Short presentation about a gateway-based solution for medical data encryption and the Internet of Things. Paper presented at 12th IEEE International Conference on BioInformatics and BioEngineering

1. Enabling Data Protection
through PKI encryption
in IoT m-Health Devices
Charalampos Doukas, Ilias Maglogiannis, Vassiliki Koufi,
Flora Malamateniou, George Vassilacopoulos
S

2. Introduction

3. Introduction

4. Introduction

5. Introduction
S Emerging global information service architecture
S Providing Internet access to devices
S Sensors
S Actuators
S Collaboration of services and integration of information
between different resources

6. Introduction
S Great impact on healthcare:
S Patient context and status awareness
S Critical information retrieval (e.g., medical record)
S Smart actions:
S Recommendations for better living (nutrition, activity, etc.)
S Emergency care

7. Challenges
S Many:
S Interoperability
S Information retrieval from different resources
S Ethical
S Business models => different entities involved
S Security

8. Challenges
Securit
y
S Data encryption
S Limited resources for many sensor devices
S Proper authentication
S User authentication
S Device authentication
S Integrity, confidentiality, etc.

9. The presented work
S A prototype Cloud-based system, which complies with the
IoT concept
S Manages data collected by wearable – textile sensors
S Utilizes the IoT gateway notion
S Data encryption, user access control and secure
transmission
S PKI technology

10. Some Related Work
S Growing interest in the utilization of IoT-based systems in
a wide range of applications, including homecare
applications
S Most works address sensor, data collection and
networking issues
S Data encryption and confidentiality:
S Some solutions utilize hop-by-hop encrypted data
aggregation some end-to-end encrypted data aggregation
S Most works present proprietary and ‘closed’ sensor systems

11. PKI for IoT Devices
S Hop-by-hop encryption of data
S Secure hop-by-hop data aggregation protocol (SEDAN)
S What about intermediate nodes?
S hold decrypted sensor data
S Easy to tamper with
S This vulnerability can be addressed by end-to-end techniques
for data encryption
S A key is shared among all sensors and the system where
aggregated data are transmitted to

12. PKI for IoT Devices
S PKI (Public Key Encryption) constitutes an effective approach
to data encryption
S If one key is used to encrypt information, then only the related
key can decrypt that information
S In case the public key gets compromised, still it is not
computationally feasible to retrieve the private key

13. PKI for IoT Devices
S For IoT and Healthcare: S Main Challenge:
S Devices that generate patient- S Even the encryption process
related information can encrypt with the public key requires
data using a public key computational and memory
resources
S health monitoring applications
can use the private key to S Existing wireless sensor
decrypt the data technologies do not provide,
especially when frequent data
S Using also PKI digital transmission is required (e.g.,
certificates the proper heart signal transmission)
authentication of the devices S Typical sensor
can be achieved, in addition to microcontroller unit: 32MHz,
the secure data transmission. 512Kb memory

14. The Proposed Solution
S Introduction of IoT Gateways
S Have the computational resources (>1 GHz CPU,
>500MB RAM) to perform PKI
S Come with additional network interfaces
S Communication with wireless sensor networks
S No issues with power consumption
S Can be easily installed (similar to home routers)

15. The Proposed Solution
S Can also address an additional security issue for IoT devices:
registration of new sensor devices and key management
S When a new monitoring device is introduced, the device needs to
have access to the public key
S By using an IoT gateway key management is essential only for the
gateway device itself and not every sensor device connecting to
the latter
S The communication between the IoT gateway and the sensor
device can be secured using symmetric encryption (which is less
computational intensive than PKI)
S In addition, the gateway has the ability to receive a new key if
required since it is a central communication point always
connected to the Internet

16. The Proposed Solution
S Mainly of three components; the mobile and contextual
sensors, the IoT gateways and the Back-end
infrastructure

17. Mobile & Contextual Sensors
S Continuously or periodically sense data about the patient
status
S heart/pulse rate, temperature, etc.
S Patient context
S room temperature, air quality, lighting conditions, etc.
S Sensor Devices = MCUs + Analog/Digital Sensors +
Wireless Interfaces (ZigBee, Bluetooth, etc.)

18. IoT Gateways
S Computational devices
S RaspberryPi, Beagleboard, etc.
S Typical price range: 25$ - 150$
S Complete OS (Linux)
S Networking Interfaces
S WiFi or Ethernet (Communication to the Internet)
S ZigBee
S Bluetooth
S Zwave, RF, etc.

19. IoT Gateways
S Computational resources:
S Perform proper data encryption
S Authentication
S (PKI)
S Used for Data processing
S Sensor data filtering
S Data mining
S I/O ports
S Connecting wireless interfaces

20. IoT Gateways

21. Cloud (Back-end)
Infrastructure
S Convenient, on-demand network access to shared group
of configurable computing resources
S CPU
S Storage (Scalability)
S Services
S Pay as you go model
S Maintenance-free

22. Cloud (Back-end)
Infrastructure
S Suitable model for back-end infrastructures
S Support data management and visualization of IoT m-
health devices
S Resources for PKI and key management

23. System Overview
Cloud Infrastructure
Medical devices
Certificates
Public Key
Symmetrically
encrypted data

24. Initial System Evaluation
S Prototype implementation
S Wireless (Bluetooth) Pulse Oxymeter
S A contextual sensor (temp, humidity, air quality and light)
S An IoT Gateway
S A Cloud-back end system for data management

25. Initial System Evaluation
S Contextual sensor
S Arduino microcontroller
S A digital temperature sensor
S A digital humidity sensor
S An analog light sensor
S An analog air quality sensor.
The Arduino can be connected to the home network of the user
either through Ethernet of WiFi network interfaces.

26. Initial System Evaluation
S The IoT gateway
S An open source, WiFi enabled gateway board properly modified to host
additional wireless interfaces (like Bluetooth and ZigBee)
S A Beagle board Linux board computer.
S The gateway board collects all information and forwards the
data to the Beagleboard using a serial interface.
S The Beagleboard runs a Python script that accepts data from
the UART interface and then applies PKI encryption using a
pre-stored public key (1024 bit key length).
S Then encrypted data are forwarded to a sample Cloud
application using a REST Web Service. The Cloud application
decrypts the data using the private key and presents sensor
data to users.

27. Initial System Evaluation
S Data (average sensor values) are transmitted in 1-minute
intervals
S The Python script that encrypts the data has been modified to
provide information about the time needed to encrypt the
sensor readings (total message length less than 100Kb).
S Respectively, the J2EE application on the Cloud has been
modified to present the time needed to decrypt the data before
presenting them to users.
S According to initial metrics, the total encryption process adds a
24.5% overhead in the total transmission time (about 800msec)
and less than 1 second overhead in data decryption.
S The latter overhead is acceptable in both cases for mobile
health applications.

28. Conclusion
S The Internet of Things can lead to more accurate and
instant diagnosis of health incidents
S Data protection is also weak since
S sensor devices lack the resources for anonymity, proper
authentication and data encryption
S In this paper we presented the conceptual design and
prototype implementation of a system based on IoT
gateways that aggregate health sensor data and resolve
security issues through digital certificates and PKI data
encryption

29. Conclusion
S The IoT gateway can both resolve sensor communication
interoperability issues and provide a less vulnerable
mean for securely authenticating to services and sending
patient data
S Future work:
S extended evaluation of the system with more sensors
S in a real environment
S private key management and access control should be
further investigated.