Risk and compliance in IoT- health data propagation: a security-aware provenance based approach

Fariha Tasmin Jaigirdar, Carsten Rudolph, Chris Bain

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

8 Citations (Scopus)

Abstract

Data generated from various dynamic applications of Internet of Things (IoT) based healthcare technology is effectively used for decision-making, providing reliable and smart healthcare services to the elderly and patients with chronic diseases. Since these precious data are susceptible to various security attacks, continuous monitoring of the system's compliance and identification of security risks in IoT data propagation is essential through potentially several layers of applications. This paper pinpoints how security-aware data provenance graphs can support compliance checking and risk estimation by including sufficient information on security controls and other security-relevant evidence. Real-time analysis of these security evidence to enable a step-wise validation and providing the evidence of this validation to end-users is currently not possible with the available data. This paper analyzes the security concerns in different phases of data propagation in a designed IoT-health scenario and promotes step-wise validation of security evidence. It proposes a system model with a novel protocol that documents and verifies evidence for security controls for data-object relations in data provenance graphs to assist compliance checking of security regulation of healthcare systems. With this regard, this paper discusses the proposed system model design with the requirements for technical safeguards of the Health Insurance Portability and Accountability Act (HIPAA). Based on the verification output at each phase, the proposed protocol reports this chain of verification by creating certain security tokens. Finally, the paper provides a formal security validation and security design analysis to show the applicability of this step-wise validation within the proposed system model.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE International Conference on Digital Health, ICDH 2021
EditorsSheikh Iqbal Ahamed, Nimanthi Atukorala, Carl K. Chang, Ernesto Damiani, Giuseppe De Pietro, Lin Liu, Zhongjie Wang, Jia Zhang, Farhana Zulkernine
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages27-37
Number of pages11
ISBN (Electronic)9781665416856
ISBN (Print)9781665416863
DOIs
Publication statusPublished - Sept 2021
EventIEEE International Conference on Digital Health 2021 - Online, United States of America
Duration: 5 Sept 202110 Sept 2021
https://ieeexplore.ieee.org/xpl/conhome/9581155/proceeding (Proceedings)

Conference

ConferenceIEEE International Conference on Digital Health 2021
Abbreviated titleICDH 2021
Country/TerritoryUnited States of America
Period5/09/2110/09/21
Internet address

Keywords

  • compliance
  • Data propagation
  • Internet of Things-Health
  • provenance
  • security evidence
  • security risks
  • security services

Cite this