Remote Dynamic Clock Reconfiguration Based Attacks on Internet
of Things Applications," 2016 Euromicro Conference on Digital System Design (DSD
), Limassol, 2016, pp. 431-438.
doi: 10.1109/DSD.2016.16] http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stam
p.jsp?tp=&arnumber=7503493&isnumber=7503478

See page 3, http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7779108

Comparative analysis
Threat
Research
Critical
session
GPS
The
Inappropriate
Hadoop
Wiretapping
Trojan
Man
So, information
need
in Measure
or
Horse
the
this
key
Favour
against
analysis
for
NoSQL
middle
resistance
and
paper
usage
counter
is
[Discuss]
eavesdropping
attack
we
suggested
ofproposed
the
measure
to man-in-the-middle
bitwise
toa fixed-value
resist
exclusive-or
against
mask
attack
spoofing
module
algorithm
must
attack
for
be PRESENT
avoided to resist
Physical
Installation
PA attacks.
tampering
of alarm camera
* Side channel attack: So, in this paper we proposed a fixed-value mask algorith
m for PRESENT to resist PA attacks [X. Duan, Q. Cui, S. Wang, H. Fang and G. She
, "Differential power analysis attack and efficient countermeasures on PRESENT,"
2016 8th IEEE International Conference on Communication Software and Networks (
ICCSN), Beijing, 2016, pp. 8-12.
doi: 10.1109/ICCSN.2016.7586627].
Vampire attack: [A. A. Patel and S. J. Soni, "A Novel Proposal for Defending aga
inst Vampire Attack in WSN," 2015 Fifth International Conference on Communicatio
n Systems and Network Technologies, Gwalior, 2015, pp. 624-627.
doi: 10.1109/CSNT.2015.94. http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7
279993 ]The Energy Weighted Monitoring Algorithm (EWMA) is proposed. EWMA is use
d to bound the damage caused by vampire 625 attack during packet forwarding phas
e. EWMA concept increase overall lifespan of network by energy efficient routing
path[B.Umakanth and J.Damodhar, Detection on Energy draining attack using EWMA i
n wireless ad hoc sensor networks, International Journal of Engineering Trends an
d Technology(IJETT) Volume 4, Issue 8, ISSN: 2319-5967 , August 2013]
* Countermeasures Against EMI: Shielding and filtering are commonly used defense
s against EMI. In addition, cardiac defense mechanisms may take advantage of the
physical proximity to the human body and detect suspicious sensor inputs by che
cking whether pacing pulses are consistent with the refractory period of cardiac
tissue [76]. This method falls under the category of anomaly detection. 2) Coun
termeasures Against DPA: Software solutions against DPA, such as key masking [77
] , which attempts to randomize the secret key prior to each execution of the sc
alar multiplication under analysis, incur too much energy overhead. Assists from
hardware design are usually proposed.
* Counter measure against insecure Encrypted Wireless Network: [https://www.pwc.
com/ca/en/consulting/publications/2016-01-18-pwc-cyber-savvy-securing-operationa
l-technology-assets.pdf] Using strong wireless encryption protocols, industry-st
andard cryptographic algorithms and mutual authentication between communicating
OT systems is the best way to minimise the risk of wireless attacks. Any outdate
d or deprecated communication solutions should be refreshed, and wireless system
s should be audited on a regular basis. multi-factor authentication, strong pass
words, logging and monitoring
* Missing security updates Availability: The inherent danger of this approach is
that OT systems end up running outdated software versions with known security vu
lnerabilities, leading to increased risk of compromise by an attacker. Processes
and procedures should be established to thoroughly test patches and updates to
OT systems. Given the potential to disrupt operations, patches and updates shoul
d be installed on a representative sample of systems before going live to produc
tion systems. This may be an isolated test environment with identical systems, o
r, if testing in a live environment, it should be possible to failover to redund
ant devices that have yet to be updated. [https://www.pwc.com/ca/en/consulting/p
ublications/2016-01-18-pwc-cyber-savvy-securing-operational-technology-assets.pd
f].
* Implementing a zoning model that uses a defence in depth approach makes it harde
r to impact the OT network or services as an attacker must penetrate several lay
ers of defence to compromise critical systems. [https://www.pwc.com/ca/en/consul
ting/publications/2016-01-18-pwc-cyber-savvy-securing-operational-technology-ass
ets.pdf]
*

OTHERS Guaranteeing anonymity and untraceability for wearable bio-sensors i.

Resistance against forgery attack and replay attack. http://ieeexplore.ieee.org/s
tamp/stamp.jsp?arnumber=7779108 PAGE 10

B. PRIVACY APPROACHES OF IoT

CriticalMeasure
Privacy
Research Favour
against
analysis
Privacy is a right to control 75 As one participant stated, promoting privacy and
data protection principles remains paramount to ensure societal acceptance of I
oT services. [https://www.ftc.gov/system/files/documents/reports/federal-trade-co
mmission-staff-report-november-2013-workshop-entitled-internet-things-privacy/15
0127iotrpt.pdf]

The privacy approaches is discussed in three areas, namely; (1) Consumers (2) Man
ufactureres (3) Service Providers
1. Consumers: [IDENTIFY SECURITY MEASURES]To protect consumers at the edge of Io
T from threats and prevent attacks, the UK Home office identified potential risk
and preventive measures for individuals, households and businesses [Mine].

2. Steps to prevent crime It is very important that households and individuals a

nd businesses take sensible precautions to prevent themselves becoming victims o
f crime through their use of the Internet of Things being open to disruption or
intervention by another person. One: The best means of protection is to ensure a
ll your smart devices and systems are protected by strong passwords which are no
t disclosed. Two: You should also ensure that you accept the latest updates to y
our smart devices and systems as this should incorporate the latest security inc
luding protection from malware and other viruses. Three: When buying and install
ing smart systems or devices, always check what security they offer and ask ques
tions if this is not clear so you can make the decision about what is best for y
ou. Also make checks on businesses that may carry out the installation through t
alking to them about the security of the system, asking for references or checki
ng consumer websites, so you have confidence that security is taken seriously.
[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/41011
7/Internet_of_things_-_FINAL.pdf]
3. Manufactureres:
4.

VI CRITICAL ANALYSIS OF SECURITY AND PRIVACY OF INTERNET OF THINGS

INTRO:
Research Findings- why security at the application was considered was due to the
need for doctors to to use sensitive data at the application layer to cater for
their patienceWhile identified IoT Security issues respect to Jung, Lu, Kim et a
l. reported that security in the following layers should be interrelated and app
lied: . Security in the perception layer is necessary for sensitive patient info
rmation. . Security in the transportation layer is necessary when the sensitive
data is transported via WIFI, 3G/LTE and Internet. . Security in the application
layer is necessary when doctors use the sensitive data to care for their patien
ts in the hospital [M. J. Chang, J. K. Jung, M. W. Park and T. M. Chung, "Strate
gy to reinforce security in telemedicine services," 2015 17th International Conf
erence on Advanced Communication Technology (ICACT), Seoul, 2015, pp. 170-175. ht
tp://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7224778&isnumber=7224736
doi: 10.1109/ICACT.2015.7224778].
Research Findings - may have flaws at (1) interchange of configuration (2) No sp
ecification to convey signal for immediate care assistance. The smart hospital m
anagement system discussed allow the hospital authority to connect a medical dev
ice, define the data model, define the data mapping formats, define the process
or workflow. There is a facility to connect to integrate with the existing and t
he external system with the proper source-destination data mapper. There is a fa
cility of defining the level1 data format, level2 data formats adhere to the medi
cal record formats. The hospital authorities can very easily define the workflow
and process flows with the rules and validations required. The role and authent
ication mechanisms are configurable. The infrastructure available is self detect
able as well configurable. The smart hospital dashboard, automated alerts, sched
uled reports to the destination group configured help to monitor and act on need
[M. Thangaraj, P. P. Ponmalar and S. Anuradha, "Internet Of Things (IOT) enable
d smart autonomous hospital management system - A real world health care use cas
e with the technology drivers," 2015 IEEE International Conference on Computatio
nal Intelligence and Computing Research (ICCIC), Madurai, 2015, pp. 1-8.
doi: 10.1109/ICCIC.2015.7435678 http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&ar
number=7435678&isnumber=7435618 ]
A. Discuss in Favour and Against of Security Issues
B Discuss in Favour and Against of Privacy Issues
VII LEGISLATION AND POLICY FOR INTERNET OF THINGS
Enactment of laws and standards to guide IoT companies, network providers and co
nsumers against unethical deployment and utilization services[Mine]. General dat
a security legislation should protect against unauthorized access to both person
al information and device functionality itself. https://www2.deloitte.com/conten
t/dam/Deloitte/au/Documents/public-sector/deloitte-au-ps-gov2020-journey-future-
government2-130315.pdf
VIII EAVESDROP:
VIII PREVAILING SECURITY THREATS IN IoT HEALTH CARE SYSTEM OR CHALLENGES
* Malwares: (HTH)Trojan Horse malware remains threats to IoT systems. A recent r
esearch by [A. P. Johnson, S. Patranabis, R. S. Chakraborty and D. Mukhopadhyay,
"Remote Dynamic Clock Reconfiguration Based Attacks on Internet of Things Appli
cations," 2016 Euromicro Conference on Digital System Design (DSD), Limassol, 20
16, pp. 431-438.
doi: 10.1109/DSD.2016.16 http://0-ieeexplore.ieee.org.brum.beds.ac.uk/stamp/stamp.j
sp?tp=&arnumber=7723583&isnumber=7723516
]Remote Dynamic Clock Reconfiguration based Attacks on Internet of Things Applic
ations has been found to be critical, using the Dynamic Partial Reconfiguration
(DPR) for inserting hardware Trojan Horse (HTH) on remote network. DPR-enabled F
PGA based systems can be subjected to malicious circuit alterations, typically t
ermed as Hardware Trojan Horse (HTH) insertion via transmission of configuration
bitstreams over the network, to compromise the security of one or more applicat
ions
* Cryptographic flaws: successful remote attacks on an AES cryptographic circuit
and a TRNG module implemented on a Xilinx Field Programmable Gate Arrays (FPGAs)
, a reprogrammable silicon chip. The attack shows that cryptographic hardware in
particular, which are omnipresent for applications such as secure communication,
electronic fund transfer, etc. are extremely vulnerable if implemented on DPR-e
nabled FPGAs.
* Scalability and Interoperability: As more devices join the IoT landscape, the
ability to scale from small to large deployments is becoming paramount.
VII. CONCLUSION AND FUTURE TREND/WORK
As it stands, security and privacy of IoT at the consumer edge is not perfect. [S
UMMARIZE FINDINGS, especially flaws on security solutions/measures currently ado
pted ]
With the rush by IoT providers (consumers technology producers and industry play
ers battling to meet with deadline, it is expected that the technology could hav
e many flaws. Noteworthy, is the assertion/fact that no technology is hawk free a
s human security has also been flawed from time immemorial, and such is the case
for rapidly evolving technology. Identifying prevailing security threats and ad
option of security measures from the consumer node at which point successful att
ack could spread to the entire network of IoT.
* However, manufacturers of health service system that works with IWMDs and BANs
must certify its security and privacy concern before market it is commercialize
d to health users.
* Since DPR is an essential part of IoT , the security of IoT protocol and sensi
tive medical devices that could offer uncompromise DPR alteration in a remote ne
twork.
* the paper provides detailed research activities concerning how the IoT
* Despite current success of IoT in health sector, some parameters are yet to be ad
dressed which have not been addressed yet.
* The Quality of Service (QoS)
* Healthcare services are highly time sensitive and require QoS guarantees in te
rms of important parameters such as reliability, maintainability, and the servic
e level. In this regard, the quantitative measurement of each such parameter wit
hin the IoThNet framework may be useful. In addition, system availability and ro
bustness are central to offering QoS guarantees because any type of system disas
ter can put lives at danger in medical situations. Here the feasibility of plan
B in the case of a system failure becomes an interesting issue.
* In the IoT health space, edge analytics such as analytics in edge devices play
s an important role and can improve the feature of gateway devices. In this cont
ext, there is a need to examine healthcare data analytics to help system designe
rs to optimize the data traffic and IoThNet architecture.
Their still achitectural ambiquity.
VII CONCLUSION