Security for Pervasive Healthcare

Miniaturization of medical appliances and wireless communication enable the pervasive health monitoring of users in their daily life thus improving users' health and well-being, helping for quick reaction on emergencies, and yet, allowing for cost reduction in the healthcare sector. In the simplest healthcare setting, a fixed set of wireless medical sensors forms a patient area network (PAN) monitoring the user's vital signs. Medical staff can access, gather, or process data directly, or transmit it to a remote healthcare service. Pervasive health monitoring in these diverse situations and locations is carried out by different organizations, such as fitness centers or retirement homes, by means of a medical sensor network (MSN) allowing authorized parties to access to the sensed health information.In this context, the exchange of users' medical data leads to severe privacy and security concerns. Meeting these strict security needs of these ubiquitous medical applications is a big challenge, since privacy of medical data has to be guaranteed all the way from the resource-constrained sensor nodes to the backend services, the system has to fulfill latency needs, and lots of mobility is involved. In fact, ensuring the smooth but secure interaction of the different system parts is one of the most testing tasks.This thesis addresses the challenge of deploying secure medical sensor networks, and to this end we propose algorithms, protocols, and systems that pursue three main goals. The first being the described solutions enabling the efficient deployment of security systems - bearing in mind that the underlying interactions and the expected system operation is fundamental for the successful system deployment. Secondly, the individual mechanisms and the overall architecture should provide a comprehensive solution for key and entity management, access control, and privacy-aware identification. These are the key challenges in the analyzed scenarios due to the pervasive nature of the system wherein a multitude of parties interact with each other. Finally, security methods and cryptographic algorithms should be lightweight to allow for efficient system deployment and operation on resource-constrained devices.Overall, this work proposes a security architecture that is comprised of three security layers, namely MSN, PAN, and backend security layers. In our architecture, the MSN and PAN security layers reflect the trend towards a patient-centric approach wherein both user and health institutions share responsibility on the control of the health information. The MSN security layer is in charge of providing the basic link-security within each MSN. The PAN layer creates a security domain around the user's PAN giving him control on the disclosure of his health information. The backend security layer ensures smooth interaction between the MSN and PAN layers.The proposed security architecture is articulated and supported by the results in four complementary research areas. The first one refers to lightweight key establishment and information verification algorithms used at the MSN layer. With this we investigate and specify how the wireless medical sensors can agree on pairwise keys and verify information in an efficient way based on polynomial schemes in the scope of an MSN. We propose several optimizations for key establishment algorithms and introduce the concept of lightweight digital certificates that allows for distributed information verification without the need of public-key cryptography.Second, we examine how the polynomial keying material can be distributed and arranged at the MSN security layer to achieve a higher resiliency level, to reduce system requirements, and to provide other security functionalities. We also show how the proposed hierarchical and multidimensional systems - tailored to fit the underlying organization of health institutions - allow for efficient deployment. A resourceful approach for key establishment is not