Machine Learning and Applied CryptographyView this Special Issue
Research Article | Open Access
Xucheng Huang, Shah Nazir, "Evaluating Security of Internet of Medical Things Using the Analytic Network Process Method", Security and Communication Networks, vol. 2020, Article ID 8829595, 14 pages, 2020. https://doi.org/10.1155/2020/8829595
Evaluating Security of Internet of Medical Things Using the Analytic Network Process Method
Internet of Medical Things (IoMT) plays an important role in healthcare. Different devices such as smart sensors, wearable devices, handheld, and many other devices are connected in a network in the form of Internet of Things (IoT) for the smooth running of communication in healthcare. Security of these devices in healthcare is important due to its nature of functionality and efficiency. An efficient and robust security system is in dire need to cope with the attacks, threats, and vulnerability. The security evaluation of IoMT is an issue since couple of years. Therefore, the aim of the proposed study is to evaluate the security of IoMT by using the analytic network (ANP) process. The proposed approach is applied using ISO/IEC 27002 (ISO 27002) standard and some other important features from the literature. The results of the proposed research demonstrate the effective IoMT components which can further be used as secure IoMT.
Internet of Things has several applications in the daily life and has made life very easy. From industry to education, healthcare, and other places, the IoT is mostly used. Internet of Medical Things is the advanced version of IoT which has a key role in healthcare. Devices such as wearable, handheld, sensors, actuator, and others are connected for communication through Internet. For the smooth communication of these devices, security is important to run in an effective and efficient way. Security is the protection from unauthorized access of illegal users. In healthcare, the devices are sometimes connected through heterogeneous environment with the support of different IoT devices. So, the security evaluation is important for them to ensure that the communication is safe and secure. IoMT plays an important role in remote exchange data processes. The IoT devices have limited capabilities due to low processing, tiny memory, and limited storage, so implementing security will be a challenging task. The security and privacy in IoMT devices are vital due to a number of reasons as IoMT devices are ubiquitous and their applications are employed in health. For this purpose, reinforcing a security mechanism is indispensable to cope with these attacks, vulnerabilities, and security and privacy challenges. Security can be one of the important factors for IoHT [1–6].
The existing research regarding the security of IoMT covers different aspects. However, there is a lack of knowledge that how to evaluate the security of IoMT based on security attributes and features. So, to overcome this limitation, the proposed research presents the ANP approach for the evaluation of security of IoMT in term of the ISO/IEC 27002 (ISO 27002) standard, and some other important features identified from the literature. The ANP method incorporates the criteria given for achieving the goal based on the available alternatives. This method helps in situation when complexity arises.
The organization of the paper is as follows: Section 2 presents the related work to the security evaluation of IoMT, along with the existing approaches for security evaluations are discussed. In Section 3, the research method is briefly described. Section 4 concludes the paper.
2. Related Work
Several approaches have been used by researchers for the evaluation security. The basic security requirements are defined in confidentiality, integrity, and availability (the CIA model) [7–12]. The IoMT devices are vulnerable to several threats of security, attacks, and vulnerabilities. IoMT devices suffer from enormous security threats due to low cost and power unlike traditional desktop and mobile devices. The malware can replicates itself by compromising the connection that links IoT devices . Different frameworks, models, reviews, surveys, and analysis pertaining to the security of IoT-based systems for security analysis are used. Frustaci et al.  evaluated IoT security issues at three different layers of IoT such as perception, transportation, and application. Leister et al.  evaluated the security of IoT in e-health by presenting a scenario-based framework. Alrawi et al.  proposed component-based analysis such as IoT device, mobile application, communication channel, and cloud end points for the home-based IoT system. Tekeoglu and Tosun  presented a layer-based packet capturing framework for investigating security and privacy of IoT devices. Cherneyshev and Hannay  evaluated IoT security by using two smart TVs against the multisurface attacks. Ali and Awad  assessed the security of IoT smart home in terms of vulnerability. Mazhelis and Tyrväinen  evaluated IoT platforms from application provider perspectives. Apart from these approaches, several other approaches are being available in the literature [21–24].
Similarly, mobile computing services can be used in IoT by using services of mobile phones and apps or through the M-Health care system. The M-Health contributes to the IoT by furnishing various services such as compactness, IP connectivity, consumption of low power, and security . Recently, many applications have been developed to deliver mobile-based services to the users in healthcare. The applications of smart phone enable the patients to know about their diseases after the analysis in the field of gynaecology and paediatrics .
The purpose of this section is to study the existing literature to know about the work done in the area of security evaluation. For this purpose, the popular libraries including ACM, IEEE, ScienceDirect, and Springer were searched. Different types of information were obtained, and the details are given in figures and tables in this section. Figure 1 shows the type of publication along with the total number of papers published in the ACM library.
Figure 2 shows the content type along with the total number of publications.
The purpose of searching different libraries was to know more about the research done in the area. For this purpose, the IEEE library was also searched. Figure 3 shows the type of publication along with the total number of papers published in the IEEE library.
Figure 4 shows the publication topic in the area along with the total number of papers published.
The library of ScienceDirect was also searched to know about the security-related work published in the area. Figure 5 shows the total number of publications in the given year in the ScienceDirect library.
Figure 6 shows the number of publications along with the type of publication.
Figure 7 shows the publication title along with the number of publications.
Finally, the library of Springer was searched for the detail information in the area. Figure 8 shows the number of publications with the type of publications in the Springer library.
Figure 9 shows the article topic along with the total number of publications.
3. Applications of the Analytic Network Process for Evaluating Security of Internet of Medical Things
The analytic network process has several applications in different areas [11, 24, 27–29]. The reason behind using this method was to evaluate the security of IoMT, as this method works very well in situation where complexity exists. In the proposed research work, the analytic network process approach is used for security evaluation of Internet of Medical Things. The ANP method incorporates the criteria given for achieving the goal based on the available alternatives. This method helps in situation when complexity arises. The method adopted the ISO standard of security along with the identified security features from the literature. The ANP method consists of three parts: (a) the goal, (b) criteria, and (c) alternatives. Details regarding the ANP can be found in ; however, the following are the main steps:(a)A particular phenomenon is to be divided into subparts(b)A qualitative scale of measure is applied while this can be converted into a quantitative scale between 1 and 9(c)The pairwise comparison is done for all the criteria along with alternatives(d)The relative importance is found by finding the principal eigenvalue and the related eigenvector of the comparison matrix(e)The consistency of matrix is measured
Priority vector “” is calculated as follows:
λmax is the major eigenvalue of the matrix “A,” and “” is its eigenvector. The value of “λ” is obtained by summing the column of the original matrix multiplied by the normalized EV. The principal EV is obtained by the sum of all “λ”.
The “consistency index (CI)” and “consistency random (CR)” of the pairwise comparison matrix are computed by the following equation:
The value of CR should be less than 0.1.
Figure 10 shows the goal, criteria, and alternatives of the proposed research.
Table 2 shows the list of selected attributes.
After selecting the attributes for security evaluation, these attributes were shared with the experts in the field. The reason of sharing was to gather appropriate score for each component with respect to the defined attribute. Assigning the score to the relevant attribute was based on the expertise of the expert. Table 3 shows the comparison with respect to IoMT1.
CR = 0.985.
Table 4 shows the comparison with respect to IoMT2.
CR = 0.994.
Table 5 shows the comparison with respect to IoMT3.
CR = 0.10.
Table 6 shows the comparison with respect to IoMT.
CR = 0.022.
The rest of the calculations for the remaining attributes to IoMT were done the same as Table 6. After pairwise comparisons, all the calculations were brought together into the weighted supermatrix for the purpose to convert it into the limit matrix for decision-making about security evaluation. Table 7 shows the weighted supermatrix.
The weighted matrix was converted into the limit matrix by taking the power of the weighted matrix. This process was done till all the elements of each row become the same. The reason was to make decision based on the limit matrix. Table 8 shows the limit matrix.
Based on the limit matrix, we conclude that IoMT1 is the most secure component followed by IoMT2 and then IoMT3. Figure 12 shows the ranking of IoMT components.
The Internet of Medical Things is considered to be a significant part of healthcare which plays an important role. Communication among different devices such as smart sensors, wearable devices, handheld, and many other devices are connected in a network is possible due to the success of Internet of Things. For efficient and smooth running of healthcare, the security of different devices connected is mandatory. An efficient and robust security system is in dire need to cope with the attacks, threats, and vulnerability. The security evaluation of IoMT is an issue since the last few years. The proposed study is an endeavor toward the evaluation of the security of IoMT and using the analytic network process. The approach is applied using the ISO/IEC 27002 (ISO 27002) standard with the collection of some other important features from the literature. The results of the proposed research demonstrate the effective IoMT components which can further be used as secure IoMT.
No data were used to support the study.
Conflicts of Interest
The authors declare no conflicts of interest regarding this paper.
- X. Zhou, W. Liang, K. I.-K Wang, H. Wang, L. T. Yang, and Q. Jin, “Deep learning enhanced human activity recognition for internet of healthcare things,” IEEE Internet of Things Journal, vol. 7, no. 7, pp. 6429–6438, 2020.
- J. J. Kang, “Systematic analysis of security implementation for internet of health things in mobile health networks,” in Data Science in Cybersecurity and Cyberthreat Intelligence, pp. 87–113, Springer, Cham, Switzerland, 2020.
- S. S. Rani, J. A. Alzubi, S. K. Lakshmanaprabu, D. Gupta, and R. Manikandan, “Optimal users based secure data transmission on the internet of healthcare things (IoHT) with lightweight block ciphers,” Multimedia Tools and Applications, 2019.
- M. Asif-Ur-Rahman, F. Afsana, M. Mahmud et al., “Toward a heterogeneous mist, fog, and cloud-based framework for the internet of healthcare things,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 4049–4062, 2019.
- J. J. P. C. Rodrigues, D. B. De Rezende Segundo, H. A. Junqueira et al., “Enabling technologies for the internet of health things,” IEEE Access, vol. 6, pp. 13129–13141, 2018.
- A. M. Elmisery, S. Rho, and D. Botvich, “A fog based middleware for automated compliance with OECD privacy principles in internet of healthcare things,” IEEE Access, vol. 4, pp. 8418–8441, 2016.
- S. Alam, M. M. R. Chowdhury, and J. Noll, “Interoperability of security-enabled internet of things,” Wireless Personal Communications, vol. 61, no. 3, pp. 567–586, 2011.
- A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, “Blockchain for IoT security and privacy: The case study of a smart home,” in Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom workshops), pp. 618–623, Kona, HI, USA, March 2017.
- R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of things (IoT) security: Current status, challenges and prospective measures,” in Proceedings of the 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 336–341, Tokyo, Japan, December 2015.
- A. W. Atamli and A. Martin, “Threat-based security analysis for the internet of things,” in Proceedings of the International Workshop on Secure Internet of Things, pp. 35–43, Wroclaw, Poland, September 2014.
- K. C. Park and D.-H. Shin, “Security assessment framework for IoT service,” Telecommunication Systems, vol. 64, no. 1, pp. 193–209, 2017.
- R. Diesch, M. Pfaff, and H. Krcmar, “A comprehensive model of information security factors for decision-makers,” Computers & Security, vol. 92, Article ID 101747, 2020.
- C. Hosmer, “IoT vulnerabilities,” in Defending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time, pp. 1–15, Apress, Berkeley, CA, USA, 2018.
- M. Frustaci, P. Pace, G. Aloi, and G. Fortino, “Evaluating critical security issues of the IoT world: Present and future challenges,” IEEE Internet of Things Journal, vol. 5, no. 4, pp. 2483–2495, 2017.
- W. Leister, M. Hamdi, H. Abie, and S. Poslad, “An evaluation framework for adaptive security for the iot in ehealth,” International Journal on Advances, vol. 17, 2014.
- O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose, “Sok: security evaluation of home-based iot deployments,” in Proceedings of the IEEE Symposium on Security and Privacy (SP), pp. 1362–1380, San Francisco, CA, USA, May 2019.
- A. Tekeoglu and A. Ş. Tosun, “An experimental framework for investigating security and privacy of IoT devices,” in Proceedings of the International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, pp. 63–83, Vancouver, BC, Canada, November 2017.
- M. Chernyshev and P. Hannay, Security Assessment of IoT Devices: The Case of Two Smart TVs, SRI Security Research Institute, Edith Cowan University, Perth, Australia, 2015.
- B. Ali and A. Awad, “Cyber and physical security vulnerability assessment for IoT-based smart homes,” Sensors, vol. 18, no. 3, p. 817, 2018.
- O. Mazhelis and P. Tyrväinen, “A framework for evaluating Internet-of-Things platforms: Application provider viewpoint,” in Proceedings of the IEEE World Forum on Internet of Things (WF-IoT), pp. 147–152, Seoul, Republic of Korea, March 2014.
- B. Liao, Y. Ali, S. Nazir, L. He, and H. U. Khan, “Security analysis of IoT devices by using mobile computing: A systematic literature review,” IEEE Access, vol. 8, pp. 120331–120350, 2020.
- M. Li, S. Nazir, H. U. Khan, S. Shahzad, and R. Amin, “Modelling features-based birthmarks for security of end-to-end communication system,” Security and Communication Networks, vol. 2020, Article ID 8852124, pp. 1–9, 2020.
- S. Nazir, S. Shahzad, S. Mahfooz, and M. N. Jan, “Fuzzy logic based decision support system for component security evaluation,” International Arab Journal of Information and Technology, vol. 15, pp. 1–9, 2015.
- S. Nazir, S. Shahzad, M. Nazir, and H. U. Rehman, “Evaluating security of software components using analytic network process,” in Proceedings of the 11th International Conference on Frontiers of Information Technology (FIT), pp. 183–188, Islamabad, Pakistan, 2013.
- S. H. Almotiri, M. A. Khan, and M. A. Alghamdi, “Mobile health (m-health) system in the context of IoT,” in Proceedings of the IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 39–42, Vienna, Austria, August 2016.
- Y. Karaca, M. Moonis, Y.-D. Zhang, and C. Gezgez, “Mobile cloud computing based stroke healthcare system,” International Journal of Information Management, vol. 45, pp. 250–261, 2019.
- S. Nazir, S. Shahzad, Z. Hussain, M. Iqbal, and A. Keerio, “Evaluating student grades using analytic network process,” Sindh University Research Journal (Science Series), vol. 47, pp. 1–5, 2015.
- S. Nazir, S. Anwar, S. A. Khan et al., “Software component selection based on quality criteria using the analytic network process,” Abstract and Applied Analysis, vol. 2014, pp. 1–12, 2014.
- S. Kheybari, F. M. Rezaie, and H. farazmand, “Analytic network process: An overview of applications,” Applied Mathematics and Computation, vol. 367, Article ID 124780, 2020.
- T. L. Saaty, “Relative measurement and its generalization in decision making why pairwise comparisons are central in mathematics for the measurement of intangible factors the analytic hierarchy/network process,” Revista de la Real Academia de Ciencias Exactas, Fisicas y Naturales. Serie A. Matematicas, vol. 102, no. 2, pp. 251–318, 2008.
- M. Ammar, G. Russello, and B. Crispo, “Internet of Things: A survey on the security of IoT frameworks,” Journal of Information Security and Applications, vol. 38, pp. 8–27, 2018.
- M. M. Hossain, M. Fotouhi, and R. Hasan, “Towards an analysis of security issues, challenges, and open problems in the internet of things,” in Proceedings of the IEEE World Congress on Services, pp. 21–28, NewYork, NY, USA, June 2015.
- H.-J. Kim, H.-S. Chang, J.-J. Suh, and T.-S. Shon, “A study on device security in IoT convergence,” in Proceedings of the International Conference on Industrial Engineering, Management Science and Application (ICIMSA), pp. 1–4, Jeju Island, Republic of Korea, May 2016.
- L. M. R. Tarouco, L. M. Bertholdo, L. Z. Granville et al., “Internet of things in healthcare: Interoperatibility and security issues,” in Proceedings of the IEEE International Conference on Communications (ICC), pp. 6121–6125, Ottawa, Canada, June 2012.
- I. Alqassem and D. Svetinovic, “A taxonomy of security and privacy requirements for the Internet of Things (IoT),” in Proceedings of the IEEE International Conference on Industrial Engineering and Engineering Management, pp. 1244–1248, Selangor, Malaysia, December 2014.
- T. Xu, J. B. Wendt, and M. Potkonjak, “Security of IoT systems: Design challenges and opportunities,” in Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 417–423, San Jose CA, USA, November 2014.
- M. A. Razzaq, S. H. Gill, M. A. Qureshi, and S. Ullah, “Security issues in the Internet of Things (IoT): A comprehensive study,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 8, no. 6, pp. 383–388, 2017.
- C. Lee, L. Zappaterra, K. Choi, and H.-A. Choi, “Securing smart home: Technologies, security challenges, and security requirements,” in Proceedings of the IEEE Conference on Communications and Network Security, pp. 67–72, San Francisco, CA, USA, October 2014.
- S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad, “Proposed security model and threat taxonomy for the Internet of Things (IoT),” in Proceedings of the International Conference on Network Security and Applications, pp. 420–429, Taganrog, Rostov Region, Russia, July 2010.
- B.-C. Chifor, I. Bica, V.-V. Patriciu, and F. Pop, “A security authorization scheme for smart home internet of things devices,” Future Generation Computer Systems, vol. 86, pp. 740–749, 2018.
- S. Hameed, F. I. Khan, and B. Hameed, “Understanding security requirements and challenges in Internet of Things (IoT): A review,” Journal of Computer Networks and Communications, vol. 2019, Article ID 9629381, 14 pages, 2019.
- A. Hinduja and M. Pandey, “An ANP-GRA-based evaluation model for security features of IoT systems,” in Intelligent Communication, Control and Devices, pp. 243–253, Springer, Berlin, Germany, 2020.
Copyright © 2020 Xucheng Huang and Shah Nazir. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.