Conference Paper

mHealth – Investigating an Information Security Framework for mHeath Data: Challenges and Possible Solutions

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

It has been clearly shown that mHealth solutions deliver more patient-focused healthcare and improve the overall efficiency of healthcare systems. In addition, these solutions can potentially reduce the cost of providing healthcare in the context of the increasing demands of the ageing populations in advanced economies. These solutions can also play an important part in intelligent environments, facilitating real-time data collection and input to enable various functionalities. However, there are various challenges regarding the development of mHealth solutions: the most important of these being privacy and data security. Furthermore, the use of Cloud Computing is becoming an option for the healthcare sector to store healthcare data; but storing data in the Cloud raises serious concerns. This paper discusses issues related to managing mHealth data in this new context including challenges, security frameworks and requirements, and possible solutions.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... 41 Mobile health has the potential to lower cost; improve access, efficiency and health outcomes; empower patient for self-care; enhance patient and provider relationship; and fulfill the promise of health care reform. Vithanwattana et al 45 recommend the following strategy to protect privacy and confidentiality of health information as represented by this acronym ''CIA'': ''C'' for confidentiality-restricts data access only to authorized users; ''I'' for integrity-assure data have not been altered without authorization; ''A'' for availability-data will be available on demand, anytime, and anywhere. These authors recommend that organizations establish policies and security framework to govern the use of mobile devices and mHealth data. ...
... These policies include the following: (1) restrict access, monitor, detect, and report of security breach; (2) require strong encryption for data communication and storage; (3) require user and device authentication for access to device data; and (4) limit the types of application allowed on the device. 45 The Office of National Coordinator for Health IT asserts that ''cybersecurity can only be achieved in a culture where privacy and security are valued.'' 46 ...
Article
Purpose: This paper spotlights human capital management, digital technology, and costs control as issues that healthcare leaders will face in redesigning the health care ecosystem in the 21st century. Design: The paper was designed to highlight the attributes that make effective leaders. It addresses how nursing leadership can take a lead to redesign the 21st Century health care system, supported by case examples. Methods: An expansive literature review was done using MEDLINE, SAGE, Google Scholar, and University of California San Diego Library Catalogs. The selections criteria include recent publications in English within and outside the healthcare industry. Findings: Health leadership is viewed as paramount to productivity, capacity and meeting new challenges. Conclusions: Effective nursing leadership in a healthcare organization correlates with staff job satisfaction, retention, turnover and quality of care. Nursing leadership development must be supported by appropriate level of educational preparedness, and requisite set of competencies and skills.
... The Normative Health Standards [1] and eHealth strategy [2] define the security, monitoring and auditing requirements for health information at an enterprise levelconnecting clinics through an information exchange system to national public health services. This is however, not the case for mHealth, an emerging and substantially important subset of eHealth, with its own unique challenges [3,4]. ...
... One of the mHealth challenges not addressed is that of the security infrastructure, and as a result, mHealth providers implement ad hoc or home grown security solutions that are generally outside their domain of expertise [4]. In addition, misinterpretation of security requirements has seen mobile applications offering different levels of security, sometimes compromising patient confidentiality. ...
Conference Paper
Full-text available
Blockchain technology underpins a radical rethink of information privacy, confidentiality, security and integrity. As a decentralised ledger of transactions across a peer-to-peer network, the need for a central third party intermediate verification authority is disrupted. To unlock the potential for mHealth, the need for authentication and verified access to, often sensitive data, specialised services and transfer of value need to be realised. This paper interrogates current processes and aims to make a case for Blockchain technology as an improved security model that has the potential to lower the cost of trust and an alternative to managing the burden of proof. This is particularly relevant for mHealth that, by its nature, is often a distributed endeavour involving the goal orientated collaboration of a number of stakeholders.
... Many apps have vulnerabilities that need to be removed from the apps. Confidentiality, integrity, and availability are discussed in Vithanwattana et al. (2016), and patient data privacy requirements are collected for mHealth apps. Authorized persons are allowed to view and manipulate patient data. ...
Article
Full-text available
Mobile Health (mHealth) applications play an essential role in healthcare. The usage of mHealth apps is rapidly increasing, and it provides services, such as vitals, medication, and appointments, to patients and physicians. These apps significantly ease for patients to manage their health. Using sensitive health information and communication channels by mHealth apps has potential privacy and security hazards for patient’s privacy and security. mHealth apps are primarily dependent on a remote server online. Someone can monitor, alter, and divert communication through public infrastructure. Many m-Health applications did not utilize any encryption method for client–server communication, making it an imminent risk for patients’ data security and privacy. In this study, we proposed a framework to develop the mHealth application and apply the security parameters to reduce the risk of data breaches, such as data confidentiality, integrity, and availability. Also, the study aims to identify the transport layer security issues relevant to the client–server of mHealth apps. To test the health data subset of Android and iOS apps collected from their Play Store and evaluate client security by the Charles Proxy tool. At the end of the paper, we presented the principal results of how many apps have vulnerabilities concerned with transport security. We compared our results for the transport layer of SSL and TLS certificates and chipper suit strength to show the performance of our proposed framework.
... Further, to protect the health records, encryption is not an efficient way. If different encryption mechanisms are equipped to encrypt different types of health records it raises interoperability issues (Xu, 2016)- (Vithanwattana et al., 2016). Improper security to the healthcare data also leads to various privacy issues (Andrew et al., 2019a), (Andrew Onesimu and Karthikeyan, 2021), . ...
... Previously, an information security framework for healthcare systems was proposed by our authors in [16,17]. The aim of developing this framework was to provide a complete set of security requirements as follows: ...
Article
Full-text available
The deployment of Internet of Things platforms as well as the use of mobile and wireless technologies to support healthcare environments have enormous potential to transform healthcare. This has also led to a desire to make eHealth and mHealth part of national healthcare systems. The COVID-19 pandemic has accelerated the requirement to do this to reduce the number of patients needing to attend hospitals and General Practitioner surgeries. This direction, however, has resulted in a renewed need to look at security of future healthcare platforms including information and data security as well as network and cyber-physical security. There have been security frameworks that were developed to address such issues. However, it is necessary to develop a security framework with a combination of security mechanisms that can be used to provide all the essential security requirements for healthcare systems. In addition, there is now a need to move from frameworks to prototypes which is the focus of this paper. Several security frameworks for eHealth and mHealth are first examined. This leads to a new reference model from which an implementation framework is developed using new mechanisms such as Capabilities, Secure Remote Procedure Calls, and a Service Management Framework. The prototype is then evaluated against practical security requirements.
... Encrypted Data: The mHealth data must be stored and the packets transmitted must be in an encrypted manner. Encryption is mandatory all the time except for when data are urgently needed [25]. As it is an application, the organization who owns the particular app can be given access to decrypt the data. ...
Article
Full-text available
The role of 5G-IoT has become indispensable in smart applications and it plays a crucial part in e-health applications. E-health applications require intelligent schemes and architectures to overcome the security threats against the sensitive data of patients. The information in e-healthcare applications is stored in the cloud which is vulnerable to security attacks. However, with deep learning techniques, these attacks can be detected, which needs hybrid models. In this article, a new deep learning model (CNN-DMA) is proposed to detect malware attacks based on a classifier—Convolution Neural Network (CNN). The model uses three layers, i.e., Dense, Dropout, and Flatten. Batch sizes of 64, 20 epoch, and 25 classes are used to train the network. An input image of 32 × 32 × 1 is used for the initial convolutional layer. Results are retrieved on the Malimg dataset where 25 families of malware are fed as input and our model has detected is Alueron.gen!J malware. The proposed model CNN-DMA is 99% accurate and it is validated with state-of-the-art techniques.
... Vithanwattana et al. [19] consider the problems related to managing mHealth information in terms of security needs, security models, challenges, and possible solutions. They suggested a scheme, which gives efficient data processing and storage with lower cost for the end-users. ...
Article
The healthcare industry has revolutionized from 1.0 to 4.0, where Healthcare 1.0 was more doctor centric and Healthcare 2.0 replaced manual records with electronic healthcare records (EHRs). Healthcare 3.0 was patient-centric and Healthcare 4.0 uses cloud computing (CC), fog computing (FC), Internet of things (IoT), and telehealthcare technologies to share data between various stake-holders. However, framing a secure technique for Healthcare 4.0 has always been a challenging task. An insecure technique for Healthcare 4.0 may lead to the healthcare data breach where hackers can gain full access to patients' email accounts, messages, and reports. On the contrary, a secured technique for Healthcare 4.0 can provide satisfaction to all stakeholders, including patients and caregivers. Motivated from these facts, this paper presents an extensive literature review and analysis of state-of-the-art proposals to maintain security and privacy in Healthcare 4.0. We also explored the blockchain-based solution to give insights to both the research and practitioners communities. Different taxonomies used for exploring various security and privacy issues in Healthcare 4.0 are also presented in a structured manner. Then, the advantages and limitations of various security and privacy techniques are explored and discussed in the paper. Finally, existing challenges and future research directions of security and privacy in Healthcare 4.0 are presented.
... There is a limited number of security frameworks existing for the security of cloud applications or cyber services. Therefore, few security frameworks Such as NVD (National Vulnerable Database), Web Scarab, W3af, Zed Attack Proxy, Web Securify and Web Defend have been discussed in this paper for the understanding of their security level and strategies [8]. Furthermore, prominent factors and barriers and five classes of Interruptive cyber measures have been classified which are foundation tactics for malicious actors as they can interrupt a targeted network. ...
Article
Full-text available
The term 'Cyber' is common in security discussions either international or national because increasing number of internet users had increased the growth of cyber-criminal activities. Critical systems of government, military, corporations, financial institutions, hospitals and other businesses are practicing security procedures, tools to tackle the growing level and complexity of cyber-attacks and protect sensitive information stored on databases, network and servers. Hence, a security technical framework is recommended which is helpful for national databases to design, monitor and manage its cyber policy to make sure that ID servers cannot be accessed or damaged by cyber terrorism activity. Proposed security framework detects vulnerabilities Such as: XSS (Cross-site scripting) attack, session riding, Full Path and information disclosure problems, misconfiguration error, injection attack, manipulation attack of protocol, file inclusion attack, automatically detect new URLs of the target website and observes the traffic between server and your browser, and also take control of the request and its response. This framework implemented advanced discovery and fuzzing technologies to detect above vulnerabilities. Moreover, this framework is developed to enhance the security of important national ID databases as well as identify possibilities and levels of cyber-attacks by scanning process while URL is open and its execution takes place that time. Therefore, this research has been carried out to recommend and develop a technical framework that defends national Identification databases as well as detect cyber terrorist attacks and their level while monitoring its services and protect ID servers from unauthorized access or damage which may cause by cyber terrorism.
... However, while people are enjoying the enormous benefits brought by information network, they also face the severe test of information security. The existing information security has been a threat to national security, economic security, military security and social security [2]. Because the mobile is the technology dependent on computer network and mobile communication network, the information security has attracted more and more attention. ...
Article
Full-text available
With the rapid development of social informatization process, the demands of government, enterprise, and individuals for spatial information becomes larger. In addition, the combination of wireless network technology and spatial information technology promotes the generation and development of mobile technologies. In today's rapidly developed information technology field, network technology and mobile communication have become the two pillar industries by leaps and bounds. They almost absorbed and adopted all the latest information, communication, computer, electronics and so on new technologies. Concomitantly, the network coverage is more and more big, the transmission rate is faster and faster, the volume of user's terminal is smaller and smaller. What's more, from LAN to WAN, from wired network to wireless network, from wired access to mobile wireless access, people's demand for communication technology is increasingly higher. As a result, mobile communication technology is facing unprecedented challenges as well as unprecedented opportunities. When combined with the existing mobile communication network, it led to the development of leaps and bounds. However, due to the inherent dependence of the system on the existing computer communication network, information security problems cannot be ignored. Today's information security has penetrated into all aspects of life. Information system is a complex computer system, and it's physical, operational and management vulnerabilities constitute the security vulnerability of the system. Firstly, this paper analyzes the composition of mobile enterprise network and information security threat. Secondly, this paper puts forward the security planning and measures, and constructs the information security structure.
... There is a limited number of security frameworks existing for the security of cloud applications or cyber services. Therefore, few security frameworks Such as NVD (National Vulnerable Database), Web Scarab, W3af, Zed Attack Proxy, Web Securify and Web Defend have been discussed in this paper for the understanding of their security level and strategies [8]. Furthermore, prominent factors and barriers and five classes of Interruptive cyber measures have been classified which are foundation tactics for malicious actors as they can interrupt a targeted network. ...
Article
Full-text available
The term 'Cyber' is common in security discussions either international or national because increasing number of internet users had increased the growth of cyber-criminal activities. Critical systems of government, military, corporations, financial institutions, hospitals and other businesses are practicing security procedures, tools to tackle the growing level and complexity of cyber-attacks and protect sensitive information stored on databases, network and servers. Hence, a security technical framework is recommended which is helpful for national databases to design, monitor and manage its cyber policy to make sure that ID servers cannot be accessed or damaged by cyber terrorism activity. Proposed security framework detects vulnerabilities Such as: XSS (Cross-site scripting) attack, session riding, Full Path and information disclosure problems, misconfiguration error, injection attack, manipulation attack of protocol, file inclusion attack, automatically detect new URLs of the target website and observes the traffic between server and your browser, and also take control of the request and its response. This framework implemented advanced discovery and fuzzing technologies to detect above vulnerabilities. Moreover, this framework is developed to enhance the security of important national ID databases as well as identify possibilities and levels of cyber-attacks by scanning process while URL is open and its execution takes place that time. Therefore, this research has been carried out to recommend and develop a technical framework that defends national Identification databases as well as detect cyber terrorist attacks and their level while monitoring its services and protect ID servers from unauthorized access or damage which may cause by cyber terrorism.
Chapter
The convergence of digitization and globalization has revolutionized various sectors, including healthcare, by enabling rapid expansion and efficient communication through the Internet and digital methods. Digital technologies such as blockchain, cloud computing, and artificial intelligence (AI) have empowered the healthcare sector to collect, analyze, and utilize extensive patient data. However, as mentioned in the previous chapters, integrating digital technologies in healthcare has raised concerns about security and privacy. Despite efforts to protect patient data, the healthcare sector faces challenges in maintaining data security, leading to frequent data breaches (Jalali et al., 2019). As healthcare continues its digital transformation, addressing security and privacy concerns remains crucial for the integrity and reliability of digital healthcare systems.
Chapter
Blockchain technology has been proved useful in modern healthcare systems by increasing the security and privacy of the users. The complexity and costly characteristics of healthcare system can be reduced through the application of blockchain and improvement on medical record management. This has been proved useful in transactions involving medical records, security of data, smart contacts, and insurance billing and by providing a distributed database of transactions. On the authentication of the users associated with the healthcare records, the blockchain network likewise adheres to the ideal of maximum confidentiality, thus help in securing the medical information. Therefore, this chapter explains the important role place by blockchain in securing medicine data, the applicability, and challenges of the techniques. Also, it proposes an architecture based on blockchain to secure medical data in Internet of Things-based healthcare system. The concern of security and privacy in healthcare system can be reduced if the blockchain technology is used in healthcare system. Monitoring, regulating, and sensing in accordance with the blockchain as a transaction and access management system for laying out accurate and trust data for the advantages of patients across and a suitable medium for medical treatment can alleviate the problems of correct data mitigation.KeywordsBlockchain technologyMedical informationHealthcare records systemsSecurity and privacySmart contactsMedical records management
Article
Full-text available
Since its inception, Healthcare 4.0 has empowered the integration of advance technologies to create and improve the quality of healthcare services. The delivery of healthcare services have come a long way from physical appointments with doctors to remote health monitoring and disease prediction, surgery assistive systems. This advancement has only been possible with the integration of cutting-edge technologies like Tele-healthcare, Software-Defined Networking etc. with healthcare systems. In this survey, we have targeted some of the pioneering research works that could contribute significantly for the future development of Healthcare 4.0 systems. We have identified the major research gaps and presented the modern state-of-the-art of healthcare systems and introduced the Healthcare IoT Application and Service Stacks. We have also discussed the latest paradigm of Wireless Body Area Networks, emphasizing its significance and how it can contribute to the development of next-gen healthcare applications using emerging technologies like Machine Learning, Blockchain, Cloud Computing , Internet of things, Edge/ Fog Computing, Telehealthcare, Big Data Analytics, Software-Defined Networking etc. We have performed comparative study of different architectural implementations considering their advantages, shortcomings and Quality-of-Service requirements. We emphasize the importance of the different emerging technologies in detail, discussing the opportunities available and their potential to build better healthcare solutions that provide improved quality of service. Finally we highlight the fundamental need for establishing security and privacy in future healthcare systems. Overall this survey provides a strong outlook into the development of the future of healthcare 4.0.
Article
Full-text available
The advent of miniaturized mobile devices with wireless communication capability and integrated with biosensors has revolutionized healthcare systems. The devices can be used by individuals as wearable accessories to collect health data regularly. This type of medical assistance supported by mobile devices to monitor patients and offer health services remotely is known as mobile health (mHealth). Although mHealth provides many benefits and has become popular, it can pose severe privacy risks. Many features in mHealth are managed through a smartphone. Thus, one of the most worrying issues involves communication between the monitoring devices and the smartphone. When communication uses Bluetooth, it is standard for a device to be paired with the smartphone; but generally, it is not exclusively associated with a specific mHealth app. This characteristic can allow a data theft attack by a malicious app or fake data injection by an illegitimate device. To address this issue, we present an authentication scheme based on Non-Interactive Zero-Knowledge Proof that is lightweight enough to run on mHealth devices with minimal resources. Our scheme ensures that legitimate devices interact exclusively with the official mHealth application. To ensure the patient’s privacy-preserving throughout the system, we address the issues of storing, managing, and sharing data using blockchain. Since there is no privacy in the standard blockchain, we present a scheme in which the health data transmitted, stored, or shared are protected by Attribute-Based Encryption. The outcome is a system with fine-grained access control, entirely managed by the patient, and an end-to-end privacy guarantee.
Book
This book introduces readers to the current trends in using deep learners and deep learner descriptors for medical applications. It reviews the recent literature and presents a variety of medical image and sound applications to illustrate the five major ways deep learners can be utilized: 1) by training a deep learner from scratch (chapters provide tips for handling imbalances and other problems with the medical data); 2) by implementing transfer learning from a pre-trained deep learner and extracting deep features for different CNN layers that can be fed into simpler classifiers, such as the support vector machine; 3) by fine-tuning one or more pre-trained deep learners on an unrelated dataset so that they are able to identify novel medical datasets; 4) by fusing different deep learner architectures; and 5) by combining the above methods to generate a variety of more elaborate ensembles. This book is a value resource for anyone involved in engineering deep learners for medical applications as well as to those interested in learning more about the current techniques in this exciting field. A number of chapters provide source code that can be used to investigate topics further or to kick-start new projects.
Chapter
Feature learning denotes a set of approaches for transforming raw input data into representations that can be effectively utilised in solving machine learning problems. Classifiers or regressors require training data which is computationally suitable to process. However, real-world data, e.g., an audio recording from a group of people talking in a park whilst in the background a dog is barking and a musician is playing the guitar, or health-related data such as coughing and sneezing recorded by consumer smartphones, comprises a remarkably variable and complex nature. For understanding such data, developing expert-designed, hand-crafted features often demands for an exhaustive amount of time and resources. Another disadvantage of such features is the lack of generalisation, i.e., there is a need for re-engineering new features for new tasks. Therefore, it is inevitable to develop automatic representation learning methods. In this chapter, we first discuss the preliminaries of contemporary representation learning techniques for computer audition tasks. Hereby, we differentiate between approaches based on Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs). We then introduce and evaluate three state-of-the-art deep learning systems for unsupervised representation learning from raw audio: (1) pre-trained image classification CNNs, (2) a deep convolutional generative adversarial network (DCGAN), and (3) a recurrent sequence-to-sequence autoencoder (S2SAE). For each of these algorithms, the representations are obtained from the spectrograms of the input audio data. Finally, for a range of audio-based machine learning tasks, including abnormal heart sound classification, snore sound classification, and bipolar disorder recognition, we evaluate the efficacy of the deep representations, which are: (i) the activations of the fully connected layers of the pre-trained CNNs, (ii) the activations of the discriminator in case of the DCGAN, and (iii) the activations of a fully connected layer between the encoder and decoder units in case of the S2SAE.
Article
Blockchain has a range of built-in features, such as distributed ledger, decentralized storage, authentication, security, and immutability, and has moved beyond hype to practical applications in industry sectors such as Healthcare. Blockchain applications in the healthcare sector generally require more stringent authentication, interoperability, and record sharing requirements, due to exacting legal requirements, such as Health Insurance Portability and Accountability Act of 1996 (HIPAA). Building on existing blockchain technologies, researchers in both academia and industry have started to explore applications that are geared toward healthcare use. These applications include smart contracts, fraud detection, and identity verification. Even with these improvements, there are still concerns as blockchain technology has its own specific vulnerabilities and issues that need to be addressed, such as mining incentives, mining attacks, and key management. Additionally, many of the healthcare applications have unique requirements that are not addressed by many of the blockchain experiments being explored, as highlighted in this survey paper. A number of potential research opportunities are also discussed in this paper.
Article
Full-text available
This article aims to examine the mobile health (mHealth) in education articles in journals covered by the SSCI and SCI-EXPANDED indices between 2000-2016. Five hundred and ninety-four (594) articles have been analyzed with a systematic reviewmethod.Thechangeofthearticlesbyyear,thedistributionaccordingtothe countries,universities,authors,citationanalysis,andresearchfieldswereexamined. As a result of this research, it was determined that the articles and citations have tendedtoincreaserapidlyafter2012.TheUSplaysapioneeringroleinthisfield,the universitiesintheUSApublishmostofthearticlesonthesubject,andtheUSA-based authorsdominatethefield.Inaddition,ithasbeendeterminedthatmHealth-related articles tend to increase in undeveloped and developing countries, where mHealth projectsareconcentrated.Finally,basedonresearchfindings,somesuggestionswere madeforresearchers,developersandpractitioners.
Article
Full-text available
Cloud storage is becoming an option for users in keeping their data online, but it comes with the security requirements and challenges of protecting their data from threats. Many security frameworks have been suggested by existing studies, governing bodies, industry standards etc. as guidelines to be implemented by cloud service providers (CSPs) but the complete set of controls cannot be fully implemented due to several challenges such as decreasing availability, less user convenience, need of a robust infrastructure etc. Therefore, there is a need to investigate the security requirements and threats which will enable efficient security protection to protect data in cloud storage. This paper will discuss security requirements and analyses existing cloud security threats. The threats will be modelled in a cloud storage scenario.
Conference Paper
Full-text available
We are seeing the deployment of new types of networks such as sensor networks for environmental and infrastructural monitoring, social networks such as facebook, and e-Health networks for patient monitoring. These networks are producing large amounts of data that need to be stored, processed and analysed. Cloud technology is being used to meet these challenges. However, a key issue is how to provide security for data stored in the Cloud. This paper addresses this issue in two ways. It first proposes a new security framework for Cloud security which deals with all the major system entities. Secondly, it introduces a Capability ID system based on modified IPv6 addressing which can be used to implement a security framework for Cloud storage. The paper then shows how these techniques are being used to build an e-Health system for patient monitoring.
Article
Full-text available
The past years have witnessed a heavy investment and research in the eHealth sector. The work of medical practitioners at all levels is becoming more information intensive as sophisticated medical equipment and computer applications are more widely used. At the same time, the demands of the patients / citizens are increasing due to the innovative medical and scientific advances. Digital technologies are becoming more important in health management aiming to reduce the cost and to deliver health care services at a distance. In addition, the Internet is increasingly used by citizens to obtain medical information, therefore it is critical that the Web-based eHealth content and services are developed efficiently, complying with the established quality criteria and being available for all in an adaptive and personalized manner delivered by multiple and ubiquitous delivery channels. In this context, the aim of this paper is to argue that in the face of the existing systems and platforms diversity and information sparsity, mobile agent technologies can provide the base for ubiquitous, transparent, secure, interoperable, and integrated eHealth information systems for the provision of adapted and personalized sustainable services to the citizens.
Article
Full-text available
The recent emergence of cloud computing has drastically altered everyone’s perception of infrastructure architectures, software delivery and development models. Projecting as an evolutionary step, following the transition from mainframe computers to client/server deployment models, cloud computing encompasses elements from grid computing, utility computing and autonomic computing, into an innovative deployment architecture. This rapid transition towards the clouds, has fuelled concerns on a critical issue for the success of information systems, communication and information security. From a security perspective, a number of unchartered risks and challenges have been introduced from this relocation to the clouds, deteriorating much of the effectiveness of traditional protection mechanisms. As a result the aim of this paper is twofold; firstly to evaluate cloud security by identifying unique security requirements and secondly to attempt to present a viable solution that eliminates these potential threats. This paper proposes introducing a Trusted Third Party, tasked with assuring specific security characteristics within a cloud environment. The proposed solution calls upon cryptography, specifically Public Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrity and confidentiality of involved data and communications. The solution, presents a horizontal level of service, available to all implicated entities, that realizes a security mesh, within which essential trust is maintained.
Article
The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient's data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient's privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient's electronic medical information in order to ensure the integrity and confidentiality of the information.
Conference Paper
While the emergence of cloud computing has made it possible to rent information technology infrastructures on demand, it has also created new security challenges. The primary security concern is trusting data (or resources in general) on another organization's system. This document seeks to examine the current state of security in cloud computing and presents a set of challenges to address the security needs of clouds. The end result is a framework to help the design and implementation of effective cloud security infrastructures.
Conference Paper
Cloud computing has recently gained tremendous momentum but still is in its infancy. It has the potential for significant cost reduction and the increased operating efficiencies in computing. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this paper, we propose a comprehensive security framework for cloud computing environments. We also discuss challenges, existing solutions, approaches, and future work needed to provide a trustworthy cloud computing environment.
Article
Unlike typical functional requirements, security requirements can potentially be highly reusable, especially if specified as instances of reusable templates. In this column, I will discuss the concepts underlying security engineering including its quality subfactors. I will then address the issue of security requirements and how they differ from the architectural mechanisms that will fulfill them. Then, I will discuss the value of reusable parameterized templates for specifying security requirements and provide an example of such a template and its associated usage. Finally, I will outline an asset-based risk- driven analysis approach for determining the appropriate actual parameters to use when reusing such parameterized templates to specify security requirements.
GREEN PAPER on mobile Health ("mHealth")
European Commission (2014) GREEN PAPER on mobile Health ("mHealth"). [online] Available from: https://ec.europa.eu/digitalagenda/en/news/green-paper-mobile-health-mhealth [Accessed: 2 September 2015]
Mobile device protection: Tackling mobile device security risks. [online] Available from: http://searchsecurity.techtarget.com/magazineContent/Mobile-deviceprotection-Tackling-mobile-device-security-risks
  • M Savage
Savage, M. (2012) Mobile device protection: Tackling mobile device security risks. [online] Available from: http://searchsecurity.techtarget.com/magazineContent/Mobile-deviceprotection-Tackling-mobile-device-security-risks [Accessed: 27 March 2016]
Evaluating mHealth Barriers: Privacy and Regulation. [online] Available from: http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/ VodafoneGlobalEnterprise-mHealth-Insights-Guide-EvaluatingmHealth-Adoption-Privacy-and-Regulation
  • Vodafone Global Enterprise
Vodafone Global Enterprise (2013) Evaluating mHealth Barriers: Privacy and Regulation. [online] Available from: http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/ VodafoneGlobalEnterprise-mHealth-Insights-Guide-EvaluatingmHealth-Adoption-Privacy-and-Regulation.pdf [Accessed: 10 September 2015]
Guidelines for Managing the Security of Mobile Devices in the Enterprise
  • K Scarfone
  • M Souppaya
Evaluating mHealth Barriers: Privacy and Regulation
  • Evaluating
  • Barriers
A Mobile Agent Approach for Ubiquitous and Personalized eHealth Information Systems
  • P Germanakos
  • C Mourlas
  • G Samaras
Germanakos P., Mourlas C., & Samaras G. "A Mobile Agent Approach for Ubiquitous and Personalized eHealth Information Systems" Proceedings of the Workshop on 'Personalization for e-Health' of the 10th International Conference on User Modeling (UM'05).
VodafoneGlobalEnterprise-mHealth-Insights-Guide-Evaluating-mHealth-Adoption-Privacy-and-Regulation
  • Vodafone Global Enterprise
Vodafone Global Enterprise (2013) Evaluating mHealth Barriers: Privacy and Regulation. [online] Available from: http://mhealthregulatorycoalition.org/wp-content/uploads/2013/01/ VodafoneGlobalEnterprise-mHealth-Insights-Guide-Evaluating-mHealth-Adoption-Privacy-and-Regulation.pdf [Accessed: 10 September 2015]
Mobile device protection: Tackling mobile device security risks
  • M Savage
Savage, M. (2012) Mobile device protection: Tackling mobile device security risks. [online] Available from: http://searchsecurity.techtarget.com/magazineContent/Mobile-deviceprotection-Tackling-mobile-device-security-risks [Accessed: 27 March 2016]
Modelling Threats with Security Requirements in Cloud Storage
  • F Yayah
  • R Walters
  • G B Wills
Yayah, F., Walters, R., & Wills, G.B. "Modelling Threats with Security Requirements in Cloud Storage" International Journal for Information Security Research (IJISR). Vol.5, Issues 2, June 2015.