CYBER ATTACKS FOR DATA BREACH AND POSSIBLE DEFENSE STRATEGIES IN INTERNET OF HEALTHCARE THINGS ECOSYSTEM

Öz

The widespread use of the Internet and the increase in Internet of Things (IoT) equipment paved the way for the development of user-friendly systems. The inclusion of many electronic systems in the IoT ecosystem, especially in homes, has improved remote control and monitoring features. In general, within the concept of smart home, voice, control and joint movements are used as command center and WIFI, Bluetooth, Zigbee and GSM etc. technologies are used for communication. Regular monitoring of some health problems of individuals occurs in some situations that require instant intervention. In this context, individuals in need of home care or under surveillance at home are checked with Internet of Healthcare Things equipment in the company of experts. The rapid spread of the IoT ecosystem has also increased data production. Especially sensitive health data is at the beginning of critical data and requires security measures to be taken. In this study, the IoT devices used for home patient care have been evaluated for the sources of data leaks and possible security measures that may be experienced in the process from the data owner to the data storage stage. In order to identify possible risks and threats, 4 different target scenarios were created. These scenarios include home internet connection resources, data transfer, data storage and access. 8 different attacks (Deauth, DDOS, brute force, hashcat, Man-in-the-middle, Injection, Short Address Attack, Smart Contract Overflow) were applied to these possible scenarios where data leakage could occur. In addition, recently, blockchain applications and smart contract transmissions are preferred for data security. Among the attack scenarios, Short Address Attack and Smart Contract Overflow are attack methodologies used for blockchain security. In particular, denial of service was encountered in all attacks on wireless networks. Configuration errors, wrong product selection, use of weak passwords and default configurations in the IOT ecosystem seem to be the main sources of data leaks. As a result, the study includes possible attacker scenarios and possible vulnerabilities have been extracted within the scope of real scenarios. In addition, the measures to be taken against these vulnerabilities were evaluated and recommendations were given to take maximum security measures to prevent data leaks from within the IoT ecosystem.

Anahtar Kelimeler

• IoT
• Healthcare
• Cyber Security
• Data Leak

CYBER ATTACKS FOR DATA BREACH AND POSSIBLE DEFENSE STRATEGIES IN INTERNET OF HEALTHCARE THINGS ECOSYSTEM

Öz

In this study, the IoT devices used for home patient care have been evaluated for the sources of data leaks and possible security measures that may be experienced in the process from the data owner to data storage stage. In order to identify possible risks and threats, 4 different target scenarios were created. These scenarios include home internet connection resources, data transfer, data storage, and access. 8 different attacks were applied to these possible scenarios where data leakage could occur. In addition, recently, blockchain applications and smart contract transmissions are preferred for data security. Among the attack scenarios, Short Address Attacks and Smart Contract Overflow are attack methodologies used for blockchain security. In particular, denial of service was encountered in all attacks on wireless. Configuration errors, wrong product selection, use of weak passwords, and default configurations in the IOT ecosystem seem to be the main sources of data leaks. As a result, the study includes possible attacker scenarios and possible vulnerabilities have been extracted within the scope of real scenarios. In addition, the measures to be taken against these vulnerabilities were evaluated and recommendations were given to take maximum security measures to prevent data leaks from within the IoT ecosystem.

Anahtar Kelimeler

• IoT
• Healthcare
• Cyber Security
• Data Leak

Kaynakça

1. 1. Thimbleby, H., “Technology and the future of healthcare”, Journal of public health research, Vol. 2, Issue 3, Pages 160-167, 2013.
2. 2. Bhavnani, S. P., Narula, J., & Sengupta, P. P., “Mobile technology and the digitization of healthcare”, European heart journal, Vol. 37, Issue 18, Pages 1428-1438, 2016.
3. 3. Strudwick, G., “Predicting nurses’ use of healthcare technology using the technology acceptance model: an integrative review” CIN: Computers, Informatics, Nursing, Vol. 33, Issue 5, Pages 189-198, 2015.
4. 4. Farahani, B., Firouzi, F., & Chakrabarty, K., “Healthcare iot”, In Intelligent internet of things , Pages 515-545, Springer, 2020.
5. 5. Zakaria, H., Bakar, N. A. A., Hassan, N. H., & Yaacob, S., “IoT security risk management model for secured practice in healthcare environment”, Procedia Computer Science, Vol. 161, Pages 1241-1248, 2019.
6. 6. Chacko, A., & Hayajneh, T., “Security and privacy issues with IoT in healthcare”, EAI Endorsed Transactions on Pervasive Health and Technology, Vol. 4, Issue 14, Pages 1-7, 2018.
7. 7. Gopalan, S. S., Raza, A., & Almobaideen, W., “IoT Security in Healthcare using AI: A Survey”, In 2020 International Conference on Communications, Signal Processing, and their Applications (ICCSPA), Pages 1-6, IEEE, 2021.
8. 8. Nausheen, F., & Begum, S. H., “Healthcare IoT: benefits, vulnerabilities and solutions”, In 2018 2nd International Conference on Inventive Systems and Control (ICISC), Pages 517-522, IEEE, 2018.

9. 9. Gürfidan, R., Ersoy, M., “A new approach with blockchain based for safe communication in IoT ecosystem”, J. of Data, Inf. and Manag. Vol. 4, Pages 49–56, 2022.
10. 10. Moosavi, S. R., Nigussie, E., Levorato, M., Virtanen, S., & Isoaho, J., “Performance analysis of end-to-end security schemes in healthcare IoT”, Procedia computer science, Vol. 130, Pages 432-439, 2018.
11. 11. Pradhan, B., Bhattacharyya, S., & Pal, K., “IoT-based applications in healthcare devices”, Journal of healthcare engineering, Vol. 2021, Pages 1-18, 2021.
12. 12. Adanur, B., Bakir-Güngör, B., & Soran, A., “Blockchain-based fog computing applications in healthcare”, In 2020 28th Signal processing and communications applications conference (SIU), Pages 1-4, IEEE, 2020.
13. 13. Rathee, G., Sharma, A., Saini, H., Kumar, R., & Iqbal, R., “A hybrid framework for multimedia data processing in IoT-healthcare using blockchain technology”, Multimedia Tools and Applications, Vol. 79, Issue 15, Pages 9711-9733, 2020.
14. 14. Dwivedi, A. D., Srivastava, G., Dhar, S., & Singh, R., “A decentralized privacy-preserving healthcare blockchain for IoT”, Sensors, Vol. 19, Issue 2, Pages 326, 2019.
15. 15. Griggs, K. N., Ossipova, O., Kohlios, C. P., Baccarini, A. N., Howson, E. A., & Hayajneh, T., “Healthcare blockchain system using smart contracts for secure automated remote patient monitoring”, Journal of medical systems, Vol. 42, Issue 7, Pages 1-7, 2018.
16. 16. Srivastava, G., Crichigno, J., & Dhar, S., “A light and secure healthcare blockchain for iot medical devices”, In 2019 IEEE Canadian conference of electrical and computer engineering (CCECE), Pages 1-5. IEEE, 2019.
17. 17. Jie, Y., Pei, J. Y., Jun, L., Yun, G., & Wei, X., “Smart home system based on IOT technologies”, In 2013 International conference on computational and information sciences, Pages 1789-1791, IEEE, 2013.
18. 18. Alaa, M., Zaidan, A. A., Zaidan, B. B., Talal, M., & Kiah, M. L. M., “A review of smart home applications based on Internet of Things”, Journal of Network and Computer Applications, Vol. 97, Pages 48-65, 2017.
19. 19. Santoso, F. K., & Vun, N. C., “Securing IoT for smart home system”, In 2015 international symposium on consumer electronics (ISCE), Pages 1-2, IEEE, 2015.
20. 20. Fidan, U., Aktürk, T. B., “Application of GPRS Based 12 Derivation EKG Telemonitoring System For 112 Emergency Service”, Engineering Sciences, Vol. 5, Issue 1, Pages 79-87, 2010.
21. 21. Işık, A. H., “Development of Intelligent Care and Emergency Medical Assistance System for the Follow-up of Chronic Lung Patients with Mobile Communication Technology”. Pages 107. Gazi University, Informatics Institute, Turkey, 2012.
22. 22. Fatih, S. M., Muneer, A., Mungur, D., & Badawi, A., “Integrated health monitoring system using GSM and IoT”, In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE), Pages 1-7, IEEE, 2018.
23. 23. Kanani, P., & Padole, M., “Real-time Location Tracker for Critical Health Patient using Arduino, GPS Neo6m and GSM Sim800L in Health Care”, In 2020 4th International Conference on Intelligent Computing and Control Systems (ICICCS), Pages 242-249, IEEE, 2020.
24. 24. Swaroop, K. N., Chandu, K., Gorrepotu, R., & Deb, S., “A health monitoring system for vital signs using IoT. Internet of Things”, Vol. 5, Pages 116-129, 2019.
25. 25. Tamilselvi, V., Sribalaji, S., Vigneshwaran, P., Vinu, P., & GeethaRamani, J., “IoT based health monitoring system”, In 2020 6th International conference on advanced computing and communication systems (ICACCS), Pages 386-389, IEEE, 2020.
26. 26. Yeri, V., & Shubhangi, D. C., “IoT based real time health monitoring”, In 2020 Second International Conference on Inventive Research in Computing Applications (ICIRCA), Pages 980-984, IEEE, 2020.
27. 27. Akkaş, M. A., Sokullu, R., & Cetin, H. E., “Healthcare and patient monitoring using IoT”, Internet of Things, Vol. 11, Issue 100173, Pages 1-12, 2020.
28. 28. Kodali, R. K., Swamy, G., & Lakshmi, B., “An implementation of IoT for healthcare”, In 2015 IEEE Recent Advances in Intelligent Computational Systems (RAICS), Pages 411-416, IEEE, 2015.
29. 29. Huynh, T. T., Nguyen, T. D., & Tan, H., “A survey on security and privacy issues of blockchain technology”, In 2019 international conference on system science and engineering (ICSSE), Pages 362-367, IEEE, 2019.
30. 30. Sayeed, S., & Marco-Gisbert, H., “Assessing blockchain consensus and security mechanisms against the 51% attack”, Applied Sciences, Vol. 9, Issue 9, Pages 1788, 2019.
31. 31. Süzen, A.A., & Duman, B., “Protecting the Privacy of IoT-Based Health Records Using Blockchain Technology” In Internet of Medical Things, Pages 35-54, Springer, Cham, 2021.