ASSET – Adaptive Security for Smart Internet of Things in eHealth

ASSET – Adaptive Security for Smart Internet of Things in eHealth

The ASSET project develops risk-based adaptive security methods and mechanisms for Internet of Things (IoT) in eHealth, using game theory and context-awareness techniques that increase security to an appropriate level. Emerging IoT technologies provide many benefits to the improvement of eHealth. IoTs are, however, vulnerable to attacks since they are unattended, communicate wireless, and constrained by energy and computation capabilities necessary for the implementation of complex security-supporting schemes. Most security models and mechanisms for the IoT’s problems are hard to change, reuse, and analyze. This results in inflexible infrastructures, lost investments, damages resulting from mechanisms not matching the threats, etc. The ASSET project builds risk-based adaptive security methods and mechanisms that will adapt to the dynamic changing conditions of IoTs.

ASSET’s case study will lead to the design of adaptive strategies for the dynamic interplay between security and data transmission in a mobile patient monitoring system. This will use information of link quality, data transmission rate, and processing capabilities of sensor nodes and smart phones. The security adaptation will take into account the various quality of service (QoS) metrics. This will allow us to verify the necessary security and trust for the emerging IoTs in many e-Health applications in general and in the case study patient monitoring in particular. This will constitute a key innovator for future e-Health solutions in the Norwegian hospitals and health services.

To go to the project home page click here

NR’s contribution

NR’s research in ICT has a basis in security, privacy and interactive, network-based technology. NR is contributing research capabilities in adaptive security, privacy, risk assessment, formal verification, modeling and simulation. NR is supervising one PhD student and co-supervising another PhD student, and managing the coordination of the project.

Benefit for participants

  • Models for estimating and predicting risks and benefits using game theory and context awareness
  • Methodology for security measurement and metrics for the effectiveness of the adaptation based on best practice
  • Prototyping IoT adaptive methods for authentication and access control in a simulated eHealth patient monitoring in Oslo University Hospital
  • Light-weight abilities for smart things that will allow them to detect, respond, and adapt to security and privacy threats.

Benefit for society

Through development of adaptive and context-aware security for the next generation of IoTs, the ASSET project will enable health organizations both in public and private sector to design and implement context aware security and privacy protection and thus adaptive to patients’ needs. This will improve end user’s confidence in service providers. The project builds risk-based adaptive security models that dynamically detect in real-time unknown security and privacy threats, respond to them, and adapt to the environment and changing degree of security and privacy breaches. This will allow health organizations to securely and adaptively track objects and people (staff and patients), identify and authenticate people, patient mobility, and automatic sensing and collection of real time patient health data which will reduce the delay for treatment of critical patients thereby enhancing traditional medical services.

Project results (preliminary)

  • Training two PhD fellows.
  • Trained two master's students
  • Organized International Workshop on Security Tools and Techniques for Internet of Things in eHealth.
  • Organized International Workshop on Adaptive Security & Privacy management for the Internet of Things (ASPI 2013)
  • Organized 2nd International Workshop on Measurability of Security in Software Architectures
  • Specified risk-based adaptive security framework for IoT in eHealth
  • Specified metrics-driven adaptive security management in eHealth IoT applications (see the publication section)
  • Specified quantifiable lightweight privacy for IoT
  • Developed Adaptive safety for IoT
  • Quantification of information security
  • Developed algorithms optimization for light-weight self-abilities
  • Innovative reasoning techniques and lightweight cryptographic algorithms
  • Developed game theoretic reasoning techniques for IoT
  • Developed Adaptive Information-Theoretic Risk Estimation
  • Developed Cryptography for medical BAN
  • Analysed and developed Security Measuring for Self-adaptive Security
  • Analysed and developed Run-Time Verification of Adaptive Security
  • Developed Evaluation Framework for Adaptive Security

Publications

  • Wolfgang Leister, Mohamed Hamdi, Habtamu Abie, Stefan Poslad, Arild Torjusen, An Evaluation Framework for Adaptive Security for the IoT in eHealth, International Journal on Advances in Security, 7(3&4), 2014, in press
  • Oshin, T.O., Poslad S, Zhang, Z. Energy-Efficient Real-Time Human Mobility State Classification Using Smartphones. IEEE Transactions on Computing, 2014, DOI: 10.1109/TC.2014.2339846
  • Seyyed Hamed Fouladi, Raul Chavez-Santiago, Pål Ander Floor, Ilangko Balasingham, and Tor A. Ramstad. A Survey on Sensing, Signal Processing, and Communication for Wireless Body Area Networks. In ZTE Communications, 2014 (in press)
  • Antti Evesti, Habtamu Abie, Reijo Savola, Security Measuring for Self-adaptive Security, ECSAW, August 25 - 29 2014, Vienna, Austria
  • Arild B. Torjusen, Habtamu Abie, Ebenezer Paintsil, Denis Trcek, Åsmund Skomedal, Towards Run-Time Verification of Adaptive Security for IoT in eHealth, ECSAW, August 25 - 29 2014, Vienna, Austria.
  • Waqas Aman and Einar Snekkenes, 2014. Event Driven Adaptive Security in Internet of Things, UBICOMM 2014 (The Eighth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies), August 23-28, 2014, Rome, Italy
  • Kashif Habib, Arild Torjusen, and Wolfgang Leister. 2014. A Novel Authentication Framework Based on Biometric and Radio Fingerprinting for the IoT in eHealth. The Third International Conference on Smart Systems, Devices and Technologies, SMART 2014, July 20 - 24, 2014 - Paris, France. pp. 32-37. Best Paper Awards.
  • Mohamed Hamdi and Habtamu Abie, Game-Based Adaptive Security in the Internet of Things for eHealth, IEEE ICC 2014, Sydney, Australia, 10-14 June, 2014
  • Wolfgang Leister, Mohamed Hamdi, Habtamu Abie, and Stefan Poslad. 2014. An evaluation scenario for Adaptive Security in eHealth. In PESARO 2014, February 23 - 27, 2014 - Nice, France
  • Zelun Zhang and Stefan Poslad. 2013. Design and Test of a Hybrid Foot Force Sensing and GPS System for Richer User Mobility Activity Recognition, Sensors 2013, 13, 14918-14953; doi:10.3390/s131114918
  • Denis Trcek and Andrej Brodnik. 2013. Hard and Soft Security Provisioning For Computationally Weak Pervasive Computing Systems in E-Health. IEEE Wireless Communications, August 2013, pp. 2-9
  • Reijo M. Savola. 2013. Quality of security metrics and measurements. In Computers & Security, Vol. 37, Sept. 2013, pp. 78-90, http://dx.doi.org/10.1016/j.cose.2013.05.002
  • Mohamed Hamdi. 2013. Secure Cooperative Physical-layer Coding for the Internet of Things. Int. Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI) 2013, Sept. 8, 2013, Zürich, Switzerland, 8 p. http://dx.doi.org/10.1145/2523501.2523505
  • Yared Berhanu Woldegeorgis, Habtamu Abie, and Mohamed Hamdi. 2013. A Testbed for Adaptive Security for IoT in eHealth. Int. Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI) 2013, Sept. 8, 2013, Zürich, Switzerland, 8 p. http://dx.doi.org/10.1145/2523501.2523506
  • Reijo Savola and Habtamu Abie. 2013. Metrics-Driven Security Objective Decomposition for an E-Health Application with Adaptive Security Management.  Int. Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI) 2013, Sept. 8, 2013, Zürich, Switzerland, 8 p. http://dx.doi.org/10.1145/2523501.2523507
  • Stefan Poslad, Mohamed Hamdi, and Habtamu Abie. 2013. Adaptive Security & Privacy management for the Internet of Things (ASPI 2013). In Proc. of UbiComp '13 Adjunct Proceedings of the 2013 ACM conference on Pervasive and ubiquitous computing adjunct publication, ACM New York, NY, USA, 2013, Pages 373-378, http://dx.doi.org/10.1145/2494091.2499770
  • Oshin T, Stefan Poslad. 2013. "ERSP: An Energy-efficient Real-time Smartphone Pedometer". 2013. In IEEE Systems, Man, Cybernetics Computing (SMC), on the theme of energy-efficiency and ambulatory mobility monitoring, October 2013.
  • Zhang Z, Stefan Poslad. 2013. A New Post Correction Algorithm (PoCoA) for Improved Transportation Mode Recognition. In IEEE Systems, Man, Cybernetics Computing (SMC), on the theme of energy-efficiency and ambulatory mobility monitoring, October 2013.
  • Waqas Aman and Einar Snekkenes. 2013. An Empirical Research on InfoSec Risk Management in IoT based eHealth. The Third International Conference on Mobile Services, Resources, and Users Mobility 2013, Nov 17, 2013 - Nov 22, 2013, Lisbon, Portugal. Best Paper Awards.
  • Waqas Aman, 2013. Modeling Adaptive Security in IoT Driven eHealth. The 6th Norsk Informasjons Sikkerhets Konferanse (NISK 2013), pp. 61-69
  • Habib, K., Leister, W., Adaptive Security for the Internet of Things Reference Model, Norwegian Information Security Conference-NISK 2013, pp. 13-24
  • Habtamu Abie and Ilangko Balasingham. 2012. Risk-Based Adaptive Security for Smart IoT in eHealth. In: BODYNETS 2012 - 7th International Conference on Body Area Networks. Brussels: ICST - Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 2012 ISBN 978-1-4503-1997-3. s. 269-275
  • Reijo Savola, Habtamu Abie, and Markus Sihvonen. 2012. Towards Metrics-Driven Adaptive Security Management in E-Health IoT Applications. In: BODYNETS 2012 - 7th International Conference on Body Area Networks. Brussels: ICST - Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 2012 ISBN 978-1-4503-1997-3. s. 276-281

For up to date publications list see http://asset.nr.no/asset/index.php/Dissemination

Project period

January 2012 – December 2015
Department

Financing

Research Council of Norway (Grant agreement no: 213131/O70)