e-Health Security Management

Omessaad Hamdi is a member of the IEEE and has a PhD in computer science. Her research focuses on information systems security.

• Chapter 1 Overview of e-Health Architectures 1Omessaad Hamdi1.1 Introduction 11.2 Definitions 21.2.1 e-Health 21.2.2 Telehealth 21.2.3 m-Health 21.2.4 Telemedicine 21.3 e-Health services 31.4 Requirements for e-health systems 41.5 e-Health system architecture 51.5.1 Components of an e-health architecture 61.5.2 Features of e-health systems 61.6 e-Health system technologies 81.6.1 Devices 81.6.2 Connecting technologies 91.6.3 Other technologies 101.7 Security in e-health systems 121.7.1 Security services 121.7.2 Legal environment for e-health systems 131.8 Medical data security 141.8.1 Cryptography 141.8.2 Biometrics 161.8.3 Blockchain 171.9 Perspectives 191.10 Conclusion 201.11 References 21Chapter 2 Vulnerabilities in e-Health and Countermeasures 27Aida Ben Chehida Douss And Ryma Abassi2.1 Introduction 272.2 The importance of digitization in healthcare systems 282.3 The challenges of digitization in e-health systems 302.4 Cyber-attacks in the healthcare sector 312.4.1 Profiles of cybercriminals 322.4.2 Motivations of cybercriminals 332.4.3 Risks and repercussions 352.4.4 Types of attacks 362.5 Security incidents in the healthcare sector 392.5.1 Example of a phishing attack 402.5.2 Examples of ransomware attacks 402.5.3 Examples of data theft attacks 412.5.4 Examples of DDoS attacks 422.5.5 Example of an internal attack 422.6 Existing security measures for e-health systems 422.7 Recommendations for protecting e-health systems 452.7.1 Risk management methods 452.7.2 Technical and organizational recommendations 462.7.3 Raising awareness and training 472.8 Conclusion 482.9 References 49Chapter 3 Security Policies for e-Health Systems 53Ryma Abassi3.1 Introduction 533.2 The concept of the security policy 543.2.1 Definition 543.2.2 Modeling a security policy 573.3 Environment for specifying, validating and testing security policies 613.3.1 Specifying a security policy 613.3.2 The concept of executable security policy 633.3.3 Testing a security policy 643.4 Security Services For E-Health Systems 663.4.1 The e-health concept 663.4.2 Comparison of national digital health infrastructure security policies 673.5 Security requirements for e-health platforms 693.5.1 Essential security functions 693.5.2 Security models 703.6 Future security challenges for e-health 733.7 Conclusion 743.8 References 74Chapter 4 Adaptive, Dynamic, Decentralized Authorizations for e-Health 77Tidiane Sylla, Mohamed Aymen Chalouf, Léo Mendiboure And Francine Krief4.1 Introduction 774.2 Fundamental principles 794.2.1 Concept of e-health 794.2.2 Context-aware computing and security in the IoT 814.2.3 Authentication and Authorization for Constrained Environments (ACE-OAuth) 864.2.4 Blockchain 894.3 Proposal for dynamic, decentralized adaptation of e-health authorizations 914.3.1 Threat model for the environment under consideration 914.3.2 Proposed architecture for dynamic, decentralized authorization management 924.4 Conclusion 1004.5 References 101Chapter 5 Applying Blockchain to e-Health 107Cyrine Lahsini, Faiza Hamdi And Omessaad Hamdi5.1 Introduction 1075.2 Blockchain technology 1085.2.1 Blockchain fundamentals 1085.2.2 Blockchain categories 1105.2.3 Characteristics of the blockchain 1125.3 Health sector 1135.3.1 Patients 1135.3.2 Doctors 1145.3.3 Insurance sector 1145.3.4 Pharmaceutical industry 1155.3.5 Government 1155.4 Issues and challenges for the healthcare sector 1155.4.1 Quality 1165.4.2 Coordination 1175.4.3 Integrity 1175.4.4 Transparency 1185.4.5 Traceability 1185.4.6 Interoperability 1195.4.7 Data sharing 1205.4.8 Costs 1205.4.9 Data volume 1215.5 Application of blockchain technology in e-health systems 1225.5.1 Electronic health records 1225.5.2 Pharmaceutical supply chain 1235.5.3 Patient follow-up 1245.5.4 Scientific research in the health sector 1255.5.5 Analyzing medical data 1265.6 Implementing blockchain technology in healthcare 1275.6.1 MedRec 1275.6.2 MedCredits 1285.6.3 MIStore 1285.6.4 Robomed 1295.6.5 HealthChain 1295.6.6 Medicalchain 1295.7 Contribution of the blockchain solution 1305.8 Conclusion 1335.9 References 134Chapter 6 Using Biometrics to Secure Intra-BAN Communications 137Omessaad Hamdi, Mohamed Aymen Chalouf And Amal Sammoud6.1 Introduction 1376.2 Security for WBAN 1386.2.1 Architecture of an e-health system 1386.2.2 Security requirements for WBANs 1396.2.3 WBAN attacks 1406.3 Security solutions for intra-WBAN communications 1406.3.1 TinySec 1416.3.2 Biometric methods 1416.3.3 ZigBee security 1416.3.4 Bluetooth security 1416.3.5 Elliptical curve cryptography 1426.4 Biometric data-based security solutions for WBANs 1436.4.1 Biometrics 143                  6.4.2 Examples of security approaches for intra-WBAN communications using biometrics 1456.4.3 The approach of Sammoud et al 1476.5 Discussion 1546.6 Conclusion 1556.7 References 158Chapter 7 Using Biometrics for Authentication in e-Health Systems 161Omessaad Hamdi, Mohamed Aymen Chalouf And Amal Sammoud7.1 Introduction 1617.2 e-Health systems 1627.2.1 Architecture 1627.2.2 Security services 1637.3 Authentication techniques 1637.3.1 Authentication factors 1647.3.2 Types of authentications 1647.4 Biometric authentication 1667.4.1 Biometric features 1667.4.2 Biometric system effectiveness 1677.4.3 Performance measures for biometric systems 1687.5 Multimodal authentication 1687.6 Multi-factor authentication approaches for e-health system security 1697.6.1 Sammoud et al.’s approach 1737.7 Conclusion 1787.8 References 179Chapter 8 Security of Medical Data Processing 183Manel Abdelhedi And Omessaad Hamdi8.1 Introduction 1838.2 Homomorphic encryption 1858.2.1 Definition 1858.2.2 Terminology 1868.2.3 Partially homomorphic encryption 1878.2.4 Somewhat homomorphic encryption 1908.2.5 Fully homomorphic encryption 1918.2.6 Comparative study 1938.2.7 Application of HE to secure e-health solutions 1988.3 Attribute-based encryption 2008.3.1 Key-policy attribute-based encryption 2018.3.2 Ciphertext-policy attribute-based encryption 2028.3.3 Comparative study 2038.3.4 Application of ABE to secure e-health solutions 2048.4 Conclusion 2068.5 References 207Chapter 9 Artificial Intelligence for Security of e-Health Systems 213Mohamed Aymen Chalouf, Hana Mejri And Omessaad Hamdi9.1 Introduction 2139.2 e-Health systems 2149.3 e-Health system security 2159.3.1 Potential attacks 2169.3.2 Security services 2169.3.3 Security solutions 2189.4 Artificial intelligence techniques 2209.4.1 Machine learning 2219.4.2 Deep learning 2229.5 Intrusion detection based on artificial intelligence 2239.5.1 IDS based on supervised learning 2249.5.2 IDS based on unsupervised learning 2259.5.3 IDS based on deep learning 2269.6 AI-based IDS in WBANs 2269.6.1 Tested learning techniques 2279.6.2 Implementation and results 2279.7 Conclusion 2329.8 References 233List of Authors 237Index 239