A Service-Oriented Medical Framework for Fast and Adaptive Information Delivery in Mobile Environment

The need for fast treatment of patients in critical conditions motivates the use of mobile devices to provide prompt and consistent communication between hospitals and physicians. We propose a framework that supports ubiquitous access to medical systems using personalized mobile services and integrated medical systems. The proposed service-oriented medical framework provides dynamically composed services that are adapted to contextual variables such as the user’s role, the network bandwidth, and resources available at mobile devices while supporting task allocation in distributed servers for massive resource-consuming services. It also manages accurate patient data by integrating local medical systems using medical information standards such as Digital Imaging and Communications in Medicine and Health Level 7. We have demonstrated the effectiveness of our framework by building a prototype of context-based adaptation of computerized tomography image retrieval for acute stroke treatments, which allows images to be viewed on mobile devices with WiMax wireless network. The proposed medical framework reduces hospital delays of patients and facilitates treatments in the absence of medical specialists.      

A trustworthy system for secure access to patient centric sensitive information

Smart technological innovations in healthcare are continuously generating digitized medical information about each patient, leading to the creation of Patient Centric Big Medical Data (PCBMD). Rapid adoption of PCBMD in healthcare ushers at the cost of its security and privacy concerns. Current methods focus on identifying authorized users who can access PCBMD but they barely identify the insider attackers. Alternatively, these methods do not prevent information leak by authorized users. Working towards this direction, this paper proposes a Trust based Access Control (TAC) system which not only identifies authorized users for PCBMD but also defends Sensitive Personal Information (SPI) of a patient from insider attacks. The proposed method calculates the trust value of each user by considering various quantitative parameters. Based on the calculated trust values, access rights are granted to each user such that SPI can be accessed by only highly trustworthy users. To implement access rights securely, a privacy scheme is also proposed. The experimental results show that the proposed security system can be efficiently used to protect the SPI of patients.     

On the Security of “Secure and Lightweight Authentication with Key Agreement for Smart Wearable Systems”

Over the years, the performance of devices used to gather sensitive medical information about individuals has increased substantially. These include implanted devices in the body, placed on or around the body, creating a Wireless body area network. Security and privacy have been a greater concern over a period of time due to the sensitive nature of the data collected and transmitted by the network. It has been noticed that various techniques have been applied to secure the data and provide privacy in WBANs but with a tradeoff of execution overhead. Although the latest available anonymous authentication schemes provide privacy and security but due to the limited computation capacity of WBAN devices, these schemes show greater time cost for authentication and consume more processing time. We review two latest anonymous authentication schemes for the WBAN environment in terms of computation cost. These two schemes provide anonymous authentication and use encryption to secure the data and ensure privacy. Then we analyze a recent lightweight authentication scheme proposed for wearable devices which provides anonymity and privacy along with security with very low computation cost. This scheme uses hash functions in order to obtain authentication and anonymity and doesn’t use encryption in the authentication process. This scheme is not proposed for the WBAN environment, but it can be applied on the WBAN environment with necessary variations. The comparison of these available schemes shows clearly that the computation cost is considerably decreased by applying the latest authentication scheme in the WBAN environment. We propose a new authentication scheme for the WBAN environment based on the light-weight scheme proposed for wearable devices. The detailed analysis shows that our proposed scheme minimizes the computation cost and maintains the privacy and security along with anonymous authentication.

     

A Fog Assisted Cyber-Physical Framework for Identifying and Preventing Coronary Heart Disease

Coronary Heart Disease (CHD) is the most common cardiovascular disease which has the highest mortality rate in developing countries. To predict and prevent the risk of CHD in its early stages from remote sites, real time monitoring and analysis of an individual’s health statistics is required. Cloud based cyber-physical systems facilitate the alliance of devices in the physical world i.e. cameras, sensors and Geographical Positioning System devices with cyber world to generate the required information. Then it uses cyber world to analyze and share medical information along with localization data with healthcare service providers. Moreover, with the ability to transmit intensive information anytime and anywhere, this technological revolution has raised the level of effective healthcare deliverance. With these aspects, cloud based cyber-physical localization system is proposed to identify the risk level of CHD using adaptive neuro fuzzy inference system at an early stage. The users who are in the middle or high risk category will be monitored continuously to keep track of their electrocardiogram (ECG) readings. In case of any abnormality in ECG readings, an alert will be immediately sent to the user’s mobile phone as well as to the healthcare service providers or professionals to take immediate or necessary action on time for patient’s wellness. It also provides preventive measures and medication according to the risk category of the user. The experimental results reveal that the proposed system efficiently and effectively classifies the risk of CHD as well as utilizes minimum response time in generation of alerts on the basis of ECG readings.     

Cloud support for large scale e-healthcare systems

Rapid development of wearable devices and mobile cloud computing technologies has led to new opportunities for large scale e-healthcare systems. In these systems, individuals’ health information are remotely detected using wearable sensors and forwarded through wireless devices to a dedicated computing system for processing and evaluation where a set of specialists namely, hospitals, healthcare agencies and physicians will take care of such health information. Real-time or semi-real time health information are used for online monitoring of patients at home. This in fact enables the doctors and specialists to provide immediate medical treatments. Large scale e-healthcare systems aim at extending the monitoring coverage from individuals to include a crowd of people who live in communities, cities, or even up to a whole country. In this paper, we propose a large scale e-healthcare monitoring system that targets a crowd of individuals in a wide geographical area. The system is efficiently integrating many emerging technologies such as mobile computing, edge computing, wearable sensors, cloud computing, big data techniques, and decision support systems. It can offer remote monitoring of patients anytime and anywhere in a timely manner. The system also features some unique functions that are of great importance for patients’ health as well as for societies, cities, and countries. These unique features are characterized by taking long-term, proactive, and intelligent decisions for expected risks that might arise by detecting abnormal health patterns shown after analyzing huge amounts of patients’ data. Furthermore, it is using a set of supportive information to enhance the decision support system outcome. A rigorous set of evaluation experiments are conducted and presented to validate the efficiency of the proposed model. The obtained results show that the proposed model is scalable by handling a large number of monitored individuals with minimal overhead. Moreover, exploiting the cloud-based system reduces both the resources consumption and the delay overhead for each individual patient.     

An efficient anonymous authentication and confidentiality preservation schemes for secure communications in wireless body area networks

Wireless body area network (WBAN) is utilized in various healthcare applications due to its ability to provide suitable medical services by exchanging the biological data between the patient and doctor through a network of implantable or wearable medical sensors connected in the patients’ body. The collected data are communicated to the medical personals through open wireless channels. Nevertheless, due to the open wireless nature of communication channels, WBAN is susceptible to security attacks by malicious users. For that reason, secure anonymous authentication and confidentiality preservation schemes are essential in WBAN. Authentication and confidentiality play a significant role while transfers, medical images securely across the network. Since medical images contain highly sensitive information, those images should be transferred securely from the patients to the doctor and vice versa. The proposed anonymous authentication technique helps to ensure the legitimacy of the patient and doctors without disclosing their privacy. Even though various cryptographic encryption techniques such as AES and DES are available to provide confidentiality, the key size and the key sharing are the main problems to provide a worthy level of security. Hence, an efficient affine cipher-based encryption technique is proposed in this paper to offer a high level of confidentiality with smaller key size compared to existing encryption techniques. The security strength of the proposed work against various harmful security attacks is proven in security analysis section to ensure that it provides better security. The storage cost, communication cost and computational cost of the proposed scheme are demonstrated in the performance analysis section elaborately. In connection to this, the computational complexity of the proposed scheme is reduced around 29% compared to the existing scheme.

     

A novel codification scheme based on the "VITAL" and "DICOM" Standards for telemedicine applications

The field of interest discussed in this study is a novel codification scheme for (vital signs) medical device communication and patient monitoring data interchange, into the context of effective home care service provisioning. With medical technology having developed in isolation and major manufacturers developing their own proprietary communication protocols, which preclude connection to devices from different manufacturers, and with healthcare trends having evolved, pointing to primary care, telecare and home care monitoring, there is an increasing need for technical standardization in healthcare environments and the development of protocols that enable communication in a structured and open way. In this study, a novel codification scheme has been developed, based on two healthcare informatics standards, the VITAL and DICOM Sup. 30, in addressing the robust interchange of waveform and medical data for a home care application. Based on this scheme, we created a real-time facility, consisting of a base unit and a telemedicine (mobile) unit, that enables home telemonitoring, by installing the telemedicine unit at the patient's home while the base unit remains at the physician's office or hospital. The system allows the transmission of vital biosignals (3-lead ECG, pulse rate, blood pressure and SpO2) of the patient. This paper presents an object-oriented design with unified modeling language (UML) of a class hierarchy for exchanging the acquired medical data and performing alert management, and investigates the applicability of the proposed scheme into a commercial patient-connected medical device, thus addressing service and functionality requirements with focus on home-care applications. The system has been validated for technical performance over several telecommunication means and for clinical validity via real patient-involved pilot trials.     

基于PBAC模型和IBE的医疗数据访问控制方案

医疗卫生领域形成的医疗大数据中包含了大量的个人隐私信息,面临着外部攻击和内部泄密的潜在安全隐患。传统的访问控制模型没有考虑用户访问目的在侧重数据隐私的访问控制中的重要作用,现有的对称、非对称加密技术又都存在密钥管理、证书管理复杂的问题。针对这些问题,提出了综合应用PBAC模型和IBE加密技术的访问控制方案,支持针对医疗数据密文的灵活访问控制。通过加入条件目的概念对PBAC模型进行扩展,实现了对目的树的全覆盖;以病患ID、条件访问位和预期目的作为IBE身份公钥进行病患数据加密,只有通过认证并且访问目的符合预期的用户才能获得相应的私钥和加密数据,从而实现对病患信息的访问。实验结果证明,该方案达到了细粒度访问控制和隐私保护的目的,并具有较好的性能。     

A unified multimedia database system to support telemedicine

A unified approach to managing multimedia medical databases in a telemedicine system is proposed. In order to manage, search, and display patient information more efficiently, we define a patient information package (PIP) as a concise data set of a patient's medical information from each visit. By means of PIPs, both patient-oriented and problem-oriented query strategies, which are most frequently used in daily clinical practice and medical education, can be accommodated. We also provide a unified methodology for accessing various types of patient medical records as well as design two types of user interfaces, high-quality data display and web-based interface, for different medical service purposes. The PIP-based management of databases has been successfully implemented between the National Taiwan University (NTUH), Taipei, and the Chinshan health care center, Chinshan, Taiwan, for teleconsultation, telediagnosis, and tele-education     

A secure ownership transfer protocol using EPCglobal Gen-2 RFID

Radio Frequency Identification (RFID) is a relatively new technology. In recent years, it has been shown to be convenient and feasible in many applications. However, there are security issues which need to be addressed. Due to the wireless transmission of the RFID system, malicious people can gain the information in the RFID tags, and the user’s privacy is invaded. Although there have been many protection methods proposed for RFID security, the system has remained vulnerable to various attacks. In this paper, we propose a conforming of the EPCglobal Class 1 Generation 2 standards RFID ownership transfer protocol with provable security. The proposed scheme can resist several attacks and ensure a secure transaction.     

Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain

Considering that it was difficult to share medical record data among different medical institutions in cloud storage,an electronic medical record data sharing scheme based on searchable encryption on blockchain was proposed.In order to realize the secure storage and sharing of electronic medical records in the scheme,the patient’s electronic medical record ciphertext was stored in the hospital server,the ciphertext hash value was stored in the private blockchain,and the keyword index was stored in the consortium blockchain.Searchable encryption was used to implement secure search of keywords in the consortium blockchain,and proxy re-encryption technology was used to realize the sharing of electronic medical records of patients by other data users.Security analysis shows that the proposed scheme can achieve ciphertext security and keyword security.Moreover,the performance of the scheme was analyzed by function analysis,computational efficiency analysis and numerical simulation.The performance analysis shows that the scheme can achieve high computational efficiency.     

支持条件身份匿名的云存储医疗数据轻量级完整性验证方案

医疗云存储服务是云计算技术的一个重要应用,同时外包医疗数据的完整性和用户的身份隐私保护已变得越来越重要。该文提出适用于无线医疗传感器网络的支持条件身份匿名的外包云存储医疗数据轻量级完整性验证方案。方案结合同态哈希函数设计了聚合签名,通过第三方审计者(TPA)对外包云存储医疗数据进行完整性验证,在TPA端存放审计辅助信息,利用同态哈希函数的同态性质将TPA端的计算优化为常量运算,大大降低了第三方审计者的计算开销,同时支持TPA对多个数据文件执行批量验证,其验证开销几乎是恒定的,与医疗数据文件的数量无关。方案有效防止了第三方审计者通过求解线性方程恢复原始医疗数据,并且设计了条件身份匿名算法,密钥生成中心(PKG)根据用户唯一标识的身份信息为用户生成匿名身份及对应的签名私钥。即使攻击者截获到用户传输的医疗数据,也无法获知拥有此数据的真实身份,有效避免了对公钥证书的复杂管理,同时使得密钥生成中心可以有效追踪医疗信息系统中具有恶意行为的用户。安全性分析与性能评估结果表明该方案能够安全高效地部署在云辅助无线医疗传感器网络。     

A Secure Crypto Base Authentication and Communication Suite in Wireless Body Area Network (WBAN) for IoT Applications

To monitor the functions of human body and their surroundings Wireless Body Area Network (WBAN) is used, which are based on low powered and light weight wireless sensors devices. WBAN highly supports numerous applications but this study will focus on the security of ubiquitous healthcare applications. In E-health research monitoring the critical data in terms of security has become a major challenge as WBAN deals with various threats day by day. Therefore the design of secure and reasonably resource optimal algorithms with a robust key generation and management scheme is today’s need. There must be only authorized user’s who can have access to patient related data; otherwise it can be exploited by anyone. This proposed study is aiming to formulate the two security suite for WBAN, which comprises on KBS keys, KAISC and Hash algorithm three improved versions of key management procedures and authentication procedure respectively. Firstly the KBS Keys and improved Hashing suite which is an independent and adaptive key management and authentication scheme for improving the security of WBANs will be used, and secondly KAISC will be used for inter-sensor communication and key management security scheme. All above mentioned procedures will be suitably blend with the encryption and decryption process which will securely send the patient’s critical data to the base station and further to the concerned doctor. The novelty of work is that the proposed methodology is not only simple but also advanced and much secured procedure of key generation and management that will be further validated by the performance analysis. This technique will be beneficial for the continuous monitoring of patient’s critical data in remote areas also.     

基于中国医用体域网频段的物理层方案设计及干扰分析

该文基于中国医疗体域网的专用频段提出了采用扩频的OQPSK调制方案,并在多种干扰的背景下进行分析,仿真结果表明该方案对宽带干扰具有较好的抑制性能,但是由于接收端帧检测算法虚警率较高而对窄带干扰较为敏感。为此提出基于两次延迟自相关的帧检测算法,并验证该算法对宽带和窄带干扰都有较好的抑制性能。该文的研究成果可以为我国无线体域网标准制定提供技术参考,目前该调制方案已被IEEE802.15.4n采纳。     

End-to-end privacy preserving scheme for IoT-based healthcare systems

Preserving patients’ privacy is one of the most important challenges in IoT-based healthcare systems. Although patient privacy has been widely addressed in previous work, there is a lack of a comprehensive end-to-end approach that simultaneously preserves the location and data privacy of patients assuming that system entities are untrusted. Most of the past researches assume that parts of this end-to-end system are trustworthy while privacy may be threatened by insider attacks. In this paper, we propose an end-to-end privacy preserving scheme for the patients assuming that all main entities of the healthcare system (including sensors, gateways, and application providers) are untrusted. The proposed scheme preserves end-to-end privacy against insider threats as well as external attacks concerning the resource restrictions of the sensors. This scheme provides mutual authentication between main entities while preserves patients’ anonymity. Only the allowed users can access the real identity of patients alongside their locations and their healthcare information. Informal security analysis and formal security verification of the proposed protocol in AVISPA show that it is secure against impersonation, replay, modification, and man-in-the-middle attacks. Moreover, performance assessments show that the proposed protocol provides more security services without considerable growth in the computation overhead of the sensors. Also, it is shown that the proposed protocol diminishes the signaling overhead of the sensors and so their energy consumption compared to the literature at the expense of adding a little more signaling overhead to the gateways.

     

并行化模糊测试研究综述

随着新一代网络信息技术的不断创新突破,软件从单机场景逐步扩展到移动终端、物联网设备、工业控制设备、云计算平台等新兴领域,推动了信息化基础设施建设的发展。然而,应用软件质量良莠不齐,给黑客组织提供了可乘之机。事件型漏洞和高危零日漏洞数量上升,如何高效准确地挖掘软件漏洞亟待解决。为实现漏洞的快速检测,模糊测试技术备受关注,它具有部署简单、自动化程度高、兼容性好等特点,能通过提供大量的输入样例实现对目标程序的脆弱性分析。现有的模糊测试通常在单处理器环境中执行,存在单个检测任务耗时长、计算资源利用率低、可持续能力差等缺陷。因此,并行化模糊测试一经提出便备受青睐。针对并行架构下的任务划分、数据存储、通信交互等问题,学术界和工业界对其展开了深入分析,并设计了一系列的实现方法。为此,系统地总结了当前模糊测试面临的挑战,概述了当前阶段模糊测试的并行化需求,着重比较分析了现存并行化模糊测试方案的优势和不足,并对高性能计算场景下并行化模糊测试的未来趋势进行了展望。     

A gait rehabilitation strategy inspired by an iterative learning algorithm

Robotic gait rehabilitation devices enable efficient and convenient gait rehabilitation by mimicking the functions of physical therapists. In manual gait rehabilitation training, physical therapists have patients practice and memorize normal gait patterns by applying assistive torque to the patient’s joint once the patient’s gait deviates from the normal gait. Thus, one of the most important factors in robotic gait rehabilitation devices is to determine the assistive torque to the patient’s joint during rehabilitation training. In this paper, the gait rehabilitation strategy inspired by an iterative learning algorithm is proposed, which uses the repetitive characteristic of gait motions. In the proposed strategy, the assistive joint torque in the current stride is calculated based on the information from previous strides. Simulation results and experimental results using an active knee orthosis are presented, which verify that the proposed strategy can be used to calculate appropriate assistive joint torque to excise the desired motions for rehabilitation.     

An enhanced anonymous and unlinkable user authentication and key agreement protocol for TMIS by utilization of ECC

The telecare medicine information systems (TMISs) not only help patients to receive incessant health care services but also assist the medical staffs to access patients' electronic health records anytime and from anywhere via Internet. Since the online communications are exposed to numerous security threats, the mutual authentication and key agreement between patients and the medical servers are of prime significance. During the recent years, various user authentication schemes have been suggested for the TMISs. Nonetheless, most of them are susceptible to some known attacks or have high computational cost. Newly, an effective remote user authentication and session key agreement protocol has been introduced by Ravanbakhsh and Nazari for health care systems. Besides the nice contributions of their work, we found that it has two security weaknesses, namely, known session‐specific temporary information attack and lack of perfect forward secrecy. As a result, to overcome these deficiencies, this paper suggests a novel anonymous and unlinkable user authentication and key agreement scheme for TMISs using the elliptic curve cryptosystem (ECC). We have evaluated the security of the proposed scheme by applying the automated validation of internet security protocols and applications (AVISPA) tool with the intention of indicating that our scheme can satisfy the vital security features. In addition, we have compared the proposed protocol with related schemes to show that it has a proper level of performance. The obtained results demonstrate that the new scheme is more preferable considering both efficiency and security criteria.