SECURITY THREATS IN SMART HEALTHCARE

The Internet of Things had become more usually those recent years, it helps the human to be connected to every devices, to The Internet of Things had become more usually those recent years, it helps the human to be connected to every devices, to communicate and to share information for each other, the IoT gives many benefits to HealthCare systems and applications, it help to diagnostic and to monitor patients more closely and easier, but as other domain based on technologies, the smart Health use IT programs and Wireless network to exchange and analyse data which may be stooling by attackers if it doesn't secured and controlled permanently, as a fact of this weakness, it's possible to injure or kill some patient without being detected, this article discussing the Smart Health system, its benefits and examples of its using, also, it gives a view about security issues that can touch to this domain and best practice to follow for securing, detecting and avoiding security risks.


INTRODUCTION
Smart Things, this word is becoming more and more used by several people and in several fields, it was born to follow the rapid development of technology aiming at the simplification of the procedures, the speed of the treatments and the efficiency of the rendered work.
Smart Things build an ecosystem that encompasses all areas and environments, so we can talk about: smart cities, smart school, smart university, smart campus, smart transport, smart health ... etc.
Generally, all of this can be integrated into the smart environment which can be defined by a physical world integrating a very large number of invisible sensors, actuators, screens and calculation elements.
These IT elements are generally seamlessly integrated into everyday objects and networked with each other. It is connected objects or the Internet of Things (IoT) which aim to improve existing processes, ease and permission of scenarios which cannot be implemented before, helped to control and manage the physical world at using sensors which will make it possible to detect, collect, analyze, transmit and process data (C. Gomez et al, 2019).
In this article, we will focus our work on the field of Smart Health, this large vital system which includes several participants, such as doctors, patients, hospitals and medical research institutes.
We will give more details on the use of Smart Health, the health benefits by adopting and using this system, but also the risks that can be generated in the event of misuse or fraudulent manipulation of the data and this system in general.
The article will be organized as follows: Smart Health overview in the section 1, then we will see a general description of the IoT for Health in the section2, after, we will talk about security in the Smart Health and also describe some attacks that could damage a Smart Health system in section 3, and next, we will recommend some defense security measures in section 4. Concluding by a discussion and conclusion in section 5 and 6.

SMART HEALTH OVERVIEW
As mentioned in the introduction of this article, the Smart Healthcare is a service that brings together several stake holders and includes several participants, such as doctors, patients, hospitals and medical research institutes. Its appearance has allowed a revolution in the field of health, it has enabled a very effective evolution for the health of humanity and has made it possible to fight against several diseases and to cope with several constraints where even detection was previously impossible (Glob. Health J., 2019).
The figure bellow show components and the different participants on the Smart health system:

Figure 1: Smart health System components
In what follows, we will talk about the evolution that accompanied Smart Healthcare.

Smart Health Evolution
Firstly, we will discuss about electronic health (e-health) which is the way we apply service via information and communications technology (ICT) in the healthcare field. The concept of e-health also helps to increase efficiency and reduce costs.
It is linked to mobile health (m-health), which can be defined by the provision of health services via mobile communication devices and digital applications (hardware and software), which allow the patient, his entourage and different health care providers to collect, view, share and use intelligently and permanently information related to health and well-being (A. Solanas et al., 2014).
E-health and m-health are supported by mobile devices, such as mobile phones, patient monitoring devices, personal digital assistants (PDAs) and other wireless devices.
Stilling in the health field, and as an evolution, we experienced the appearance of Smart Health (s-health), it is the key concept of intelligent health including both and integrating e-health and m -health.
In Smart Health, healthcare is defined by technology that leads to better diagnostic tools, better treatment for patients and devices that improve the quality of life for everyone with real-time monitoring and immediate alerts in the event of a problem, even without the appearance of symptoms of an illness (Y. Zhang et al, 2018).
Smart Health provides health services remotely and even at home.
Via connected objects, we can monitor blood pressure, do a cardiology, performance of the humanitarian system and other permanent health measures in real time and build an individual database which can be used to anticipate several illnesses and to react effectively in case of a disease or damage on an organ of the human.
The figure bellow gives an overview of the connected objects used in the Smart Health system:

Figure 2: IoT on Smart Health System
According to this description of Smart Health, what are the benefits and advantages behind this system?

The Benefits Of Smart Health
Smart health has significant, positive results and great efficiency in health all over the world, although it is not generalized everywhere and its ecosystem still requires a lot of work in order to equip hospitals, ambulances, local medical operations, medical staff and patients by connected objects and smart technologies (A. Srilakshmi et al, 2019

GENERAL DESCRIPTION OF SMART ENVIRONMENTS FOR HEALTH
Let have a look on how the IoT and smart environment works for health and how to enable technologies and application for the healthcare.
We give this example where set of sensors are integrated to the environment of a person or worn by him, these sensors and captures will acquire data continuously or periodically, then, process them to be able to firstly give some information or some feedback to the concerned person and secondly inform the medical staff, the family or some other authorized persons of the health status (C. Gomez et al, 2019).
This example is explained on the below figure.

Figure 3: Smart Environment for healthcare
All these new technologies have brought many advantages in the field of health, whether for speed, efficiency, quality, diagnosis and patient management and also for the doctor's task, as we have described in the overview section. However, with all its benefits, there are new security concerns that can threaten patients' health and privacy.
If the system is hacked, the confidentiality of patient data will no longer be protected, disclosure of sensitive data will be at the fingertips of unauthorized individuals and this will compromise important critical data.
As statistics show, health care is the most pirated industry in the United States. for example, a study shows that more than 13 million records were exposed through around 350 data breaches in 2018 and 89% of healthcare facilities have experienced a data breach in the past two years, despite sophisticated measures implemented by suppliers to prevent data breaches and secure the information system (Source: Dizzion).

SECURITY IN SMART HEALTHCARE
Like any computer system, Smart Environment in general are affected by security risks. Smart health is one of those environments that can be attacked or outright broken by individuals or hackers.
Given the sensitivity of the data which contains and which transits in a large network of which the Internet is a part, and given the large number of devices and IoT which constitutes it, the risk of having a large number of vulnerabilities will always remain current if the necessary measures are not applied and are taken into consideration throughout the deployment project of the Smart Health system. Also, rigorous monitoring, regular and periodic audit plans are necessary to ensure that the system is always safe from attacks and that these components comply with security, configuration and hardening standards (Shancang Li, Li Da Xu, 2020).
In order to ensure the security of the Smart HealthCare system, security requirements must be provided. The system must meet all of the following security requirements: confidentiality, integrity, authentication, authorization, availability and nonrepudiation (see the figure 4):

Figure 4:Goals of system information security
Confidentiality refers to the fact that an unauthorized user sees the hide information, in other words it means that an intruder adversary access to the data.
Integrity means that patient's data will not be changed by an unauthorized attacker.
Authorization is the function of specifying access rights/privileges to resources or system.
Authentication alludes to the identification of the person which attempt to access the system.
Availability means when authorized users get access to the smart health system and to the services they need.
Non-repudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
In medicine, a small mistake or a security threat can end a human's life. To combat this and ensure patient safety, the Smart HealthCare system must meet all of the requirements listed above.
Despite this, we still find attackers and hackers who are researching and developing new ways with the goal of gaining access, controlling the system, disclosing and obtaining confidential data and information.
As mentioned before, the large number of devices and IoTs used in this environment, make the system vulnerable to the majority of attacks and known security risks (Kristen Gloss, 2020), such as: In this paper, we will focus and deal with the following two attacks: • Location-based attack • Routing attack The intruders in location-based attack tries to target the destination of the node to services of the system such as: -Denial of Service attack In the other hand an attacker that use a Routing Attack mostly targets the route of the data to drop or send data packets (S. A. Butt et al, 2019) such as: -Select and forwarding attack -Replay attack and router attack The figure below shows a summary of these attacks.

Figure 5:Taxonomy of attacks in Smart Health System
In what follows, we will deal in detail with the two attacks chosen for this paper.

Location based attack A. Denial of service
Denial of service (DoS) attacks can affect health-care systems and affect patient safety. It tries to cause a capacity overload in the target system by sending multiple requests with unknown The International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences, Volume XLIV-4/W3-2020, 2020 5th International Conference on Smart City Applications, 7-8 October 2020, Virtual Safranbolu, Turkey (online) traffic. Dos attack can be used to disable or slow a service so the resources won't be accessible for the patient and the doctor either, due the busy channel the other nodes wouldn't be able to send their information. A DOS attacker aims to ruin the operation of the nodes. According to the IEEE 802.11 standard the nodes doesn't counter check every one of the flags in control frames, for that reason, it will be hard to detect such kind of attack. The Denial of Service attack makes the channel of data system busy so that the other sensors in the network won't be able to receive information. Also, the patient can gain access without authentication. The attacker of Denial of Service can add or send false information of a patient causing a false treatment, a false diagnostic, a false status of the patient and may be a false emergency call to the doctors. Consequently, causing patient Death.
The figure bellow shows the denial of service attack.

Routing attack A. Sybil attack
In this attack, the intruder tries to get a node clams multiple fake identity (Udaya S., Rajamani V., 2020), this attack is classified into two forms as describing bellow: • Direct Attack and Indirect Attack: in the direct attack the real node communicate directly with the Sybil node. Whereas in the indirect attack the communication between the Sybil node and the real node is done by a malicious node. • Stolen and fabricated node identities attack: in this type of attack an illegal node is using a fake identity to communicate with the other nodes, a sensor node with ID of 16-bit integers makes the same ID of 16 bits, which are fabricated nodes. The IDs taken by the Sybil node are destroyed by examining the identity replication.
In other words, an adversary tries to have one or large number of nodes IDs to act and function as a distinct node. Sybil attacks degrade data integrity, security, and resource utilization it could affect harmfully in the context of a Smart HealthCare System. The attacker could receive patient's privacy information update it and perhaps send false data, consequently, cause a call and a fake emergency (John F. Buford, Eng Keong Lua, 2020)(A. Rajan, J. Jithish, et S. Sankaran,2017).
The figure below shows the Sybil attack: This type of attack is also called "Gray hole attack" it's a special type attack of black hole attack, in which the attacker gain access to single or multiple malicious nodes and behave like normal nodes (I. Butun et al, 2020) in most time but selectively drop not all the packet receives but sensitive packets and the ones selected as showing in the figure 8, just like that the attacker excepts to not detected by the IDS (message identities).
There are two ways that the intruder can follow to attack the target system: ▪ Insider Attack: The authentication of the authorized sensor nodes might be compromised or the adversary might steal some key or information from the nodes and attack the whole network. ▪ Outsider Attack: the attacker tries to jump the routing path between legitimate nodes There are different types of Select forwarding attack such as bellow: -When the unauthorized nodes do not forward information and decides to drop them randomly, then send their own packets to the other nodes. This kind of attack is titled by Neglect and Greed.

-
When an unauthorized node delays the messages flowing through them to delude the routing data between the nodes. -When a packet is forwarded from a legitimate node to a malicious node, it guarantees the legitimate node that the information is forwarded to next node and ultimately drops the packet without being noticed. This attack is called blind letter attack. -This attack affects the system very badly, because of the dropped packets by the SF attack, it will be very difficult to recognize the cause of packet drop. The medical health staff may not see the entire picture with uncomplete information, therefore, this can be harmful for the patient or for the medical health system by having a wrong treatment for the patient.

Figure 8: Drops Selected packets of a node
The International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences, Volume XLIV-4/W3-2020, 2020 5th International Conference on Smart City Applications, 7-8 October 2020, Virtual Safranbolu, Turkey (online)

C. Replay Attack
In this type of attack an unauthorized user get access to the Smart Health system, the intruder captures the network traffic and send the message to the receiver acting as the original sender (P. Rughoobur et L. Nagowah, 2017) as showing in the figure 9. The attacker aims to acquire the trust of the system, a replay attack describes as an infraction of security in which some data is stored with no permission and the retransmitted to receiver. This attack can affect bad on a Smart Healthcare System by get an unauthorised access and then stealing patient's informations which they can be very confidentially to diffuse (Bo Yu, Bin Xiao, 2006).

SECURITY RECOMMENDATION
The technologies of Smart environment and IoT add many benefits for Smart Health, but they present also new risks, security issues and vulnerabilities, with the fact that the Smart Health devices and sensors are more usually now than before. Those risks include possible harm to the patient's safety and health and unfortunately it may cut a life (A. Chacko et T. Hayajneh, 2020). There are some steps to follow for mitigate the security threats: 1. Secure storage and management for certificate keys: cryptography is from the best methods to protect data, it a process that convert the plan text into unintelligible text and vice-versa using keys. Certificate key it an electronic document use to the ownership of the user so he can access to the services that he needs (Digicert.com, 2020). 2. Updates to cryptographic curves, algorithms, and hashes: hashes it is the fact of applying mathematical functions to an amount of data. 3. Conducting a secure boot: to make sure that when a device is turned on, none of its configurations have been modified. 4. Authentication: make sure that there is a proper access control in place of limit unauthorized access to the information. 5. Smart card: the role of the smart card is to carry the data in an electronic memory with a available large capacity, however, the data stored on a smart card are secured against being read by anyone unless the person who enable a code and by an authorised reader system Even when the reader system is given the enabling code (R. Neame, 1997) the card may be configured to reveal only some of the data it holds depending on the classification of the user. Smart health cards can also include biometrics to offer strong biometric authentication making sure health services are being delivered to the right patient (Thalesgroup.com,2020). 6. Strong protocol: The use of a strong protocol is very important to ensure safety of data stored or exchanged. 7. Update of the operating systems, devices firmware and applications: all these systems should be maintained up to date, its musts be checked regularly and followed by a technical team. 8. System hardening: the system hardening should be applied over all the environment components and the hardening procedure must be updated even a new vulnerability or weakness is detected. 9. Devices and systems end of life: The replacement of all equipment, devices and systems with end of life and support should be maintained to ensure always updates and new releases on the system.

DISCUSSION
The introduction of technology and IoTs in the health field gave birth to Smart Health, this field which is in full expansion especially in the last months and with the appearance of COVID-19 epidemy. ... Etc. • All these systems and technologies have many advantages for the health and development of humanity, but how can we confirm that these projects respect security standards and that they adopt and apply measures to guarantee the confidentiality of data, especially when we are talking about big data and sensitive information of millions and millions of people?
Is security evolving and following the increasing speed of application development and IoT deployment?
The fraud, attacks and disclosures of sensitive data that our world knows are not enough to stop and go back and think seriously about other alternative and solution to protect information systems from attack and unauthorized access?
Who can guarantee that the data collected is only used for health reasons?
Can development and technology always guarantee us reliable results that have no negative impact on people's health and lives? Everyone is aware that there is no 100% secure system, but do states and domain officials deploy the resources necessary to ensure a tolerable level of security?
Are the secure development standards respected?
All these questions are very important and will always remain valid whether for Smart Health or other environments based on the same technologies.
What is certain is that we must take security seriously, audit systems periodically, trace all actions and accesses made on the data and ensure the permanent evolution of the solutions used and deployed in the different sectors of the world.

CONCLUSION
this paper discuss about the Smart Environments and their use which is growing more and more, then it was moved to the Smart Health field and gave an overview of it, this article discuses also about the benefits of Smart Environment for patients, how it helps and facility the health field, added value and all advantages which offer to humanity. This paper also talks over the important item regarding security and gave a list of requirements that the smart health system should meet to guarantee the security of important and vital data stored, exchanged, and manipulated.
The paper includes a description of two serious attacks that could damage the Smart health system and disclose confidentiality of data. some security recommendations are given to take into consideration to mitigate security attacks and to maintain patient privacy.
In the future work we will concentrate all the research about how a Smart Healthcare system can prevent and automatically block these kinds of attacks by presenting new security measures and strategies to protect patient's data and life.