Securing internet of medical things systems

HAL Id: hal-03488618https://hal.archives-ouvertes.fr/hal-03488618

Submitted on 7 Mar 2022

HAL is a multi-disciplinary open accessarchive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come fromteaching and research institutions in France orabroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, estdestinée au dépôt et à la diffusion de documentsscientifiques de niveau recherche, publiés ou non,émanant des établissements d’enseignement et derecherche français ou étrangers, des laboratoirespublics ou privés.

Distributed under a Creative Commons Attribution - NonCommercial| 4.0 InternationalLicense

Securing internet of medical things systems:Limitations, issues and recommendations

Jean-Paul A. yaacoub, Mohamad Noura, Hassan N. Noura, Ola Salman, Eliasyaacoub, Raphaël Couturier, Ali Chehab

To cite this version:Jean-Paul A. yaacoub, Mohamad Noura, Hassan N. Noura, Ola Salman, Elias yaacoub, et al.. Securinginternet of medical things systems: Limitations, issues and recommendations. Future GenerationComputer Systems, Elsevier, 2020, 105, pp.581 - 606. �10.1016/j.future.2019.12.028�. �hal-03488618�

1

Securing Internet of Medical Things Systems:Limitations, Issues and Recommendations

Jean-Paul A. Yaacoub1,2, Mohamad Noura3, Hassan N. Noura1,2, Ola Salman1, Elias Yaacoub4, RaphaëlCouturier3, and Ali Chehab1

1 American University of Beirut, Electrical And Computer Engineering, Lebanon,emails: [email protected]; {hn49, chehab}@aub.edu.lb

2 Arab Open University, Department of Computer Sciences, Beirut, Lebanon3 Univ. Bourgogne Franche-Comté (UBFC), CNRS, FEMTO-ST Institute, France,

emails: {mohamad.noura, raphael.couturier}@univ-fcomte.fr4 Computer Science and Engineering Department, Qatar University, Doha, Qatar

email: [email protected]

Abstract—Traditional health-care systems suffer from newchallenges associated with the constant increase in the numberof patients. In order to address this issue, and to increase the ac-curacy, reliability, efficiency, and effectiveness of the health-caredomain, the Internet of Medical Things (IoMT) was proposed.IoMT can be considered as an enhancement and investmentto respond more effectively and efficiently to patients’ needs.However, IoMT suffers from different issues and challenges suchas the lack of security and privacy measures, in addition to thenecessary training and awareness. In this paper, we highlightthe importance of implementing the right security measures andthe required training skills, in order to enhance the immunityof IoMT against cyber-attacks. Moreover, we review the mainIoMT security and privacy issues, and the existing securitysolutions. These solutions are classified as cryptographic or non-cryptographic. Then, the different solutions are analyzed andcompared in terms of computational complexity and requiredresources. It is important to note that the security measuresfor IoMT exhibit a trade-off between the security level and thesystem performance, especially in the rise of digital healthcarev4.0 era. Next, we discuss the appropriate security solutionssuch as lightweight cryptographic algorithms, and protocols thatattempt to reduce the overhead in terms of computations andresources. This leads to the conclusion that there is a needto design an efficient intrusion detection/prevention system thatcooperates with dynamic shadow honeypots. Finally, we proposea security solution, which is divided into five different layersto detect and prevent attacks, in addition to reducing/correctingthe damage of these known attacks and preserving the patients’privacy. However, it should be noted that zero-day attacks andexploits are still the main challenging issue that surrounds IoMT.

Index terms— Healthcare; IoMT; Medical Cyber PhysicalSystems; Medical Devices.

I. INTRODUCTION

The integration of medical devices within the Internetof Things (IoT) (see Fig. 1), led to the emergence of theInternet of Medical Things (IoMT) [18]. With the emergenceof the new digitized healthcare era, called Healthcare v4.0[154], [122], IoT devices were deployed in several medicaldomains, especially with the excessive use of medicalwireless sensors, devices, Unmanned Aeria Vehicles (UAVs),

and robots. In fact, medical sensors and actuators are usedas wearable devices in the context of body area networks.Instead of keeping patients in hospitals, these devices arecapable of constantly monitoring the patient’s health inreal-time, while offering them better physical flexibility andmobility. On the other hand, medical robots can also serveas surgical robots, as well as hospital robots [21], whichare capable of accurately performing small surgeries. Theyare also capable of performing several medical tasks suchas Cardio-Pulmonary Resuscitation (CPR) [134]. However,the main issue is that many IoMT devices are prone andvulnerable to cyber-attacks simply because medical devicesare either poorly secured against potential adversaries, or notsecure at all. Therefore, any cyber-attack can have drasticconsequences, threatening patients’ lives, which would hinderthe wider deployment of IoMT.

Furthermore, IoMT applications are closely related to sen-sitive healthcare services, especially that they handle sensitiveinformation about patients including their names, addresses,and health conditions. The main challenge in the IoMT do-main is preserving the patient’s privacy without degrading thesecurity level. In addition, appropriate security and privacysolutions should include minimum computations and requireminimal resources.

A. Motivations & Aims

Recently, medical IoT systems became among the mostimportant advanced medical technologies. This technology canachieve a significant gain by enhancing the remote monitoringof medical services. Moreover, it can help in detecting anymedical issue very early and thus, preserve patients’ lives andhealth.

However, in the IoMT domain, many of the connectedmedical devices present security vulnerabilities that makethem prone to malicious exploitation attempts. Such issuesmay lead to drastic consequences, which would affectpatients’ lives by perturbing (or controlling) medical devices.

© 2019 published by Elsevier. This manuscript is made available under the CC BY NC user licensehttps://creativecommons.org/licenses/by-nc/4.0/

Version of Record: https://www.sciencedirect.com/science/article/pii/S0167739X19305680Manuscript_db89dff198c64cb29589bfd405a487e3

2

IoTDevice 1

IoTDevice 2

IoTDevice 3

IoTDevice

n-2

IoTDevice

n-1

IoTDevice n

Aggregation node 1 Aggregation node k

Gateways

Data center (Control Center)

Internet

Server m Server 1- - - -

- - - - - - - - - - - - - -

- - - - - -

Users

Fig. 1: An Example of Internet-of-Things System with n IoT Devices, k Aggregation Nodes & m Servers

Therefore, it is mandatory to overcome these issues topreserve the efficiency and accuracy levels of medical IoTsystems.

On the other hand, the pervasiveness of medical sensitivedata within IoMT systems makes them prone to advancedattacks (e.g. Ransomware) that target their main securityaspects including privacy, integrity and confidentiality. Thiswould severely impact the credibility, adoption, and widedeployment of IoMT systems.

Our aim, in this paper, is to identify the main threats thatmay compromise the security of IoMT devices and systems,and to identify the necessary and appropriate measures thatare essential for their security.

B. Related Work

Medical IoT systems became core to the e-Healthcare do-main whereby smart medical sensors and devices are installedto improve patients’ lifespan and medical conditions. However,this domain came under a variety of attacks such as botnetstargeting medical systems [181], as part of targeted cyber-crimes [182]. In [81], IoT security and privacy issues werediscussed but were not effectively linked to IoMT. Various in-trusion detection [100], [180] and authentication/authorisation[142], [158] methods were presented to ensure a secure IoTenvironment with little notice to their application to IoMT.Moreover, only recently more work was directed to the secu-rity of healthcare systems. A generic survey on medical bigdata analysis was conducted in [80] to sort big data issuesand challenges of adopting IoMT solutions [27], while an on-demand IoT adoption in hospitals was conducted in [70] toenhance nurses’ experience based on the pros and cons of theIoT adoption in healthcare technologies [3]. In this paper, we

present a more detailed, holistic and analytical view point onthe IoMT and healthcare domains, as well as the integrationof cyber-physical systems within the medical field. All thementioned cyber-attacks exclusively target healthcare systems,while the presented security measures are discussed in a wayto ensure their adoption in such domains.

C. Contributions

The novelty of the paper stems from the fact that it includesa comprehensive overview and analysis of all security andprivacy issues related to medical IoT systems. Also, the paperdiscusses the recent lightweight security solutions, whichconsist of cryptographic and non-cryptographic techniques.Moreover, several lessons are learned from the overview andaccordingly, several recommendations are proposed towardsmaking medical IoT systems secure and safe to deploy anduse.

More specifically, the contributions of this paper can besummarized in the following points:

• Perspective & Future Trends of IoMT systems arepresented, including their communication types, devicetypes, and applications.

• Benefits of IoMT systems and applications are presentedand discussed.

• Concerns & Risks are highlighted, especially in termsof public and privacy concerns, while risks are presentedand evaluated through a proposed qualitative risk analysismethod.

• Attack Sources & Characteristics are presented anddiscussed in details, including their scope and impacts.

• Cyber-Attacks are presented per security breach, whileexploring malware and code injection attacks. Moreover,real-case cyber-attacks are also presented.

3

• Security Measures including technical and non-technicalones are presented, evaluated and analysed especially interms of their advantages and limitations.

• Suggestions & Recommendations are presented basedon the conducted research for a much more efficient andsecure IoMT environment.

D. Organization

This paper is divided into seven sections, in addition tothe introduction, which sheds light on the digitization era ofhealthcare v4.0. Section II presents and details the main IoMTcommunication protocols and application domains. Section IIIhighlights the main IoMT challenges, constraints, concerns,and risks, while presenting a qualitative risk assessment.Section IV presents and discusses the most recurring cyber-attack types against IoMT main security goals, includingreal-case cyber-attacks against well-known hospitals in theUnited Stated (US) and the United Kingdom (UK). Section Vpresents various technical and non-technical security measuresthat are suitable for protecting the IoMT and e-Healthcaresystems, communication and devices, along with their advan-tages and limitations. Section VI highlights this paper’s mainsuggestions & recommendations which include the adoptionof lightweight cryptographic solutions, hybrid and dynamicnon-cryptographic solutions, and finally the implementation ofartificial intelligence for a higher accuracy and in a real-time.Section VII concludes the presented work with some prospectson future work.

II. IOMT BACKGROUND, PERSPECTIVE & FUTURE

In this section, the main communication types used inIoMT are presented, in addition to the different types ofmedical devices, as well as the benefits offered by IoMTsystems. Moreover, the future prospects of IoMT are alsohighlighted and presented in Fig. 2.

A. IoMT Communications

Real-time data transmission among medical devices takesplace via four main communication networks types. Thesetypes include Body Area Networks, Home Area Networks,Neighbourhood Area Networks, and Wide Area Networks.

• Body Area Network: A Body Area Network (BAN) isa network medium for the transmission of patients’ vitalsignals, which are measured by either a wearable or aportable sensor. In [75], Kocabas et al. stated that thecommunications between medical devices can be securedusing biomedical signals. Therefore in [129], Poon et al.presented a low-power bio-identification mechanism byusing an Inter-Pulse Interval (IPI) to secure the commu-nication between Body Area Network sensors. In [164],Venkatasubramanian et al. managed to use a physiologicalsignal that agrees over a secret key of the symmetrickey cryptosystem for BAN sensor communications. As aresult, the collected medical data is sent to the controllerin two different ways:

– Smart-Phone: transmits the collected data via amobile network to the base station (BS) that routesit until it reaches the medical data center.

– Wireless Medical Device: (see Fig. 3) transmitsdata using one of several wireless communicationprotocols such as Zigbee [183], Bluetooth [24], orWi-Fi [7].

• Home Area Network: A Home Area Network (HAN)uses a controller, which handles the communication forsending the gathered data to an available Access Point(AP) located in the patient’s home. Transmissions canrely on Wi-Fi, or LTE/LTE-A [42] in case of a FemtocellAP [28].

• Neighbourhood Area Network: A Neighbourhood AreaNetwork (NAN) enables users to quickly connect to theInternet [175]. It is used to establish wireless commu-nication between close areas such as homes and theirneighbourhoods. It can be based on an omnidirectionalantenna that allows a single AP to cover a radius ofat least half a mile. Moreover, a NAN can rely on adirectional antenna to improve the AP’s signal as shownin Fig. 4. As such, the AP forwards the data to a mobiledata station, which allows the data sent from the home’sAP to be directly received at the mobile Base Station(BS).

• Wide Area Network: A Wide Area Network (WAN)represents the communication from a mobile Base Stationor from an access point to the mobile/Internet (remote)medical infrastructure. In case of emergencies, a WANensures real-time data transmission to emergency re-sponse teams. Once the data is received, the AP can alsosend the data to cloud services for storage at the specifiedserver.

B. IoMT Devices & Protocols

Medical devices are differentiated according to their needs.In fact, many of them are available as a gadget in the medicalmarket, or are being used by hospitals for real-time smartremote monitoring. These smart medical devices can rangefrom fitness devices, to blood-pressure devices, to sugar-leveldevices. A set of these medical devices is listed in TABLE II.

Given that the aging population in developed countries isgrowing, there is a need for a much more sophisticated andsuitable health-care system. The recent IoMT technology isconsidered as one of the most important solutions, which wasintroduced to answer the growing needs and demands. IoMTensures physical mobility for patients, which leads to thereduction of the number of patients in a hospital performingBlood Pressure (BP) tests, or a Cardio-Vascular Disease(CVD) tests, which constitute 30% of global death, as statedby the World Health Organization (WHO). Moreover, diabeticcases can now be remotely monitored from hospitals.

These devices can be either implanted, worn, or held.Moreover, some devices can be used in-home and others arespecialized and to be used in hospitals and clinics. In the

4

Fig. 2: IoMT’s Communication, Perspective & Future Taxonomy

Fig. 3: Body Area Network

following, we give examples of such devices. The differentprotocols supported and employed to (inter-)connect suchdevices are listed in TABLE I.

• Wearable and Personal Devices: these include smartand electronic medical devices that collect, monitor andimprove patients’ health conditions in a real-time manner,

and at a reduced cost [169]. Wearable devices includefitness trackers, smart health watches, wearable BloodPressure Monitors (BPM), ring-type heart rate monitorand biosensors [78], [58]. Due to the increase in thenumber of ageing population and spread of diseases, thereis even a higher demand for tele-home healthcare. In the

5

Fig. 4: Neighbouring Area Network

TABLE I: A set of protocols used for IoMT interconnection

Protocol Classification Range Description4G or LTE Wireless Medium Range Cellular Technologies that Connects Medical Personal and Wearable DevicesWi-Fi, 802.1x Wireless Medium Range Reliable, Real-Time, High Power and Long Range Medical ConnectionZigbee Wireless Medium Range Used for Low Data Rate Medical Connections with Minimum Latency &

Energy ConsumptionZ-Wave Wireless Medium Range Used for Low Data Rate Medical Connections, include Sending Alerts &

Tele-Home Healthcare (Remote Monitoring)Bluetooth Wireless Short Range Used for Short Range Connection to a Nearby Medical Device including Smart

Medical Sensors6LoWPan Wireless Medium Range Used for Medical Low Power Wireless Personal Area NetworksMachine-to-Machine (M2M)

Wireless Long Range Real-Time Remote Patient Monitoring & Error Detection, Enhanced PatientCare & Attention

Internet Protocol(IP)

Wireless Long Range Software Responsible of IoMT and E-Healthcare Communications

following some of these devices are described in detail.– Smart Fitness Devices are used to maintain a

healthy lifestyle for patients and to improve theirhealth conditions. This is achieved by adopting adaily workout routine, which varies and depends onthe patients’ ability and physical status, along withtheir condition, age and gender. Several additionalsmart fitness devices were mentioned in [105], in-cluding "TomTom Spark 3", which is a fitness trackerand "on-wrist navigator" [178] and "Moov Now",which is also a fitness tracker [127].

– Smart Blood-Pressure Devices are deployed inmany IoMT fields and domains. They are used toremotely and continuously monitor the blood pres-sure of patients. These devices check for deviationsin blood pressure from the norm towards detectingrapidly any anomaly and transmitting the data inreal-time. A set of such devices includes "OmronEVOLV" [12], "iHealth Feel & View BPM" [71] and"Philips Upper Arm BPM" [108].

– Smart Glucose-Level Devices are used to monitor

and to track the real-time sugar levels of patientswho suffer from diabetes types I and II. They helpin maintaining the right insulin level to protect thepatients. This reduces the implications and risksassociated with unexpected higher or lower levelsof insulin. Examples of such devices include theGlucoWise device [4], in addition to turning a givenIoT device (mainly smartphones) into a blood sugarmeter sensor [150], and iBGStar Blood GlucoseMeter [157]. In case of an insulin drop, signals aresent to the actuators of the insulin pump to inject theappropriate insulin dose. Another actuator example isthe spinal cord stimulator, which is implanted in thepatient’s body to ensure long-term pain relief [79].

– Smart Heart-Rate Devices are used in several med-ical domains and they are capable of saving patients’lives. A set of k devices can monitor patients’ heartrates in real-time, while other devices communicateonly urgent data, when an anomaly is detected. Assuch, the main task of these devices is to predict anypossible heart-attack before it occurs. These devices

6

may include wearable wireless sensor networks andBANs [168], along with different heart-rate monitor-ing devices [77].

– Smart Diet Devices are being used to maintain ahealthy diet for patients who mainly suffer fromeating disorders. They are specifically used by obesepeople who struggle in following a certain diet orsometimes forget about diet restrictions. In fact,smart diet devices have become a substitute forpaper-written diets. Such devices would send usersautomatic updates about their daily diets, with dif-ferent nutrition ingredients, via a smart diet soft-ware [92].

• In-home Medical Devices: these include ventilators,infusion pumps, and dialysis machines that are currentlybeing used outside the hospital or clinic, which are alsoprovided by a health care professional, and rely on simpletechnologies (e-mail, the Internet, smart medical devices)to communicate with the hospital [60]. Among thesedevices, we mention test kits, first aid equipment, durablemedical equipment, feeding equipment, voiding equip-ment, treatment equipment, respiratory equipment, infantcare, and other equipment which are further discussed in[37].

• In-Hospitals and Clinics Medical Devices: hospitalsmust always be prepared for any emergency or incidence,whether or not these are life threatening. As such, ahigh level of readiness of both medical equipment andstaff is a must to offer the right treatment for patients.In this context, medical donations play a crucial role[125]. Among such medical devices we list defibrillators,anesthesia machines, patient monitors, Electrocardiogram(EKG) Machines [2], surgical tables, blanket and fluidwarmers, electro-surgical units, surgical tables and lights,which are further discussed in [1].

TABLE II: A set of medical IoT applications [160]

Application Data rate Bandwidth (Hz) Accuracy(bits)

ECG (12 leads) 288 kbps 100–1000 12ECG (6 leads) 71 kbps 100–500 12EMG 320 kbps 0– 10,000 16EEG (12 leads) 43.2 kbps 0–150 12Blood saturatio n 16 bps 0–1 8Glucose monitor-ing

1600 bps 0–50 16

Temperature 120 bps 0–1 8Motion sensor 35 kbps 0–500 12Cochlear implant 100 kbps 70-350/3500-

8500 16 [162]

Artificial retina 50-700 kbps <1012 [90]

C. IoMT Application Domains

Despite the challenges that surround the IoMT domain,this technology offers several advantages via health-care ap-plications [149]. First, and since the vital signs of a patientcould be monitored in real-time, this allows patients and themedical staff to communicate instantly. This reduces the costof medical care by reducing the number of doctor visits.

Improving patients health and lifestyle is another benefit ofIoMT. The immediate access to a patient vital signs allowsthe early diagnosis, the prescription of medication and theinjection of medication via a wearable device.The future of IoMT aims at further involving devices andapplications in the roles of doctors, nurses, medical kits andreceptionists. However, the general public still has concernsabout the necessary security, privacy, trust and accuracy ofsuch IoMT systems.

• Smart-Doctor: One of the future plans is to introducethe concept of smart-medical robots to perform the roleand tasks of a real doctor. Some patients have expressedconcerns regarding this matter while others felt morecomfortable speaking to a robot doctor about their privatemedical issues than they would with a real doctor. Despitethe opposing views, in the near future, the term smart-doctor will be frequently heard and used.

• Smart-Nurse: Smart-medical robots will also be able toperform secondary medical tasks such as taking the roleof a nurse. In many cases, they may perform the task ofa smart-assistant to a given nurse to facilitate the nurse’stasks. The plan is to rely on robots to perform a secondaryor/and supportive medical task, according to the medicalconditions and needs.

• Smart-Medical Technology: It includes Smart medicalequipment and kits that are currently being deployedand used by paramedics to provide immediate helpto patients who are in urgent need of medical careand assistance. One example is the use of of medicaldrones to perform such a task [52]. Medical drones wereoriginally introduced to respond to emergencies relatedto patients suffering from cardiac arrests [131], sincethese drones are the fastest to arrive at the emergencyscene. The drones would be directed to fly to specificdestinations, which saves time and as such, saves livessince paramedics might end up stuck in traffic, andmay not be able to respond as quickly as needed. Thisencourages the reliance on smart medical robots [87] toperform surgical operations within a hospital setting. Vir-tual/Augmented Reality and Artificial-Intelligence (AI)-based medical technologies were also employed for var-ious medical purposes. This includes Virtual-Reality toperform various realistic operations such as simulatedtraining [94], emergency training [102], and Cardio-Pulmonary Resuscitation (CPR) training [19]. AI-basedmedical technologies are also being used to ensure ahigher accuracy rate [65]. This includes exploring bio-chemical interactions [61], such as IBM Watson and GeneNetwork Sciences (GNS) Healthcare AI systems [143]used to search for the right cancer treatment [5].

• Smart-Receptionist: A smart-receptionist is yet anothertrend in the IoMT domain; a medical robot is capableof operating as a normal receptionist, having the abilityto “think” and “understand” a given medical, or urgentcase before diverting the patient towards the right medicaldepartment. Also, these robots would answer phone callsand book appointments for patients, whilst classifying the

7

urgent and normal appointments. Such a classificationcould be based on statistical or machine-learning algo-rithms.

• Personal Emergency Response Systems (PERS): theseare seeing increasing use to alert patients and doctorsin a real-time manner of any patient’s abnormal medicalevent (E.g stroke, cardiac arrest, seizure etc.) by remotelysending vital signals to the hospital [156] based ona predictive risk assessment method [123]. PERS arenow being modified to become location-based [124] fora higher accuracy and faster response time. A typicalexample is the Active-Protective’s smart belt which canbe placed on a patient’s waist and uses Bluetooth and AIto transmit real-time data.

• Ingestible Cameras: these are cutting-edge and cost-effective capsules that can be swallowed (in-vivo/in-vitro) by a patient to provide internal-organ real-timevisual monitoring for early detection of chronic dis-eases and cancer [74]. Many ingestible devices werepresented including Swallow-able data recorder capsulemedical device [93], ingestible endoscopic optical scan-ning device [20], and ingestible hydrogel device [88].Ingestible devices rely on an X-ray or camera capsule,a tracking/recording system and the diagnostics toolkitfor evaluation.

• Real-Time Patient Monitoring (RTPM): this is a newevolving trend among the new generation, including mil-lennials, due to their heavy reliance on smart devices as akey part of their daily lives [155]. In fact, RTPM is used toensure a real-time, cost-effective remote consistent mon-itoring depending on the sensors linked to the patient’sbody, either through a homecare telehealth systems [137],[95] or telecare monitoring systems [38], [136]. This mayinclude monitoring fitness level, glucose level, respirationrate, and heart rate, etc. Many new RTPM trends arenow available including, but not limited to, connectedinhaler delivery systems, Apple Watch app that monitorsdepression, Apple’s Research Kit and Parkinson’s Diseaseand ADAMM intelligence Asthma Monitoring [9], [69] .

As listed above, IoMT will enable innovative healthcareapplications; however, there are many challenges that mighthinder the evolution of this technology. One of the key chal-lenges is related to the security and privacy issues. In the nextsection, we discuss the main security concerns, challenges, andrisks that might be associated with the deployment of IoMTsystems.

III. CONCERNS, CHALLENGES & RISKS

In this section, we highlight the main concerns that arerelated to IoT systems, in general, with emphasis on medicalissues.

A. IoMT Concerns

IoMT-related concerns can be classified into four key cat-egories, one of them is raised by the general public and isrelated to the security, privacy, trust and accuracy issues.

• Security Concerns: Due to the reliance of IoMTdevices on the use of open wireless communications,these devices are prone to various wireless/networkattacks. In fact, an attacker can eavesdrop and interceptincoming and outgoing data and information due tothe lack of security measures that most IoMT deviceseither suffer from by design, or due to weak securityauthentication measures that can be easily bypassed bya skilled attacker. Another security issue is the abilityto gain unauthorized access, without being detected,due to the inability to detect and prevent such attacks.This would result into gaining an elevated privilege,injecting malicious codes, or infecting devices with amalware. On the other hand, IoMT devices could behijacked (as botnets) and used to launch DistributedDenial of Service (DDoS) attacks. In [32], Clark et al.showed how medical devices are prone to botnets or“zombies” attacks, which can lead to physical attacks onhuman patients. An attack, for example, can logicallymanipulate a drug dose that would kill or have serioushealth implications on a given patient. Moreover, IoMTdevices, when hijacked by terrorists, could be used asa mean for targeted assassination. For this reason, theUS Vice President, Dick Cheney, disabled the wirelessfunctionality of his heart implant out of fear of beinghacked to eliminate him [126]. Moreover, as describedin [32], IoMT devices can have a negative effect onthe psychological state of patients, since these canpotentially scare patients, causing them to suffer froma heart-attack due to being surrounded by machinesinstead of humans.

Manufacturers of medical devices need to focus on secu-rity as a primary task to ensure and maintain the securityof the Medical-Cyber Physical System (MCPS), alongwith medical systems and devices alike. In other terms,protection against passive and active attacks is a mustto mitigate the main IoMT security concerns. Hence, theneed for the right security measures and tools is crucial.

• Privacy Concerns: Passive attacks such as traffic analy-sis leads to privacy issues since it would be possible togather and disclose information about patients’ identity,in addition to sensitive and confidential information.This is a very serious threat for patients since an attackeris capable of identifying his/her medical records andmedical conditions, which poses drastic life-threateningeffects on patients.Another reason for breaching the privacy of patients,through attacking hospitals, is identity theft. Most ofthese real-case attacks led to a breach of patients’ privacyeither through the leakage, or through the disclosure ofpersonal/sensitive information.As a summary, privacy is more than ensuring the secrecyof sensitive and private medical information. It alsoentails the need for anonymity, non-linkability, and non-observability.

– Anonymity: a patient should not be identifiable;

8

when a patient is in communication, his identityshould be kept hidden. In other terms, passive attackscan see what you do, but not who you are.

– Non-Linkability: Items of Interest (IoI) such assubjects, messages, events, actions should not bedisclosed by passive attacks. This means that theprobability of those items not being exposed from theattacker’s perspective should stay the same, beforeand after observation.

– non-Observability:non-observability is the state of Items Of Interest(IoI) being indistinguishable from any IoI of thesame type. This means that messages are not dis-cernible from any random noise(s). In other words,it should not be noticeable whether, a message hasbeen exchanged between a sender/receiver in anyrelationship.

• Trust Concerns: The breach of patients’ privacy trans-lates into serious trust issues. Patients are becomingskeptical of the idea of machines taking over the rolesof humans (doctors, nurses, and receptionists). As aresult, people are more concerned about having a medicalrobot, or a medical machine, or even a medical devicemonitoring and controlling their health conditions [72].

• Accuracy Concerns: This type of concern has surfacedafter more than 144 patients in the U.S. lost theirlives [25] due to accidental mistakes related to medicalrobots’ lack of accuracy and diagnosis. This also resultedinto having more than 1,400 patients being partiallyor permanently injured, where reports of malfunctionrevealed that more than 8,061 malfunctions have occurredwithin thirteen years (2000-2013) [13]. Another exampleis the false diagnosis of some patients as having dementiaor Alzheimer. These incidents indicate the lack of accu-racy and precision in the operations being led by medicalrobots, along with the false diagnosis of patients, andwrong medical prescriptions [141].

B. IoMT Challenges

IoMT challenges emerged as soon as the integration ofmedical devices into IoT systems started. One major challengeis the lack of standardization. In [55], Hassanalieragh et al.discussed in details the main IoMT challenges. The issue ofstandardization is essential to having different medical devicesoperating together, and for vendors to adopt the right securitymeasures to protect them from being hacked. This would leadto higher protection, efficiency, scalability, consistency, andeffectiveness. In fact, many of these challenges are mainlyrelated but not limited to various IoMT security constraints(see Fig. 5).

C. IoMT Risks

The deployment of IoMT systems into the healthcare do-main is associated with a number of risks which are listed asfollows:

• Disclosure of Personal Information can seriously affectpatients’ medical conditions, as well as hospital’s repu-tation.

• Data Falsification can result into having the transmitteddata from any medical device altered and modified, whichwould result into a higher drug dosage or wrong medicaldescription that can lead to further medical complications.

• Whistle-blowers are based on unsatisfied or rogue med-ical employees leaking medical details and informationabout the hospital or patients by either being bribed,or part of an organised crime activity, risking patients’privacy and lives.

• Lack of Training among nurses and doctors can resultinto risking patients’ lives with permanent disabilities orthe loss of life.

• Accuracy is still a debatable issue and is still responsiblefor inaccuracies in the medical operations conducted byspecialised robots. This can also seriously affect patients’lives and lead to disabilities or fatalities.

Thus, a new risk assessment method is required to quantifythe security risks of IoMT attacks, which is a complicated task.Addressing threats in IoMT and analyzing their associatedrisks is the first step towards identifying the required securitysolutions to be adopted by IoMT applications and communica-tion protocols. The risk analysis, presented in [159], is basedon Threat, Risk, and Vulnerability Analysis (TVRA) method-ology [101]. This methodology is based on the likelihood of agiven attack, and the attack impact on the system including thesystem assets and its associated threats. In addition, the threatagent which is trying to break the system is also identifiedby the TVRA method. Therefore, the outputs of TVRA aremeasures of the risk of the already identified threats and canbe determined based on their estimated value of likelihoodand impact on the system. The existing threats can be rankedas either critical, major, or minor, and they are representedin TABLE III, depending on their impact on human emotionalconditions, which should also be taken into consideration.

In fact, given the above listed concerns, challenges and risks,it is essential to review the possible security attacks and theircauses. Thus, in the next section, we give a detailed descriptionof the attack types, causes and effects.

IV. CYBER-ATTACKS AGAINST IOMT

Such attacks can either be targeted, organized or even coor-dinated, based on the attackers’ skills, experience, knowledge,and tools in order to carry out a successful cyber-attack. Theseattacks target the confidentiality, integrity, availability and/orthe authentication of a given system and/or its components. Infact, it depends on the malware type used in order to carryout the attack.

A. Characteristics of Cyber-Attacks

Before identifying and classifying a given attack, it isimportant to understand its characteristics. In general, anyattack can be classified as one of five main categories (seeFig. 6), based on its nature, target, scope, capacity, and impact,all of which are directly related to the attacker’s purpose,

9

Fig. 5: IoMT Security Constraints

TABLE III: Qualitative Psycho-Emotional Medical Risk AssessmentThreat Nature Motivation Risk Emotional/Psychological ImpactType Human Non-Human Malicious Non-Malicious Likelihood Impact Anger Fear Mistrust Sadness Depression Anxiety Guilt EmbarrassmentMedical Information Disclosure Yes/No No/Yes X X High High Yes Yes Yes Maybe Maybe Yes Maybe YesMedical Data Manipulation Yes No X X High High Yes Yes Yes No No No Yes NoMedical Data Interception Yes No X X Moderate High Yes Yes Yes No No Maybe No YesMedical Data Hijacking Yes No X X High High Yes Yes Yes No No Yes No YesMedical Data Exposure Yes/No No/Yes X/X X/X Low/Moderate Moderate/High Yes Yes Yes Maybe Maybe Yes No YesWrong Dosage Yes/No No/Yes X/X X/X Low/Moderate High Yes Yes Yes Yes No Maybe No NoMedical Data Delay Yes/No No/Yes X/X X/X Moderate Moderate/High Yes No Maybe No No No No NoInsiders Yes No X X High High Yes Yes Yes No No No No YesMisconfiguration Yes/No No/Yes X X Low Moderate Maybe Maybe Yes No No No No Maybe

aim, objectives and goals. More precisely, it depends on theattacker’s skills, knowledge, experience, available tools andresources at his disposal.

• Attackers’ Nature: There are four categories of attack-ers, internal, external, passive and active attackers. Insome cases, different types of attackers may collude toensure a more sophisticated cyber-attack.

– Internal & External Attackers: An internalattacker is mainly a rogue employee who can be anurse, a doctor or a medical staff who wants to causedamage to a hospital by damaging its reputation viaremoving or modifying data, or targeting patients’health and privacy. In some cases, it can be a spymasqueraded as a nurse or a doctor who managedto successfully evade all the security measures ofa given hospital to eliminate a given patient foreither political or other criminal purposes. Internalattackers might pave the way for external attackersto perform their cyber-attacks easily.

External attackers are mainly classified as malicioushackers who aim at gaining an elevated unauthorizedprivileged access into the hospital’s system. This is

mainly achieved through worms, Rootkits, or RemoteAccess Trojan attacks. In many cases, the attack isbased on spear-phishing techniques through sendinga malicious Portable Document Format (PDF) file,or any other file as a Curriculum Vitae (CV). Oncedownloaded, a backdoor or a key-logger will beinstalled on the given system. The main aim isto breach the privacy of patients and sell them tomalicious third parties through the deep dark webfor scamming purposes.

– Passive & Active Attackers: A passive attackertries to evade detection by remaining "hidden"in the background, without making any activity.The aim here is to intercept data, transmitted viaany wireless communication, between differentmedical devices, read them and build up their owninformation gathering process that can be used forfurther exploitation, which may lead to a much moresophisticated cyber-attack. Passive attackers can becooperating with external or even internal attackersas part of the information gathering process.

Unlike a passive attacker, an active attacker relies

10

on intercepting the communication between a givensource and destination. Such interception is doneaggressively by altering, modifying and deleting thegiven information and data being transmitted withoutthe knowledge of the source and destination. Suchan attack is very dangerous when used for exampleto inject a patient with a higher dosage of a drug,or when prescribing the wrong drugs, and thus,seriously risking patients’ lives.

– Malicious & Rational Attackers: Malicious attack-ers do not have a specific goal and do not lookfor specific results either. They launch their attackssimply because they can do it with the intentionto disrupt an IoMT system. This can be done, forexample, by transmitting false information to the datacenter in a specific geographical area. In contrast,rational attackers have a specific target which canhave a very dangerous impact. In other terms, theyare unpredictable and generally follow the passiveclass.

– Organized & Coordinated Attackers: Cyber-attacks against IoMT can be organized or coor-dinated. Organized attacks are usually based onhaving prior knowledge of a given medical deviceor system before launching a cyber-attack against it.In fact, the aim is to either gain an unauthorizedaccess or disclose sensitive information. Coordinatedattacks are based on the cooperation and collabora-tion between insiders and outsiders. In fact, insidersare rogue/unsatisfied employees (Hospital IT, staff,nurses, receptionists, etc..) having an authorized ac-cess to the system and possibly install a malware.Malware types allow outsiders to have an elevatedremote access or privilege and carry out a combinedattack against a specific medical system. The attackmight be carried out in order to hit the system’savailability and prevent authorized medical personneland patients from accessing medical records, bookappointments, or disrupt medical operations.

• Target: A targeted attack is typically used for assassi-nation or terrorism purposes. Such an attack targets aspecific patient or a hospital for various reasons that couldbe political (assassinating a public figure), ideological,racial or religious reasons. The attackers’ goal could beto target a minority group of patients or to target a foreigncountry with the aim of fueling racism, or spreadingterrorism, or part of a cyber-warfare campaign linked tocyber-politics.

• Scope: the scope of an attack is related to the targetedarea, which may be quantified as small scale or largescale. Typically, attackers try to extend their maliciousactions to a large area [140], [15] to increase the numberof victims, such as patients in hospitals.

• Impact: the impact of an attack is quantified by theamount of damage it causes, along with its nature andits scope.

• Capacity: this refers to the protection required to prevent,

mitigate, or reduce the damage associated with an attack.

B. Targeted IoMT’s Security Aspects

IoMT security seems to be jeopardized by various typesof cyber-attacks, which are divided and described dependingon the security aspect that they target. As illustrated inFig. 7, in this section we aim at reviewing the security attacksthat target the IoMT data security, including its availability,confidentiality and integrity. On the other hand, we aim todissect the security attacks that target the system security in-cluding user privacy, system availability, confidentiality/trust,authentication and integrity.

1) Data Confidentiality Attacks: In order to hit the confi-dentiality of IoMT data, gathering information is a must. Dueto the open and public nature of IoMT wireless communica-tions, patients are becoming more prone to being interceptedthrough confidentiality (sniffing) attacks. Therefore, the risk ofpersonal and private information being either leaked, hijacked,modified or even stolen is seriously high. However, in orderto achieve it, different passive attacks can be carried out.This includes eavesdropping, traffic analysis, and brute forceattacks. TABLE IV presents the main confidentiality attacks.

• Eavesdropping Attacks are typically based on gatheringinformation and they are divided into two main types.The first one is Passive Eavesdropping [34], wherewireless access points are scanned to identify whichmedical device is connected to them. The second typeis the Active Eavesdropping, where the adversary canmonitor incoming and outgoing data during transmissionand Thus, gathering more information in a faster andeasier manner.

• Data Interception Attacks occur when a man-in-the-middle attack is carried out. This allows the adversary tointercept data and re-transmit it at a later time [56]. Thisallows the attacker to eavesdrop the Address ResolutionProtocol (ARP) request and keeps on repeating it in orderto capture a handshake. This handshake is then used toobtain encryption keys and gain unauthorized access tomedical systems and records.

• Packet Capturing Attacks or packet sniffing attacks in-clude the capture of the transmitted medical data packetsthat are unencrypted and revealing their content includingpatients’ medical conditions and passwords. Wireshark isa prime example of a network monitoring software tool.

• Wiretapping Attacks include hacking medical telecom-munication and tele-healthcare devices to intercept real-time incoming/outgoing medical data.

• Dumpster Diving Attacks include searching throughdumpsters and retrieving any medical information includ-ing papers and file thrown in the bin including patientsrecords, medical prescriptions, staff names, etc. This isone of the main reasons why most file and data recordsare becoming paperless.2) Social Engineering (SE) Attacks: Social engineeringis a technique used to manipulate people through eitherbaiting or pre-texting in order to lure people to give outinformation. This includes passwords, names, IDs, private

11

Fig. 6: Characteristics and profiles of attackers and its corresponding impact

Fig. 7: IoMT Security Goals

information in order to proceed with a cyber-attack lateron. Luring people can be easily achieved by relying onhuman emotions which seems to be easier than exploitinga system’s vulnerability. Therefore, the attacker relieson people’s curiosity, or lust, and sends infected adult

pictures (phishing), for example, in order to gain accessto medical systems or/and records. Different SE attacksare presented in TABLE V.

– Reverse Engineering Attacks: A reverse social en-gineering attack is also known as a person-to-person

12

TABLE IV: Different types of data confidentiality attacks with their corresponding solutions.

Data Confiden-tiality Attack

Solutions Possible Reason(s)

Eavesdropping Encryption • Broadcast nature of messages via wirelesschannels• Unencrypted communication channel

Data Interception Encryption • Non-Secure Channels• Open Wireless Communications

Packet Capturing Encryption • Open Wireless Communications• Non-Secure Channels• Lack of Encryption

Wiretapping • Secure Communications• Closed Communications

• Open Wireless Communication• Non-Secure Channels

Dumpster Diving • Enhanced Employee Training• Paperless Process

• Lack of Employee Training• Lack of Awareness

attack [62]. This allows the attacker to masqueradehimself as a technician trying to fix an issue in ahospital’s medical system and gaining insight andphysical access to the system. It also allows him topossibly upload a malware or detect vulnerabilitiesthat can be exploited. In other cases, an attacker canmasquerade himself as a person visiting a patient,asking questions in order to gain a better insightabout the used medical systems and devices.

– Error Debugging Attacks are usually caused byan improper handling of error, which results intomedical systems becoming vulnerable to varioussecurity problems [138], [177]. Such exploitation canlead to internal error messages that target medicalweb servers, application servers, and web applicationenvironments by displaying database dumps, stacktraces and error codes to the attacker. This wouldmainly result into a system call failure/crash, networktimeout or unavailable database. This consumes ahigh amount of resources and causes a tremendousnetwork overhead, preventing and disrupting theavailability of medical services to patients.

3) Privacy Attacks: Ensuring patients’ privacy is one of themost important challenges in IoMT. Preserving patients’ pri-vacy is mainly related to preventing the disclosure of their realidentities, in addition to their location and information. Thisrequires patients to keep their private information protectedsuch as their identity, their behaviour, their past and presentlocation [121], [153], [103]. Moreover, in the following, themain privacy attacks are listed and described in TABLE VI.

• Traffic Analysis Attacks: TAA mainly affects patients’privacy in addition to their data confidentiality. Thisattack is extremely dangerous and consists of interceptingand analyzing the network traffic pattern(s), trying toinfer useful information. This is due to the fact thatIoMT devices’ activities can potentially reveal enoughinformation, enabling an adversary to cause maliciousharm to the medical devices.More precisely, traffic analysis can target certain informa-tion that can be used to establish or facilitate new socialengineering attacks.

• Identity/Location Tracking Attacks: The attacker spieson an IoMT device during its journey to discover theidentity of the patient (relating the patient to a place of

work or home). In fact, an attacker may get a trace ofthe IoMT devices’ movements. Studying this trace canreveal the true identity of the patient, in addition to theirpersonal information. Therefore, getting the identity ofa given patient can put their privacy and possibly theirlife at risk.

In order to preserve the privacy of any patient, the MACand IP addresses must be constantly changed to avoidany possible identity disclosure and denial of service,or spoofing attack [140]. Hence the need to designsome new algorithms to address the large memory-spacedilemma. Therefore, each patient should be allocated apool of certified pseudonyms obtained from a certificateauthority [170], [146]. The most popular attack is theSybil attack. The pool of pseudonyms can be used topretend they are for different patients whilst sending falsemessages to a data center. This includes false traffic jams,or false alerts forcing hospitals to react to a false event.The main authorities’ goal is to ensure that the identitiesand their corresponding sensitive data are protected andverified during any communication attempt. In case ofany issue, the system operators must interfere, however,it requires knowing the identity of the user (digitalforensics). This indicates that a trade-off between privacyand digital forensics, indeed, exists.

4) Data Integrity and Message Authentication Attacks:Integrity attacks are based on the ability to alter the messagesthat are being transmitted in order to target the integrity of asystem or data. Different attacks can be carried out to achievethis goal, such as injection attacks and data interception.Therefore, it is essential to secure and maintain the integrityof data as much as possible [66], [144].

• Message Tampering-Alteration Attacks: The attackerhere aims to break the data integrity of the exchangedmessages. This happens when the attacker manipulatesthe received messages for his/her own goals [173]. Thiswill result into doctors making wrong decisions thatmight compromise the health of patients.One of these security methods is using a message au-thentication algorithm such as cryptographic keyed hashfunction as HMAC to ensure data integrity and sourceauthentication.

• Malicious Data injection: This kind of attack is gener-

13

TABLE V: Different types of social engineering attacks with their corresponding solutions.

Social Engineering At-tack

Solutions Possible Reason(s) Related Threats

Social Engineering Training staff againstbaiting/pretexting

Poor training of employees May affect the confidentiality andprivacy.

Reverse Social Engineer-ing

Training staff against strangers’questions

No identification and verificationprocesses

Depends on the asked questions,primarily targets confidentialityand privacy. In addition, toaffecting authentication andavailability.

Error Debug Limit appearing information Different error questions giving ad-ditional information

May affect (data/system’s) confi-dentiality and privacy.

TABLE VI: Different types of privacy attacks with theircorresponding solutions.

Privacy Attack Solutions Possible Reason(s)Traffic Analysis • VPNs & Proxies

• Non-Linkability• Pseudonyms

• Source and destination in-formation are not encrypted• Lack of secure channels• Weak encryption algorithm

Identity/LocationTracking

• Anonymity• Non-Linkability• Pseudonyms

• Lack of secure channels• Location and identificationparameters are not encrypted

ated from an entity that can be legal or can authenticatewith the system. Thus, this can cause hazardous effects inthe IoMT system and it may lead to fatal accidents [89],by creating a false message and transmitting it to thehospital data center or to doctors. The strategy of thisattack is to prevent the real and correct messages fromauthorised users, and instead inject false messages intothe network.To defend against such an attack, messages should beauthenticated.

• Malicious Script Injection Attacks: Such attacks in-troduce false update script system where adversaries canmimic a legitimate server for system backup. This allowsa given adversary to gain unauthorized access to anyIoMT device and might introduce a backdoor [132].

• Cloning And Spoofing Attacks can be combined inorder to carry out a more sophisticated attack [147]against a medical system or device. Cloning attacksduplicate the data spoofed, whilst spoofing attacks usethe cloned data to gain unauthorised access [166].

TABLE VII summarizes the main message integrity andauthentication attacks.

TABLE VII: Different types of data integrity and messageauthentication attacks along their corresponding solutions.

Message Integrity andAuthentication Attack

Solutions Possible Reason(s)

• Message Tampering-Alteration• Malicious data injection• Malicious Script Injec-tion• Cloning & Spoofing

• Keyed Hash Function(HMAC);• Message AuthenticationAlgorithms

No data integrity andsource authentication pro-tection scheme

5) Availability Attacks: In order to target the availability ofmedical systems, different attacks are carried out to degradethe performance of medical systems and devices. As a result,

the availability attacks can either target data availability orsystem availability.

• Data Availability attacks: The attacker aims to breakthe data availability of the exchanged messages bydropping these messages. This happens when theattacker manipulates the received messages for his/herown goals, which results into hospital data center ordoctors missing important information about the patients’health conditions.

• System Availability attacks: The main system avail-ability attacks are listed below and summarizedinTABLE VIII.

– Denial of Service Attacks (DoS): In order to disruptthe availability of a given medical IoMT system ordevice, DoS attacks are initiated and launched, pre-venting legitimate patients from getting proper med-ications, and preventing nurses and doctors (GPs)from accessing medical information and records.This prevents real-time data from being sent andreceived through the disruption and interruption ofservice.

– Distributed Denial of Service Attacks (DDoS):These attacks can also be simultaneously carriedout from different geographical locations and fromdifferent countries. This can have a far greater impacton the availability of medical devices and systemsresulting into a negative impact on the patients’ liveswith the inability to respond on time.

– De-Authentication Attacks: Such attacks are usu-ally carried out to ensure a single de-authenticationattack against a given medical device. It can alsobe used in order to lead a mass de-authenticationprocess, which prevents all connected devices frombeing operational either temporarily or permanently.This process also allows the capture of a handshake,which can be used later on to launch a crackingattack, which enables an adversary to gain unau-thorized access to a medical system, device or evenserver.

– Wireless Jamming aims to severely interrupt anddisrupt any established wireless communication ofmedical devices between patients and hospitals.More specifically, wireless networks are severelytargeted [161] by a series of continuous denial ofservice attacks, which disrupts any communication

14

attempt on secure and non-secure channels, depend-ing on whether the jamming attack is selective ornon-selective [130]. However, this attack can bemitigated through frequency hopping and frequencyshifting, as described in [50].

– Flooding Attacks: they are based on overwhelmingand exhausting the medical system’s resources byinjecting false information and data to flood thesystem with false data and information requests [16].∗ ICMP Flooding Attacks are an Internet Control

Message Protocol (ICMP) flood or Ping floodattacks with a Denial-of-Service (DoS) ability thatoverwhelms a targeted medical device with ICMPecho-requests known as pings [54]. Attackers relyon exploited IoMT devices (zombies or bots)controlled by a bot master to conduct such typeof attacks.

∗ SYN Flooding Attacks or “half-open” attacksprimarily target high-capacity IoMT devices sincethey rely on Transmission Control Protocol (TCP)services to communicate (i.e email/web servers)[26]. The aim of this attack is to cause a medicalserver to crash by exhausting the e-Healthcareserver’s memory reserve to make insecure con-nections available for further attacks.

∗ Black Nurse Attacks are highly effective lowbandwidth (15-18 Mbit/sec) ICMP attacks thattarget firewalls with high Central Processing Unit(CPU) load through denial of service attacks[145]. This attack results into preventing LocalArea Network (LAN) users, including patients andmedical staff from transmitting internet networktraffic.

– Delay Attacks: They introduce high delays for highpriority message transmissions. This offers the abilityto either re-transmit them or not transmit them at allafter the elapsed time.

TABLE VIII: Different types of system availability attackswith their corresponding solutions.

Availability Attack Solutions Possible Reason(s)Jamming Frequency Hooping,

direct sequencespread spectrum,beam-forming

Targets Access Points orwireless IoMT devices

Denial Of Service Backup Devices Lack of Backup DevicesDistributed Denial ofService (DDOS)

DDOS detection so-lutions. Increase thesecurity levels of de-vices to avoid becom-ing bots.

Exploiting devices turningthem into bots

De-authentication Firewalls, IntrusionDetection Systems,Encryption

Captures a handshake toLaunch DoS or PasswordCracking Attack

Flood Timestamps, Certifi-cate Authority, IDS

Overwhelms & ExhaustsIoMT’s Resources throughFalse Information Injection

Delay Firewalls,Timestamps, IDS

Overwhelms & Preventor Severely Delays anyTransceiving of MedicalInformation

6) Device/User Authentication Attacks: Authentication at-tacks aim to overcome passwords, which are classified as thefirst and primary line of defence, in order to gain access toa given system [33]. Usually, attacks are successful in manycases including when a given password is either too weak ortoo short, or is static. These attacks can either be encryptioncracking (brute force, dictionary, birthday, or rainbow-tableattacks), among other attack types mentioned in TABLE IX.

• Man-in-the-Middle Attacks: This attack is one of themain authentication attacks; it controls and monitors thecommunication between two legitimate parties, whilstaltering the transmitted data. This attack can either bepassive or active. It is considered as a passive attackwhen the attacker only intercepts and reads the exchangedmessages between the two entities. On the other hand, itis considered as an active attack, if the attacker is ableto alter, manipulate or/and modify the transmitted data orinformation without any of the devices’ knowledge.

• Brute Force Attacks are based on an excessive searchfor all possible combinations that make up and cracka given password of a medical [152]. Such an attackaims to acquire patients’ credentials and private medicalinformation for fraud purposes. Most targeted devicesinclude, but are not limited to, remote medical sensorsand patient monitors [96].

• Masquerading Attacks occur when a wireless networkrelay node is exploited by a given attacker for maliciouspurposes. Such attack can constantly send false alarmsabout an emergency medical condition, and can dis-rupt the availability of medical services [83]. Moreover,masquerading attacks can modify a patient’s medicalcondition and may result into injecting the wrong drug oran excessive medicine usage, which may result into theloss of human lives.

• Replay Attacks modify the control signal being transmit-ted to another medical device, especially once an attackergains a high privilege to the system with the ability tocontrol the system’s signals. The adversary may eithersteal or/and intercept the transmitted information byredirecting it to another location. In some cases, physicaldamage can be achieved against a given system [16],including medical systems. System communications arerecorded first before being ‘replayed’ later to the re-ceiving device [147]. This can lead to either stealing,leaking or disclosing sensitive information to gain anunauthorized access and elevated privilege on a givenmedical system [51].

• Cracking Attacks are based on capturing a handshakethrough a de-authentication attack. Thus, luring the in-tended AP (Access Point) to respond back with a hand-shake. Once the handshake is captured, a password crack-ing attack is conducted against a given medical system ordevice. This allows the leakage of information and datadisclosure.

• Dictionary Attacks usually take place when trying togain access to a given medical system [106]. Attacks areusually successful when security measures are less tight

15

than the security measures of a given IoT device. Suchattacks occur by relying on a large set of dictionary wordsin an attempt to guess the password so that the adversarycan gain access. In fact, such an attack type is exhaustivein terms of resources and time, and can take time fromminutes to hours, and sometimes days. Brute force attacksare usually aimed at targeting a medical device wherethe security measures are weak [30]. In many cases, theystill rely on a number combination including the personalidentification number (PIN).

• Rainbow Table Attacks are usually aimed at targetingthe password and its hash value relying on a techniqueprocess known as "fault and trial" through the use of re-verse engineering. It usually contains a table of passwordsalong with their hashes, which is executed until a matchis found. To overcome this problem, different solutionswere presented in [107], [151]. However, salt passwordscan be a good solution to mitigate this type of attacks.

• Session Hijacking Attacks are also known as TCPSession Hijacking. This attack is achieved by using aSession sniffer that involves a packet sniffer capable ofaltering, capturing and reading the network traffic (headerand data) between two parties. This includes users or/anddevices alike. In fact, this attack can capture a validSession ID (SID).

• Birthday Attacks are also due to users relying on weakhashing mechanisms, where two different passwords canhave the same hash. Such weakness can easily be ex-ploited to gain an unauthorised access to any medicalsystem. A suggested hash function balance was presentedin [22]. However, Secure Hash Algorithm (E.g SHA-3 and SHA-512) mechanisms remain the best solutionagainst such attacks.

7) Malware Attacks: IoMT devices can be targeted byvarious forms of malware [36], [119], such as Trojans, worms,viruses, spyware, backdoor, botnet, and many others. This isdue to many reasons such as their wireless and permanentconnection to the Internet, in addition to a weak security pro-tection and monitoring. A malware is based on the exploitationof a software weakness, vulnerability, or/and security gap. Thisleads to the possibility of having a backdoor to a given medicaldevice or system. Moreover, it can lead to an unauthorizedaccess to IoMT devices, leakage, disclosure, modification ordeletion of sensitive patient information. In the event of amalware succeeding in creating back-doors into IoMT devices,attackers can use them to initiate other types of attacks or todeny access to their services (e.g. Denial of Sleep attacks).

Clearly, one of the main security requirements for IoMTdevices is to prevent malware attacks. This aspect is evident bythe recent cyber attacks, which exploited IoT devices to formbotnets (e.g. Mirai). Another type of a malware attack that canaffect IoMT devices is ransomware [41], [14], which causesthe denial of their services. In this context, advanced malwaretypes, based on encryption or polymorphic techniques, imposeserious threats [109]. As such, to prevent malware attacks,an anti-malware software is required, and we present inSection V-B6 the different intrusion detection techniques thatcan be implemented in order to detect, track down and prevent

any possible malware attack. In the following, we list the maintypes of malware attacks that can target IoMT systems anddevices:

• Spyware Attacks: The main purpose of a spyware isto collect and gather information about patients and tosend them to either a third party or to sell them throughthe deep dark web. This is done by keeping users underconstantly covert surveillance. Actually, spyware maycollect enough information about a given patient forpossible assassination. They can be also used as key-loggers to steal patients’ credentials [85].

• Ransomware Attack Insufficient attention is paid to IoTransomware, which can lead to catastrophic results [17]compared to traditional ransomware [41]. The classicransomware model is simply not feasible in the IoT casebecause, in most cases, IoT data is stored in the fog and/orcloud and not at the device level. IoT ransomware consistsof locking IoT devices and asking for ransom from theirowners to unlock them [179]. Normally, in traditionalransomware, attackers employ the user interface (screendisplay) to warn the user to pay the ransom. However,there is no display interface for a significant percentageof IoT devices. In this case, attackers attempt to discovertheir owners emails or hacking the app that controls thecompromised IoT devices. IoT ransomware is efficientsince it is timely, critical, and reversible. Therefore,attackers choose scenario where users do not have enoughtime and are not in place to reset the device or counter theransomware effects. In these cases, users are more thanwilling to pay the ransom. Unfortunately, IoMT devicesare attractive targets for ransomware [174]. Thus, lockingthe functions of some devices such as pacemakers, druginfusion pumps, etc., can lead to catastrophic results sincepatients would be seriously harmed or even dead if thesedevices are not unlocked in due time.

• Worm Attacks Worms are likely the most destructiveand dangerous type of malware in the IoMT case [39].Worms are a form of malware that self-replicates ver-tically over a connected device, after exploiting the de-vice’s existing vulnerabilities. Thus, they are capable ofself-propagating without human intervention. They canimpact all data and devices’ security services (confi-dentiality, integrity, and availability), which may resultin critical loss of data or life risks. For example, theycan be designed to target a given industrial controlsystem [46]. A recent malicious Internet worm, "dubbed",which targeted IoT devices was presented in [45]. Unfor-tunately, worms can be implemented and used againstIoMT devices in order to gather information, damage oreven destroy a given device. Thus, in the IoMT case,if insecure devices are installed, they can compromisethe security of the whole medical system once they areinfected by worms, which can propagate automatically inthe whole system by exploiting existing vulnerabilities.Note that worms also can be combined with other mal-ware types such as ransomware and botnets to propagatethrough the whole IoMT network [35].

16

TABLE IX: Different types of system authentication attacks with their corresponding solutions.

Authentication Attack Solutions Possible Reason(s)Related Threats

Man-in-the-Middle Multi-Factor authentication scheme Poor authentication scheme (onefactor) Depending on attacker goals, it

might affect the data’s integrity,confidentiality and availability.

Masquerading Multi-Factor authentication scheme Poor authentication scheme (onefactor) May affect data’s confidentiality.

Cracking Multi-Factor authentication scheme Poor authentication scheme (onefactor) may affect the data’s confidentiality

and integrity.Replay • Timestamp or a new random

number for each sessionconnection• Multi-Factor authenticationscheme

Weakness in the authentication pro-tocol May affect system’s availability.

Dictionary • Strong password• sufficient size of secret key

Weak password and one authenti-cation factor May affect the data’s confidential-

ity & integrityBrute force • Strong and long password

• sufficient size of secret key• Multi-Factor authenticationscheme

• Weak password• and one authentication factor May affect data’s confidentiality

and integrity

Rainbow Table Long Salt Passwords• Weak Usernames/Password• Short Salt Passwords May affect data’s confidentiality

and integrity

Birthday Secure Hash Algorithm Weak Hashing May affect data’s confidentialityand integrity

Session Hijacking• Encryption• Sniffing Filters

• Lack of/Poor Encryption• Non-Secure Channels May affect data’s confidentiality,

integrity and availability

• Botnet Attacks These attacks are based on exploitingvulnerabilities within IoMT devices [23], [68], and turn-ing them into bots, awaiting orders from the adversarythrough command-and-control to send fake or false in-formation concerning patients. They can also be used tobring the whole medical system down through DoS orDDoS attacks [148], [181]. In fact, in many cases, suchattacks are aimed at disclosing sensitive information andusing them for malicious or personal gains. An exampleof such attacks is the Mirai attack [76], which infectedIoT devices by malware to form botnets and to conductDDoS attacks on the network servers, infrastructure, etc.On Sept 19, 2016, the first Mirai incident targeted OVH,one of the largest European hosting providers. Since then,an increased rate of attacks were launched by skilledand unskilled attackers given that the source code of thisattack was made available online. Thus, in the medicaldomain, implants, smart pens, monitors, temperature sen-sors, infusion and insulin pumps, etc. are wireless devicesthat can be compromised by Mirai, if the convenientsecurity measures are not in place. Consequently, thesedevices can be used as bots to attack the medical systems.Note that the Mirai attack has new mutated versions andthere is a continuous effort in creating new and morepowerful versions of this attack.

• Remote Access Trojan Attacks (RAT): RAT attacksoccur through the exploitation of a medical system’svulnerability, weakness or security gap in a targetedmedical system. Such attacks are based on evading allsecurity procedures and countermeasures by gaining acovert unauthorized access as a backdoor. This leads

to overcoming all of the security measures employed.It is mainly achieved by bypassing the authenticationprocess. The most infamous attack was the operationShady RAT [8].

• Logic Bomb Attacks: Logic bombs are classified assmall programs that logically explode after reaching acertain date or time [99], damaging the medical systems’components such as IoMT devices.

All malware attacks and their solutions are summarized inTABLE X.

8) Implementation Attacks: Different implementation at-tacks on medical systems are presented in this section, includ-ing the side channel attacks, fault attacks, and timing attacks.

• Side Channel Attacks can possibly occur due to IoMTembedded systems having very limited physical proper-ties. Moreover, they are used to recover the secret keyusing power consumption, differential power consump-tion or electromagnetic analysis. In fact, IoMT deviceswith Physical non-cloneable Functions (PUF) can guardagainst different implementation attacks.

• Fault Attacks target a physical electronic device bystressing the device by external means. This includesthe increase/decrease of voltage to generate errors, whichmostly leads to a security failure [128].

• Timing Attacks are classified as side channel attackswhere an attacker attempts to compromise a cryptosystemby analyzing the needed execution time of cryptographicalgorithms. In addition, a timing attack is a securityexploitation, where an attacker discovers securityvulnerabilities surrounding the computer or networksystem. Moreover, timing attacks are also used to target

17

TABLE X: Different types of malware attacks with their corresponding solutions.

Malware Attack Solutions Possible Reason(s)Related Threats

Botnet Botnet detection solution (anti-malware), pen-testing, intrusion de-tection

A logical collection of exploitedinternet-connected devices orIoMT devices

Depends on the attacker’s target(confidentiality, integrity, authenti-cation and/or availability)

Worm & Viruses Anti-virus, anti-malware, pen-testing, intrusion detection

Relies on computer network secu-rity failures Depends on the attacker’s (confi-

dentiality, integrity, authenticationand/or availability)

Spyware Use antivirus and anti-spyware so-lutions, update OS, ensure highersecurity and privacy levels, intru-sion detection

Part of other software or downloadson file-sharing sites Primarily targets privacy and data

confidentiality but it can used forother purposes such as availability,authentication and/or integrity.

Remote Access Trojan Keep antivirus software up to date,block unused ports, intrusion detec-tion

Downloaded invisibly with a pro-gram or update software Depends on the attacker’s (confi-

dentiality, integrity, authenticationand/or availability)

Rootkit Appropriate system configuration,strong authentication, patch andconfiguration management, intru-sion detection

Exploits and targets either the ker-nel, or the user application spacegains root privileges.

Primarily targets sysem’s authenti-cation

RansomwareUp-to-date Anti-Virus/Anti-Malware, Avoid Using PersonalInformation, Enhanced System’sSecurity, Higher Awareness

Weak Passwords, Weak Multi-Factor, Paying Ransoms

Targets system’s Authenticationand Availability, in addition to dataconfidentiality and privacy

medical devices that use OpenSSL [40].

This attack can become inefficient when using the "timestamping mechanism" for packets of delay-sensitive ap-plications. However, this proposition encountered theproblem of time synchronization between entities [98],[31].All implementation attacks along with their solutions aresummarized in TABLE XI.

To defend the listed attacks, several security measuresshould be taken, including technical and non-technical ones. Inthe next section, we review the existing security solutions forIoMT data and systems. In addition, we include the securitypractices and guidelines that should be followed to ensureIoMT systems and data confidentiality, integrity, privacy, etc.

V. IOMT SECURITY MEASURES

Overcoming the rising IoMT security issues and chal-lenges is a challenging task. However, mitigating them can beachieved by implementing multiple security measures, somebeing technical and others non-technical measures.

A. Non-Technical Security Measures

This section is dedicated to highlight the different non-technical security measures that can be applied according tothe needs. This includes training the staff and safeguarding thepatients’ private medical health records.

Training the medical and IT staff could be accomplished inthree different ways: raising awareness, conducting technicaltraining, and raising the education level as illustrated in Fig. 8.

• Raising Awareness: It is highly necessary and recom-mended to raise awareness among medical employeesand staff, mainly the IT department in order to knowand identify an occurring attack from normal network

behaviour. However, this is not enough, as there is ahigher need for defining what is a threat, risk and avulnerability. This offers them the chance to identifya risk from a threat. It also offers the possibility toassess the likelihood and impact of a risk. Once a riskis assessed, it is also essential to explain how to mitigateit and use the right security measures to deal with anythreat and reduce its risk.

• Technical Training: Raising awareness is not enough, itis equally important to start training the medical staff andemployees of the IT department, right after the teachingphase. The training must be divided into seven differentphases, starting with:

– Identification Phase where the IT is capable ofidentifying a suspicious behaviour from an abnormalbehaviour.

– Confirmation Phase that is based on the ability toconfirm that an attack is occurring.

– Classification Phase that is based on the ability toidentify the type of the occurring attack.

– Reaction or Responsive Phase is based on theability of the Computer Emergency Response Team(CERT) to quickly react to a given attack usingthe right security defensive measures and prevent anattack from escalating.

– Containment Phase is based on containing theattack incident and overcoming it.

– Investigation Phase is the implementation of foren-sic evidences where an investigation process takesplace to identify the cause of the attack [118], itsimpact and damage.

– Enhancement Phase is based on learning from thelessons of previous attacks.

• Raising Education Level: The current focus must betargeted towards raising the level of education, espe-

18

TABLE XI: Different types of implementation attacks with their corresponding solutions.

Implementation Attack Solutions Possible Reason(s)Related Threats

Side Channel Attack Hardware countermeasure(PUF) and softwarerandomization processes

Limitations of physical propertiesrelated to the embedded devices It may lead to secret key recov-

ering and consequently affect thedata confidentiality.

Fault Attackuses protected hardware andSpatial Retreat

Memory & disk manipulation May affect the System integrity.This type of attacks modifies theexecution code to recover thesecret key and consequently af-fect both data authentication andconfidentiality.

Timing AttackConstant Cryptographic Com-putations Execution Time, In-dependent Cryptographic Al-gorithm

Possible cryptographic software oralgorithm Exploitation May cause the secret key re-

covering and consequently affectdata’s confidentiality.

Fig. 8: IoMT Staff Training

cially for those in the IT domain. This is based onteaching and educating cyber-security and IT staff thenecessary techniques to classify each attack and whatit targets (confidentiality, integrity, availability, and/orauthentication). Attackers are also divided into insidersor outsiders. However, it is important to assess the levelof damage of an attack caused by an insider, along withthe possibility of a remote or outsider attack. Afterwards,it is also highly recommended to educate them on howto evaluate the possibility of a risk from occurring(likelihood/impact). It is also important to know whatencryption or cryptographic technique can or should beused to prevent any alteration or interception. To limit thepossibility of insider attacks, the right authorization andauthentication techniques should be applied, along withthe best Intrusion Detection Systems (IDS) in order todetect any attack based on either signature, anomaly orbehaviour.

B. Technical Security Measures

In this section, we discuss the technical security measuresthat should be put in place to ensure an end-to-end secureIoMT system. Thus, the following subsections discuss tech-niques that aim at ensuring IoMT data and systems security.

1) Multi-Factor Identification and Verification: In order toprevent any possible unauthorized access to IoMT systems, itis important to ensure a strong identification and verificationmechanism. The best solution is to rely on biometric systems.There is also the need for a database to store the biometrictemplates safely and securely for future use [43]. However,achieving identification and verification requires several bio-metric techniques, which can be divided into physical andbehavioural biometric techniques [43].

• Physical Biometric Techniques: Secure physical bio-metric techniques can be adopted and used to safeguardand maintain patients’ medical privacy without beingprone to any insider threat. This includes facial recog-nition, retina scan, or iris scan.

– Facial Recognition: Facial recognition managed toprove a high verification rate [171]. Hence, it was

19

used in order to recognize a person’s facial struc-ture, using a specialised digital video camera thatidentifies and measures the face’s structure. This alsoincludes the distance between the triangle of eyes,nose and mouth. Hence, it is able to verify legitimateusers from non-legitimate users by comparing ascanned face with the authorized faces registered inthe database.

– Retina Scan: A retinal recognition scan is based onanalyzing the blood vessel region located behind thehuman eye. It proved to be a very accurate and secureverification method by [64].

– Iris Scan proved to be essential for both identifi-cation and verification purposes, due to its abilityto generate accurate and precise measurements [48].Iris scan operates by analyzing and scanning thecoloured tissue around a specific eye pupil to checkif it matches the stored data to either grant access ornot.

• Behavioural Biometric Technique: A secure be-havioural biometric technique that can be used for bothidentification and verification phases is the hand geome-try. Such biometric systems rely on hand measurements,including palm size, hand shape, and finger dimen-sions [43]. Then, it is compared to the set of storeddata in a database to verify users. If there is match, agiven staff will be granted access. If not, access will bedenied. However, such systems are only limited to one-to-one systems [6]. In fact, current systems are capable ofdifferentiating between a living hand and a dead hand.This prevents adversaries from trying to deceive thesystem and gain any illegal access [63].

2) Multi-Factor Authentication Techniques: Venka &Gupta [163] presented a survey that focused on patients’ pri-vacy violation, with the reliance on encryption, authenticationand access control mechanisms as countermeasures. Authenti-cation is classified as the first line of defence that authenticatesthe source and destination alike. In fact, authentication can bea single-factor authentication that only relies on a password asthe only security measure, which is not preferable. It can alsobe a two-factor authentication that relies on another securitymeasure aside from the password in order to access a givensystem. Finally, it can be a multi-factor authentication wherea third security mechanism is required in order to access asystem. Therefore, authentication plays a key role in providingsecurity for the accessible resources on a given network.Authentication can be either centralized where two nodesauthenticate themselves through a trusted third party, or it canbe distributed where two nodes use a pre-defined secret keyto authenticate each other, without relying on a trusted thirdparty.

Furthermore, in [59], Halperin et al. presented acryptography-based key-exchange authentication mechanismthat relies on external radio frequency rather than batteriesas an energy source. This approach can be used in order toconstantly prevent any unauthorized personnel from gainingaccess [53]. The out-of-band authentication was also deployed

in a number of wearable devices including mainly heart rateand blood pressure monitors [139]. It is based on the useof additional channels including audio and visual channelsto generate a key to encrypt and secure the body sensorcommunications in a given network [135]. In [11], Ankarali etal. presented a physical layer authentication technique whichrelies on pre-equalization. Furthermore, an enhanced dual-factor user authentication scheme was presented and usedby both authors in [57], [176] in order to protect WSNs.According to [165], Das et al. presented a smart-card-basedpassword authentication scheme for WSNs [29], which mainlylacked user’s anonymity [73]. In [86], Li et al. presentedtheir own advanced temporal credential-based security schemewhich included a mutual authentication and key agreementfor Wireless Sensor Networks (WSNs). Gope et al. presentedanother authentication scheme based on a realistic lightweightanonymous authentication protocol used for securing real-time application data access for WSN [49]. Kumar et al. [82]attempted to develop a privacy-preserving two-factor authenti-cation framework exclusively for WSNs to overcome variousattack types.

3) Authorisation Techniques: An assigned authorizationmust be based on offering the least privilege. Hence, the Role-Based Access Control (RBAC) model is adopted. This modeloffers the least privilege for a given medical staff or employeeto perform a given task with the least (necessary) permissionsand functionalities to accomplish a specific task.

• T-Role-Based Access (T-RBAC) is mainly designed forcloud computing environments, especially where med-ical data is stored [120]. T-RBAC is a proper accesscontrol model for Smart Health-care Systems [167]. Inaddition, T-RBAC also stands for Temporal Role BasedAccess Control, and can be spatio-temporal [133], intel-ligent [104], and generalized [67]. It is also capable ofvalidating any needed access permission for any medicaluser according to the assigned role and tasks. In fact,T-RBAC can be divided between two task types, theworkflow tasks that need to be completed in a particularorder (this requires an active access control), and the non-workflow tasks, which can be completed in any order thatrequires a passive access control.

4) Availability Techniques: The importance of maintainingavailability against any possible disruption or/and interruptionof signals is a must. However, maintaining the server’s avail-ability requires the implementation of computational devicesthat act as backup devices, along a verified backup andEmergency Response Plans (ERP) in case of any suddensystem failure.

• Against Jamming: Jamming can take many forms (seeFig. 9), including DoS, DDoS, or/and de-authentication.In the event of jamming attacks, several medical serviceswould be severely affected, especially with the disruptionand interruption of medical services. This can lead tothe disruption and prevention of communications betweenmedical devices and the doctor or GP, which leads tomissing updates of patients’ health records and hence,health complications. Furthermore, with these medical

20

services being brought down by a jamming attack, firstresponders will not be able to arrive to the scene on time.This would increase the potential of a given patient beingprone to strokes that can possibly lead to their death. Forthis specific purpose, different security measures must beimplemented in order to overcome any attack that wouldtarget the availability of any given system. For example,having backup computational medical devices and serversis crucial. In fact, medical devices must be available 24/7in order to ensure the necessarily medical requirementsand needed attention. Furthermore, backup devices mustbe quick to respond in real-time and activated in case ofany emergency that threatens the availability of a givenmedical system. In fact, additional security measures canbe taken into consideration, including Channel surfing,spatial retreat, and priority messages [172], which canbe very useful against wireless denial of service attacks.This can be a good countermeasure for medical devices,especially in the IoMT domain.

5) Honeypots: Honeypot systems are really useful whenit comes to detecting attackers, their targets (see Fig. 10),tools and used methods. However, the reliance on static hon-eypot systems is challenging. Hence, the need for a dynamichoneypot system configuration. Although there are no specifichoneypots for IoMT, some honeypots are being employed inIoT systems and these might also be useful in the IoMT systemas well. In [91], Luo et al. mentioned that building honeypotsfor IoT devices is challenging using traditional methods.Therefore, they presented an automatic and intelligent wayto collect potential responses using a scanner and a leveragemachine technique to learn the correct behaviour during aninteraction with an attacker. Their evaluation revealed that theirproposed system can improve the session interaction with theattackers to capture further attacks.

In [84], La et al. developed a game theoretic model toanalyze deceptive attacks and defense problems in a honeypotenabled IoT network. In fact, a Bayesian belief update schemewas used in their repeated game. Their presented game modeland simulation results showed that whenever facing a highconcentration of active attackers, the defender’s best interestwas to heavily deploy honeypots. This allowed the defendersto use a mixed defensive strategy that keeps the attacker’s suc-cessful attack rate low. Finally, their game theoretic approachmay be suitable for medical health-monitoring systems, andsensor networks.In [44], Dowling et al. presented an analysis of the results

from bespoke ZigBee simulated honeypot deployed on SecureShell (SSH). This simulated honeypot is used to detect andanalyze automated and random attack types before being ex-amined and identified. Brute-force and botnet attacks provideda better material for examination, unlike individual and dic-tionary attacks. Therefore, these attacks managed to treat thehoneypot as an SSH device and concentrated on compromisingit. This was done by showing interest in the honey-tokens tomanipulate them. Individual attacks have shown an interestin a small number of files that were already downloaded andsandboxed. This also included the scripts that were analyzed,rather than having any specific knowledge towards Zigbee

networks. In [10], Anirudh et al. managed to conduct adetailed study on how a DoS attack is conducted against IoTsystems. This included how they can be averted by a honeypotrelying on a verification system to maintain the efficiency oftransmitted and received data. Their outcome demonstrated thecapability of their presented scheme to secure an IoT systemthrough the implementation of honeypots. Their future workincludes deploying honeypots to overcome DDoS and botnetattacks.

6) Lightweight Intrusion Detection Systems: IoMT devicesare prone to different types of security threats and challenges.To protect IoMT systems against intruders, the activities ofIoMT devices must be monitored and analyzed. Typically,an IDS is the first line of defense towards detecting attacks.The different IDS types that can be applied within IoMTsystems are Host-based IDS (HIDS), and Network-based IDS(NIDS). While HIDS is attached to a given IoMT device tomonitor any possible malicious activity, NIDS monitors thenetwork traffic of several IoMT devices towards detecting anymalicious activity.

IoMT systems and networks should be protected by im-plementing IDS to detect abnormal activities as early aspossible and to initiate the right actions to stop any incident.An IDS can be either anomaly-based , signature-based, orspecification-based, as shown in Fig. 11. Signature-based andspecification-based detection methods require low overheadcompared to the anomaly-based one. Unfortunately, due tothe limited computing power and the high number of intercon-nected devices, a traditional anomaly-based IDS is not efficientin the IoMT case.

Anomaly-based detection is the most efficient in detect-ing zero-day attacks, which is not possible via signature-based or specification-based detection methods. Developing alightweight anomaly-based IDS is essential for the detectionof unknown attacks within the IoMT context. Such lightweighttechniques will be used to make prompt decisions in aresource-constrained environment, as is the case in IoMTnetworks. Without an efficient anomaly IDS, IoMT devicescan be compromised leading to drastic effects especially forpatients. This raised a real security concern about currentIoMT deployments in general, and the need for a robust andlightweight IDS. Research and industrial communities are stillfacing challenges in designing a reliable and efficient IDSfor IoT systems since large amounts of data are supposedto be handled in a real-time manner. Lightweight and hybridcooperative IDS with hybrid placement and hybrid detectiontechniques are candidate solutions that can make IoT networksresilient against various types of attacks including zero-dayattacks.

VI. SUGGESTIONS & RECOMMENDATIONS

Failing to implement encryption would lead to intercepting,modifying, and even deleting data beyond recovery. As such,encryption techniques, and more so dynamic encryption, mustbe implemented to safeguard the data and ensure its privacyand confidentiality (see Fig. 12). Moreover, since most attackshave occurred due to social engineering or phishing attacks, a

21

Fig. 9: An Example Of Possible Jamming Attacks & Their Impact On IoMT Systems Including: DataCenter, First responders, Doctors & Patients - Targeting Main IoMT Communication Channels.

Fig. 10: Honeypot Taxonomy Based on 4 Metrics: Purpose, Classification, Implementation, &Interaction.

budget must be allocated to raise the awareness and to conducttraining of medical staff, and to raise their technical knowledgeto identify any potential phishing or social/reverse engineeringattack. Moreover, the IT staff should undergo more specialisedtraining in order to secure, maintain and safeguard the privacyof stored sensitive confidential medical data and information.Additionally, a strong multi-factor authentication must beemployed (see Fig. 13).Note that there is a high level of mistrust among patients whoare raising serious concerns about their privacy, especially thatthe recent attacks disclosed private medical information anddata about patients. Therefore, it is crucial to establish trust

and it should be given a high priority. Aside from protectingand securing data by ensuring both security and privacy, it isalso important to maintain a high level of accuracy of medicalrobotics operations, to avoid errors that may lead to unneces-sary loss of life. In addition, lightweight security mechanismsare required for authentication and encryption to ensure a safetransmission of real-time medical data, especially for resource-constrained smart healthcare devices. This requires ensuringthe right trade-off between IoMT’s system performance, andsecurity and privacy mechanisms.

In the following, we list the main recommendations towardssecuring IoMT systems and data.

22

Fig. 11: Modern IDS Classification Based on 5 Factors: Architecture, Locality, Reaction-Response, Decision Class& Detection Methods.

23

Fig. 12: Existing Cryptographic Algorithms

Fig. 13: Existing Authentication Cryptographic Protocol Techniques

A. Lightweight Cryptographic Algorithms

In general, security is based on cryptographic algorithms(see Fig. 12) to ensure data confidentiality, integrity andavailability, with source authentication, and non-repudiation.However, implementing security and privacy countermeasuresintroduces an overhead, which is considered high for sometype of IoMT devices. Many related works were presentedtowards reducing the required latency and resources for thesecountermeasures. In some scenarios, medical data must beexchanged in real-time, without any delay, such is the case oflive monitoring and exchanging surveillance data. Moreover,the existing algorithms would quickly drain the battery lifeof small medical sensors, or small endpoints within IoMT.To address this issue, the cryptographic algorithms proposedin [97]-[112] rely on a dynamic structure instead of the typicalstatic structure, whereby the cipher primitives change for eachnew input message, and thus, they require a small number ofrounds to achieve the required security level, which wouldrequire multiple rounds in a static structure. In [113], the

technique meets the expected requirements and ensures a highlevel of security that is both essential and mandatory for IoMT.

B. Lightweight Authentication Protocols

A survey on the existing authentication protocols for IoMTis presented in [142], [158], [47], and typically, such protocolsuse cryptographic algorithms as a basic element. This includesa hash function (with or without key), as well as symmetric andasymmetric cryptographic algorithms (see Fig. 13). Designingan efficient cryptographic algorithm for IoMT would lead toreducing the required latency and resources of the correspond-ing computation. Also, it is important to reduce the requirednumber of exchanged messages, and the size of the messagesin the authentication step.

C. Layered Security Architecture

The security layers in IoMT, as shown in TABLE XII,should consist of three main layers:

24

TABLE XII: Recommended Security Layers & Components

Accuracy Layer

Trust Sub-layer

• Accurate Medical Applications• Least Error Prone• Patients Trust• Trusted Medical Device/Equipment• Certified Authority• Trusted Third Party

Prevention Layer

Authentication Sub-layer

• User/Device Authentication:• Multi-factor Authentication• Physical Protection• Strong and Variable Password

• Source Authentication and Message Integrity• Access Control

Privacy Sub-layer

• Patients Privacy• Anonymity (Pseudonymity)• Proxies VPN• Preserving Privacy at Cloud (Differential Privacy, Secret Sharing, Homomorphic Encryption)

Data Confidentiality Sub-layer • Encryption Algorithm

Defensive Layer

Detection Sub-layer

• Intrusion Detection Systems (Anti-malware)• SIEM• Honeypots• Data System Integrity

Correction Sub-layer

• Intrusion Prevention Systems• Firewalls• Data Backup• Alternative Devices and Configuration

1) Accuracy Layer: Accuracy of medical operations andtasks heavily relies on ensuring a three-way mutual trustthat is set between medical staff (nurses and doctors) andmedical applications and operations, medical staff andpatients, patients and applications and operations.

• Trust Sub-Layer: it requires the adoption of themost accurate medical applications, which must behighly accurate in a real-time manner, with zerotolerance to errors. Moreover, digital medical de-vices and equipment must also be verified through acertified authority, which may or may not be linkedto a trusted third party.

2) Prevention Layer is required to prevent any attack fromwithin the organization, and to reduce the likelihoodof any remote attack to disclose the patients’ medicaldata. This requires establishing the right authentication,privacy and confidentiality mechanisms.

• Authentication Sub-Layer requires establishing amulti-factor authentication that relies on a stronglydynamic and variable password, and on a biometrictechnique that is unique for each patient, whichmakes any attempt to breach into patients’ data ex-tremely difficult. This can also be applied to medicalstaff to establish the right access control mechanismby establishing the least privilege per employee’srole. Moreover, user/device authentication must beestablished to ensure a physical protection whenusing medical applications to prevent any physicaltampering. Finally, source authentication and mes-sage integrity must be established by relying ona certified authority between the hospital and the

patient.• Privacy Sub-Layer requires taking into consid-

eration patients’ privacy as a high priority. Thisrequires allowing patients to adopt anonymity andpseudonymity, by ensuring that they use a well-established private connection (Proxies and VPN)when being linked to medical websites or appli-cations. Moreover, medical IT staff must rely onprivacy preserving data mining techniques based oncloud and fog computing, aside the adoption of tra-ditional privacy preserving data mining techniquessuch as differential privacy (Signal-to-Noise), secretsharing [114], and homomorphic encryption.

• Data Confidentiality Sub-Layer must be main-tained at all times to guard against passive attacks.This requires the adoption of lightweight crypto-graphic algorithms, as well as relying on quantumcryptography to protect high-value assets.

3) Defensive Layer: to maintain a secure e-health environ-ment, early detection measurements are required beforeany corrective measures are established.

• Detection Sub-Layer requires establishing and em-ploying the most advanced up-to-date anti-malwareand anti-viruses, along AI-based solutions linkedto dynamic and hybrid Intrusion Detection Sys-tems Security Information and Event Management(SIEM), and dynamic honeypots. This will ensurean early and highly accurate detection rate.

• Correction Sub-Layer must be maintained as thesecond line-of-defense to mitigate and overcomesecurity attacks. This includes an enhanced dynamic

25

Intrusion Prevention Systems, dynamic and nextgeneration firewalls, while ensuring a secure andverified data backup, with alternative devices beingavailable for necessary computational requirements.

VII. CONCLUSIONS

Despite its advantages, IoMT is prone to a variety ofattacks, issues and challenges that mainly target the privacyof patients and the confidentiality, integrity and availability ofmedical services. In this paper, we presented and discussedthe main problems, challenges and drawbacks facing IoMT,along with the different security measures that can be imple-mented to safeguard and secure the IoMT domains and theirassociated assets, which include medical devices, systems, andmedical CPSs. Moreover, different frameworks, taxonomiesand approaches were presented to ensure a more enhanced androbust IoMT, and improve the patients’ health and experience.Furthermore, it is important to secure the different wirelesscommunication protocols that the IoMT relies on. Finally, itis essential to maintain a high level of security, privacy, trustand accuracy. Hence, it is highly essential and recommendedto train medical and IT staff so that they do not fall victimsto physical or/and cyber-attacks. As a summary, the aim ofis paper is to tighten the ties between different technicalsolutions and non-technical solutions to ensure a much moresophisticated, secure and efficient system in all IoMT domains.

ACKNOWLEDGMENT

This work was made possible by NPRP Grant no. 10-1205-160012 from the Qatar National Research Fund, a member ofthe Qatar Foundation. The statements made herein are solelythe responsibility of the authors.

REFERENCES

[1] 10 pieces of medical equipment all hospitalsneed. https://www.futurehealthconcepts.com/blog/posts/10-pieces-of-medical-equipment-all-hospitals-need.html, June 2017.

[2] Biomedical equipment list - medshare. https://www.medshare.org/biomedical-equipment/, 2019.

[3] Tathagata Adhikary, Amrita Deb Jana, Arindam Chakrabarty, andSaikat Kumar Jana. The internet of things (iot) augmentation inhealthcare: An application analytics. In International Conference onIntelligent Computing and Communication Technologies, pages 576–583. Springer, 2019.

[4] Anthony GA Aggidis, Jeffrey D Newman, and George A Aggidis.Investigating pipeline and state of the art blood glucose biosensorsto formulate next steps. Biosensors and Bioelectronics, 74:243–262,2015.

[5] P Agrawal. Artificial intelligence in drug discovery and development.Journal of Pharmacovigilance, 6:1–2, 2018.

[6] Muzhir Shaban Al-Ani and Maha Abd Rajab. Biometrics hand geom-etry using discrete cosine transform (dct). Science and Technology,3(4):112–117, 2013.

[7] Wi-Fi Alliance. Wi-fi certified wi-fi direct. White paper, 2010.[8] Dmitri Alperovitch et al. Revealed: operation shady RAT, volume 3.

McAfee, 2011.[9] Kevin Anderson, Oksana Burford, and Lynne Emmerton. Mobile health

apps to facilitate self-care: a qualitative study of user experiences. PLoSOne, 11(5):e0156164, 2016.

[10] M Anirudh, S Arul Thileeban, and Daniel Jeswin Nallathambi. Useof honeypots for mitigating dos attacks targeted on iot networks. InComputer, Communication and Signal Processing (ICCCSP), 2017International Conference on, pages 1–4. IEEE, 2017.

[11] Z Esat Ankaralı, A Fatih Demir, Marwa Qaraqe, Qammer H Abbasi,Erchin Serpedin, Huseyin Arslan, and Richard D Gitlin. Physicallayer security for wireless implantable medical devices. In ComputerAided Modelling and Design of Communication Links and Networks(CAMAD), 2015 IEEE 20th International Workshop on, pages 144–147.IEEE, 2015.

[12] Roland Asmar. Validation of the automatic blood pressure measure-ments device, the omron evolv (hem-7600 te)® in pregnancy accordingto the modified european society of hypertension international protocol(esh-ip). 2017.

[13] Luis Ayala. Active medical device cyber-attacks. In Cybersecurity forHospitals and Healthcare Facilities, pages 19–37. Springer, 2016.

[14] Amin Azmoodeh, Ali Dehghantanha, Mauro Conti, and Kim-Kwang Raymond Choo. Detecting crypto-ransomware in iot networksbased on energy consumption footprint. Journal of Ambient Intelligenceand Humanized Computing, 9(4):1141–1152, Aug 2018.

[15] Pete Bagnall, R Briscoe, and Alan Poppitt. Taxonomy of communi-cation requirements for large-scale multicast applications. Technicalreport, 1999.

[16] Zubair A Baig and Abdul-Raoof Amoudi. An analysis of smart gridattacks and countermeasures. Journal of Communications, 8(8):473–479, 2013.

[17] David Balaban. Ransomware and the internet of things | cy-ber defense magazine. https://www.cyberdefensemagazine.com/ransomware-and-the-internet-of-things/, September 2019. (Accessedon 11/13/2019).

[18] Ekaterina Balandina, Sergey Balandin, Yevgeni Koucheryavy, andDmitry Mouromtsev. Iot use cases in healthcare and tourism. InBusiness Informatics (CBI), 2015 IEEE 17th Conference on, volume 2,pages 37–44. IEEE, 2015.

[19] Steve Balian, Shaun K McGovern, Benjamin S Abella, Audrey LBlewer, and Marion Leary. Feasibility of an augmented realitycardiopulmonary resuscitation training system for health care providers.Heliyon, 5(8):e02205, 2019.

[20] William Robert Bandy, Brian Glenn Jamieson, Kevin James Powell,Kenneth Edward Salsman, Robert Charles Schober, John Weitzner, andMichael R Arneson. Ingestible endoscopic optical scanning device,September 10 2013. US Patent 8,529,441.

[21] Ryan A Beasley. Medical robots: current systems and researchdirections. Journal of Robotics, 2012, 2012.

[22] Mihir Bellare and Tadayoshi Kohno. Hash function balance andits impact on birthday attacks. In International Conference on theTheory and Applications of Cryptographic Techniques, pages 401–418.Springer, 2004.

[23] Elisa Bertino and Nayeem Islam. Botnets and internet of thingssecurity. Computer, (2):76–79, 2017.

[24] Pravin Bhagwat. Bluetooth: technology for short-range wireless apps.IEEE Internet Computing, 5(3):96–103, 2001.

[25] John D Birkmeyer, Therese A Stukel, Andrea E Siewers, Philip PGoodney, David E Wennberg, and F Lee Lucas. Surgeon volumeand operative mortality in the united states. New England Journalof Medicine, 349(22):2117–2127, 2003.

[26] Mitko Bogdanoski, Tomislav Suminoski, and Aleksandar Risteski.Analysis of the syn flood dos attack. International Journal of ComputerNetwork and Information Security (IJCNIS), 5(8):1–11, 2013.

[27] Anna Challoner and Gheorghe H Popescu. Intelligent sensing tech-nology, smart healthcare services, and internet of medical things-baseddiagnosis. American Journal of Medical Research, 6(1):13–18, 2019.

[28] Vikram Chandrasekhar, Jeffrey G Andrews, and Alan Gatherer. Femto-cell networks: a survey. IEEE Communications magazine, 46(9), 2008.

[29] Tien-Ho Chen and Wei-Kuan Shih. A robust mutual authenticationprotocol for wireless sensor networks. ETRI journal, 32(5):704–712,2010.

[30] Jung-Sik Cho, Sang-Soo Yeo, and Sung Kwon Kim. Securing againstbrute-force attack: A hash-based rfid mutual authentication protocolusing a secret value. Computer communications, 34(3):391–397, 2011.

[31] David D Clark, Scott Shenker, and Lixia Zhang. Supporting real-timeapplications in an integrated services packet network: Architecture andmechanism. In ACM SIGCOMM Computer Communication Review,volume 22, pages 14–26. ACM, 1992.

[32] George W Clark, Michael V Doran, and Todd R Andel. Cybersecurityissues in robotics. In Cognitive and Computational Aspects of SituationManagement (CogSIMA), 2017 IEEE Conference on, pages 1–5. IEEE,2017.

[33] John Clark and Jeremy Jacob. Attacking authentication protocols. HighIntegrity Systems, 1:465–474, 1996.

26

[34] David D Coleman and David A Westcott. Cwna: certified wirelessnetwork administrator official study guide: exam Pw0-105. John Wiley& Sons, 2012.

[35] Evan Cooke, Farnam Jahanian, and Danny McPherson. The zombieroundup: Understanding, detecting, and disrupting botnets. SRUTI, 5:6–6, 2005.

[36] Andrei Costin and Jonas Zaddach. Iot malware: Comprehensive survey,analysis framework and case studies. BlackHat USA, 2018.

[37] National Research Council et al. The role of human factors in homehealth care: Workshop summary. National Academies Press, 2010.

[38] Peter Cullin and Thomas Bergdahl. A telecare system, June 13 2019.US Patent App. 16/310,127.

[39] J. Deogirikar and A. Vidhate. Security attacks in iot: A survey. In 2017International Conference on I-SMAC (IoT in Social, Mobile, Analyticsand Cloud) (I-SMAC), pages 32–37, Feb 2017.

[40] Jean-Francois Dhem, Francois Koeune, Philippe-Alexandre Leroux,Patrick Mestré, Jean-Jacques Quisquater, and Jean-Louis Willems.A practical implementation of the timing attack. In InternationalConference on Smart Card Research and Advanced Applications, pages167–182. Springer, 1998.

[41] Ben Dickson. The iot ransomware threat is more serious than youthink – iot security foundation. https://www.iotsecurityfoundation.org/the-iot-ransomware-threat-is-more-serious-than-you-think/.

[42] Klaus Doppler, Mika Rinne, Carl Wijting, Cássio B Ribeiro, and KlausHugl. Device-to-device communication as an underlay to lte-advancednetworks. IEEE Communications Magazine, 47(12), 2009.

[43] Mandy Douglas, Karen Bailey, Mark Leeney, and Kevin Curran. Anoverview of steganography techniques applied to the protection ofbiometric data. Multimedia Tools and Applications, 77(13):17333–17373, 2018.

[44] Seamus Dowling, Michael Schukat, and Hugh Melvin. A zigbeehoneypot to assess iot cyberattack behaviour. In Signals and SystemsConference (ISSC), 2017 28th Irish, pages 1–6. IEEE, 2017.

[45] Sam Edwards and Ioannis Profetis. Hajime: Analysis of a decentralizedinternet worm for iot devices. Rapidity Networks, 16, 2016.

[46] Nicolas Falliere, Liam O Murchu, and Eric Chien. W32. stuxnetdossier. White paper, Symantec Corp., Security Response, 5(6):29,2011.

[47] Mohamed Amine Ferrag, Leandros A Maglaras, Helge Janicke, JianminJiang, and Lei Shu. Authentication protocols for internet of things: acomprehensive survey. Security and Communication Networks, 2017,2017.

[48] Jossy P George. Development of efficient biometric recognitionalgorithms based on fingerprint and face. PhD thesis, Christ University,2012.

[49] Prosanta Gope, Tzonelih Hwang, et al. A realistic lightweight anony-mous authentication protocol for securing real-time application dataaccess in wireless sensor networks. IEEE Trans. Industrial Electronics,63(11):7124–7132, 2016.

[50] Kanika Grover, Alvin Lim, and Qing Yang. Jamming and anti-jammingtechniques in wireless networks: a survey. International Journal of AdHoc and Ubiquitous Computing, 17(4):197–215, 2014.

[51] Lukas Grunwald. New attacks against rfid-systems. GmbH Germany,2006.

[52] Leila A Haidari, Shawn T Brown, Marie Ferguson, Emily Bancroft,Marie Spiker, Allen Wilcox, Ramya Ambikapathi, Vidya Sampath,Diana L Connor, and Bruce Y Lee. The economic and operationalvalue of using drones to transport vaccines. Vaccine, 34(34):4062–4067, 2016.

[53] Daniel Halperin, Thomas S Heydt-Benjamin, Benjamin Ransford,Shane S Clark, Benessa Defend, Will Morgan, Kevin Fu, TadayoshiKohno, and William H Maisel. Pacemakers and implantable cardiacdefibrillators: Software radio attacks and zero-power defenses. InSecurity and Privacy, 2008. SP 2008. IEEE Symposium on, pages 129–142. IEEE, 2008.

[54] Harshita Harshita. Detection and prevention of icmp flood ddos attack.International Journal of New Technology and Research, 3(3), 2017.

[55] Moeen Hassanalieragh, Alex Page, Tolga Soyata, Gaurav Sharma,Mehmet Aktas, Gonzalo Mateos, Burak Kantarci, and Silvana An-dreescu. Health monitoring and management using internet-of-things(iot) sensing with cloud-based processing: Opportunities and chal-lenges. In 2015 IEEE international conference on services computing(SCC), pages 285–292. IEEE, 2015.

[56] Daojing He, Sammy Chan, and Mohsen Guizani. Drone-assisted publicsafety networks: The security aspect. IEEE Communications Magazine,55(8):218–223, 2017.

[57] Daojing He, Yi Gao, Sammy Chan, Chun Chen, and Jiajun Bu. Anenhanced two-factor user authentication scheme in wireless sensornetworks. Ad hoc & sensor wireless networks, 10(4):361–371, 2010.

[58] Shivayogi Hiremath, Geng Yang, and Kunal Mankodiya. Wearableinternet of things: Concept, architectural components and promisesfor person-centered healthcare. In 2014 4th International Confer-ence on Wireless Mobile Communication and Healthcare-TransformingHealthcare Through Innovations in Mobile and Wireless Technologies(MOBIHEALTH), pages 304–307. IEEE, 2014.

[59] Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. Cyber-physical systems security—a survey. IEEE Internet of Things Journal,4(6):1802–1831, 2017.

[60] Kevin Hung, Yuan-Ting Zhang, and B Tai. Wearable medical devicesfor tele-home healthcare. In The 26th Annual International Conferenceof the IEEE Engineering in Medicine and Biology Society, volume 2,pages 5384–5387. IEEE, 2004.

[61] Jackie Hunter. Adopting ai is essential for a sustainable pharmaindustry. Drug Discov. World, pages 69–71, 2016.

[62] Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, andCalton Pu. Reverse social engineering attacks in online social networks.In International conference on detection of intrusions and malware, andvulnerability assessment, pages 55–74. Springer, 2011.

[63] Anil K Jain and Ajay Kumar. Biometric recognition: an overview. InSecond generation biometrics: The ethical, legal and social context,pages 49–79. Springer, 2012.

[64] Anil K Jain, Arun Ross, and Salil Prabhakar. An introduction tobiometric recognition. IEEE Transactions on circuits and systems forvideo technology, 14(1):4–20, 2004.

[65] Fei Jiang, Yong Jiang, Hui Zhi, Yi Dong, Hao Li, Sufeng Ma, YilongWang, Qiang Dong, Haipeng Shen, and Yongjun Wang. Artificialintelligence in healthcare: past, present and future. Stroke and vascularneurology, 2(4):230–243, 2017.

[66] Nolan Jones and JD Sherry. System and method for authenticating auser using a graphical password, January 1 2013. US Patent 8,347,103.

[67] James BD Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A gen-eralized temporal role-based access control model. IEEE Transactionson Knowledge and Data Engineering, 17(1):4–23, 2005.

[68] Georgios Kambourakis, Constantinos Kolias, and Angelos Stavrou. Themirai botnet and the iot zombie armies. In MILCOM 2017-2017IEEE Military Communications Conference (MILCOM), pages 267–272. IEEE, 2017.

[69] Minhee Kang, Eunkyoung Park, Baek Hwan Cho, and Kyu-Sung Lee.Recent patient health monitoring platforms incorporating internet ofthings-enabled smart devices. International neurourology journal,22(Suppl 2):S76, 2018.

[70] Seungjin Kang, Hyunyoung Baek, Eunja Jung, Hee Hwang, andSooyoung Yoo. Survey on the demand for adoption of internet of things(iot)-based services in hospitals: Investigation of nurses’ perception ina tertiary university hospital. Applied Nursing Research, 47:18–23,2019.

[71] Stanislav V Kasl and Sidney Cobb. Health behavior, illness behaviorand sick role behavior: I. health and illness behavior. Archives ofEnvironmental Health: An International Journal, 12(2):246–266, 1966.

[72] Kevin Kelly. Better than human: Why robots will—and must—takeour jobs. Wired. http://www. wired. com/2012/12/ff-robots-will-take-our-jobs/(Accessed 4 August 2014.), 2012.

[73] Jiye Kim, Donghoon Lee, Woongryul Jeon, Youngsook Lee, andDongho Won. Security analysis and improvements of two-factormutual authentication with key agreement in wireless sensor networks.Sensors, 14(4):6443–6462, 2014.

[74] Asimina Kiourti, Konstantinos A Psathas, and Konstantina S Nikita.Implantable and ingestible medical devices with wireless telemetryfunctionalities: A review of current status and challenges. Bioelec-tromagnetics, 35(1):1–15, 2014.

[75] Ovunc Kocabas, Tolga Soyata, and Mehmet K Aktas. Emergingsecurity mechanisms for medical cyber physical systems. IEEE/ACMtransactions on computational biology and bioinformatics, 13(3):401–416, 2016.

[76] Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, andJeffrey Voas. Ddos in the iot: Mirai and other botnets. Computer,50(7):80–84, 2017.

[77] Olli Komulainen. Heart rate monitor, December 11 2001. US PatentApp. 29/131,645.

[78] Hatice Ceylan Koydemir and Aydogan Ozcan. Wearable and im-plantable sensors for biomedical applications. Annual Review ofAnalytical Chemistry, 11:127–146, 2018.

27

[79] Elliot Krames. Implantable devices for pain control: spinal cordstimulation and intrathecal therapies. Best Practice & Research ClinicalAnaesthesiology, 16(4):619–649, 2002.

[80] Sumanta Kuila, Namrata Dhanda, Subhankar Joardar, Sarmistha Neogy,and Jayanta Kuila. A generic survey on medical big data analysisusing internet of things. In First International Conference on ArtificialIntelligence and Cognitive Computing, pages 265–276. Springer, 2019.

[81] J Sathish Kumar and Dhiren R Patel. A survey on internet ofthings: Security and privacy issues. International Journal of ComputerApplications, 90(11), 2014.

[82] Pardeep Kumar, Amlan Jyoti Choudhury, Mangal Sain, Sang-Gon Lee,and Hoon-Jae Lee. Ruasn: a robust user authentication framework forwireless sensor networks. Sensors, 11(5):5020–5046, 2011.

[83] Pardeep Kumar and Hoon-Jae Lee. Security issues in healthcareapplications using wireless medical sensor networks: A survey. sensors,12(1):55–91, 2012.

[84] Quang Duy La, Tony QS Quek, and Jemin Lee. A game theoretic modelfor enabling honeypots in iot networks. In Communications (ICC),2016 IEEE International Conference on, pages 1–6. IEEE, 2016.

[85] Younghwa Lee and Kenneth A Kozar. Investigating factors affectingthe adoption of anti-spyware systems. Communications of the ACM,48(8):72–77, 2005.

[86] Chun-Ta Li, Chi-Yao Weng, and Cheng-Chi Lee. An advancedtemporal credential-based security scheme with mutual authenticationand key agreement for wireless sensor networks. Sensors, 13(8):9589–9603, 2013.

[87] Ming Li and Russell H Taylor. Spatial motion constraints in medicalrobot using virtual fixtures generated by anatomy. In Robotics andAutomation, 2004. Proceedings. ICRA’04. 2004 IEEE InternationalConference on, volume 2, pages 1270–1275. IEEE, 2004.

[88] Xinyue Liu, Christoph Steiger, Shaoting Lin, German Alberto Parada,Ji Liu, Hon Fai Chan, Hyunwoo Yuk, Nhi V Phan, Joy Collins,Siddartha Tamang, et al. Ingestible hydrogel device. Nature com-munications, 10, 2019.

[89] Yao Liu, Peng Ning, and Michael K Reiter. False data injection attacksagainst state estimation in electric power grids. ACM Transactions onInformation and System Security (TISSEC), 14(1):13, 2011.

[90] Henri Lorach, Ryad Benosman, Olivier Marre, Sio-Hoi Ieng, José ASahel, and Serge Picaud. Artificial retina: the multichannel processingof the mammalian retina achieved with a neuromorphic asynchronouslight acquisition device. Journal of neural engineering, 9(6):066004,2012.

[91] Tongbo Luo, Zhaoyan Xu, Xing Jin, Yanhui Jia, and Xin Ouyang.Iotcandyjar: Towards an intelligent-interaction honeypot for iot devices.Black Hat, 2017.

[92] Paul Marrow, Manolis Koubarakis, Rolf-Hendrik van Lengen,F Valverde-Albacete, Erwin Bonsma, Jesús Cid-Suerio, Anıbal RFigueiras-Vidal, Ascensión Gallardo-Antolín, Cefn Hoile, TheodorosKoutris, et al. Agents in decentralised information ecosystems: thediet approach. 2001.

[93] Daniel R Marshall. Swallowable data recorder capsule medical device,October 14 2003. US Patent 6,632,175.

[94] Colin J McCarthy and Raul N Uppot. Advances in virtual andaugmented reality—exploring the role in health-care education. Journalof Radiology Nursing, 2019.

[95] Sophie McFarland, Anne Coufopolous, and Deborah Lycett. The effectof telehealth versus usual care for home-care patients with long-termconditions: A systematic review, meta-analysis and qualitative synthe-sis. Journal of Telemedicine and Telecare, page 1357633X19862956,2019.

[96] Emma McMahon, Ryan Williams, Malaka El, Sagar Samtani, MarkPatton, and Hsinchun Chen. Assessing medical device vulnerabilitieson the internet of things. In 2017 IEEE International Conferenceon Intelligence and Security Informatics (ISI), pages 176–178. IEEE,2017.

[97] R. Melki, H. N. Noura, M. M. Mansour, and A. Chehab. An efficientofdm-based encryption scheme using a dynamic key approach. IEEEInternet of Things Journal, pages 1–1, 2018.

[98] David Mills et al. Network time protocol. Technical report, RFC 958,M/A-COM Linkabit, 1985.

[99] Jelena Milosevic, Nicolas Sklavos, and Konstantina Koutsikou. Mal-ware in iot software and hardware. 2016.

[100] Robert Mitchell and Ing-Ray Chen. A survey of intrusion detectiontechniques for cyber-physical systems. ACM Computing Surveys(CSUR), 46(4):55, 2014.

[101] Rim Moalla, Houda Labiod, Brigitte Lonc, and Noemie Simoni. Riskanalysis study of its communication architecture. In Network of the

Future (NOF), 2012 Third International Conference on the, pages 1–5. IEEE, 2012.

[102] Brendan William Munzer, Mohammad Mairaj Khan, Barbara Shipman,and Prashant Mahajan. Augmented reality in emergency medicine: Ascoping review. Journal of medical Internet research, 21(4):e12368,2019.

[103] Cherilyn G Murer. Protecting patient privacy. Public Law, 104:191,2002.

[104] S Muthurajkumar, M Vijayalakshmi, and A Kannan. Intelligenttemporal role based access control for data storage in cloud database.In Advanced Computing (ICoAC), 2014 Sixth International Conferenceon, pages 184–188. IEEE, 2014.

[105] Alan Naditz. Telemedicine named one of space race’s top techbreakthroughs. Telemedicine and e-Health, 15(8):735–736, 2009.

[106] Junghyun Nam, Juryon Paik, H-K Kang, Ung Mo Kim, and DonghoWon. An off-line dictionary attack on a simple three-party keyexchange protocol. IEEE Communications Letters, 13(3):205–207,2009.

[107] Arvind Narayanan and Vitaly Shmatikov. Fast dictionary attacks onpasswords using time-space tradeoff. In Proceedings of the 12th ACMconference on Computer and communications security, pages 364–372.ACM, 2005.

[108] JA Nijboer, JC Dorlas, and J Lubbers. The difference in blood pressurebetween upper arm and finger during physical exercise. ClinicalPhysiology, 8(5):501–510, 1988.

[109] Kurt Nimmo. Will stuxnet malware be used in false flag attack.Infowars.com, 2010.

[110] H. Noura, R. Couturier, C. Pham, and A. Chehab. Lightweight streamcipher scheme for resource-constrained iot devices. In 2019 Interna-tional Conference on Wireless and Mobile Computing, Networking andCommunications (WiMob), pages 1–8, Oct 2019.

[111] Hassan Noura, Ali Chehab, and Raphael Couturier. Lightweightdynamic key-dependent and flexible cipher scheme for iot devices.In 2019 IEEE Wireless Communications and Networking Conference(WCNC), pages 1–8. IEEE, 2019.

[112] Hassan Noura, Ali Chehab, Mohamad Noura, Raphaël Couturier, andMohammad M Mansour. Lightweight, dynamic and efficient imageencryption scheme. Multimedia Tools and Applications, 78(12):16527–16561, 2019.

[113] Hassan Noura, Ali Chehab, Lama Sleem, Mohamad Noura, RaphaëlCouturier, and Mohammad M Mansour. One round cipher algorithmfor multimedia iot devices. Multimedia Tools and Applications, pages1–31, 2018.

[114] Hassan Noura, Ola Salman, Ali Chehab, and Raphael Couturier. Pre-serving data security in distributed fog computing. Ad Hoc Networks,94:101937, 2019.

[115] Hassan Noura, Lama Sleem, Mohamad Noura, Mohammad M Man-sour, Ali Chehab, and Raphaël Couturier. A new efficient lightweightand secure image cipher scheme. Multimedia Tools and Applications,77(12):15457–15484, 2018.

[116] Hassan N Noura, Ali Chehab, and Raphael Couturier. Efficient &secure cipher scheme with dynamic key-dependent mode of operation.Signal Processing: Image Communication, 78:448–464, 2019.

[117] Hassan N Noura, Reem Melki, Ali Chehab, and Mohammad MMansour. A physical encryption scheme for low-power wireless m2mdevices: a dynamic key approach. Mobile Networks and Applications,24(2):447–463, 2019.

[118] Hassan N Noura, Ola Salman, Ali Chehab, and Raphaël Couturier.Distlog: A distributed logging scheme for iot forensics. Ad HocNetworks, page 102061, 2019.

[119] Jason RC Nurse, Arnau Erola, Ioannis Agrafiotis, Michael Goldsmith,and Sadie Creese. Smart insiders: exploring the threat from insidersusing the internet-of-things. In 2015 International Workshop on SecureInternet of Things (SIoT), pages 5–14. IEEE, 2015.

[120] Sejong Oh and Seog Park. Task–role-based access control model.Information systems, 28(6):533–562, 2003.

[121] Lucila Ohno-Machado, Paulo Sérgio Panse Silveira, and Staal Vinterbo.Protecting patient privacy by quantifiable control of disclosures indisseminated databases. International Journal of Medical Informatics,73(7-8):599–606, 2004.

[122] Zhibo Pang, Geng Yang, Ridha Khedri, and Yuan-Ting Zhang. Intro-duction to the special section: convergence of automation technology,biomedical engineering, and health informatics toward the healthcare4.0. IEEE Reviews in Biomedical Engineering, 11:249–259, 2018.

[123] Steffen Clarence Pauws, Mohammad Hossein Nassabi, Linda Schertzer,Tine Smits, Jorn OP DEN BUIJS, and Patrick William Van Deursen.

28

Personal emergency response system with predictive emergency dis-patch risk assessment, May 4 2017. US Patent App. 15/317,440.

[124] Steven R Peabody. System containing location-based personal emer-gency response device, February 14 2012. US Patent 8,116,724.

[125] Lora Perry and Robert Malkin. Effectiveness of medical equipmentdonations to improve health systems: how much medical equipment isbroken in the developing world?, 2011.

[126] Andrea Peterson. Yes, terrorists could have hacked dick cheney’s heart.Washington Post, 2013.

[127] Mary Beth Pinto and Arpan Yagnik. Fit for life: A content analysisof fitness tracker brands use of facebook in social media marketing.Journal of Brand Management, 24(1):49–67, 2017.

[128] Gilles Piret and Jean-Jacques Quisquater. A differential fault attacktechnique against spn structures, with application to the aes and khazad.In International workshop on cryptographic hardware and embeddedsystems, pages 77–88. Springer, 2003.

[129] Carmen CY Poon, Yuan-Ting Zhang, and Shu-Di Bao. A novelbiometrics method to secure wireless body area sensor networksfor telemedicine and m-health. IEEE Communications Magazine,44(4):73–81, 2006.

[130] Alejandro Proano and Loukas Lazos. Selective jamming attacksin wireless networks. In 2010 IEEE International Conference onCommunications, pages 1–6. IEEE, 2010.

[131] Aaron Pulver, Ran Wei, and Clay Mann. Locating aed enabled medicaldrones to enhance cardiac arrest response times. Prehospital EmergencyCare, 20(3):378–389, 2016.

[132] Md Ashfaqur Rahman and Hamed Mohsenian-Rad. False data injectionattacks with incomplete information against smart power grids. InGlobal Communications Conference (GLOBECOM), 2012 IEEE, pages3153–3158. Citeseer, 2012.

[133] Indrakshi Ray and Manachai Toahchoodee. A spatio-temporal role-based access control model. In IFIP Annual Conference on Data andApplications Security and Privacy, pages 211–226. Springer, 2007.

[134] Jacob Rosen and Blake Hannaford. Doc at a distance. IEEE spectrum,43(10):34–39, 2006.

[135] Michael Rushanan, Aviel D Rubin, Denis Foo Kune, and Colleen MSwanson. Sok: Security and privacy in implantable medical devicesand body area networks. In 2014 IEEE Symposium on Security andPrivacy (SP), pages 524–539. IEEE, 2014.

[136] Nazish Saeed, Mirfa Manzoor, and Pouria Khosravi. An exploration ofusability issues in telecare monitoring systems and possible solutions:a systematic literature review. Disability and Rehabilitation: AssistiveTechnology, pages 1–11, 2019.

[137] Fendy Santoso and Stephen J Redmond. Indoor location-aware medicalsystems for smart homecare and telehealth monitoring: state-of-the-art.Physiological measurement, 36(10):R53, 2015.

[138] Patrick Schaumont. Fault attacks on embedded software: Threats,design, and mitigation.

[139] Robert M Seepers, Jos H Weber, Zekeriya Erkin, Ioannis Sourdis, andChristos Strydis. Secure key-exchange protocol for implants usingheartbeats. In Proceedings of the ACM International Conference onComputing Frontiers, pages 119–126. ACM, 2016.

[140] D Senie and P Ferguson. Network ingress filtering: Defeating denialof service attacks which employ ip source address spoofing. Network,1998.

[141] Joyce Sensmeier. Harnessing the power of artificial intelligence.Nursing management, 48(11):14–19, 2017.

[142] Dylan Sey. A survey on authentication methods for the internet ofthings. PeerJ Preprints, 6:e26474v1, 2018.

[143] Pratik Shah, Francis Kendall, Sean Khozin, Ryan Goosen, Jianying Hu,Jason Laramie, Michael Ringel, and Nicholas Schork. Artificial intel-ligence and machine learning in clinical development: a translationalperspective. NPJ digital medicine, 2(1):69, 2019.

[144] Yogendra C Shah, Andreas Schmidt, Vinod K Choyi, Lakshmi Subra-manian, and Andreas Leicher. Multi-factor authentication to achieverequired authentication assurance level, March 24 2016. US PatentApp. 14/786,688.

[145] Yuquan Shan, George Kesidis, Daniel Fleck, and Angelos Stavrou.Preliminary study of fission defenses against low-volume dos attacks onproxied multiserver systems. In 2017 12th International Conference onMalicious and Unwanted Software (MALWARE), pages 67–74. IEEE,2017.

[146] Junggab Son, Donghyun Kim, Rasheed Hussain, Alade Tokuta, Sung-Sik Kwon, and Jung-Taek Seo. Privacy aware incentive mechanismto collect mobile data while preventing duplication. In MilitaryCommunications Conference, MILCOM 2015-2015 IEEE, pages 1242–1247. IEEE, 2015.

[147] Sarah Spiekermann. Ethical IT innovation: A value-based systemdesign approach. Auerbach Publications, 2015.

[148] Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert,Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, andGiovanni Vigna. Your botnet is my botnet: analysis of a botnettakeover. In Proceedings of the 16th ACM conference on Computerand communications security, pages 635–647. ACM, 2009.

[149] Rohit Suvarna, Sushant Kawatkar, and Dhanamma Jagli. Internet ofmedical things [iomt]. International Journal, 4(6), 2016.

[150] Melanie Swan. Sensor mania! the internet of things, wearable comput-ing, objective metrics, and the quantified self 2.0. Journal of Sensorand Actuator Networks, 1(3):217–253, 2012.

[151] Ruhma Tahir, Huosheng Hu, Dongbing Gu, Klaus McDonald-Maier,and Gareth Howells. Resilience against brute force and rainbow tableattacks using strong icmetrics session key pairs. In Communications,Signal Processing, and their Applications (ICCSPA), 2013 1st Interna-tional Conference on, pages 1–6. IEEE, 2013.

[152] Chee-Wooi Ten, Govindarasu Manimaran, and Chen-Ching Liu. Cy-bersecurity for critical infrastructures: Attack and defense modeling.IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systemsand Humans, 40(4):853–865, 2010.

[153] Nicolas P Terry. Protecting patient privacy in the age of big data.UMKC L. Rev., 81:385, 2012.

[154] Christoph Thuemmler and Chunxue Bai. Health 4.0: How virtualiza-tion and big data are revolutionizing healthcare. Springer, 2017.

[155] Shannon L Toohey, Alisa Wray, Warren Wiechmann, Michelle Lin, andMegan Boysen-Osborn. Ten tips for engaging the millennial learnerand moving an emergency medicine residency curriculum into the 21stcentury. Western Journal of Emergency Medicine, 17(3):337, 2016.

[156] Bao Tran. Personal emergency response (per) system, September 102013. US Patent 8,531,291.

[157] Joseph Tran, Rosanna Tran, and John R White. Smartphone-basedglucose monitors and applications in the management of diabetes: anoverview of 10 salient “apps” and a novel smartphone-connected bloodglucose monitor. Clinical Diabetes, 30(4):173–178, 2012.

[158] Michal Trnka, Tomas Cerny, and Nathaniel Stickney. Survey ofauthentication and authorization for the internet of things. Securityand Communication Networks, 2018, 2018.

[159] Allan Turner, Kenneth Glantz, and Julie Gall. A practitioner-researcherpartnership to develop and deliver operational value of threat, riskand vulnerability assessment training to meet the requirements ofemergency responders. Journal of Homeland Security and EmergencyManagement, 10(1):319–332, 2013.

[160] Sana Ullah, Henry Higgins, Bart Braem, Benoit Latre, Chris Blondia,Ingrid Moerman, Shahnaz Saleem, Ziaur Rahman, and Kyung SupKwak. A comprehensive survey of wireless body area networks.Journal of medical systems, 36(3):1065–1094, 2012.

[161] Satish Vadlamani, Burak Eksioglu, Hugh Medal, and Apurba Nandi.Jamming attacks on wireless networks: A taxonomic survey. Interna-tional Journal of Production Economics, 172:76–94, 2016.

[162] Daan J Van De Velde, Niels O Schiller, Claartje C Levelt, Vincent JVan Heuven, Mieke Beers, Jeroen J Briaire, and Johan HM Frijns.Prosody perception and production by children with cochlear implants.Journal of child language, 46(1):111–141, 2019.

[163] K Venkatasubramanian and SKS Gupta. Security in distributed,grid, mobile, and pervasive computing, chapter security solutions forpervasive healthcare, 2007.

[164] Krishna K Venkatasubramanian, Ayan Banerjee, and Sandeep Kumar SGupta. Pska: Usable and secure key agreement scheme for bodyarea networks. IEEE Transactions on Information Technology inBiomedicine, 14(1):60–68, 2010.

[165] Ding Wang, Wenting Li, and Ping Wang. Measuring two-factorauthentication schemes for real-time data access in industrial wirelesssensor networks. IEEE Transactions on Industrial Informatics, 2018.

[166] Huiyong Wang, Minglu Zhang, and Jingyang Wang. Design andimplementation of an emergency search and rescue system based onmobile robot and wsn. In Informatics in Control, Automation andRobotics (CAR), 2010 2nd International Asia Conference on, volume 1,pages 206–209. IEEE, 2010.

[167] Peng Wang and Lingyun Jiang. Task-role-based access control model insmart health-care system. In MATEC Web of Conferences, volume 22,page 01011. EDP Sciences, 2015.

[168] Robert Wang, Gordon Blackburn, Milind Desai, Dermot Phelan, LaurenGillinov, Penny Houghtaling, and Marc Gillinov. Accuracy of wrist-worn heart rate monitors. Jama cardiology, 2(1):104–106, 2017.

29

[169] Xiaojun Wang, Leroy White, Xu Chen, Yiwen Gao, He Li, andYan Luo. An empirical study of wearable technology acceptance inhealthcare. Industrial Management & Data Systems, 2015.

[170] Philipp Wex, Jochen Breuer, Albert Held, Tim Leinmuller, and LucaDelgrossi. Trust issues for vehicular ad hoc networks. In VehicularTechnology Conference, 2008. VTC Spring 2008. IEEE, pages 2800–2804. IEEE, 2008.

[171] John D Woodward Jr, Christopher Horn, Julius Gatune, and ArynThomas. Biometrics: A look at facial recognition. Technical report,RAND CORP SANTA MONICA CA, 2003.

[172] Wenyuan Xu, Timothy Wood, Wade Trappe, and Yanyong Zhang.Channel surfing and spatial retreats: defenses against wireless denial ofservice. In Proceedings of the 3rd ACM workshop on Wireless security,pages 80–89. ACM, 2004.

[173] Chun-Wei Yang, Tzonelih Hwang, and Tzu-Han Lin. Modificationattack on qsdc with authentication and the improvement. InternationalJournal of Theoretical Physics, 52(7):2230–2234, 2013.

[174] Ibrar Yaqoob, Ejaz Ahmed, Muhammad Habib ur Rehman, Abdelmut-tlib Ibrahim Abdalla Ahmed, Mohammed Ali Al-garadi, MuhammadImran, and Mohsen Guizani. The rise of ransomware and emergingsecurity challenges in the internet of things. Computer Networks,129:444–458, 2017.

[175] Feng Ye, Yi Qian, and Rose Q Hu. Energy efficient self-sustainingwireless neighborhood area network design for smart grid. IEEETransactions on Smart Grid, 6(1):220–229, 2015.

[176] Hsiu-Lien Yeh, Tien-Ho Chen, Pin-Chuan Liu, Tai-Hoo Kim, andHsin-Wen Wei. A secured authentication protocol for wireless sensornetworks using elliptic curves cryptography. Sensors, 11(5):4767–4779,2011.

[177] Bilgiday Yuce. Fault attacks on embedded software: New directions inmodeling, design, and mitigation. PhD thesis, Virginia Tech, 2018.

[178] Shelten Gee Jao Yuen, James Park, Atiyeh Ghoreyshi, and AnjianWu. User identification via motion and heartbeat waveform data,December 26 2017. US Patent 9,851,808.

[179] S. R. Zahra and M. Ahsan Chishti. Ransomware and internet of things:A new security nightmare. In 2019 9th International Conference onCloud Computing, Data Science Engineering (Confluence), pages 551–555, Jan 2019.

[180] Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio ToshioKawakani, and Sean Carlisto de Alvarenga. A survey of intrusiondetection in internet of things. Journal of Network and ComputerApplications, 84:25–37, 2017.

[181] Lei Zhang, Shui Yu, Di Wu, and Paul Watters. A survey on latestbotnet attack and defense. In Trust, Security and Privacy in Comput-ing and Communications (TrustCom), 2011 IEEE 10th InternationalConference on, pages 53–60. IEEE, 2011.

[182] Yanping Zhang, Yang Xiao, Kaveh Ghaboosi, Jingyuan Zhang, andHongmei Deng. A survey of cyber crimes. Security and Communica-tion Networks, 5(4):422–437, 2012.

[183] Alliance ZigBee. Zigbee-2006 specification. http://www. zigbee. org/,2006.