1 IOT: Authentication Signature to Secure Sensitive Health Care Data Leonella Camilleri Middlesex University Malta [email protected]Abstract — The Internet of Things (IoT) is one of the most recent developments in communication and computing where such technology allows the connection of physical devices and the attached sensors to be connected to the Internet via wired or wireless connections. The main purpose of this research paper was to focus on IoT health-based technology as various concerns currently exist and research had showed that several health based IoT devices and applications are highly susceptible to hackers. In fact, such sensitive health data can become prone to access by hackers and can be a threat for an individual’s privacy, security and health conditions. The proposed system was aimed to people who mainly require continuous health monitoring such as individuals who suffer from heart diseases and who are patients of a hospital. This may be better implemented for future generations since the younger generation is currently more technological, when compared to the former ones. Relative critical information can be monitored using sensory technology and updated by the hospital/doctor using a website/application for immediate action. Consequently, such system can facilitate the daily life of an individual. For this reason, the proposed system mainly focused on how to secure such system’s front end when an individual tries to log into the system to check relevant personal information. Therefore, this system’s goal was to facilitate the daily life of patients by providing a higher security method for sensitive information or to monitor human health conditions. Keywords— IoT; authentication; health care; data; hospital; patients; monitoring; hackers; I. INTRODUCTION A. Proposed Problem & Solution The Internet of Things (IoT) is one of the most recent developments in communication and computing where such technology allows the connection of physical devices and the attached sensors to be connected to the Internet via wired or wireless connections (Saranya & Nitha, 2015). Various things such as fridges, cars, TV’s, smart meters, wearable and health monitor devices can be connected to the internet and can be managed remotely over the network by using an application/website to exchange and collect data. However, it will have a significant effect on the health sector (Saranya & Nitha, 2015). According to Dimitrov’s (2016) research, it stated that forty percent of IoT associated technology is going to focus on health care by 2020, which will result in a majority increase in market when compared to the other domains. Thus, it estimated to have a profit overturn of $117 billion in the market (Dimitrov & Dimiter V, 2016). The proposed system was aimed for people who mainly require continuous health monitoring such as individuals who suffer from heart diseases and other individuals who are patients of a hospital. This may be better implemented for future generations since the younger generation is currently more technological, when compared to the former ones. Relative critical information can be monitored using sensory technology and updated by the hospital/doctor using a website/application for immediate action. Consequently, such system could facilitate the daily life of an individual. For this reason, the proposed system mainly focused on how to secure such system’s front end when some individual tries to log into the system to check relevant personal information. Therefore, this system’s goal was to facilitate the daily life of everyone by providing a more secure environment for sensitive information or assist human health interactions (Kashif & Wolfgang, 2015). However, various concerns exist in IoT technology and research had shown that various health based IoT devices and applications are highly susceptible to hackers. In fact, the data being transmitted can become susceptible to access by data collectors, hackers or also by government agencies and can be a threat for individual privacy, health conditions and can cause a security threat. Such information could get circulated to a non- intentional recipient who might exploit and ultimately trigger a security breach. At the end, no individual enjoys getting observed all the time (Limited, 2015) (Mayuri & Sudhir, 2015). According to the Business Insider best research (2016) service, (BI Intelligence), since IoT devices’ security investment is a crucial requirement, it will reach an overall of 30% in the market of cybersecurity by 2020 (Meola, 2016).
19
Embed
IOT: Authentication Signature to Secure Sensitive Health ... · IOT: Authentication Signature to Secure Sensitive Health Care Data Leonella Camilleri Middlesex University Malta...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
According to Gartner’s predictions, the Internet of Things (IoT)
should be able to interconnect trillions or billions of
heterogeneous gadgets over the Internet and by 2020 it will
develop to twenty-six billion devices (Stamfrord, 2013)
(Gartner, 2017). Consequently, there should be a vital necessity
to have an architecture which incorporates flexible layers (Ala,
et al., 2015). The ever-expanding amount of suggested system related to architectures have not yet met a recommended
standard (Sethi & Smruti, 2017). There is no specific worldwide
consensus on how IoT architecture is divided. Hence, various
projects such as ‘IoT-A’ which aims to outline a basic
architecture related to the analysis of industry and researchers
(Ala, et al., 2015) (Sethi & Smruti, 2017). However, according
to various proposed researches, the latest, most used IoT
architecture is known as the ‘five-layer architecture’ which
involves the perception, network, middleware, application and
business layers (Vide Figure 1) (Rafiullah, et al., 2012).
4
Figure 1- Internet of Things Architecture (Rafiullah, et al., 2012)
C. Authentication
Authentication plays a significant role and is the process of authenticating the identity of an individual over the network by ensuring that the individual is the right person who is trying to access the system. Moreover, authentication depended on at least one of the following information types (Nath & Mondal, 2016) (Rouse, 2017):
▪ Something you know (example: Pin or password) (Idrus, et al., 2013),
▪ Something you have (example: Token or smartcards) (Idrus, et al., 2013),
▪ Something you are (example: biometrics) (Idrus, et al., 2013).
The traditional system is known as the Single Factor Authentication (1FA)/Single Step Verification – This authentication provides a verification process identity of an individual which can provide access to a website account over the network based on a collection of login credentials or one factor such as “something the user knows” like username and password (Rouse, 2017). According to Asoke’s (2017) research stated that this technique, was great for a certain period, however now a day such authentication method is classified as too weak and outdated since the number of daily vulnerable attacks have been increased (Nath & Mondal, 2016). Thus, it does not provide much protection and a hacker can easily compromise such system by maliciously intrude onto the system (Nath & Mondal, 2016) (Rouse, 2017).
The Two Factor Authentication (2FA) also known as Two Step Verification, offers additional security related to the sign in process (ltd, 2016). Furthermore, there are various services and devices to implement a 2FA system such as applications, RFID cards and hardware tokens (Nath & Mondal, 2016) (Rouse, 2017).
Additionally, 2FA products can be categorised into two sections: tokens which are distributed to the clients to be able to utilise them during the login process and software or infrastructure that authenticates and recognises access to the clients who are utilising correctly their tokens (Rouse, 2017). Moreover, 2FA techniques are based on various technologies, including the
Public Key Infrastructure (PKI) and the One Time Password (OTP) (Nath & Mondal, 2016) (Rouse, 2017).
The hardware tokens are physical devices that generates random One-time passwords (OTP) (Dmitrienko, et al., 2014). The OTPs are a ‘symmetric’ form of authentication, that incorporates a one-time password to be generated in two locations such as one on the hardware token and another one the authentication server or software token (Krogh, 2013). As soon as the OTP that is generated on the hardware token-matches the one generated on the authentication server, the system successfully grants access to the user (Nath & Mondal, 2016) (Rouse, 2017) (Tadokoro, 2017).
On the other hand, the hardware PKI certificate-based tokens, are an ‘asymmetric’ form authentication as it depends on different pair of encryption keys known as public and private encryption keys (Inc, 2004). This includes USB tokens and smart cards. When a user authenticates through a company’s server over the network, the server circulates a numeric ‘challenge’ (Tadokoro, 2017). Furthermore, such challenge is signed by making use of the private key and if there is a match between both keys then authentication is successful, and the user is granted access to the network (Nath & Mondal, 2016) (Rouse, 2017) (Tadokoro, 2017).
Moreover, such system requires the user to know both the username and password, as well as to present “something the user has” such as a verification code obtained from a second gadget (Nath & Mondal, 2016) (Rouse, 2017).
When an individual activates the 2FA for a service or website, one normally must provide the details of the phone number. Additionally, other options include the utilisation of an application or to have a token hardware, but according to Ericson (2015) research, the mobile phone is the mainly popular technique of utilising 2FA (Ericson, 2015). The majority forms of 2FA ask the client to sign in using his/her username and password, and then input a code which is sent to the user via a Short Message Service (SMS). However, the device should be registered to receive such codes (Nath & Mondal, 2016) (Rouse, 2017).
Generally, once the 2FA (Vide Figure 2) is used on a specific device, the user does not need to repeat the same process on the same device again (Rouse, 2017). However, certain services might only trust a device for a duration of a year or thirty days, and others might have the possibility to allow the gadget to be trusted permanently (Nath & Mondal, 2016) (Rouse, 2017).
Three Factor Authentication (3FA) offers a more secure authentication when “something you have” and “something you know” are not sufficient to high risks data (Lungren, 2015) (Authlogics, 2017).
3FA involves and additional factor known as “something you are” where the user requires to provide three credentials to authenticate. The additional factor includes biometric such as fingerprint or facial or iris recognitions (Lungren, 2015) (Praveena, 2016).
D. Current use of 2FA
Two-Factor Authentication (2FA) is an important factor to be implemented and today’s devices still have such feature implemented (NIST, 2017). However, the National Institute of Standards and Technology (NIST) is no longer advising to use 2FA, sending codes via SMS messages (NIST, 2017). NIST issued a Digital Authentication Guideline to stop organisations from using authentication based on SMS (Lefkovitz, et al., 2017) (Rashid, 2016).
According to NIST, there is a considerable growth in attacks aiming to SMS-based 2FA. Moreover, according to this institute, SMS messages can be compromised through the Voice over IP (VoIP) services (Rashid, 2016). Furthermore, it also emphases that the SMS protocol is too weak to remotely interact with the applications on a specific smartphone and hack its owner’s data (Lefkovitz, et al., 2017) (Rashid, 2016).
Despite NIST warning guidelines, which were issued in the beginning of 2016, according to O’Neil’s (2016) research, people are still utilising 2FA with SMSs to protect their networks and accounts (O'Neill, 2016). However, according to co-founder and CEO at Clef, when SMS is the only option it can guarantee a more secure system. He also stated that SMS based 2FA is better than password security system (Clef, 2016).
On the other hand, NIST is suggesting that users make use of Biometrics rather than using two factor authentications (NIST, 2017). However, according to NIST (2017) research, the IoT medical devices are still not implemented with a three-factor authentication which implement the use of biometrics (Mohit, 2016) (NIST, 2017).
E. Health Wearable Sensors
Currently, the development of technology has aided the implementation of Body Area Networks (BAN) by utilising wireless communications, integrated low power circuits, storage and energy (Milošević, et al., 2011). Body Area Networks are classified as light weight gadgets, network platform and sensors that are intelligent (Milošević, et al., 2011).
BANs can connect nodes which are placed on the exterior of the body. Moreover, those nodes are attached to outfits or implanted into a patient’s body (Milošević, et al., 2011). In addition, each node is incorporated with a sensor which is utilised to monitor the crucial health signals such as Electrocardiography (ECG), blood pressure and whichever monitoring motion such as gyroscope and accelerometer (Milošević, et al., 2011).
Utilising wireless communication within Body Sensor Network (BSN) or BAN considerably increases the user’s intensity with the integration of the sensors (Milošević, et al., 2011). Additionally, it allows the installation of the sensors inside an individual’s body such as pacemakers including other applications such as monitoring common diseases and blood glucose (Milošević, et al., 2011).
This wireless technology is normally utilised in BANs such as ZigBee, ANT and Bluetooth. However, according to the research carried out by Bo (2009) stated that these technologies presently function on 2.4GHz (Bo, 2009). Moreover, the typical Bluetooth data rate is of 1 to 3 Mbit/s, ZigBee of 250 Kbit/s and ANT is of 1Mbit/s (Gomes, et al., 2013). In addition, there are further various wireless communication technologies utilised in BANs such as Medical Implant Communication Services (MICS), Ultra-wideband (UWB) and other wireless radios (Milošević, et al., 2011) (Zhen, et al., 2009) (Taparugssanagorn, et al., 2012).
For Patients suffering from cardiac diseases a fundamental data which requires to be monitored uninterruptedly is the heart rate. Such gadget was utilised by various medical professionals, who tend to observe the heat beat of the patient’s heart. Further to the result, the solution of the doctor is based on her/his knowledge and experience. Currently, tiny microchips are being developed which allows the monitoring of a patient’s vital conditions using digital processing (Milošević, et al., 2011). The first inventor was Budinger (2015), who concluded that it is possible to measure the heart rate using electrical waveform process using an electromagnetic stream (Budinger, 2015).
The BSN is incorporated using a set of compact physiological sensors which can be wore easy to carry (Budinger, 2015). Moreover, applications used to monitor physiological signs utilise low power sensors to calculate the patient’s crucial signals such as heart rate, accelerometer, blood oxygen and skin temperature (Budinger, 2015). A scenario where such system can be used is when an individual fails to respond, thus his/her health can be monitored remotely, and the data of each sensor can be processed and collected for further analysis (Vide Figure 2.7) in a device such as smartphone (Milošević, et al., 2011) (Miao, et al., 2012).
F. Wearable Gadgets
Currently, the manufacturing sector accountable for creating innovative wearable gadgets is increasing. Established organisations such as Sony (Sony, 2017), Apple (Apple, 2017) and Samsung (Samsung, 2017) are the leading companies implicated in such sector. Additionally, smaller industries such as Amiigo (Wavelet, n.d.) and Razer (Nabu, 2017) are also prominent to success. Mainly, the existing designed wearable health gadgets are directly worn around the wrist or other parts of the body or simply attached to an individual jacket or pocket (Commision, n.d.). These devices are computing wearable gadgets, generally in the form of a band which includes motion or biometric sensors. However, first wearable gadgets had many drawbacks such as limited features and functionalities (Weebly, 2015).
6
Currently, there is a lot of competition in manufacturing the best innovative product to provide various biometric sensors such as skin temperature, galvanic skin response, blood oxygen, sleep patterns, respiration, movement amongst others (Weebly, 2015). As hardware become much smaller in size, the capability of installing such parts in such gadgets is immeasurable. Nevertheless, with different selection of gadgets in the market it is very difficult to decide which band is classified to be superior (Weebly, 2015).
As stated by Westervelt’s research, the future wearables render gadgets cool and meaningful. Additionally, he also stated that the data and devices can advance everyone’s health and develop the environment (Westervelt, 2014). However, according to Pullen’s research (2016) he described that not every individual wants a gadget screen worn on their wrist and consequently he proposed seven wearable gadgets for individuals who do not like wearable gadgets like technological shirts, bracelets and signal bras amongst others (Pullen, 2016).
G. Health Care Applications
The latest technological novelties and advancements related to smartphones are bringing an important variation in the relationship among patients and their healthcare specialists (Kamil, 2017).
According to the research carried out by Kamil (2017), stated that patients require faster replies in relation to their healthcare problems and better mechanism upon wellness programs (Kamil, 2017). Additionally, he also stated that the expansion of novel healthcare applications in today’s market was predictable. Thus, such technologies are providing doctors and patients to communicate between them efficiently (Kamil, 2017).
As stated by Wanjek (2015) research, Dr. Iltifat Husain is in favour of health applications, stating that although various health applications are untested, they still have vast ability to reduce mortality (Wanjek, 2015). Conversely, Dr. Des Spence expressed a much harsher method to health applications during his BMJ review. He outlined the overuse of health technology to traditional medicine which may lead to misuse of such technology (Wanjek, 2015).
H. Hacked Healthcare Applicaions and IoT devices
According to the U.S. Food and Drug Administration (FDA) report, health institutions and health device manufacturers have increased security measures to protect against suspicious cybersecurity threats that might compromise the patient’s data privacy or devices (FDA, 2017) (Vide Figure 2.11).
However, 90% including both paid and free android medical/healthcare applications have been hacked with 22% of them being within the FDA approved list (Arxan, 2014) (Marin, et al., 2016) (Team, 2017).
William Maisel, who is the deputy director of FDA stated that over the past year, various vulnerabilities related to cyber security have been reported and these affected several medical devices and manufacturers (Marin, et al., 2016). In addition, the
reported events consisted of malware, malicious software or data theft (Marin, et al., 2016).
According to Marin’s researches, it was also determined that protocols which were classified as proprietary could be easily reverse-engineered and code tempering by a vulnerable rival without the need of physical access to the gadgets (Marin, et al., 2016).
According to the statistics carried out by Araxan security corporation (2014), 94% of the health companies have been suffering from cyber-attacks and 38% of global patients were suspicious of utilising a hacked medical IoT devices (Arxan, 2014).
I. Health Care Records
According to the “2017 Data Breach Industry Forecast” report the healthcare sector is predicted to be the most vulnerable industry for hackers in the coming years, since the health identity theft continues to be easy and lucrative to exploit (Experian, 2017). Additionally, personal health data continues to be a very important type of information for an attacker to steal. For this reason, cyber criminals will continue to resell this kind of sensitive data on the dark web market (Experian, 2017).
According to IBM’s report, more than hundred million health records have been compromised within the last few years, making it the top target for the hackers (Experian, 2017). Moreover, it is expected that the data theft will focus on different other aspects like hospital network in the coming years (Experian, 2017).
The distributed networks show a developed target for an attacker as it is usually difficult to support measures of security when compared to organisations which are centralised (Experian, 2017).
Experian, stated that a credit card which might be stolen may only be utilised until its holder reports it as lost, which normally does not take too long (Experian, 2017). On the other hand, stolen Electronic Health Records (EHR) are tending to be the main aim for an attacker since these can be utilised in various scams for a longer duration. Thus, such data is a bonus for an attacker who keeps on requesting for highly rewards (Experian, 2017).
Such applications, contains various information such as social security numbers, birth dates and various other crucial data like as diagnosis codes, billing information and policy numbers (Experian, 2017). Additionally, such information can be utilised to open counterfeit accounts of credit cards that can be detected after several months (Experian, 2017).
According to Reuters’ report stated that attackers could utilise such information to bill government or insurance companies for false medical services (Experian, 2017). Additionally, such data can be manipulated to create bogus identity documents, which can be utilised to purchase various drugs and medical equipment that can then be resold for other money (Experian, 2017). Moreover, the report also states that as more mobile health applications are being developed by various healthcare institutions, it may be likely that these organisations introduce
7
more security to protect from such vulnerabilities caused by attackers (Experian, 2017).
J. Cyber Atack in IoT
While Internet of Things (IoT) is being implemented in every individual’s life, security risks relating to IoT are increasing and altering rapidly (EY, 2015). In nowadays domain technology is always on, however according to the “Cybersecurity and the Internet of Things” report it is stated that there is not enough security awareness on the user’s part and hackers are finding innovative ways to bypass controls (EY, 2015).
The following are five common cyber-attacks in IoT:
Botnets
A Botnet is a combined network made of various systems with the intention of taking control and distribute malware remotely (Bertino & Islam, 2017). Additionally, they are controlled by hackers using botnet operators through Command-and-Control-Servers (C&C Sever) to steal private date, phishing, spam, and DDoS attacks (GlobalSign, 2016). With the increase of IoT, several gadgets are at risk of known thingbots (a botnet that includes autonomous connected devices) (GlobalSign, 2016) (Bertino & Islam, 2017).
Man-In-The-Middle
The Man-In-The-Middle method is when a hacker or attacker intention is to breach or interrupt communications among two separate systems (Cekerevac, et al., 2017). However, according to Global Sign (2016) research it can be a very critical attack because the intruder transmits and intercepts the data amongst two parties, without the knowledge of both parties, thinking they are legitimately receiving messages (GlobalSign, 2016). In IoT, it is extremely dangerous when it comes to critical health data (GlobalSign, 2016) (Cekerevac, et al., 2017).
Identity and Data Theft
Medical Identity and data theft can cause death or physical harm (D'Alfonso, 2015). According to the Medical Identity Fraud Alliance (MIFA), Medical Identity and data theft is outlined as the theft fraudulent of a patient’s Protected Health Information (PHI) and Personally Identifiable Information (PII) incorporating name of the patient or social security number. Thus, information is required to acquire medical services and goods or other benefits (GlobalSign, 2016). However, MIFA declares that counterfeit identities were utilised to execute Medical identity and data theft in which the Protected Health information of numerous patients may be assorted to produce separate identities (GlobalSign, 2016) (D'Alfonso, 2015).
Social Engineering
Social Engineering is technique of manipulating individuals to provide to an attacker confidential data (GlobalSign, 2016). The type of information related to health can vary according to the attacker’s needs such as providing passwords (GlobalSign, 2016).
Attackers utilise social engineering strategies because it is normally simpler to exploit the individual’s natural inclination to trust rather than other ways to hack the software (Webroot, n.d.) (GlobalSign, 2016).
Denial of Service
A Denial of service (DoS) attack occurs when a service that is required to operate is unreachable (Prasad, et al., 2014). Unavailability, occurs due to various reasons but normally happens due to an excessive load capacity on the infrastructure (GlobalSign, 2016). According to Biddle’s (2016) research, one of the largest Dos attack was carried out over a seven-day duration involving a children’s hospital with various devices such as smart IV pumps, computerised medication machines and electrocardiogram (EKG) machines (Biddle, 2016).
These turned out to be unreachable affecting day to day operations and slowed down the hospital system nearly to halt (GlobalSign, 2016) (Prasad, et al., 2014).
K. Cyber-attack Breaches
The following are some cyberattacks reported worldwide during the year 2016 by the Human Health and Services’ Office for Civil Rights Department (Vide Table 1) (HSS.gov, 2016) (HIPAA, 2017):
Table 1- 2016 largest data Healthcare breaches. (HIPPA,2017)
L. Key Trends
During 2016, two important key trends have been developed consisting of the evolution and discovery of Medical Device Hijack (MEDJACK, MEDJACK.2 and MEDJACK.3) (TrapX Security, 2016). This includes the creation of Ransomware within a comprehensive combination of targets (TrapX Security, 2016). Moreover, this is proved by accordance to the report
8
issued by HHS OCR and by continuing investigations worldwide of TrapX Labs (TrapX Security, 2016).
MEDJACK Attack
MEDJACK is a malware that was intentionally created in 2015 to attack the health devices such as CT, MRI and heart monitor, PAC systems and insulin pumps devices. Moreover, in 2016 MEDJACK.2 was developed and was even able to bypass security management (TrapX Security, 2016). It can utilise tools related to cybersecurity to setup backdoors and penetrate through a healthcare system without detecting it (TrapX Security, 2016).
Furthermore, TrapX researchers have recently detected a third version of MEDJACK known as MEDJACK.3 consisting of an older malware spreader to attack the health gadgets (TrapX Security, 2016).
Ransomware Attack
Ransomware is a malware utilised to make software, IT resources and data unavailable to individuals. It makes use of data encryption to possess control of the system, normally encrypted in bitcoin (TrapX Security, 2016). Consequently, such attack is utilised to force users to pay lots of money, with the hacker assuring to provide back access to the victims’ data and system if the ransom is paid (TrapX Security, 2016).
III. METHODOLOGY
A. Research Methods
The research method used for this thesis was based on the
System Development Life Cycle (SDLC) methodology which
according to half’s research (2017) is used by various software and website developers (Half, 2017). Thus, according to Half’s
research (2017) such methodology’s main purpose is to help
developers to deliver cost effectively and high-quality software
(Half, 2017). On the other hand, Cohen (2010) describes
“requirements planning, analysis, design, building coding,
testing, deployment and maintenance” as the crucial
components within the process of development (Cohen, 2010)
(Isaias & Issa, 2015).
According to Kothari (1990), research is a scientific and
systematic search of information on a specific area. He also
describes research as an artistic and scientific investigation (Kothari, 1990). Furthermore, research includes an
investigation which is established on a specific area or subject,
comprises the essential analysis, reviews and readings of the
recent information (Kothari, 1990).
The following is the research process diagram used for this
thesis (Vide Figure 3):
Figure 3 – Research model process diagram
Additionally, there are two primarily types of research methods,
which are known as qualitative and quantitative research
methods.
In the first chapter of this thesis, the key problem related to
healthcare data security was identified and backed up by
carrying out further research within the Literature Review
chapter. For this reason, research was carried out to gather more
information and better understand how to create/choose a
solution for various problems. Additionally, the target population was aimed for people who mainly suffer from heart
disease and are patients of a hospital. This may be better
implemented for future generations since the younger
generation is currently more technological, when compared to
the former ones.
When the study was conducted, the built prototype aimed to
answer the following research questions:
▪ What was the level of security in healthcare data?
▪ What were the requirements of today’s society?
▪ How important was the privacy of healthcare data?
▪ Could security be further developed? ▪ Currently, have data related to healthcare been
compromised?
Afterwards, based on the current available methods, the
researcher started to highlight the necessary key points to
include within the system. Thus, the researcher made use of
pencil sketches to design how she intended to create each
system feature within the Design chapter. It also incorporated,
the system and security architecture designs including Unified
Modeling Language (UML) diagram and Entity Relationship
diagram (ERD) to better understand the flow of this system. Subsequently, as soon as the design phase was completed, it
was followed by the implementation of the prototype which
included the use of the following tools/hardware:
9
- HostGator: - To provide hosting services such as server,
domain name and database to create the website frontend and
backend.
- Android Studio: - To create the android application making
use of an open source software offering tools such as emulator,
SDK and other various libraries. - Android Smartphone and Android Smartwatch were used as
these are open sources, which allowed the researcher to
demonstrate the functionality of the prototype.
- Language: - PHP, JAVA and HTML were the main languages
used to create the complete system.
The researcher carried out various test cases utilising the white
and black box testing within the entire stages of this research
which are further discussed in the Testing chapter based on the
Design tests to confirm the functionality and efficiency of such
system. However, as limitations to this thesis, the researcher
designed/implemented it and based it on her literature review research by reading various papers, blogs and websites. Thus,
offering a system which is continuously monitored. This
includes a better authentication method used to highly secure
the crucial data of the user.
Additionally, another limitation was that the testing was only
done by the researcher and no other individual was involved.
However, the researcher tried to create a friendly user interface
both from the website and application, keeping in mind the
targeted population. Moreover, step by step simple guides were
also created to facilitate the installation of the system.
IV. ANALYSIS AND DESIGN
A. Design Architecture
Figure 4 shows the system overview of a wearable gadget that
a patient should wear. It also comprised a smartphone gadget,
which automatically connects to the smartwatch device by
making use of Bluetooth technology.
Moreover, both IOT devices were Android based operating systems. However, if the Bluetooth connection was lost
between both gadgets, an immediate alert was automatically
sent by the system to the responsible individuals. Even tough,
the application was installed on a smartphone, it still operated
on the smartwatch gadget by synchronised the smartphones’
application. Thus, this prototype made use of two distinct
application modules for the IOT devices.
Furthermore, the smartwatch showed the physiological
information obtained from the sensors which was updated every
second and then transferred such information using the
Bluetooth capability of the smartwatch (Camilleri, 2015). Additionally, the collected data was then transmitted making
use of the wireless technology of the smartphone such as Wi-Fi
or 4G/3G. The information was then used to plot heart related
graphs which could be retrieved from the web page which was
linked to a server/database (Camilleri, 2015).
This application also provided different immediate alerts to the
relatives or doctors when encountered something abnormal by
utilised the Short Message Service (SMS) technology and made
use of heart rate and accelerometer sensors. The name of the
patient must be inputted the same as the account name
(Camilleri, 2015). For example, the system could send an alert
when it detected that the heart beat was below sixty or above
hundred beats. It was also able to send alerts when it detected
no movement of the patient in case of fainting (Camilleri, 2015).
The main features of this prototype involved the capability to
provide the patient with different information such as list of