IOT: Authentication Signature to Secure Sensitive Health ... · IOT: Authentication Signature to Secure Sensitive Health Care Data Leonella Camilleri Middlesex University Malta...

1

IOT: Authentication Signature to Secure

Sensitive Health Care Data

Leonella Camilleri

Middlesex University Malta

[email protected]

Abstract — The Internet of Things (IoT) is one of the most

recent developments in communication and computing where

such technology allows the connection of physical devices and

the attached sensors to be connected to the Internet via wired or

wireless connections.

The main purpose of this research paper was to focus on IoT

health-based technology as various concerns currently exist and

research had showed that several health based IoT devices and

applications are highly susceptible to hackers. In fact, such

sensitive health data can become prone to access by hackers and

can be a threat for an individual’s privacy, security and health

conditions.

The proposed system was aimed to people who mainly require

continuous health monitoring such as individuals who suffer

from heart diseases and who are patients of a hospital. This may be better implemented for future generations since the younger

generation is currently more technological, when compared to

the former ones. Relative critical information can be monitored

using sensory technology and updated by the hospital/doctor

using a website/application for immediate action.

Consequently, such system can facilitate the daily life of an

individual. For this reason, the proposed system mainly focused

on how to secure such system’s front end when an individual

tries to log into the system to check relevant personal

information. Therefore, this system’s goal was to facilitate the

daily life of patients by providing a higher security method for

sensitive information or to monitor human health conditions.

Keywords— IoT; authentication; health care; data; hospital;

patients; monitoring; hackers;

I. INTRODUCTION

A. Proposed Problem & Solution

The Internet of Things (IoT) is one of the most recent

developments in communication and computing where such

technology allows the connection of physical devices and the

attached sensors to be connected to the Internet via wired or

wireless connections (Saranya & Nitha, 2015). Various things

such as fridges, cars, TV’s, smart meters, wearable and health

monitor devices can be connected to the internet and can be

managed remotely over the network by using an

application/website to exchange and collect data. However, it

will have a significant effect on the health sector (Saranya &

Nitha, 2015). According to Dimitrov’s (2016) research, it stated that forty

percent of IoT associated technology is going to focus on health

care by 2020, which will result in a majority increase in market

when compared to the other domains. Thus, it estimated to have

a profit overturn of $117 billion in the market (Dimitrov &

Dimiter V, 2016).

The proposed system was aimed for people who mainly require

continuous health monitoring such as individuals who suffer

from heart diseases and other individuals who are patients of a

hospital. This may be better implemented for future generations

since the younger generation is currently more technological,

when compared to the former ones. Relative critical information can be monitored using sensory technology and

updated by the hospital/doctor using a website/application for

immediate action. Consequently, such system could facilitate

the daily life of an individual.

For this reason, the proposed system mainly focused on how to

secure such system’s front end when some individual tries to

log into the system to check relevant personal information.

Therefore, this system’s goal was to facilitate the daily life of

everyone by providing a more secure environment for sensitive

information or assist human health interactions (Kashif &

Wolfgang, 2015). However, various concerns exist in IoT technology and

research had shown that various health based IoT devices and

applications are highly susceptible to hackers. In fact, the data

being transmitted can become susceptible to access by data

collectors, hackers or also by government agencies and can be

a threat for individual privacy, health conditions and can cause

a security threat. Such information could get circulated to a non-

intentional recipient who might exploit and ultimately trigger a

security breach. At the end, no individual enjoys getting

observed all the time (Limited, 2015) (Mayuri & Sudhir, 2015).

According to the Business Insider best research (2016) service, (BI Intelligence), since IoT devices’ security investment is a

crucial requirement, it will reach an overall of 30% in the

market of cybersecurity by 2020 (Meola, 2016).

2

IoT offer a huge opportunity for security and corporate

companies for data management. Nevertheless, high level of

information revelation and cyber threats are few of the

problems which cannot be ignored. Moreover, the

interconnection of several gadgets can make it easier for

malicious threats such as worms and malware, to spread throughout the whole network. Furthermore, various devices

are not designed to provide the necessary security as they may

have limited CPU power, thus these do not provide enough

processing power for security. Hence, these are more

vulnerable to attackers and hackers who might easily alter the

function of any gadget and can produce physical damage to the

entire system, or death in case of a health-related scenario.

However, if IoT devices are compromised, these can give a

clear picture by showing personal data to the attacker when

breaching the systems such as CCTV footage, health data and

location of the person (Limited, 2015) (Mayuri & Sudhir,

2015).

B. Background

In recent years, security breaches increased drastically, and

several companies believed that the solution to this is to use

two-factor authentication (2FA), which characteristically associates a password including a second layer of protection.

However, 2FA is built on a vulnerable characteristic since there

is still reliance on passwords. According to the research carried

out by ‘ITProPortal’ (2015), it was stated that most individuals

frequently utilise the same usual characters for their passwords

(cha, 2015). Moreover, it is stated that it is a monotonous and

tedious activity to insert password information. Thus, various

individuals prefer to use certain phrases which are common to

them to make things easier during

the process and this may have consequences to the security level

attained by 2FA which currently it still not sufficient (cha,

2015).

A novel security measure in health care IoT devices that still

needs to develop is the use of biometric security. Biometric

authentication is a logical method to prove an individual

identity (cha, 2015). This thesis was based on current security

authentication for IoT gadgets and focused on producing a rich

authentication signature, based on the IoT healthcare sector.

The user was provided with an application that is able to get

important data from a smart watch such as heart rate and if a

fainting is present or not. Additionally, this system had also

other critical data such as list of pills, allergies, list of doctors and appointments.

Moreover, the system consisted also of a website that a

doctor/hospital can use to update/view their patients’ health

remotely. Doctors were able to send the test results or other

relevant data to his/her patient and can be viewed by the patient

by utilising this application.

As means of security, it was implemented using a better

authentication which compromised by the following

characteristics:

▪ Something the patient know such as an ID Card and

password.

▪ Something the patient has such as one-time password

token, which is sent via email.

▪ Something the patient is such as eye recognition

image. To make it more original, geo location position pattern

comprised of the position of the smartphone were also

implemented on the system. This made it more complex for an

attacker to access sensitive data which was related to the

patient’s health. Moreover, the patient was capable capable to

access the system by his/her location or by doing a series of

gestures that only he/she knows about, such as keeping the

smartphone in a vertical/horizontal position or flip/shake it

various times.

C. Aims and Objectives

The aim of this research paper was to propose an authentication

method utilising IoT to produce a rich authentication signature

that makes it virtually impossible for an attacker to compromise

a Healthcare system. For this reason, this research could give

an individual more peace of mind, by controlling various

gadgets which can be connected to the network efficiently, safely and from the comfort of his/her home. Moreover, the user

could easily monitor his/her health status and any other type of

critical health data using the appropriate application.

Additionally, this system was also able to detect and alert any

heart rate abnormality and fainting. This in turn would send a

form of an alert such as a text message to the responsible person

of the patient such as doctor.

For this paper, the following were the key objectives that would

be achieved:

▪ Provided an overview and analysed Internet of Things (IoT) while provided various examples,

▪ Investigated other existing security methods applied to

IoT,

▪ Highlighted the advantages and drawbacks of such

systems,

▪ Focused on the major risks IoT bring along with it,

▪ Researched of any security laws that might be

applicable in relation to IoT within the healthcare

domain,

▪ Proposed a security authentication technique,

▪ Provided a simulation of a smart health care system using a website/application,

▪ Utilised IoT to produce a rich authentication signature.

3

D. Abbreviations and Acronyms

IoT Internet of Things

RFID Radio-Frequency Identification

M2M Machine-to-Machine

SOA Service-oriented Architecture

1FA Single Factor Authentication

2FA Two Factor Authentication

3FA Three Factor Authentication

DOS Denial of Service

EHR Electronic Health Records

NIST National Institute of Standards and

Technology

BAN Body Area Networks

BSN Body Sensor Network

SMS Short Message Service

FDA Food and Drug Administration

MIFA Medical Identity Fraud Alliance

PII Personally Identifiable Information

PHI Protected Health Information

VoIP Voice over IP

AES Advance Encryption Standard

ECG Electrocardiography

MICS Medical Implant Communication Services

UWB Ultra-wideband

EKG Electrocardiography

HTTPS Hypertext Transfer Protocol Secure

HTTP Hypertext Transfer Protocol

URL Uniform Resource Locator

API Application Programming Interface

SDK Software Development Kit

ADT Android Development Tool

APK Android Application Package

PHP Hypertext Pre-processor

MVC Model-View-Controller

SDLC System Development Life Cycle

II. IOT BACKGROUND

A. Introduction

In 1999, the concept of IoT was initially proposed and utilised

by Kevin Ashton who was the Executive Director of the Auto-

ID centre (Anzelmo, et al., 2011) (Somayya, et al., 2015).

Ashton, specified that Internet of Things (IoT) is defined as

physical gadgets that can connect to the Internet via embedded

sensors or systems, which work together to create significant

outcomes and ease to the customer’s community including the

use of Radio-Frequency Identification (RFID) technology

(Shancang, et al., 2014) and machine-to-machine (M2M) networks (Shruti & Soumyalatha, 2016). Nevertheless, it is still

subjective in terms of its exact definition due to various

perspectives taken (Shancang, et al., 2014) (ITU, 2013).

Moreover, IoT is intended to be the new invention of the

upcoming internet, which incorporates different technology

ranges including Service-oriented Architecture (SoA),

networking, intelligent data processing technologies,

communication and sensory (Shancang, et al., 2016) (Council,

2008) (Lim, et al., 2013).

However, IoT also brings various important challenges such as hybrid network integration, sensing technology and security

issues. When compared to the other characteristics, security is

the most crucial challenge which plays a very significant role to

protect the internet of things against malfunctions and attacks

(Shancang, et al., 2016) (Lopez, et al., 2011).

Usually, such security involves privacy, secure communication

and cryptography assurances. Nevertheless, within an IOT

sector security includes a wider variety of tasks comprising of

access control, data integrity, availability of services, anti-

malware, privacy protection and information confidentiality (Shancang, et al., 2016) (Sye, et al., 2014). Furthermore, as an

open ecosystem the security of IoT linked to other areas of

research is still orthogonal. The use of Internet of Things in

various domains such as smart cities, smart homes, smart

vehicles automation and smart healthcare makes the system

extremely susceptible to various attacks when compared to

hacking, cyber threats, identity theft amongst others (Shancang,

et al., 2016).

B. Internet of Things Architecture

According to Gartner’s predictions, the Internet of Things (IoT)

should be able to interconnect trillions or billions of

heterogeneous gadgets over the Internet and by 2020 it will

develop to twenty-six billion devices (Stamfrord, 2013)

(Gartner, 2017). Consequently, there should be a vital necessity

to have an architecture which incorporates flexible layers (Ala,

et al., 2015). The ever-expanding amount of suggested system related to architectures have not yet met a recommended

standard (Sethi & Smruti, 2017). There is no specific worldwide

consensus on how IoT architecture is divided. Hence, various

projects such as ‘IoT-A’ which aims to outline a basic

architecture related to the analysis of industry and researchers

(Ala, et al., 2015) (Sethi & Smruti, 2017). However, according

to various proposed researches, the latest, most used IoT

architecture is known as the ‘five-layer architecture’ which

involves the perception, network, middleware, application and

business layers (Vide Figure 1) (Rafiullah, et al., 2012).

4

Figure 1- Internet of Things Architecture (Rafiullah, et al., 2012)

C. Authentication

Authentication plays a significant role and is the process of authenticating the identity of an individual over the network by ensuring that the individual is the right person who is trying to access the system. Moreover, authentication depended on at least one of the following information types (Nath & Mondal, 2016) (Rouse, 2017):

▪ Something you know (example: Pin or password) (Idrus, et al., 2013),

▪ Something you have (example: Token or smartcards) (Idrus, et al., 2013),

▪ Something you are (example: biometrics) (Idrus, et al., 2013).

The traditional system is known as the Single Factor Authentication (1FA)/Single Step Verification – This authentication provides a verification process identity of an individual which can provide access to a website account over the network based on a collection of login credentials or one factor such as “something the user knows” like username and password (Rouse, 2017). According to Asoke’s (2017) research stated that this technique, was great for a certain period, however now a day such authentication method is classified as too weak and outdated since the number of daily vulnerable attacks have been increased (Nath & Mondal, 2016). Thus, it does not provide much protection and a hacker can easily compromise such system by maliciously intrude onto the system (Nath & Mondal, 2016) (Rouse, 2017).

The Two Factor Authentication (2FA) also known as Two Step Verification, offers additional security related to the sign in process (ltd, 2016). Furthermore, there are various services and devices to implement a 2FA system such as applications, RFID cards and hardware tokens (Nath & Mondal, 2016) (Rouse, 2017).

Additionally, 2FA products can be categorised into two sections: tokens which are distributed to the clients to be able to utilise them during the login process and software or infrastructure that authenticates and recognises access to the clients who are utilising correctly their tokens (Rouse, 2017). Moreover, 2FA techniques are based on various technologies, including the

Public Key Infrastructure (PKI) and the One Time Password (OTP) (Nath & Mondal, 2016) (Rouse, 2017).

The hardware tokens are physical devices that generates random One-time passwords (OTP) (Dmitrienko, et al., 2014). The OTPs are a ‘symmetric’ form of authentication, that incorporates a one-time password to be generated in two locations such as one on the hardware token and another one the authentication server or software token (Krogh, 2013). As soon as the OTP that is generated on the hardware token-matches the one generated on the authentication server, the system successfully grants access to the user (Nath & Mondal, 2016) (Rouse, 2017) (Tadokoro, 2017).

On the other hand, the hardware PKI certificate-based tokens, are an ‘asymmetric’ form authentication as it depends on different pair of encryption keys known as public and private encryption keys (Inc, 2004). This includes USB tokens and smart cards. When a user authenticates through a company’s server over the network, the server circulates a numeric ‘challenge’ (Tadokoro, 2017). Furthermore, such challenge is signed by making use of the private key and if there is a match between both keys then authentication is successful, and the user is granted access to the network (Nath & Mondal, 2016) (Rouse, 2017) (Tadokoro, 2017).

Moreover, such system requires the user to know both the username and password, as well as to present “something the user has” such as a verification code obtained from a second gadget (Nath & Mondal, 2016) (Rouse, 2017).

When an individual activates the 2FA for a service or website, one normally must provide the details of the phone number. Additionally, other options include the utilisation of an application or to have a token hardware, but according to Ericson (2015) research, the mobile phone is the mainly popular technique of utilising 2FA (Ericson, 2015). The majority forms of 2FA ask the client to sign in using his/her username and password, and then input a code which is sent to the user via a Short Message Service (SMS). However, the device should be registered to receive such codes (Nath & Mondal, 2016) (Rouse, 2017).

Generally, once the 2FA (Vide Figure 2) is used on a specific device, the user does not need to repeat the same process on the same device again (Rouse, 2017). However, certain services might only trust a device for a duration of a year or thirty days, and others might have the possibility to allow the gadget to be trusted permanently (Nath & Mondal, 2016) (Rouse, 2017).

Figure 2 – Two-Factor Authentication (OPNsense, 2016)

5

The Three Factor Authentication (3FA)

Three Factor Authentication (3FA) offers a more secure authentication when “something you have” and “something you know” are not sufficient to high risks data (Lungren, 2015) (Authlogics, 2017).

3FA involves and additional factor known as “something you are” where the user requires to provide three credentials to authenticate. The additional factor includes biometric such as fingerprint or facial or iris recognitions (Lungren, 2015) (Praveena, 2016).

D. Current use of 2FA

Two-Factor Authentication (2FA) is an important factor to be implemented and today’s devices still have such feature implemented (NIST, 2017). However, the National Institute of Standards and Technology (NIST) is no longer advising to use 2FA, sending codes via SMS messages (NIST, 2017). NIST issued a Digital Authentication Guideline to stop organisations from using authentication based on SMS (Lefkovitz, et al., 2017) (Rashid, 2016).

According to NIST, there is a considerable growth in attacks aiming to SMS-based 2FA. Moreover, according to this institute, SMS messages can be compromised through the Voice over IP (VoIP) services (Rashid, 2016). Furthermore, it also emphases that the SMS protocol is too weak to remotely interact with the applications on a specific smartphone and hack its owner’s data (Lefkovitz, et al., 2017) (Rashid, 2016).

Despite NIST warning guidelines, which were issued in the beginning of 2016, according to O’Neil’s (2016) research, people are still utilising 2FA with SMSs to protect their networks and accounts (O'Neill, 2016). However, according to co-founder and CEO at Clef, when SMS is the only option it can guarantee a more secure system. He also stated that SMS based 2FA is better than password security system (Clef, 2016).

On the other hand, NIST is suggesting that users make use of Biometrics rather than using two factor authentications (NIST, 2017). However, according to NIST (2017) research, the IoT medical devices are still not implemented with a three-factor authentication which implement the use of biometrics (Mohit, 2016) (NIST, 2017).

E. Health Wearable Sensors

Currently, the development of technology has aided the implementation of Body Area Networks (BAN) by utilising wireless communications, integrated low power circuits, storage and energy (Milošević, et al., 2011). Body Area Networks are classified as light weight gadgets, network platform and sensors that are intelligent (Milošević, et al., 2011).

BANs can connect nodes which are placed on the exterior of the body. Moreover, those nodes are attached to outfits or implanted into a patient’s body (Milošević, et al., 2011). In addition, each node is incorporated with a sensor which is utilised to monitor the crucial health signals such as Electrocardiography (ECG), blood pressure and whichever monitoring motion such as gyroscope and accelerometer (Milošević, et al., 2011).

Utilising wireless communication within Body Sensor Network (BSN) or BAN considerably increases the user’s intensity with the integration of the sensors (Milošević, et al., 2011). Additionally, it allows the installation of the sensors inside an individual’s body such as pacemakers including other applications such as monitoring common diseases and blood glucose (Milošević, et al., 2011).

This wireless technology is normally utilised in BANs such as ZigBee, ANT and Bluetooth. However, according to the research carried out by Bo (2009) stated that these technologies presently function on 2.4GHz (Bo, 2009). Moreover, the typical Bluetooth data rate is of 1 to 3 Mbit/s, ZigBee of 250 Kbit/s and ANT is of 1Mbit/s (Gomes, et al., 2013). In addition, there are further various wireless communication technologies utilised in BANs such as Medical Implant Communication Services (MICS), Ultra-wideband (UWB) and other wireless radios (Milošević, et al., 2011) (Zhen, et al., 2009) (Taparugssanagorn, et al., 2012).

For Patients suffering from cardiac diseases a fundamental data which requires to be monitored uninterruptedly is the heart rate. Such gadget was utilised by various medical professionals, who tend to observe the heat beat of the patient’s heart. Further to the result, the solution of the doctor is based on her/his knowledge and experience. Currently, tiny microchips are being developed which allows the monitoring of a patient’s vital conditions using digital processing (Milošević, et al., 2011). The first inventor was Budinger (2015), who concluded that it is possible to measure the heart rate using electrical waveform process using an electromagnetic stream (Budinger, 2015).

The BSN is incorporated using a set of compact physiological sensors which can be wore easy to carry (Budinger, 2015). Moreover, applications used to monitor physiological signs utilise low power sensors to calculate the patient’s crucial signals such as heart rate, accelerometer, blood oxygen and skin temperature (Budinger, 2015). A scenario where such system can be used is when an individual fails to respond, thus his/her health can be monitored remotely, and the data of each sensor can be processed and collected for further analysis (Vide Figure 2.7) in a device such as smartphone (Milošević, et al., 2011) (Miao, et al., 2012).

F. Wearable Gadgets

Currently, the manufacturing sector accountable for creating innovative wearable gadgets is increasing. Established organisations such as Sony (Sony, 2017), Apple (Apple, 2017) and Samsung (Samsung, 2017) are the leading companies implicated in such sector. Additionally, smaller industries such as Amiigo (Wavelet, n.d.) and Razer (Nabu, 2017) are also prominent to success. Mainly, the existing designed wearable health gadgets are directly worn around the wrist or other parts of the body or simply attached to an individual jacket or pocket (Commision, n.d.). These devices are computing wearable gadgets, generally in the form of a band which includes motion or biometric sensors. However, first wearable gadgets had many drawbacks such as limited features and functionalities (Weebly, 2015).

6

Currently, there is a lot of competition in manufacturing the best innovative product to provide various biometric sensors such as skin temperature, galvanic skin response, blood oxygen, sleep patterns, respiration, movement amongst others (Weebly, 2015). As hardware become much smaller in size, the capability of installing such parts in such gadgets is immeasurable. Nevertheless, with different selection of gadgets in the market it is very difficult to decide which band is classified to be superior (Weebly, 2015).

As stated by Westervelt’s research, the future wearables render gadgets cool and meaningful. Additionally, he also stated that the data and devices can advance everyone’s health and develop the environment (Westervelt, 2014). However, according to Pullen’s research (2016) he described that not every individual wants a gadget screen worn on their wrist and consequently he proposed seven wearable gadgets for individuals who do not like wearable gadgets like technological shirts, bracelets and signal bras amongst others (Pullen, 2016).

G. Health Care Applications

The latest technological novelties and advancements related to smartphones are bringing an important variation in the relationship among patients and their healthcare specialists (Kamil, 2017).

According to the research carried out by Kamil (2017), stated that patients require faster replies in relation to their healthcare problems and better mechanism upon wellness programs (Kamil, 2017). Additionally, he also stated that the expansion of novel healthcare applications in today’s market was predictable. Thus, such technologies are providing doctors and patients to communicate between them efficiently (Kamil, 2017).

As stated by Wanjek (2015) research, Dr. Iltifat Husain is in favour of health applications, stating that although various health applications are untested, they still have vast ability to reduce mortality (Wanjek, 2015). Conversely, Dr. Des Spence expressed a much harsher method to health applications during his BMJ review. He outlined the overuse of health technology to traditional medicine which may lead to misuse of such technology (Wanjek, 2015).

H. Hacked Healthcare Applicaions and IoT devices

According to the U.S. Food and Drug Administration (FDA) report, health institutions and health device manufacturers have increased security measures to protect against suspicious cybersecurity threats that might compromise the patient’s data privacy or devices (FDA, 2017) (Vide Figure 2.11).

However, 90% including both paid and free android medical/healthcare applications have been hacked with 22% of them being within the FDA approved list (Arxan, 2014) (Marin, et al., 2016) (Team, 2017).

William Maisel, who is the deputy director of FDA stated that over the past year, various vulnerabilities related to cyber security have been reported and these affected several medical devices and manufacturers (Marin, et al., 2016). In addition, the

reported events consisted of malware, malicious software or data theft (Marin, et al., 2016).

According to Marin’s researches, it was also determined that protocols which were classified as proprietary could be easily reverse-engineered and code tempering by a vulnerable rival without the need of physical access to the gadgets (Marin, et al., 2016).

According to the statistics carried out by Araxan security corporation (2014), 94% of the health companies have been suffering from cyber-attacks and 38% of global patients were suspicious of utilising a hacked medical IoT devices (Arxan, 2014).

I. Health Care Records

According to the “2017 Data Breach Industry Forecast” report the healthcare sector is predicted to be the most vulnerable industry for hackers in the coming years, since the health identity theft continues to be easy and lucrative to exploit (Experian, 2017). Additionally, personal health data continues to be a very important type of information for an attacker to steal. For this reason, cyber criminals will continue to resell this kind of sensitive data on the dark web market (Experian, 2017).

According to IBM’s report, more than hundred million health records have been compromised within the last few years, making it the top target for the hackers (Experian, 2017). Moreover, it is expected that the data theft will focus on different other aspects like hospital network in the coming years (Experian, 2017).

The distributed networks show a developed target for an attacker as it is usually difficult to support measures of security when compared to organisations which are centralised (Experian, 2017).

Experian, stated that a credit card which might be stolen may only be utilised until its holder reports it as lost, which normally does not take too long (Experian, 2017). On the other hand, stolen Electronic Health Records (EHR) are tending to be the main aim for an attacker since these can be utilised in various scams for a longer duration. Thus, such data is a bonus for an attacker who keeps on requesting for highly rewards (Experian, 2017).

Such applications, contains various information such as social security numbers, birth dates and various other crucial data like as diagnosis codes, billing information and policy numbers (Experian, 2017). Additionally, such information can be utilised to open counterfeit accounts of credit cards that can be detected after several months (Experian, 2017).

According to Reuters’ report stated that attackers could utilise such information to bill government or insurance companies for false medical services (Experian, 2017). Additionally, such data can be manipulated to create bogus identity documents, which can be utilised to purchase various drugs and medical equipment that can then be resold for other money (Experian, 2017). Moreover, the report also states that as more mobile health applications are being developed by various healthcare institutions, it may be likely that these organisations introduce

7

more security to protect from such vulnerabilities caused by attackers (Experian, 2017).

J. Cyber Atack in IoT

While Internet of Things (IoT) is being implemented in every individual’s life, security risks relating to IoT are increasing and altering rapidly (EY, 2015). In nowadays domain technology is always on, however according to the “Cybersecurity and the Internet of Things” report it is stated that there is not enough security awareness on the user’s part and hackers are finding innovative ways to bypass controls (EY, 2015).

The following are five common cyber-attacks in IoT:

Botnets

A Botnet is a combined network made of various systems with the intention of taking control and distribute malware remotely (Bertino & Islam, 2017). Additionally, they are controlled by hackers using botnet operators through Command-and-Control-Servers (C&C Sever) to steal private date, phishing, spam, and DDoS attacks (GlobalSign, 2016). With the increase of IoT, several gadgets are at risk of known thingbots (a botnet that includes autonomous connected devices) (GlobalSign, 2016) (Bertino & Islam, 2017).

Man-In-The-Middle

The Man-In-The-Middle method is when a hacker or attacker intention is to breach or interrupt communications among two separate systems (Cekerevac, et al., 2017). However, according to Global Sign (2016) research it can be a very critical attack because the intruder transmits and intercepts the data amongst two parties, without the knowledge of both parties, thinking they are legitimately receiving messages (GlobalSign, 2016). In IoT, it is extremely dangerous when it comes to critical health data (GlobalSign, 2016) (Cekerevac, et al., 2017).

Identity and Data Theft

Medical Identity and data theft can cause death or physical harm (D'Alfonso, 2015). According to the Medical Identity Fraud Alliance (MIFA), Medical Identity and data theft is outlined as the theft fraudulent of a patient’s Protected Health Information (PHI) and Personally Identifiable Information (PII) incorporating name of the patient or social security number. Thus, information is required to acquire medical services and goods or other benefits (GlobalSign, 2016). However, MIFA declares that counterfeit identities were utilised to execute Medical identity and data theft in which the Protected Health information of numerous patients may be assorted to produce separate identities (GlobalSign, 2016) (D'Alfonso, 2015).

Social Engineering

Social Engineering is technique of manipulating individuals to provide to an attacker confidential data (GlobalSign, 2016). The type of information related to health can vary according to the attacker’s needs such as providing passwords (GlobalSign, 2016).

Attackers utilise social engineering strategies because it is normally simpler to exploit the individual’s natural inclination to trust rather than other ways to hack the software (Webroot, n.d.) (GlobalSign, 2016).

Denial of Service

A Denial of service (DoS) attack occurs when a service that is required to operate is unreachable (Prasad, et al., 2014). Unavailability, occurs due to various reasons but normally happens due to an excessive load capacity on the infrastructure (GlobalSign, 2016). According to Biddle’s (2016) research, one of the largest Dos attack was carried out over a seven-day duration involving a children’s hospital with various devices such as smart IV pumps, computerised medication machines and electrocardiogram (EKG) machines (Biddle, 2016).

These turned out to be unreachable affecting day to day operations and slowed down the hospital system nearly to halt (GlobalSign, 2016) (Prasad, et al., 2014).

K. Cyber-attack Breaches

The following are some cyberattacks reported worldwide during the year 2016 by the Human Health and Services’ Office for Civil Rights Department (Vide Table 1) (HSS.gov, 2016) (HIPAA, 2017):

Table 1- 2016 largest data Healthcare breaches. (HIPPA,2017)

L. Key Trends

During 2016, two important key trends have been developed consisting of the evolution and discovery of Medical Device Hijack (MEDJACK, MEDJACK.2 and MEDJACK.3) (TrapX Security, 2016). This includes the creation of Ransomware within a comprehensive combination of targets (TrapX Security, 2016). Moreover, this is proved by accordance to the report

8

issued by HHS OCR and by continuing investigations worldwide of TrapX Labs (TrapX Security, 2016).

MEDJACK Attack

MEDJACK is a malware that was intentionally created in 2015 to attack the health devices such as CT, MRI and heart monitor, PAC systems and insulin pumps devices. Moreover, in 2016 MEDJACK.2 was developed and was even able to bypass security management (TrapX Security, 2016). It can utilise tools related to cybersecurity to setup backdoors and penetrate through a healthcare system without detecting it (TrapX Security, 2016).

Furthermore, TrapX researchers have recently detected a third version of MEDJACK known as MEDJACK.3 consisting of an older malware spreader to attack the health gadgets (TrapX Security, 2016).

Ransomware Attack

Ransomware is a malware utilised to make software, IT resources and data unavailable to individuals. It makes use of data encryption to possess control of the system, normally encrypted in bitcoin (TrapX Security, 2016). Consequently, such attack is utilised to force users to pay lots of money, with the hacker assuring to provide back access to the victims’ data and system if the ransom is paid (TrapX Security, 2016).

III. METHODOLOGY

A. Research Methods

The research method used for this thesis was based on the

System Development Life Cycle (SDLC) methodology which

according to half’s research (2017) is used by various software and website developers (Half, 2017). Thus, according to Half’s

research (2017) such methodology’s main purpose is to help

developers to deliver cost effectively and high-quality software

(Half, 2017). On the other hand, Cohen (2010) describes

“requirements planning, analysis, design, building coding,

testing, deployment and maintenance” as the crucial

components within the process of development (Cohen, 2010)

(Isaias & Issa, 2015).

According to Kothari (1990), research is a scientific and

systematic search of information on a specific area. He also

describes research as an artistic and scientific investigation (Kothari, 1990). Furthermore, research includes an

investigation which is established on a specific area or subject,

comprises the essential analysis, reviews and readings of the

recent information (Kothari, 1990).

The following is the research process diagram used for this

thesis (Vide Figure 3):

Figure 3 – Research model process diagram

Additionally, there are two primarily types of research methods,

which are known as qualitative and quantitative research

methods.

In the first chapter of this thesis, the key problem related to

healthcare data security was identified and backed up by

carrying out further research within the Literature Review

chapter. For this reason, research was carried out to gather more

information and better understand how to create/choose a

solution for various problems. Additionally, the target population was aimed for people who mainly suffer from heart

disease and are patients of a hospital. This may be better

implemented for future generations since the younger

generation is currently more technological, when compared to

the former ones.

When the study was conducted, the built prototype aimed to

answer the following research questions:

▪ What was the level of security in healthcare data?

▪ What were the requirements of today’s society?

▪ How important was the privacy of healthcare data?

▪ Could security be further developed? ▪ Currently, have data related to healthcare been

compromised?

Afterwards, based on the current available methods, the

researcher started to highlight the necessary key points to

include within the system. Thus, the researcher made use of

pencil sketches to design how she intended to create each

system feature within the Design chapter. It also incorporated,

the system and security architecture designs including Unified

Modeling Language (UML) diagram and Entity Relationship

diagram (ERD) to better understand the flow of this system. Subsequently, as soon as the design phase was completed, it

was followed by the implementation of the prototype which

included the use of the following tools/hardware:

9

- HostGator: - To provide hosting services such as server,

domain name and database to create the website frontend and

backend.

- Android Studio: - To create the android application making

use of an open source software offering tools such as emulator,

SDK and other various libraries. - Android Smartphone and Android Smartwatch were used as

these are open sources, which allowed the researcher to

demonstrate the functionality of the prototype.

- Language: - PHP, JAVA and HTML were the main languages

used to create the complete system.

The researcher carried out various test cases utilising the white

and black box testing within the entire stages of this research

which are further discussed in the Testing chapter based on the

Design tests to confirm the functionality and efficiency of such

system. However, as limitations to this thesis, the researcher

designed/implemented it and based it on her literature review research by reading various papers, blogs and websites. Thus,

offering a system which is continuously monitored. This

includes a better authentication method used to highly secure

the crucial data of the user.

Additionally, another limitation was that the testing was only

done by the researcher and no other individual was involved.

However, the researcher tried to create a friendly user interface

both from the website and application, keeping in mind the

targeted population. Moreover, step by step simple guides were

also created to facilitate the installation of the system.

IV. ANALYSIS AND DESIGN

A. Design Architecture

Figure 4 shows the system overview of a wearable gadget that

a patient should wear. It also comprised a smartphone gadget,

which automatically connects to the smartwatch device by

making use of Bluetooth technology.

Moreover, both IOT devices were Android based operating systems. However, if the Bluetooth connection was lost

between both gadgets, an immediate alert was automatically

sent by the system to the responsible individuals. Even tough,

the application was installed on a smartphone, it still operated

on the smartwatch gadget by synchronised the smartphones’

application. Thus, this prototype made use of two distinct

application modules for the IOT devices.

Furthermore, the smartwatch showed the physiological

information obtained from the sensors which was updated every

second and then transferred such information using the

Bluetooth capability of the smartwatch (Camilleri, 2015). Additionally, the collected data was then transmitted making

use of the wireless technology of the smartphone such as Wi-Fi

or 4G/3G. The information was then used to plot heart related

graphs which could be retrieved from the web page which was

linked to a server/database (Camilleri, 2015).

This application also provided different immediate alerts to the

relatives or doctors when encountered something abnormal by

utilised the Short Message Service (SMS) technology and made

use of heart rate and accelerometer sensors. The name of the

patient must be inputted the same as the account name

(Camilleri, 2015). For example, the system could send an alert

when it detected that the heart beat was below sixty or above

hundred beats. It was also able to send alerts when it detected

no movement of the patient in case of fainting (Camilleri, 2015).

The main features of this prototype involved the capability to

provide the patient with different information such as list of

doctors, pills prescription, disease allergies, appointments,

video calling and pill reminder. Additionally, such information

was only inputted by the responsible doctor from the website

that he/she has the right privileges. Afterwards, the doctor could

send an alert on the application of the perspective patient stating

that new updates are available. The patient could remotely see

such data based on his/her health records just by using his/her

right security credentials to access the system.

Figure 4 – System Design Architecture

Hardware used:

▪ Samsung Smartphone (Samsung, 2017),

▪ Samsung Gear Live Watch (Samsung, 2017).

Software used:

▪ JAVA (Oracle, 2017),

▪ Android Studio 3.01 (Studio, n.d.),

▪ PhpMyAdmin database (Group, 2017),

▪ JAVA Script (Oracle, 2017),

▪ PHP (Group, 2017),

▪ Android system (Android, n.d.),

▪ Apache Server (Foundation, 2017),

▪ Google Maps (Google, 2017),

▪ Android SDK/API (Studio, n.d.)

B. Security Design Architecture

Figure 5 briefly illustrates the security system design which

mainly focused on the authentication of a health application to

secure healthcare data. It also included other security methods

related to the website’s front and backend.

Smartphone Application

10

A new patient/doctor to access such system, he/she must first

register on the system, (for the first time only). Additionally,

the registration process had various data which must be inputted

by the user including ‘username’, ‘email address’, ‘password’,

‘user type’ and an option to select the smartphone’s secret

screen orientation and number of shake times. There were two types of options for the user. These included

the choice between; doctor or patient. As soon as all details are

inputted by the user in the registration page, the system

automatically sent a request to that inputted email. Then that

specific user must verify that he/she had the right email address.

To finish the process the user needed to follow the verification

link in the received email and if everything was correct, the

system allowed the user to proceed into the system. During the

registration process, the data obtained from the inputted fields,

was encrypted to JSON object which was then sent to the

webservices to be stored on the server.

Figure 5 – System Security Design Architecture

Upon registration, the user was prompted to capture his/her

eyes recognition image which was then converted into media in

a PNG format and sent to the server as a file. Afterwards, the

server decrypts that data received and stored that image in the

server.

Conversely, the system also had the restriction not to allow the

user to register his/her email address more than once or if the

data was incorrect. Thus, if such occurrences happened the user

was denied accessing the system.

Additionally, during the login process the system initially

prompted the user to enter his/her username and password. In

this phase, the system could identify the location of the user

through GPS by utilising the Google Application Programming

Interface (API) and sended such data to the server for

confirmation. However, if the server detected duplicate logins from any other worldwide place, the system did not allow the

user to login and displayed a warning to notify him/her.

If the inputted information was correct, the system prompted

the user to capture his/her eyes or else skip this phase. If the

click capture option was selected, the system automatically

opened the camera feature to allow the user to take a picture of

his/her eye. On the other hand, if the skip option was selected

the user was prompted to shake the device according to the

orientation secret he/she had selected during the registration

phase and could be either landscape or portrait.

Furthermore, a token was generated during the submission of

registration and was sent via an email, which was then

generated every 48 hours. Thus, the one-time password (OTP) had to be inputted by the user during the login phase whenever

it expired.

Website

The user, could also register for the first time from the website.

(this option could be done from the website or else from the

smartphone application)

Additionally, the registration process was the same as that of

the smartphone application which was mentioned in the

previous section.

As soon as the validation of email address and registration

process were completed, the user could then input his/her username and password to proceed to the main page. As

security measures, the system was designed not to give access

to the same account by making use of the Geolocation of the

user and offered also the token authentication method.

If the above measures were met, the system granted access to

the user to access the main page of the website.

V.IMPLEMENTATION

The aim of this research was to create a means of security

measurement for a health application based on an Android, that coould be utilised on IOT devices such as wearable and

smartphone gadgets. This could aid to assist persons who

mainly suffered from heart disease and required continuous

monitoring.

A. The Database/Server Backend

This section outlined the database/server’s development in

detail. This was utilised to operate the application, including the

server platform implementation. Moreover, this section also

illustrated the server and database backend. Backend was

developed in coordinator and design using HTML. The

response from the server was in form of JSON Array and JSON

Object.

Additionally, phpMyAdmin and hosting Cpanel Editor were

utilised to make the backend systems. On the other hand,

HostGator.com (HostGator, 2017) was used to provide a

proprietary domain and hosting options including Cpanel facility that offered support related to software, security, logs,

databases, security, links, preferences, file Manager and email

accounts, amongst others (HostGator, 2017).

For this thesis, an open source MySQL database was created for

the prototype system named ‘nell_dev’ with a username and

password respectively. This kind of database was selected

because each Web hosting service could be accessible.

For this prototype, various tables were created, each with

different columns and variables.

11

Additionally, the server was implemented utilising the PHP

language, were such language is accountable to transfer and

collect the data. However, to secure the database and server a

password and a username were needed to grant authorisation to

access the system. The server was linked to the database by producing a php file known as database.php which incorporated

all the data parameters such as database name, host and the

database username and password.

CodeIgniter (2017), which is an open source software was

installed on the server to offer rapid expansion web framework,

for developing the website using PHP language (EllisLab, n.d.)

(CodeIgniter, 2017). It is mainly based on the standard Model-

View-Controller (MVC) pattern development (EllisLab, n.d.)

(CodeIgniter, 2017). MVC is a software method that divides

logic from presentation (CodeIgniter, 2017). Moreover, the

directory of CodeIgniter structure was divided into three folders; ‘Application’, ‘System’, ‘Assets’ and ‘WordPress’.

On the other hand, the CodeIgniter’s ‘System’ folder contained

the libraries, helpers, core codes and additional files which aid

to make the coding simple. Additionally, such helpers and

libraries were loaded and utilised within the web application

environment.

B. Website front end

A website page was based on the design phase and was

implemented utilising PHP, Java and HTML languages.

As a security measure, a login page was implemented with two

different login options; one that can be used by the patients to

view the health-related data while the other one can be used by

doctors to view and send the data of their patients. The data was

collected from the MYSQL database via PHP.

Moreover, the patient/doctor required to input the username and

password to proceed to the system when accessed the web page. Additionally, the website was also implemented to detect the

Geolocation of the user. For this reason, duplicate accounts

from different places worldwide were not permitted. As a

security measure, it also made use of HTTPS for the URL by

utilising the encryption of JSON. Apache server was used to

create the website and this front end was capable to

communicate by utilising the HTTPCLIENT so that it could

POST data from the application to the server. Various files were

used to create the website such as login.php, registration.php

amongst others.

Moreover, it also stored data that can be inputted by the doctor such as allergies, test results, appointments, list of diseases and

other information which the patient could immediately view

from the website or application. It also offered the feature to

view the location of the patient by utilising the online Google

Maps incorporated within the Map API plugin and used also the

Java Script language.

Furthermore, the smartphone collected the data parameters

from the smartwatch making use of the attached sensors on the

IOT wearable device. The smartphone was then capable to

execute the information from the data log and the retrieved data

was then displayed in a graph form. To implement the graphs,

a php script free version was used and provided only basic

features (Graphs, 2017). MYSQL PHP query offered an HTML

list to save and transfer the data. A hosting and a domain were

utilised to be able to publish the website ‘healtmonitoring.com’ with IP address 192.185.4.66 of the online server.

C. The Client/Application

This prototype was implemented using two modules, for each

IOT gadgets. However, the system’s prototype was created

using one Android Application Package (APK), which must be

installed on the smartphone and automatically gets installed on the wearable device.

Furthermore, for the coding of the prototype of Android, Gardle

was utilised (Studio, n.d.). Gardle is an automated toolkit build

and is capable to authorise the structure in which projects are

implemented (Studio, n.d.). This project was configured and

managed through a set of configuration build in records. The

integration of Gardle in Android Studio software was carried

out by using specific plugins (Studio, n.d.).

Additionally, the Android Studio project (Studio, n.d.)

incorporateed a build file for both IOT devices’ modules. A top-level build file was utilised so that common configuration

options were added to all the modules/sub-projects (Studio,

n.d.). Furthermore, the used build files were recognised as

build.grade files and these files were individually classified as

text plain files that utilised the Groovy syntax to build

components provided by the Gardle plugin based on Android

(Studio, n.d.). This means that the smartphone and smartwatch

applications were categorized as part of the client list.

Therefore, the wearable application that was accountable to

read the physiological parameters, were such data is then

transmitted to the handheld device via Bluetooth technology.

Android provided a rich framework application which allowed the development of novel applications for various gadgets

based on Android Operating System (OS) and incorporated the

environment of JAVA language.

The application of the smartphone was accountable to process

the data which was achieved from the smartwatch. It transmited

this achieved information to the server which made use of a Wi-

Fi technology. Furthermore, it was also capable to obtain the

information inputted from the website to the application to

remind the patient about his/her appointments, to take pills,

track location, alarm, graphs, list all diseases, list of allergies and can video call with the doctor. Thus, the domain name was

declared in each class in order that the data was updated on the

android application from the Website. Additionally, for calling

the webservice from android, retrofit was used which is a

library to call the webservices.

Moreover, this prototype was created by making use of various

files such as java, manifests and other resources. The activity

features were stored in the subfolder of the main folder, named

‘util’.

12

Additionally, the Bluetooth technology was utilised to connect

the smartwatch and the smartphone together including further

authentication. However, to use such method, Android wear 2.0

(Android, 2014) application was required, and this can be

downloaded from the Play store (Google, 2017) for free. This

application is the formal application Manager for android wearable devices. Furthermore, both modules were created

using the Android Software Development Kit (SDK) package

manager which can be obtained for free via Google (Studio,

n.d.). This SDK provides Application Programming Interface

(API) libraries and further tools that were needed to test, build

and debug any application (Studio, n.d.).

SDK 26.0.2 and API 26 were used for both modules. These

were used since the used prototype smartphone has an Android

7.1.1 OS (Studio, n.d.).

This specific software was utilised since it provided various

features such packaging resources and setup of the project

which were not offered within the Android Development Tools (ADT) (Studio, n.d.).

VI.TESTING

The testing stage was followed once the research, design and

implementation chapters were concluded upon the development

software life cycle. Moreover, this chapter illustrated the stages

of testing for the IOT’s android application.

A. Methods of Testing

Testing was continuously implemented throughout the lifecycle

of this thesis. Thus, during this phase, the prototype’s code was

added and modified accordingly. Additionally, every time a

feature was executed, it was tested to confirm whether there are any errors within the code before proceeding with another

stage.

B. The stages of the software development

Different comments were included in the prototype code for future debugging. The writing of the prototype code was

divided into five phases. It includes the implementation of the

smartphone’s health application, the smartwatch application,

the database/server, the website and the incorporation of the

security authentication of the application. The test cases, were

carried out utilising the white and black box testing.

VII.INTERPRETATION OF RESULTS

The aim of this research was targeted to patients who mainly

suffer from heart diseases and require continuous health monitoring. Therefore, it offered a better method to

continuously monitor such critical data by the doctor or a

responsible hospital employee. Alternatively, the patients could

also view immediately their health records from anywhere

around the world. Additionally, this research mainly focused on

how to secure such critical data when logging into a system to

check relevant personal health information since currently there

is still lack of security in such field.

The research was designed initially to incorporate a unique

system architecture to show the concept of health data and

offered to a patient, the comfortability to be continuously

monitored, can view immediately his/her health data and

offered other critical information by utilised a smartphone and

a smartwatch. This was also confirmed by Kamil (2017) (Kamil, 2017) and Wanjek (2015) research (Wanjek, 2015). On

the other hand, Dr. Des Spence (2015) outlined that due to

overuse of health technology to traditional medicine may lead

to misuse of such technology (Wanjek, 2015).

The continuous monitoring was designed/implemented using

the available sensors attached on the Samsung Gear Live watch.

The sensors include the heart rate and accelerometer to gather

the necessary health data. The heart rate data is sent to the smartphone and then to the server/database. If the system

detects below 60 or above 100 beats it sends an alert via a text

message.

On the other hand, the accelerometer of the smartwatch reads

the data to detect fainting or no movement. This data was then

sent to the smartphone and then to the server/database. If the

system detected no movement after 60 seconds, it resulted in a

fainting and an alert was sent to the responsible people.

The system was also designed/implemented to collect/show the

patient/doctor the individual’s critical health data. This was

carried out by providing various feature activities on the

application/website such as ‘Doctors, ‘Pills’, ‘Allergies’,

‘Disease’, ‘Reports’, ‘Video Call’, ‘Appointments’ and ‘Pill

Reminder’.

In this study, such technology is vital, and each year is being

developed further. This was also found in Westervelt’s (2014)

research (Westervelt, 2014). On the other hand, Pullen (2016)

stated that not everyone wants to have a gadget screen attached

to the wrist (Pullen, 2016).

The security design was then carried out keeping in mind of the

researcher the research that was carried out within the literature

review and that only 2FA authentication is implemented in a

related healthcare area. Thus, based on this research, the

prototype was designed to find and offer an effective method to

overcome such security breaches in a healthcare sector. This

was confirmed by Cha (2015), ITProPortal and NIST (cha,

2015) (NIST, 2017). As a security authentication, the researcher

has designed/implemented this thesis prototype using a mixture

of username and password, Geo location, token, shake pattern

and eye recognition features. Thus, a unique authentication signature was created and at the same time the level of security

was increased to the system. However, in this study the current

health applications which currently are available in market are

not secure enough to protect breaches of such critical health

records. This was also confirmed in the report issued by the U.S.

Food and Drug Administration (FDA, 2017). William Maisel

(2016), also confirmed that various vulnerabilities related to

cyber security have been reported and affected various

manufacturers and medical devices (Marin, et al., 2016). Also,

13

according to Arxan’s statistics (2014), 94% of the health

companies have been suffering from cyber-attacks and 38% of

global patients were suspicious of utilising hacked medical IoT

devices (Arxan, 2014).

The following are the security features results when are in

operation:

▪ Username and password,

▪ Geo location,

▪ Token,

▪ Shake orientation and pattern,

▪ Eye recognition.

Therefore, the goals of this thesis were achieved by

implementing such health application that provided sensory

data and offered a rich authentication signature to the healthcare

sensitive data. This might be very useful to implement in the

future market since such applications contain various data such

as social security numbers, birth date and various other crucial

data like diagnosis codes, billing information and policy

numbers. This was also confirmed by Experian (2017) research

(Experian, 2017). On the other hand, stolen Electronic Health

Records (EHR) are tending to be the main aim for an attacker

since these can be utilised in various scams for a longer duration. Thus, such data

is a bonus for an attacker

who keeps on requesting

for highly rewards

(Experian, 2017). Figure

6 and 7 are the main page

results for both the

website and Android

Application

Figure 6– Result of the Android Application Main screen

Figure 7– Result of the Website Main screen

VIII.EVALUATION

C. Prototype simulation concerns and issues

The principal issue of this thesis concerned the limitations of

device hardware both for the smartphone and smartwatch. The

researcher initially planned to use Samsung S8 or S8+ as a

smartphone to use its iris scanner. However, this scanner is still

not available for developers to use it as one desires incorporated

to a specific application (Samsung, 2017). As an outcome, the researcher had to limit the thesis by using Samsung Galaxy S6

and implemented this thesis to just capture the eye as an image.

On the other hand, the smartwatch Samsung Gear Live Watch

was limited to two sensors; the heart rate and accelerometer.

Another concern which the researcher came across were the

errors within the prototype’s software. Additionally, randomly

the health application stopped operating properly.

Consequently, to solve such problem, the researcher had to shut

down and restart it again.

Moreover, the application does not work on apple phones and

was limited to android devices. However, on Samsung Galaxy S6, for some reason the application crashed randomly.

The send notification option within the website/application,

sends the message to the patient’s application. However, from

the website an error was being displayed. Furthermore, the

video call option was not functioning from both the website and

application. Thus, an error was being displayed.

The Shake feature had some sort of bug in the prototype. The

number of shakes that the user required to perform is not very

accurate. Consequently, the user must shake the smartphone

with a larger force to be affective.

Eye Recognition had also an issue that it scanned all the face

including the eyes and nose. Thus, the system was not functioning as the researcher expected since the image was

being stored with other details not only the eye image.

Additionally, when installing the prototype on another android

device, this feature randomly crashed the entire application.

Moreover, the prototype cannot detect when the user was

wearing a normal glasses or sunglasses. Thus, the image was

still being captured and stored on the server.

Additionally, another issue that the researcher came across

during this thesis was that sometimes the heart rate sensor kept

switched on even when the watch was removed from the wrist. Thus, the heart rate measurements were still measured even

when the watch was not attached to the wrist.

Moreover, another issue the researcher came across was that

both device’s battery had to be charged frequently.

This system did automatically keep a backup of all the vital data

logs of the patients including the data being stored on the

website/application.

The system was targeted to individuals who mostly suffer from

heart disease, thus most of them might not be technological individuals and may find it difficult for them to install such

14

system. Simple and easy guides to follow were created and a

user-friendly interface was implemented.

Another issue of the prototype was that if the patient is sleeping

with the smartwatch, the system keeps functioning. Thus, the

prototype cannot detect whether the user is sleeping or not and

the data will be still gathered including the alerts. On the other hand, when it comes to the geolocation feature, the

prototype is not able to detect when the same account is logged

on the same device. Thus, when this happens the system permits

access to both scenarios using the same account.

When the user registers for the first time, after completion of

the data entry and email is sent to the email address inputted by

the user. However, the email is sent as a spam and stored in the

junk or spam folder where the user might not notice it.

Currently, if the user forgets the password, there is no other

means to change/reset. Moreover, it is implemented to delete

the account from the database.

IX.SUGGESTIONS FOR FUTURE WORK

Although, the proposed prototype was operational, further

system enhancements could be implemented.

A. Smartphone and smartwatch improvements

The main problem encountered with this project involved the

battery charge, which this can be solved by making sure to have

a backup battery for each device. The smartwatch’s battery at

stand by lasts approximately up to 35 hours (GSMArena, 2017). As a result, the user could immediately replace the backup

battery as soon as the primary one is drained. Additionally,

another option would be to automatically charge the battery

through wireless technology or by using solar energy.

Further physiological sensors could be implemented to take

other various physiological readings including skin

temperature, glucose level, blood type and respiration pattern.

For this reason, would have more features to reach the patient’s

needs.

Further improvements can be carried out by using a camera on

the smartwatch (GSMArena, 2017). This might be an essential

feature for the patient in case of an emergency since it can be

used by the doctors/hospital to remotely check the environment

of the individual. Additionally, this feature can also be used as

one of the security measures to allow the patient to access the

system.

B. Improvements of the Android application/Website

This thesis prototype was developed on an android OS.

However, it would also be ideal to have such system supporting

other operating systems such as Blackberry and Apple IOS.

Furthermore, other improvements can be done on the design of

the interface depending on the individual’s requirements.

Moreover, this can be enhanced by incorporating additional

features to the applications such as including voice commands

so that the sick patient can find it easier to choose a selection

from the main screen. Conversely, this prototype only provides

the availability to present such application in

English language. Thus, an option to select different languages

can be provided to offer further enhancements to the current

system. In addition, the font size utilised in this application,

could also be enlarged to mainly assist those older patients to

read.

It would also be ideal to fix the error of the send notification

option from the website that is displayed after the ‘Send’ button

is clicked. Additionally, one requires to fix the ‘Video call’

option from both the website and application.

C. Improvements related to Backup and secuirty

measurements

To improve the security measure of the eye recognition one can

implement it using an iris recognition scanner. However, for

this prototype it couldn’t be implemented since the current

android phones including Samsung Galaxy S8 and S8+, do not

allow developers to use their iris scanners for other applications

(Samsung, 2017). Thus, such system is only allowed to be used

on the phone rather than being implemented on another

application, since it is not an open source.

The shake feature can be further improved by making it to be

more accurate and sensible when using it on the device. This

can be done by initially offering a calibration of the smartphone

on signup, to proceed to the actual login phase using the shake

orientation. For this reason, this feature can be more accurate

and efficient.

Moreover, one can create an option so that the user would be

able to change/reset the password or username. Additionally,

the registration password inputted should be improved by

implementing the length property for a stronger password.

Thus, include upper case, lower case and numeric characters.

The token can be implemented by creating a random number on

the smartwatch, were the system will automatically synchronise

such digits when logging into the application or website.

Although this system is dealing with high sensitive information,

the prototype should automatically keep a backup of all the

patient’s logs. Additionally, such backup should be regularly

done and should include a copy of the data in a hospital

secondary data centre.

X.CONCLUSION

The main aim of thesis was to produce a prototype to aid

securing the critical personal health data of several individuals.

Initially, it was essential to understand the current security

technologies in relation to health applications which are

currently implemented within the current market sector.

15

Within this research, (which was included within the Literature

Review chapter), the researcher observed that this method is not

found on the current market. However, there are some health

systems which include some basic authentication.

Even though, it was challenging to create this complete

prototype, the researcher had developed various essential skills

such as utilising JAVA, JavaScript, PHP and HTML languages.

The proposal behind the planned prototype could be improved

by further research study. Its presence in the sector of health

care could improve the monitoring and security mechanisms of an individual’s health records and condition, which can even

save her/his life using a technological system.

One can conclude that an individual can certainly monitor the

health condition of the patient and keep all the crucial records

up to date, using a more secure method. Moreover, the patient

can immediately observe all the essential health data remotely

and alert the responsible persons in a more efficient way. For

this reason, this system can save a patient’s life.

XI.ACKNOWLEDGEMENT

The research work disclosed in this publication is partially

funded by the Endeavour Scholarship Scheme (Malta).

Scholarships are part-financed by the European Union -

European Social Fund (ESF) - Operational Programme II –

Cohesion Policy 2014-2020

“Investing in human capital to create more opportunities and promote the well-being of society”.

XII.REFERENCES

Android, 2014. Android Wear. [Online]

Available at: https://www.android.com/wear/

[Accessed 10 December 2017].

Android, n.d. Support Library Packages. [Online]

Available at:

https://developer.android.com/topic/libraries/support-

library/packages.html

[Accessed 1 September 2017].

Android, n.d. Using the Design Support Library. [Online] Available at:

https://developer.android.com/training/material/design-

library.html


Anzelmo, E., Bassi, A., Caprio, D. & Dodson, S., 2011.

Discussion Paper on the Internet of Things.

Apple, 2017. iphone. [Online]

Available at: https://www.apple.com/

[Accessed 8 August 2017].

Arxan, 2014. State of Mobile App Security, s.l.: ARXAN.

Authlogics, 2017. 3 Factor Authentication. [Online] Available at: https://authlogics.com/technology/3fa/


Biddle, S., 2016. 3 Ways Recent DDoS and Ransomware

Attacks Have Put Healthcare Institutions on Alert. [Online]

Available at: https://blog.fortinet.com/2016/12/02/3-ways-

recent-ddos-and-ransomware-attacks-have-put-healthcare-

institutions-on-alert [Accessed 8 August 2017].

Biometrics, F., 2014. Facial Recognition. [Online]

Available at: https://findbiometrics.com/solutions/facial-

recognition/

[Accessed 30 July 2017].

Bo, Y., 2009. Wireless Body Area Networks for Healthcare: A

Feasibility Study, Florida: University of Florida.

Budinger, T. F., 2015. Biomonitoring With Wireless

Communications. Annual Review of Biomedical Engineering,

Volume 5, pp. 383-412.

Camilleri, L., 2015. A health Monitoring System for People

with Heart Disease, s.l.: s.n. Cekerevac, Z., Dvorak, Z., Prigoda, L. & Cekerevac, P., 2017.

INTERNET OF THINGS AND THE MAN-INTHE-MIDDLE

ATTACKS - SECURITY AND ECONOMIC RISKS. MEST

Journal, Volume 5, pp. 15-25.

cha, A. G., 2015. Biometric security: Authentication for a

more secure IoT. [Online]

Available at:

http://www.itproportal.com/2015/08/08/biometric-security-

authentication-for-a-more-secure-iot/

[Accessed 12 March 2017].

Clef, C. a. c.-f. a., 2016. How to protect your account when SMS is the only 2FA option. [Online]

Available at: https://blog.instant2fa.com/how-to-prevent-sms-

2fa-account-takeover-d7218e727cfc


CodeIgniter, 2017. CodeIgniter - Installing. [Online]

Available at:

https://www.tutorialspoint.com/codeigniter/codeigniter_applic

ation_architecture.htm


Cohen, S. D. D. &. d. U. H. A., 2010. A software system

development Life Cycle model. International Journal of Computers Communications & Control, Volume 1, pp. 23-44.

Commision, E., n.d. Smart Wearables: Reflection and

Orientation Paper. Digital Industry Competitive Electronics

Industry.

Corporation, O., 2017. MySQL Documentation. [Online]

Available at: https://dev.mysql.com/doc/


Council, N. I., 2008. Disruptive civil technologies: six

technologies with potential impacts on US interests out to

2025, s.l.: SRI Consulting Business Intelligence.

D'Alfonso, S., 2015. The Growing Problem of Medical

Identity Theft. [Online] Available at: https://securityintelligence.com/the-growing-

problem-of-medical-identity-theft/


16

Dimitrov & Dimiter V, 2016. Medical Internet of Things and

Big Data in Healthcare. Health Inform Res., 22 July, pp. 156-

163.

Dmitrienko, A., Liebchen , C., Rossow, . C. & Sadeghi, A.-R.,

2014. Security Analysus of Mobile Two-Factor Authentication

Schemes. Intel Technology Journal, 18(4), pp. 138-161. EllisLab, n.d. Why CodeIgniter?. [Online]

Available at: https://codeigniter.com/


Ericson, C., 2015. Two-factor Authentication in Smartphones:

Implementations and Attacks. [Online]

Available at:

http://lup.lub.lu.se/luur/download?func=downloadFile&record

OId=7792889&fileOId=7792890


Experian, 2017. Data Breack Industry Forecast, s.l.: Experian.

EY, 2015. Cybersecurity and the Internet of Things, s.l.: EY.

Fadele Ayotunde Alabaa, M. O. I. A. T. H. F. A., 2017. Internet of Things security: A survey. Journal of Network and

Computer Applications, Volume 88, pp. 10-28.

FDA, 2017. U.S. Food & Drug Administration. [Online]

Available at: https://www.fda.gov/


Foundation, T. A. S., 2017. Apache. [Online]

Available at: https://httpd.apache.org/


Gartner, 2017. Gartner. [Online]

Available at: http://www.gartner.com/technology/home.jsp

[Accessed 18 August 2017]. GlobalSign, 2016. 5 Common Cyber Attacks in the IoT -

Threat Alert on a Grand Scale. [Online]

Available at: https://www.globalsign.com/en/blog/five-

common-cyber-attacks-in-the-iot/


Gomes, D., Gonçalves, C., Afonso, J. A. & Mem, 2013.

Performance Evaluation of ZigBee Protocol for High Data

Rate Body Sensor Networks.. Proceedings of the World

Congress on Engineering, Volume 2, pp. 3-5.

Google, 2017. Google Play. [Online]

Available at: https://play.google.com/store [Accessed 10 December 2017].

Google, I., 2017. Google Maps API. [Online]

Available at: https://developers.google.com/maps/

[Accessed 8 Spetember 2017].

Group, P., 2017. PHP. [Online]

Available at: http://php.net/


Half, R., 2017. 6 Basic SDLC Methodologies: Which One is

Best?. [Online]

Available at: https://www.roberthalf.com/blog/salaries-and-

skills/6-basic-sdlc-methodologies-which-one-is-best

[Accessed 26 November 2017]. HIPAA, 2017. Largest Healthcare Data Breaches of 2016, s.l.:

HIPAA Journal.

HostGator, 2017. HostGator. [Online]

Available at: https://www.hostgator.com/

[Accessed 16 October 2017].

HSS.gov, 2016. Office for Civil Rights (OCR). [Online]

Available at: https://www.hhs.gov/ocr/index.html


Idrus, S. Z. S., Cherrier, E., Rosenberger, C. & Schwartzmann,

J.-J., 2013. A Review on Authentication Methods. Australian

Journal of Basic and Applied Sciences, 7(5), pp. 95-107. Inc, C. G., 2004. Public Key Encryption and Digital Signature:

How do they work?. [Online]

Available at: https://www.cgi.com/files/white-

papers/cgi_whpr_35_pki_e.pdf


Inc, G., 2017. webrtc/apprtc. [Online]

Available at: https://github.com/webrtc/apprtc


Inc, M., 2017. Word 2016. [Online]

Available at: https://products.office.com/en-us/word


Inc, R. S., n.d. Renaissance Systems, Inc. Adopts and Isaias, P. & Issa, T., 2015. Information System Development

Life. In: High Level Models and Methodologies for

Information Systems. New York: Springer Science+Business

Media, pp. 21-40.

ITU, 2013. The Internet of Things, International

Telecommunication Union (ITU) Internet, London:

International Telecommunication Union.

Kamil, R., 2017. 5 Apps Changing How The Healthcare

Industry Works. [Online]

Available at:

http://www.corporatewellnessmagazine.com/technology/5-apps-changing-healthcare-industry-works/


Kashif, . H. & Wolfgang, L., 2015. Context-Aware

Authentication for the Internet of Things. ICAS 2015: The

Eleventh International Conference on Autonomic and

Autonomous Systems, Volume 1, pp. 134-139.

Kothari, C. M., 1990. Research Methodology. Second Revised

Edition ed. New Delhi: New Age International (P) Ltd..

Krogh, C. J. v., 2013. One time password authentication.

Patent Application Publication , pp. 1-10.

Lefkovitz, N. B., Danker, J. . M. & Paul , G. A., 2017. NIST Special Publication 800-63B Digital Identity Guidelines, s.l.:

National Institute of Standards and Technology.

Limited, i., 2015. Limitations of IoT. [Online]

Available at:

http://www.iottechworld.com/networking/limitations-of-

iot.html

[Accessed 11 February 2017].

Lim, M. K., Bahr, W., C.H. , S. & Leung, 2013. RFID in the

warehouse: a literature analysis (1995-2010) of its

applications, benefits, challenges and future trends.

International Journal of Production Economics, 145(1), pp.

409-430. Lopez, J., Roman, R. & Najera, P., 2011. Securing the Internet

of Things. IEEE Computer, Volume 44, pp. 51-58.

Loveday, J., n.d. Update: Radiation in CT Testing—Are Heart

Tests Safe?. [Online]

17

Available at: http://www.honesthealthnews.org/update-

radiation-in-ct-testing-are-heart-tests-safe/


ltd, S., 2016. What is 2FA?. [Online]

Available at: https://www.securenvoy.com/two-factor-

authentication/what-is-2fa.shtm [Accessed 18 August 2017].

Lungren, J., 2015. THE FACTORS OF AUTHENTICATION.

[Online]

Available at: https://www.sinch.com/learn/factors-

authentication/


Marin, E. et al., 2016. On the (in)security of the Latest

Generation Implantable Cardiac Defibrillators and How to

Secure Them. ACSAC '16 Proceedings of the 32nd Annual

Conference on Computer Security Applications, pp. 226-236.

Mayuri, A. B. & Sudhir , T. B., 2015. nternet of Things:

Architecture, Security Issues and Countermeasures. International Journal of Computer Applications, 125(14), pp.

1-4.

Meola, A., 2016. A major red flag about security could

threaten the entire IoT. [Online]

Available at: http://www.businessinsider.com/iot-cyber-

security-hacking-problems-internet-of-things-2016-3

[Accessed 11 February 2017].

Miao, F., Miao, X., Shangguan, W. & Li, Y., 2012.

MobiHealthcare System: Body Sensor Network Based M-

Health System for Healthcare Application. E-Health

Telecommunication Systems and Networks, 1(1), pp. 12-18. Milošević, M., Shrove, M. T. & Jovanov, E., 2011.

APPLICATIONS OF SMARTPHONES FOR UBIQUITOUS

HEALTH MONITORING AND WELLBEING

MANAGEMENT. Journal of Information Technology and

Applications, Volume 1, pp. 7-15.

Mohit, K., 2016. End of SMS-based 2-Factor Authentication;

Yes, It's Insecure!. [Online]

Available at: http://thehackernews.com/2016/07/two-factor-

authentication.html


Nabu, R., 2017. Live Smarter. [Online] Available at: https://www2.razerzone.com/nabu


Nath, A. & Mondal, T., 2016. Issues and Challenges in Two

Factor Authentication Algorithms. International Journal of

Laatest Trends in Engineering and Technology (IJLTET),

6(3), pp. 318-327.

O'Neill, P. H., 2016. Despite NIST's warnings, SMS still being

used for two-factor authentication. [Online]

Available at: https://www.cyberscoop.com/two-factor-

authentication-nist-duo-security/


OPNsense, 2016. Two-factor authentication. [Online] Available at:

https://docs.opnsense.org/manual/two_factor.html


Oracle, 2017. Java. [Online]

Available at: https://java.com/en/download/


Prasad, M. K., Reddy, M. A. R. & Rao, V. K., 2014. DoS and

DDoS Attacks: Defense, Detection and Traceback. Global

Journal of Computer Science and Technology: E Network,

Web & Security, 14(7).

Praveena, T., 2016. An Efficient Tri-factor Authentication for Cloud. Special Issue on Computational Science, Mathematics

and Biology, pp. 259-263.

Pullen, J. P., 2016. 7 Wearable Gadgets for People Who Hate

Wearable Gadgets. [Online]

Available at: http://time.com/4233813/wearable-gadgets/


Rafiullah, K., Sarmad, U. K., Rifaqat, Z. & Shahid, K., 2012.

Future Internet: The Internet of Things Architecture, Possible

Applications and Key Challenges. 2012 10th International

Conference on Frontiers of Information Technology, pp. 257-

260.

Rashid, F. Y., 2016. NIST is no longer hot for SMS-based two-factor authentication. [Online]

Available at:

http://www.infoworld.com/article/3100685/authentication/nist

-no-longer-hot-for-sms-based-two-factor-authentication.html


Rouse, M., 2017. two-factor authentication (2FA). [Online]

Available at:

http://searchsecurity.techtarget.com/definition/two-factor-

authentication


Samsung, 2017. Samsung. [Online] Available at: http://www.samsung.com/us/


Samsung, 2017. Samsung Developers. [Online]

Available at: http://developer.samsung.com/galaxy/camera


Saranya, C. M. & Nitha, K. P., 2015. Analysis of Security

methods in Internet of Things.. International Journal on

Recent and Innovation Trends in Computing and, 3(4).

Sarsohn-Kahn, J., 2011. The connected Patient: Charting the

vital sins of remote health monitoring, California: California

Health Foundation. Sethi, S. P. & Smruti , R., 2017. Internet of Things:

Architectures, Protocols, and Applications. Journal of

Electrical and Computer Engineering, Volume 2017, pp. 1-25.

Shancang, L., Honglei, L. & Theo, T., 2016. The Internet of

Things: a security point of view. Shancang Li Theo Tryfonas

Honglei Li , (2016),"The Internet of Things: a security point

of view", 26(2), pp. 337-359.

Shancang, L., Li , D. X. & Shanshan, . Z., 2014. The internet

of things: a survey. Information Systems Frontiers, 17(2), pp.

243-259.

Shruti, G. H. & Soumyalatha, 2016. Internet of Things (IoT):

A study on Architectural elements, Communication Technologies and Applications. International Journal of

Advanced Research in Computer and Communication

Engineering, 5(9), pp. 189-193.

18

Somayya , M., Ramaswamy, R. & Tripathi, S., 2015. Internet

of Things (IoT): A Literature. Journal of Computer and

Communications, Volume 3, pp. 164-173.

Sony, 2017. Sony. [Online]

Available at: https://www.sony.com/

[Accessed 8 August 2017]. Stamfrord, C., 2013. Gartner Says the Internet of Things

Installed Base Will Grow to 26 Billion Units By 2020.

[Online]

Available at: http://www.gartner.com/newsroom/id/2636073


Studio, A., n.d. About Android Plugin for Gradle 3.0.0.

[Online]

Available at:

https://developer.android.com/studio/build/gradle-plugin-3-0-

0.html


Studio, A., n.d. Android Studio. [Online] Available at: https://developer.android.com/studio/index.html


Sye, L. K., Sandeep, S. K. & Hannes, T., 2014. Securing the

Internet of Things: A Standardization Perspective. IEEE

INTERNET OF THINGS JOURNAL, 1(3), pp. 265-275.

Tadokoro, M., 2017. Two-Factor Authentication (2FA)

Solutions. [Online]

Available at: https://safenet.gemalto.com/multi-factor-

authentication/two-factor-authentication-2fa/


Taparugssanagorn, A. et al., 2012. The UWB Channel Modeling for Wireless Body Area Networks in Medical

Applications.

Team, B., 2017. Crisis Management Risk: Your Apps Have

Been Hacked. [Online]

Available at:

https://www.bernsteincrisismanagement.com/crisis-

management-risk-apps-hacked/


TrapX Security, I., 2016. Health Care Cyber Breach Research

Report for 2016, s.l.: TrapX Security, Inc.

Wanjek, C., 2015. Are Health Apps Harmful or Helpful? Experts Debate. [Online]

Available at: https://www.livescience.com/50489-are-health-

apps-harmful-or-helpful-experts-debate.htmlAre Health Apps

Harmful or Helpful? Experts Debate


Wavelet, n.d. AMIIGO IS WAVELET HEALTH. [Online]

Available at: http://amiigo.com/


Webroot, n.d. What is Social Engineering?. [Online]

Available at:

https://www.webroot.com/us/en/home/resources/tips/online-

shopping-banking/secure-what-is-social-engineering [Accessed 5 August 2017].

Weebly, 2015. ACTIVITY TRACKER COMPARISON

CHART. [Online]

Available at:

http://www.bestfitnesstrackerreviews.com/comparison-

chart.html


Westervelt, A., 2014. The Future of Wearables Makes Cool

Gadgets Meaningful. [Online] Available at:

https://www.theatlantic.com/technology/archive/2014/05/the-

future-of-wearables-makes-cool-gadgets-meaningful/371849/


Zhen, B., Li, H.-B. & Kohno, R., 2009. Networking issues in

medical implant communications. International Journal of

Multimedia and Ubiquitous Engineering, 4(1), pp. 23-38.

XIII.BIBLIOGRAPHY

Aliferi, C., 2016. Android Programming Cookbook. s.l.:Exelixis Media P.C.

Android, 2014. Android Wear. [Online]

Available at: https://www.android.com/wear/


Android, n.d. Using the Design Support Library. [Online]

Available at:

https://developer.android.com/training/material/design-

library.html


Cloud Academy, I., 2016. Google Vision API: Image Analysis

as a Service. [Online] Available at: https://cloudacademy.com/blog/google-vision-

api-image-analysis/


CodeIgniter, 2017. CodeIgniter - Installing. [Online]

Available at:

https://www.tutorialspoint.com/codeigniter/codeigniter_applic

ation_architecture.htm


Corporation, O., 2017. MySQL Documentation. [Online]

Available at: https://dev.mysql.com/doc/

[Accessed 20 August 2017]. Developers, G., 2017. Google Maps Android API Utility

Library. [Online]

Available at:

https://developers.google.com/maps/documentation/android-

api/utility/


Dockter, H. & Murdoch, A., 2017. Gradle User Guide.

[Online]

Available at:

https://docs.gradle.org/current/userguide/userguide.html


EllisLab, n.d. Why CodeIgniter?. [Online] Available at: https://codeigniter.com/


Gerber, A. & Craig, C., 2015. Learn Android Studio. New

York: A press.

19

Google, 2017. Google Play. [Online]

Available at: https://play.google.com/store


Google, I., 2017. Google Maps API. [Online]

Available at: https://developers.google.com/maps/

[Accessed 8 Spetember 2017]. Grant, K. & Haseman, C., 2014. Begining Android

Programming. United States of America: Peachpit Press.

HostGator, 2017. HostGator. [Online]

Available at: https://www.hostgator.com/


Inc, G., 2017. webrtc/apprtc. [Online]

Available at: https://github.com/webrtc/apprtc


Inc, M., 2017. Word 2016. [Online]

Available at: https://products.office.com/en-us/word


Laurie, B. & Laurie, P., 2009. Apache: The Definitive Guide. 3rd Edition ed. s.l.:O'Reilly Media.

Oracle, 2017. Java. [Online]

Available at: https://java.com/en/download/


Pandeli, T., 2017. Retrofit, a Simple HTTP Client for Android

and Java. [Online]

Available at: https://www.sitepoint.com/retrofit-a-simple-http-

client-for-android-and-java/


Schildt, H., n.d. Java The Complete Reference. seventh edition

ed. s.l.:The McGraw-Hill Companies. Smyth, N., Neil Smyth. Android Studio Development

Essentials. second edition ed. s.l.:eBook Frenzy.

Square, 2013. Retrofit. [Online]

Available at: http://square.github.io/retrofit/


Welling, L. & Thomson, L., 2017. PHP and MySQL Web

Development. 5th Edition ed. United States of America:

Pearson Education, Inc..

IOT: Authentication Signature to Secure Sensitive Health ... · IOT: Authentication Signature to Secure Sensitive Health Care Data Leonella Camilleri Middlesex University Malta...

Documents