Security Requirements of Internet of Things-Based Healthcare System: a Survey Study.

INTRODUCTION: Internet of Things (IoT), which provides smart services and remote monitoring across healthcare systems according to a set of interconnected networks and devices, is a revolutionary technology in this domain. Due to its nature to sensitive and confidential information of patients, ensuring security is a critical issue in the development of IoT-based healthcare system. AIM: Our purpose was to identify the features and concepts associated with security requirements of IoT in healthcare system.
METHODS: A survey study on security requirements of IoT in healthcare system was conducted. Four digital databases (Web of Science, Scopus, PubMed and IEEE) were searched from 2005 to September 2019. Moreover, we followed international standards and accredited guidelines containing security requirements in cyber space.
RESULTS: We identified two main groups of security requirements including cyber security and cyber resiliency. Cyber security requirements are divided into two parts: CIA Triad (three features) and non-CIA (seven features). Six major features for cyber resiliency requirements including reliability, safety, maintainability, survivability, performability and information security (cover CIA triad such as availability, confidentiality and integrity) were identified.
CONCLUSION: Both conventional (cyber security) and novel (cyber resiliency) requirements should be taken into consideration in order to achieve the trustworthiness level in IoT-based healthcare system.

INTRODUCTION

Internet of things (IoT) as an innovative paradigm was introduced by Kevin Ashton in 1999. This technology can connect a massive group of devices and objects to interact with each other without human intervention (1) Mobile, Analytics and Cloud. The main concept behind IoT is to emphasize the interconnection between reality and physical world via the Internet (2). IoT provides a wide range of applications such as transportation, agriculture, smart cities, emergency services and logistics for the demands of the modern life. Besides, healthcare sector is one of most attractive areas for the applications of IoT (1, 3). Remote patient monitoring, smart health, and Ambient Assisted Living (AAL), to name a few, are instances of IoT-based healthcare applications (4). The combination of IoT with medical equipment leads to the promotion of the quality of healthcare services and progress report of patient status for those who need constant and real-time medical monitoring and preventive interventions (5). IoT accelerate the early detection of diseases and support the process of diagnosis and treatment such as fitness programs, chronic diseases, and elderly care (3, 6).

With all the advantages, the application of IoT is along with the likelihood of new security attacks and vulnerabilities to healthcare systems. This is associated with the following reasons (7): (1) medical devices are mostly collecting and sharing sensitive patient data, (2) the nature of the IoT technology introduces complexity and incompatibility issues, (3) manufacturers of medical IoT devices do not pay attention to security features. Due to the aforementioned reasons, security issues related to confidentiality, integrity, and availability (CIA) are increasing.

Some of the IoT solutions in healthcare consist of the applications and devices monitoring and controlling patients’ vital signs. However, these solutions might be exposed to security risks, such as breaches of authentication, authorization and privacy (4, 7). Cyber security in healthcare domain has become a great concern. Hackers may take advantages of the weaknesses of devices and cause operational disruption to IoT system. More importantly, traditional security requirements of countermeasures for attacks are not applicable because of the constraints of medical devices including power consumption, scalability and interoperability. Therefore, medical IoT technologies should be trusted in terms of security, privacy, and reliability requirements (8). In order to prevent the data leakage of the healthcare sector, the “Health Insurance Portability and Accountability Act (HIPAA)” have provided physical and technical safeguards. However, these actions were not sufficient and stronger and newer security requirements, using resilient approach, should be applied (9, 10). Hence, there is a crucial need to identify security requirements for a better understanding and designing of a secure IoT-based healthcare architecture.

AIM

The purpose of this survey was to provide an overview of the features and concepts related to security requirements of IoT in a healthcare system.

METHODS

This study was a literature survey on IoT security requirements in healthcare system. We searched four major digital databases consisting of Web of Science, Scopus, PubMed and IEEE. Moreover, we conducted a manual search of accredited institutions containing security requirements in cyber space such as the International Organization for Standardization (ISO)/ the International Electrotechnical Commission (IEC)/ and the Institute of Electrical and Electronics Engineers (IEEE) 24765 (11, 12), National Institute of Standards and Technology (NIST) 800-160, and several popular security models and reports (13-18). The search terms included: “internet of things”, “internet of objects”, “ambient intelligence”, “ubiquitous computing”, “pervasive computing”, “heterogeneous sensor”, “cyber physical system”, “machine to machine communication”, security , cyber security, cyber resiliency, requirement, health, “healthcare”, “health care”, medical, medicine, “smart health”, “smart hospital”, e-health, and ehealth. On the basis of the research objective, inclusion and exclusion criteria were determined (Table 1).

Table 1.

Inclusion criteria and exclusion criteria for selection studies

I/E	Criteria	Explanation
Inclusion	Language type	Studies written in English
	Publication year	Studies published from 2005 up to September 2019
	Publication venue	-Digital search in electronic databases: studies published in peer-reviewed journals, and conferences -Manual search: international standards and guidelines
	Research scope	Studies related to security requirements and IoT in healthcare
Exclusion	Without full-text	The full-text of the study is not accessible.
	Non-related publication source	Publication source of the study is a book, editorial letter, commentary, short communication and poster.
	Wrong or non-related categorization	The study is misclassified, incomplete and unclear in terms of content and concept of security requirements.

RESULTS

This research study identified the main features and concepts related to IoT security requirements in healthcare and summarized them as shown in Table 2 and Table 3. According to Figure 1, overall, IoT security requirements are categorized into two main groups including cyber security and cyber resiliency. More information about IoT cyber security and cyber resiliency requirements are illustrated as follows.

Table 2.

Cyber security requirements for IoT-based healthcare

Cyber security requirements			Description
Features		References
CIA	Confidentiality	(3, 7, 9, 19, 21-34)	Confidentiality ensures that IoT system prohibits unauthorized entities (users and devices) from disclosing medical information (19, 20).
	Integrity	(3, 6, 7, 9, 19, 21-34, 36)	Integrity refers to data completeness and accuracy in entire lifecycle of system. Integrity ensures that patients’ medical data are not manipulated or removed or corrupted by adversary leading to mistaken diagnosis or wrong prescription (6, 35).
	Availability	(3, 6, 7, 9, 19, 21-25, 27-29, 31-33, 36)	Availability ensures that medical data and devices are accessible to authorized users when needed (23). It means the continuity of security services and prevention of any device failure and operational outage (37). In particular, during treatment process, when timely patients’ data should be available for physicians (6).
Non-CIA	Identification and authentication	(3, 6, 9, 19, 21, 23-26, 28-33, 40)	Identification guarantees the identity of all the entities (patients, doctors, devices, etc.) before permitting them to interact with the resources of the IoT system (30). Authentication is the process of confirming the identity of a person or device before using of the system resources (23). Devices and applications authentication can prove the interacting system is not an adversary and data shared in networks are legal (38, 39).
	Authorization (access control)	(3, 6, 9, 21, 23-26, 28-31, 33, 36, 40)	After user identity verification, access rights or privileges to resources should be determined so that different users can only access to the resources required based on their tasks (25). For example, a doctor should have more access to patient data than other health providers (40).
	Privacy	(3, 6, 7, 19, 21, 23, 26, 28-30, 32, 34)	Privacy means that secretes and personal data of patients should not be disclosed without the consent (6). IoT system should be in accordance with privacy policies allowing users to control their private data (35).
	Accountability	(22, 25, 29, 30, 34)	In health IoT system, accountability should ensure that the organization or individual are obliged to be answerable or responsible for their actions in case of theft or abnormal event (30, 35).
	Non-repudiation	(3, 9, 19, 21, 24-26, 29, 30)	Non-repudiation ensures that someone cannot deny an action that has already been done (3). In fact, it enables the users to prove occurrence or non-occurrence of an event (19).
	Auditing	(21, 23, 30, 34)	Auditing is the ability of a system to continuously track and monitor actions. In an IoT-based healthcare system, all user activities should be recorded in sequential orders such as login time to system and data modifying (21, 35).
	Data Freshness	(3, 6, 19, 21, 24, 30, 32, 33)	Data freshness means that data should be recent ensuring that no old messages are replayed (3). For example, doctor needs to know the current patients information about his Electrocardiography (ECG) (6).

Table 3.

Cyber resiliency requirements for IoT-based healthcare

Requirements cyber resiliency				Description
Features			References
	Reliability		(29, 33, 34)	Reliability is an important aspect of the IoT network when devices are data sensing, collecting and transmitting under any high risk environmental conditions (e.g., dust, walls, win, rain, heat, etc). Therefore, reliability refers to continuity of a service correctly in spite of heterogeneous networks, system failures and various environmental conditions (15, 42).
Maintainability	Modifiability		(28, 30)	The modifiability is the ability of IoT system to update and add new capabilities or modify existing capabilities during the design and implementation of a system (16).
	Reparability		(28, 30)	The reparability is the ability to detect and correct the system faults, and attempt to restore the system to the normal operational state (16).
	Configurability		(28, 30)	The configurability occurs when the system can adjust parameters for a set of procedures in a way that the system can function properly in different operational situations (16).
	Adaptability		(28, 30)	The adaptability means the system is enabled to quickly alter and perform correct function during phases of its designing and implementing under different operating circumstances (16).
	Autonomy (autonomic computing)	Self-healing	(3, 24, 28, 30)	The autonomy is that the IoT system is able to properly adapt itself under different operating conditions (16).The autonomic systems are known as self-managing systems which manage and control the processes themselves without human intervention through self-protecting, self-configuring, self-healing and self-optimizing (18, 43). More details about autonomy are defined as follows. Self-healing is the process in which a system is able to identify and detect medical devices’ failure. Next, system can repair and recover the components of software and hardware automatically without loss of data (18, 43). Self-optimizing is the process in which the system can improve the performance itself and promote quality of services, and optimize resources consumption (such as memory, bandwidth, and energy) autonomously (43, 44). Self-protecting is the process in which a system can protect itself against malicious attacks and threats and generate alarms in case of failures and suspicious events (43). Self-configuring is the process of installing, configuring and integrating the system automatically in order to eliminate flaws from a system, restore the system to define operational state in accordance with security policies (17, 18).
		Self-optimizing
		Self-protecting
		Self-configuring
	Safety		(28)	It refers to issues associated with functions and safety of devices, nodes and machines to augment safety of the entire IoT environment (45). This property ensures that the system will not fail if encountering disastrous damages during a specified period of time (17).
	Survivability		(3, 19, 24, 30)	Survivability requirements guarantee that the system still protects the IoT network and completes its mission in a timely manner if some devices or nodes are compromised and data are dropped intentionally, Fault tolerance is a subset of survivability that refers to the capability of a system to withstand faults so that machines or devices work in the mode of failures, natural disasters, attacks and threats (15, 19, 30).
	Performability		(24)	Performability is defined as a performance measure (such as speed, accuracy, or memory) of a system or component that performs its designated functions correctly within given constraint situations (17, 24). There are a range of acceptable values for performance attributes in any system, representing in the form of fuzzy quantity. Therefore, a metrics such as timeliness, precision, and accuracy can estimate and evaluate system performance. For instance, timeliness measures the time needed to complete the system task, especially in the real-time systems (16).

Figure 1.

Security requirements in cyber space (13)

Cyber security requirements

Cyber security requirements consist of a set of traditional security requirements ensuring security of patient, information, and system through two main parts: CIA Triad and non-CIA (Figure 1). Cyber security enables the users to prevent and protect IoT-based healthcare system against known threats and attacks (14). According to Table 2, CIA triad ensures the data security for IoT through confidentiality, integrity, and availability. Non-CIA is another part of cyber security requirements comprising seven main features including authentication, authorization, privacy, accountability, auditing and non-repudiation. The features and definitions related to cyber security requirements are summarized in Table 2.

Cyber resiliency requirements

Cyber resiliency (system resilience) has been addressed as complementary requirements for IoT-based healthcare system to defend against unknown, unpredictable, uncertain and unexpected threats (Figure 1). NIST standards have defined cyber resilient system as the potential to be prepared for unanticipated hazards, adapt to changing conditions, resist and recover quickly against deliberate and accidental attacks, or naturally occurring incidents (41). System resilience should ensure that a security scheme safeguards the network, device or information against any attack or destruction (19). As can be seen from Table 3, the features of cyber resiliency are divided into six main categories: reliability, maintainability, safety, survivability, performability and information security. It is worth to mention that cyber resiliency requirements overlap three cyber security aspects: availability, confidentiality and integrity (CIA traid) (Figure 1). The concepts of related to cyber resiliency requirements are illustrated in the Table 3.

DISCUSSION

Based on our analysis, it is noteworthy to mention that cyber security requirements are conventional requirements which only have protective and preventive tasks for healthcare IoT system, and are not responsive to most of the vulnerabilities and attacks. They may only be effective in protecting against known threats, while medical sensors and devices of IoT are embedded in uncontrolled and open environments with unknown and untrusted entities (46). Consequently, security issues and risks in healthcare systems are much more complicated than other industries. For example, patient information is extremely sensitive and confidential, and access to timely information is crucial in health care professions. (47). Due to greater capabilities, the security requirements in IoT system are shifting from cyber security approach to cyber resiliency approach which has features such as prevention, prediction, fault tolerance and autonomic computing, covering all threats and attacks either known or unknown (13, 41). As a result, security requirements with a resilient approach should be considered for the IoT-based healthcare architecture. A cyber resilient system is one aspect of the trustworthiness requirements and includes other security aspects such as security, reliability, privacy, and safety.

It is said that if IoT systems can meet both requirements of cyber resiliency and cyber security, these systems will reach the highest level of trustworthiness providing users with confident healthcare services, leading to pervasive acceptance of IoT technology. In this respect, Safavi et al. have described six significant features of cyber security requirements for IoT-based healthcare: confidentiality, authentication, integrity, authorization, availability, and non-repudiation (9). Moreover, MacDermott et al. have discussed that integrity and availability are indispensable security requirements for IoT (36). By contrast, Koutli et al. have proposed more security requirements for each layer of e-health IoT architecture including authentication, authorization, confidentiality, integrity, availability, privacy and trust management. More specifically, they have discussed the role of trust among IoT nodes which should ensure trustworthiness to detect malicious nodes in the network (23). Jaiswal et al. have considered both requirements based on cyber security and cyber resiliency, and have highlighted trustworthiness aspects for medical IoT devices (30). Almohri et al. have presented a trust model for all levels of medical IoT system including communication links, software, platform/hardware, and users (27). Mahmoud et al. have referred to IoT security concerns including privacy, confidentiality, authentication, access control, and trust management (48). Jaigirdar et al. believed that trustworthy requirements should be guaranteed in all layers of health IoT system (6). Similarly, Jaiswal et al. have remarked that trustworthiness is achieved by applying all identified security requirements (30). In fact, trustworthiness covers all security features like security, privacy, maintainability, reliability, performability, survivability, and safety (41).

A great part of cyber resiliency requirements is allocated to the features of maintainability, which suggests that, IoT system should be able to repair, modify faults, and configure in different operational situations. In this respect, Algarni et al., Islam et al., and Jaiswal et al. have highlighted the security features related to system maintainability (3, 27, 30). Besides, autonomic computing as a subset of maintainability is one of the crucial features for cyber resiliency requirements. Autonomic computing is also known as self-awareness playing an important role for self-managing activities in IoT-based healthcare systems, achieved through self-protecting, self-configuring, self-healing and self-optimizing (18). It is surprising that most of the studies regarding the IoT security in health industry have not addressed the safety aspects while safety requirements have a fundamental role in all assets of IoT system such as sensors, medical equipment and patients. However, according to NIST guideline, safety requirements protect against conditions leading to death, injury, failure or loss of equipment (41).

CONCLUSION

Recently, the healthcare sector has witnessed the development of a wide range of IoT devices and applications. These devices deal with vital and private information such as personal healthcare data and may be targeted by attackers. It is significant to identify the features and concepts of security requirements in healthcare IoT. In this study, we surveyed published studies on security requirements of IoT-based healthcare. The results of this study are expected to be useful for different communities such as researchers, information technology engineers, health providers, and policy makers concerned about IoT and healthcare technologies. This study makes motivation for performing furthermore research and designing a resilient IoT-based healthcare system.