Abstract
As the world grapples with an increase in diseases including COVID-19, the Internet of Medical Things (IoMT) emerges as a complementary technology to the healthcare staff, which is constantly overburdened. Untrained users’ increased online presence exposes them to cyberattack threats. Authentication is the first line of defense for protecting medical data, but existing solutions do not consider the user’s context and capabilities, making them unusable for some groups of users who eventually shun them. This paper proposes a Machine Learning based adaptive user authentication framework that adapts to user profiles and context during login to determine the likelihood of the attempt being illegitimate before assigning appropriate authentication mechanisms. The proposed edge-centric framework fuses the Naive Bayes classifier and CoFRA model to determine the risk associated with a login attempt based on biometric wearable sensor data, non-biometric smartphone sensor data, and some predefined data. User backgrounds and preferences were solicited, and results showed that users despite their ICTSkills, ages, jobs, and years of experience prefer to use simple physiological biometrics for authentication. An Android App was then developed using the User-Centred design and installed on a smartphone which communicated with a PineTime smartwatch. Sensor data was used as input in calculating the risk associated with an access request to decide whether to authenticate, step up authentication, or block a request using rule and role-based access control techniques while also non-intrusively monitoring health. Once implemented, the framework is expected to improve user experience in authentication promoting the use of IoT in healthcare.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shaikh, A.A., Gupta, N.S., Din, A., Khan, M., Artist, H.T.: Android and Internet of Things (IOT) based alzheimer care/rehabilitation system to moniter. Int. J. Innov. Res. Comput. Commun. Eng. 5(3), 5531–5539 (2017). https://doi.org/10.15680/IJIRCCE.2017
Lindgren, T.: Using IoT to Fight Covid-19. Unissu (2020). https://www.eetasia.com/using-iot-to-fight-covid-19-pandemic/. Accessed 31 Mar 2021
Rahman, M.S., Peeri, N.C., Shrestha, N., Zaki, R., Haque, U., Hamid, S.H.A.: Defending against the Novel Coronavirus (COVID-19) outbreak: how can the Internet of Things (IoT) help to save the world? Heal. Policy Technol. 9(2), 136–138 (2020). https://doi.org/10.1016/j.hlpt.2020.04.005
Zakaria, H., Azaliah, N., Bakar, A., Hassan, N.H., Yaacob, S.: ScienceDirect IoT security risk management model for secured practice in IoT security risk management model for secured practice in healthcare environment healthcare environment. Procedia Comput. Sci. 161, 1241–1248 (2019). https://doi.org/10.1016/j.procs.2019.11.238
Hazratifard, M., Gebali, F., Mamun, M.: Using machine learning for dynamic authentication in telehealth: a tutorial. Sensors 22(7655), 1–20 (2022)
Fang, H., Qi, A., Wang, X.: Fast authentication and progressive authorization in large-scale IoT: how to leverage AI for security enhancement. IEEE Netw. 34(3), 24–29 (2020). https://doi.org/10.1109/MNET.011.1900276
Hayashi, E., Hong, J., Das, S., Amini, S., Oakley, I.: CASA : context - aware scalable authentication. In: Symposium on Usable Privacy and Security (SOUPS) 2013, 24–26 July 2013, Newcastle, UK, pp. 1–10 (2013)
Steger, A.: What Makes IoMT Devices So Difficult to Secure Against Cyberthreats. Health Magazine (2020). https://healthtechmagazine.net/article/2020/02/what-makes-iomt-devices-so-difficult-secure-perfcon. Accessed 25 Mar 2021
Santana-Mancilla, P.C., Anido-Rifón, L.E., Contreras-Castillo, J., Buenrostro-Mariscal, R.: Heuristic evaluation of an IoMT system for remote health monitoring in senior care. Int. J. Environ. Res. Public Health 17(5), 1586 (2020). https://doi.org/10.3390/ijerph17051586
Forget, A., Chiasson, S., Biddle, R.: Choose Your Own Authentication (2015)
Wójtowicz, A., Joachimiak, K.: Model for adaptable context-based biometric authentication for mobile devices. Pers. Ubiquit. Comput. 20(2), 195–207 (2016). https://doi.org/10.1007/s00779-016-0905-0
Hintze, D., Scholz, S., Koch, E., Mayrhofer, R.: Location-based risk assessment for mobile authentication. In: UbiComp 2016 Adjunct – Proceedings of 2016 ACM International Joint Conference on Pervasive Ubiquitous Computing. no. September 2016, pp. 85–88 (2016). https://doi.org/10.1145/2968219.2971448
Kumar, M.Y.T., Braeken, A., Liyanage, M.: Identity privacy preserving biometric based authentication scheme for Naked healthcare environment (2017)
Gebrie, M.T., Abie, H.: Risk-Based Adaptive Authentication for Internet of Things in Smart Home eHealth (2017). https://doi.org/10.1145/3129790.3129801
Mohammed Misbahuddin, B.D., Bhindumadhava, B.S.: Design of a Risk Based Authentication System using Machine Learning Techniques. IEEE (2017)
Vhaduri, S., Poellabauer, C.: Biometric-Based Wearable User Authentication During Sedentary and Non-sedentary Periods, pp. 1–4 (2018). http://arxiv.org/abs/1811.07060
He, W., et al.: Rethinking access control and authentication for the Home Internet of Things (IoT). In: Proceedings of the 27th USENIX Security Symposium, pp. 255–272 (2018)
Batool, S., Saqib, N.A., Khattack, M.K., Hassan, A.: Identification of remote IoT users using sensor data analytics. In: Arai, K., Bhatia, R. (eds.) FICC 2019. LNNS, vol. 69, pp. 328–337. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-12388-8_24
Bumiller, A., Barais, O., Challita, S., Combemale, B., Aillery, N., Le Lan, G.: A context-driven modelling framework for dynamic authentication decisions. In: 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 398–405 (2022). https://doi.org/10.1109/seaa56994.2022.00069
Jeyanthi, N., Thandeeswaran, R.: IGI Global, Security Breaches and Threat Prevention in the Internet of Things. vol. i, no. February (2017)
Gordieiev, O., Kharchenko, V., Vereshchak, K.: Usable Security Versus Secure Usability: an Assessment of Attributes Interaction (2017)
Perera, C., Ranjan, R., Wang, L., Khan, S.U., Zomaya, A.Y.: Big data privacy in the Internet of Things era. IT Prof. 17(3), 32–39 (2015). https://doi.org/10.1109/MITP.2015.34
Itai Greenberg. Fifth-generation cyberattacks are here. How can the IT industry adapt? World Economic Forum (2021). https://www.weforum.org/agenda/2021/02/fifth-generation-cyberattacks/. Accessed 30 May 2022
Chavula, J., Phokeer, A., Feamster, N.: Insight Into Africa‘s Country-level Latencies. IEEE Africon, pp. 938–944 (2017)
Nizeyimana, E.: Design of a decentralized and predictive real- time framework for air pollution spikes monitoring. In: IEEE6 th International Conference on Cloud Computing and big Data Analytics, pp. 8–11 (2021)
Macrotrends. Sub-Saharan Africa Literacy Rate 1985–2021|MacroTrends (2021). https://www.macrotrends.net/countries/SSF/sub-saharan-africa-/literacy-rate. Accessed 12 Apr 2021
Cleland-huang, J., Vierhauser, M., Murphy, M.: Extending MAPE-K to support human-machine teaming. In: 17th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS ‘22), May 18â•fi23, 2022, PITTSBURGH, PA, USA. vol. 1, no. 1 (2022). https://doi.org/10.1145/3524844.3528054
Digital, T.: What are Smartwatch Sensors and How do they function? (2021). https://www.taggdigital.com/blog/what-are-smartwatch-sensors-and-how-do-they-function. Accessed 12 Mar 2023
Mahbub, U., Sarkar, S., Patel, V.M., Chellappa, R.: Active user authentication for smartphones: a challenge data set and benchmark results. In: 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–8 (2016). https://doi.org/10.1109/BTAS.2016.7791155
GSMA Association. State of Mobile Internet Connectivity 2018. GSM Assoc., pp. 1–64 (2018)
Ehatisham-ul-Haq, M., et al.: Authentication of smartphone users based on activity recognition and mobile sensing. Sensors (Switzerland). 17(9), 2043 (2017). https://doi.org/10.3390/s17092043
Grindrod, K., et al.: Evaluating authentication options for mobile health applications in younger and older adults. Appl. younger older adults. PLoS ONE 13(1), e0189048 (2018). https://doi.org/10.1371/journal.pone.0189048
Amroun, H., Ammi, M.: Who used my smart object ? A flexible approach for the recognition of users. IEEE 3536, 1–12. (2017). https://doi.org/10.1109/ACCESS.2017.2776098
Helkala, K., Snekkenes, E.: A method for ranking authentication products. In: Proceedings of the Second International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), pp 81–93 (2008)
Hausawi, Y.M., Allen, W.H.: Usable-security evaluation. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 335–346. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_30
Acknowledgements
This work was jointly supported by the African Center of Excellence in Internet of Things (ACEIoT) from College of Science and Technology, University of Rwanda, and The Regional Innovation Scholarship Fund (RSIF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mavhemwa, P.M., Zennaro, M., Nsengiyumva, P., Nzanywayingoma, F. (2023). User-Centred Design of Machine Learning Based Internet of Medical Things (IoMT) Adaptive User Authentication Using Wearables and Smartphones. In: Silhavy, R., Silhavy, P. (eds) Artificial Intelligence Application in Networks and Systems. CSOC 2023. Lecture Notes in Networks and Systems, vol 724. Springer, Cham. https://doi.org/10.1007/978-3-031-35314-7_65
Download citation
DOI: https://doi.org/10.1007/978-3-031-35314-7_65
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35313-0
Online ISBN: 978-3-031-35314-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)