dissertations in forestry and natural...
TRANSCRIPT
uef.fi
PUBLICATIONS OF THE UNIVERSITY OF EASTERN FINLAND
Dissertations in Forestry and Natural Sciences
ISBN 978-952-61-2577-0ISSN 1798-5668
Dissertations in Forestry and Natural Sciences
DIS
SE
RT
AT
ION
S | O
LA
YE
MI O
LA
OL
U O
LA
WU
MI | D
AT
A S
EC
UR
ITY
IN S
MA
RT
EN
VIR
ON
ME
NT
S F
OR
... | No
278
OLAYEMI OLAOLU OLAWUMI
DATA SECURITY IN SMART ENVIRONMENTS FOR ASSISTED LIVING
PUBLICATIONS OF THE UNIVERSITY OF EASTERN FINLAND
Security is a very important issue in Smart Home Environments due to the sensitive
nature of private and confidential data being transmitted via wireless communication links.
The wireless technologies being used in the implementation of smart homes have serious security issues that could have severe security
implications if they are not carefully taken into account. In this dissertation, we present
unique techniques to enhance the security of transmitted data via wireless interfaces
in smart home environments based on Steganography and Digital Watermaking.
OLAYEMI OLAOLU OLAWUMI
DATA SECURITY IN SMART ENVIRONMENTS FOR ASSISTED
LIVING
Olayemi Olaolu Olawumi
DATA SECURITY IN SMART ENVIRONMENTS FOR ASSISTED
LIVING
Publications of the University of Eastern Finland Dissertations in Forestry and Natural Sciences
No 278
University of Eastern Finland Kuopio
2017
Academic dissertation To be presented by permission of the Faculty of Science and Forestry for public examination in the Auditorium SN200 in the Snellmania
Building at the University of Eastern Finland, Kuopio, on October, 13, 2017, at 12 o’clock noon
Olayemi Olaolu Olawumi
DATA SECURITY IN SMART ENVIRONMENTS FOR ASSISTED
LIVING
Publications of the University of Eastern Finland Dissertations in Forestry and Natural Sciences
No 278
University of Eastern Finland Kuopio
2017
Academic dissertation To be presented by permission of the Faculty of Science and Forestry for public examination in the Auditorium SN200 in the Snellmania
Building at the University of Eastern Finland, Kuopio, on October, 13, 2017, at 12 o’clock noon
Grano Oy Jyväskylä, 2017
Editors: Pertti Pasanen, Matti Vornanen, Jukka Tuomela, Matti Tedre
Distribution: University of Eastern Finland / Sales of publications www.uef.fi/kirjasto
ISBN: 978-952-61-2577-0 (Print) ISBN: 978-952-61-2578-7 (PDF)
ISSNL: 1798-5668 ISSN: 1798-5668
ISSN: 1798-5668 (PDF)
Author’s address: Olayemi Olaolu Olawumi University of Eastern Finland
School of Computing P.O. Box 1627 70211 KUOPIO, FINLAND email: [email protected] Supervisors: Professor Pekka Toivanen, D.Sc. (Tech.) University of Eastern Finland
School of Computing P.O. Box 1627 70211 KUOPIO, FINLAND email: [email protected] Dr. Keijo Haataja, Ph.D. University of Eastern Finland
School of Computing P.O. Box 1627 70211 KUOPIO, FINLAND email: [email protected] Reviewers: Professor Timo Hämäläinen, Ph.D. University of Jyväskylä Faculty of Information Technology, P.O. Box 35, 40014 Jyväskylä, FINLAND email: [email protected] Professor Philippe Le Parc, Ph.D. University of Brest, Department of Informatics, 3 rue des Archives, CS 93837-29238, Brest cedex 3, FRANCE email: [email protected] Opponent: Professor Ville Leppänen, Ph.D. University of Turku, Agora, Vesilinnantie 5, 20014 TURKU, FINLAND email: [email protected]
Grano Oy Jyväskylä, 2017
Editors: Pertti Pasanen, Matti Vornanen, Jukka Tuomela, Matti Tedre
Distribution: University of Eastern Finland / Sales of publications www.uef.fi/kirjasto
ISBN: 978-952-61-2577-0 (Print) ISBN: 978-952-61-2578-7 (PDF)
ISSNL: 1798-5668 ISSN: 1798-5668
ISSN: 1798-5668 (PDF)
Author’s address: Olayemi Olaolu Olawumi University of Eastern Finland
School of Computing P.O. Box 1627 70211 KUOPIO, FINLAND email: [email protected] Supervisors: Professor Pekka Toivanen, D.Sc. (Tech.) University of Eastern Finland
School of Computing P.O. Box 1627 70211 KUOPIO, FINLAND email: [email protected] Dr. Keijo Haataja, Ph.D. University of Eastern Finland
School of Computing P.O. Box 1627 70211 KUOPIO, FINLAND email: [email protected] Reviewers: Professor Timo Hämäläinen, Ph.D. University of Jyväskylä Faculty of Information Technology, P.O. Box 35, 40014 Jyväskylä, FINLAND email: [email protected] Professor Philippe Le Parc, Ph.D. University of Brest, Department of Informatics, 3 rue des Archives, CS 93837-29238, Brest cedex 3, FRANCE email: [email protected] Opponent: Professor Ville Leppänen, Ph.D. University of Turku, Agora, Vesilinnantie 5, 20014 TURKU, FINLAND email: [email protected]
7
Olawumi, Olayemi Olaolu Data Security in Smart Environments for Assisted Living Kuopio: University of Eastern Finland, 2017 Publications of the University of Eastern Finland Dissertations in Forestry and Natural Sciences 2017; 278 ISBN: 978-952-61-2577-0 (Print) ISSNL: 1798-5668 ISSN: 1798-5668 ISBN: 978-952-61-2578-7 (PDF) ISSN: 1798-5668 (PDF)
ABSTRACT
Security is a very important issue in Smart Home Environments due to the
sensitive nature of private and confidential data being transmitted via wireless communication links. The wireless technologies being used in the implementation of smart homes have serious security issues that could have severe security implications if they are not carefully taken into account. Therefore, identification of these security issues is crucial to taking the appropriate steps towards mitigating them and enhancing the security of the collected data within these homes.
This thesis presents our contributions on how to enhance the security of transmitted data via wireless interfaces in smart home environments.
We investigated the security issues in smart home systems and we proposed countermeasures to mitigate these threats. We also analyzed smart environments with an emphasis on the security challenges of the wireless network interfaces being utilized in these systems and we examined how the SEAL system can be designed in a more secure way that will guarantee maximum protection of data transmitted across the system.
Moreover, we proposed and practically demonstrated in our laboratory environment three (3) attack scenarios against ZigBee network, which is commonly utilized for data transmission in smart homes. These attack scenarios are based on utilizing several vulnerabilities found from the main security components of ZigBee technology and we also proposed countermeasures that we believe will render the attacks impossible, although do not totally eliminate their potential danger.
Since we have demonstrated that attacks against the wireless interfaces utilized for data transmission in Smart Homes are real, we then proposed novel methods to enhance the security of these wireless interfaces and render these attacks impossible. The first method employs Steganography to strengthen the Bluetooth pairing process and thwart the MITM attacks; we demonstrated experimentally the efficiency of this technique using mobile phones. Our results show the feasibility of incorporating Steganography into the pairing process of Bluetooth to avert any risk
7
Olawumi, Olayemi Olaolu Data Security in Smart Environments for Assisted Living Kuopio: University of Eastern Finland, 2017 Publications of the University of Eastern Finland Dissertations in Forestry and Natural Sciences 2017; 278 ISBN: 978-952-61-2577-0 (Print) ISSNL: 1798-5668 ISSN: 1798-5668 ISBN: 978-952-61-2578-7 (PDF) ISSN: 1798-5668 (PDF)
ABSTRACT
Security is a very important issue in Smart Home Environments due to the
sensitive nature of private and confidential data being transmitted via wireless communication links. The wireless technologies being used in the implementation of smart homes have serious security issues that could have severe security implications if they are not carefully taken into account. Therefore, identification of these security issues is crucial to taking the appropriate steps towards mitigating them and enhancing the security of the collected data within these homes.
This thesis presents our contributions on how to enhance the security of transmitted data via wireless interfaces in smart home environments.
We investigated the security issues in smart home systems and we proposed countermeasures to mitigate these threats. We also analyzed smart environments with an emphasis on the security challenges of the wireless network interfaces being utilized in these systems and we examined how the SEAL system can be designed in a more secure way that will guarantee maximum protection of data transmitted across the system.
Moreover, we proposed and practically demonstrated in our laboratory environment three (3) attack scenarios against ZigBee network, which is commonly utilized for data transmission in smart homes. These attack scenarios are based on utilizing several vulnerabilities found from the main security components of ZigBee technology and we also proposed countermeasures that we believe will render the attacks impossible, although do not totally eliminate their potential danger.
Since we have demonstrated that attacks against the wireless interfaces utilized for data transmission in Smart Homes are real, we then proposed novel methods to enhance the security of these wireless interfaces and render these attacks impossible. The first method employs Steganography to strengthen the Bluetooth pairing process and thwart the MITM attacks; we demonstrated experimentally the efficiency of this technique using mobile phones. Our results show the feasibility of incorporating Steganography into the pairing process of Bluetooth to avert any risk
8
of intrusion and secure the entire connection. The second method employs digital watermarking technique to improve the security and authentication of healthcare images transmitted via wireless network; in this technique, a special digital image is embedded into the RONI (Region of Non-Interest) sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity. We demonstrated with experimental figures the effectiveness and robustness of this technique by implementing DWT (Discrete Wavelet Transform) algorithm to successfully embed a watermark into the RONI section of some healthcare images. The watermarks were embedded in such a way that the ROI (Region of Interest) sections of the images were not affected and the integrity of the images was protected. Our results show clearly that this technique is very robust and efficient in providing authentication and enhancing the security of healthcare images and it can be implemented for wireless communication in smart home and mobile health systems.
The results of the work documented in this thesis were all practically demonstrated to evaluate their effectiveness and efficiency if implemented.
Universal Decimal Classification: 004.056, 004.732, 621.395.721.5 Inspec Thesaurus: home automation; home computing; home networks; personal area networks; wireless LAN; mobile computing; security of data; data privacy; cryptography; steganography; data encapsulation; image watermarking; Zigbee; Bluetooth; discrete wavelet transforms Yleinen suomalainen asiasanasto: älytalot; palvelutalot; lähiverkot; langattomat verkot; langaton tekniikka; mobiililaitteet; tietoturva; tietosuoja; salaus; kryptografia; verkkohyökkäykset; Bluetooth
9
ACKNOWLEDGEMENTS
This study was conducted at the University of Eastern Finland, School of Computing between 2013-2017.
First and foremost, I would like to thank my supervisors, Professor Pekka Toivanen and Dr. Keijo Haataja, without whose support, guidance, and enthusiasm this work would never have been completed. I consider myself very lucky to work with them for my Ph.D. Thesis and I am grateful to them for providing me with the opportunities to work on an important research project. I was given the freedom to find my own techniques and I definitely learned a lot during the research.
I would like to express my gratitude to my colleagues, whom I have worked with during the research and those who have supported me in the course of my research work. I would like to thank Antti Väänänen and Marwan Ali Albahar for their unfailing support and generous help during the research work.
I would like to thank Solomon Oyelere and Emmanuel Kolog for their good advices, support, and interesting discussions on my research work and also I will like to thank my family and friends, especially Olanrewaju Olawumi for his moral support during the research work.
Finally, I want to dedicate this work to my wife (Phebean Olawumi) and my daughters, Olamide and Tiwalola, who both brought so many smiles to my face.
Kuopio, June 5, 2017 Olayemi Olaolu Olawumi
8
of intrusion and secure the entire connection. The second method employs digital watermarking technique to improve the security and authentication of healthcare images transmitted via wireless network; in this technique, a special digital image is embedded into the RONI (Region of Non-Interest) sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity. We demonstrated with experimental figures the effectiveness and robustness of this technique by implementing DWT (Discrete Wavelet Transform) algorithm to successfully embed a watermark into the RONI section of some healthcare images. The watermarks were embedded in such a way that the ROI (Region of Interest) sections of the images were not affected and the integrity of the images was protected. Our results show clearly that this technique is very robust and efficient in providing authentication and enhancing the security of healthcare images and it can be implemented for wireless communication in smart home and mobile health systems.
The results of the work documented in this thesis were all practically demonstrated to evaluate their effectiveness and efficiency if implemented.
Universal Decimal Classification: 004.056, 004.732, 621.395.721.5 Inspec Thesaurus: home automation; home computing; home networks; personal area networks; wireless LAN; mobile computing; security of data; data privacy; cryptography; steganography; data encapsulation; image watermarking; Zigbee; Bluetooth; discrete wavelet transforms Yleinen suomalainen asiasanasto: älytalot; palvelutalot; lähiverkot; langattomat verkot; langaton tekniikka; mobiililaitteet; tietoturva; tietosuoja; salaus; kryptografia; verkkohyökkäykset; Bluetooth
9
ACKNOWLEDGEMENTS
This study was conducted at the University of Eastern Finland, School of Computing between 2013-2017.
First and foremost, I would like to thank my supervisors, Professor Pekka Toivanen and Dr. Keijo Haataja, without whose support, guidance, and enthusiasm this work would never have been completed. I consider myself very lucky to work with them for my Ph.D. Thesis and I am grateful to them for providing me with the opportunities to work on an important research project. I was given the freedom to find my own techniques and I definitely learned a lot during the research.
I would like to express my gratitude to my colleagues, whom I have worked with during the research and those who have supported me in the course of my research work. I would like to thank Antti Väänänen and Marwan Ali Albahar for their unfailing support and generous help during the research work.
I would like to thank Solomon Oyelere and Emmanuel Kolog for their good advices, support, and interesting discussions on my research work and also I will like to thank my family and friends, especially Olanrewaju Olawumi for his moral support during the research work.
Finally, I want to dedicate this work to my wife (Phebean Olawumi) and my daughters, Olamide and Tiwalola, who both brought so many smiles to my face.
Kuopio, June 5, 2017 Olayemi Olaolu Olawumi
10
11
LIST OF ABBREVIATIONS
AES Advanced Encryption Standard APIs Application Programming Interfaces DCT Discrete Cosine Transform DoS Denial-of-Service DWT Discrete Wavelet Transform HVAC Heating, Ventilation, and Air Conditioning JW Just Works LSB Least Significant Bit MIC Message Integrity Code MITM Man-In-The-Middle NC Numeric Comparison OOB Out-Of-Band PE Passkey Entry RF Radio Frequency ROI Region of Interest RONI Region of Non-Interest SEAL Smart Environment for Assisted Living SSP Secure Simple Pairing TC Trust Center UI User Interface WLAN Wireless Local Area Network WPAN Wireless Personal Area Network ZED ZigBee End-Device
10
11
LIST OF ABBREVIATIONS
AES Advanced Encryption Standard APIs Application Programming Interfaces DCT Discrete Cosine Transform DoS Denial-of-Service DWT Discrete Wavelet Transform HVAC Heating, Ventilation, and Air Conditioning JW Just Works LSB Least Significant Bit MIC Message Integrity Code MITM Man-In-The-Middle NC Numeric Comparison OOB Out-Of-Band PE Passkey Entry RF Radio Frequency ROI Region of Interest RONI Region of Non-Interest SEAL Smart Environment for Assisted Living SSP Secure Simple Pairing TC Trust Center UI User Interface WLAN Wireless Local Area Network WPAN Wireless Personal Area Network ZED ZigBee End-Device
12
13
LIST OF ORIGINAL PUBLICATIONS This thesis is based on data presented in the following articles, referred to by the Roman Numerals I-IV. I Olawumi O., Väänänen A., Haataja K., and Toivanen P.: Security Issues in
Smart Home and Mobile Health Systems: Threat Analysis, Possible Countermeasures and Lessons Learned. International Journal on Information Technologies & Security, Vol. 9, No. 1, pp. 31-52, 2017.
II Olawumi O., Haataja K., Asikainen M., Vidgren N., and Toivanen P.: Three
Practical Attacks Against ZigBee Security: Attack Scenario Definitions, Practical Experiments, Countermeasures, and Lesson Learned. Proceedings of the 14th IEEE International Conference on Hybrid Intelligent Systems (HIS 2014), Kuwait, December 14-16, 2014.
III Albahar M. A., Olawumi O., Haataja K., and Toivanen P.: A Novel Method
For Bluetooth Pairing Using Steganography. International Journal on Information Technologies & Security, Vol. 9, No. 1, pp. 53-66, 2017.
IV Olawumi O., Haataja K., and Toivanen P.: A Novel Security and
Authentication Technique For Reliable Wireless Transmission Of Healthcare Images in Smart Home And Mobile Health System Based On Digital Watermarking. International Journal on Information Technologies & Security, Vol. 9, No. 1, pp. 67-84, 2017.
12
13
LIST OF ORIGINAL PUBLICATIONS This thesis is based on data presented in the following articles, referred to by the Roman Numerals I-IV. I Olawumi O., Väänänen A., Haataja K., and Toivanen P.: Security Issues in
Smart Home and Mobile Health Systems: Threat Analysis, Possible Countermeasures and Lessons Learned. International Journal on Information Technologies & Security, Vol. 9, No. 1, pp. 31-52, 2017.
II Olawumi O., Haataja K., Asikainen M., Vidgren N., and Toivanen P.: Three
Practical Attacks Against ZigBee Security: Attack Scenario Definitions, Practical Experiments, Countermeasures, and Lesson Learned. Proceedings of the 14th IEEE International Conference on Hybrid Intelligent Systems (HIS 2014), Kuwait, December 14-16, 2014.
III Albahar M. A., Olawumi O., Haataja K., and Toivanen P.: A Novel Method
For Bluetooth Pairing Using Steganography. International Journal on Information Technologies & Security, Vol. 9, No. 1, pp. 53-66, 2017.
IV Olawumi O., Haataja K., and Toivanen P.: A Novel Security and
Authentication Technique For Reliable Wireless Transmission Of Healthcare Images in Smart Home And Mobile Health System Based On Digital Watermarking. International Journal on Information Technologies & Security, Vol. 9, No. 1, pp. 67-84, 2017.
14
15
AUTHOR’S CONTRIBUTION
The publications selected for this dissertation are original research papers on wireless and smart home security. In all papers presented here, the authors cooperated in writing the papers and the proposed methods are the result of teamwork with joint efforts made by all authors. The order of the names shows the contribution of authors in preparing the papers; the first and second authors were responsible for the initial drafting of the papers:
I. The author was the primary contributor to the idea and manuscript of this
paper, which was jointly written with significant contributions from Antti Väänänen. Dr. Keijo Haataja and Professor Pekka Toivanen are the main author’s Ph.D. supervisors and they contributed also by revising and commenting on the paper draft and giving ideas for improvement.
II. The author was a major contributor in devising the three practical attack scenarios presented in this paper; moreover, the experiment was planned and performed by the author. The author also proposed novel countermeasures to mitigate these attacks. The writing of the paper was a joint contribution of all the authors.
III. The novel method of using Steganography to strengthen the Bluetooth pairing process presented in this paper was investigated and designed by the author, which was then further developed by Marwan Al Albahar. The writing of the paper was a joint contribution of all the authors.
IV. The author proposed this novel approach to improve the security and authentication of transmitted healthcare images presented in this paper. The author planned and performed the experiment; the author also contributed significantly to the writing of this paper.
14
15
AUTHOR’S CONTRIBUTION
The publications selected for this dissertation are original research papers on wireless and smart home security. In all papers presented here, the authors cooperated in writing the papers and the proposed methods are the result of teamwork with joint efforts made by all authors. The order of the names shows the contribution of authors in preparing the papers; the first and second authors were responsible for the initial drafting of the papers:
I. The author was the primary contributor to the idea and manuscript of this
paper, which was jointly written with significant contributions from Antti Väänänen. Dr. Keijo Haataja and Professor Pekka Toivanen are the main author’s Ph.D. supervisors and they contributed also by revising and commenting on the paper draft and giving ideas for improvement.
II. The author was a major contributor in devising the three practical attack scenarios presented in this paper; moreover, the experiment was planned and performed by the author. The author also proposed novel countermeasures to mitigate these attacks. The writing of the paper was a joint contribution of all the authors.
III. The novel method of using Steganography to strengthen the Bluetooth pairing process presented in this paper was investigated and designed by the author, which was then further developed by Marwan Al Albahar. The writing of the paper was a joint contribution of all the authors.
IV. The author proposed this novel approach to improve the security and authentication of transmitted healthcare images presented in this paper. The author planned and performed the experiment; the author also contributed significantly to the writing of this paper.
16
17
CONTENTS
ABSTRACT ............................................................................................... 7
ACKNOWLEDGEMENTS .......................................................................... 9
1 INTRODUCTION ................................................................................. 19
2 SMART HOME AND MOBILE HEALTH SYSTEMS ............................ 23 2.1 Introduction .................................................................................................. 23 2.2 Possible Security Threats in Smart Home and Mobile Health Systems ..... 24
2.2.1 Passive Attacks ................................................................................. 24 2.2.2 Active Attacks .................................................................................. 25
3 OVERVIEW OF ZIGBEE & BLUETOOTH SECURITY ........................ 27 3.1 Introduction .................................................................................................. 27 3.2 Overview of ZigBee Technology ................................................................. 27 3.3 ZigBee Security Basics and Existing Attacks ............................................... 28 3.4 Overview of Bluetooth Security ................................................................. 30 3.5 Vulnerability of Bluetooth Security Mechanism ........................................ 30 3.6 Existing Countermeasures and Their Limitations ....................................... 31
4 PRACTICAL EXPERIMENTS AND OUR NOVEL SOLUTIONS.......... 35 4.1 Introduction .................................................................................................. 35 4.2 Summary of Our Practical Attack Scenarios ............................................... 35 4.3 Our Novel Solutions .................................................................................... 36
4.3.1 Bluetooth Pairing Process Using Steganography .............................. 37 4.3.2 Novel Implementation of Digital Watermarking Technique ............ 38
5 CONCLUSION AND FUTURE WORK................................................. 43
6 BIBLIOGRAPHY ................................................................................. 47 ORIGINAL PUBLICATIONS (I-IV) ....................................................... 51
16
17
CONTENTS
ABSTRACT ............................................................................................... 7
ACKNOWLEDGEMENTS .......................................................................... 9
1 INTRODUCTION ................................................................................. 19
2 SMART HOME AND MOBILE HEALTH SYSTEMS ............................ 23 2.1 Introduction .................................................................................................. 23 2.2 Possible Security Threats in Smart Home and Mobile Health Systems ..... 24
2.2.1 Passive Attacks ................................................................................. 24 2.2.2 Active Attacks .................................................................................. 25
3 OVERVIEW OF ZIGBEE & BLUETOOTH SECURITY ........................ 27 3.1 Introduction .................................................................................................. 27 3.2 Overview of ZigBee Technology ................................................................. 27 3.3 ZigBee Security Basics and Existing Attacks ............................................... 28 3.4 Overview of Bluetooth Security ................................................................. 30 3.5 Vulnerability of Bluetooth Security Mechanism ........................................ 30 3.6 Existing Countermeasures and Their Limitations ....................................... 31
4 PRACTICAL EXPERIMENTS AND OUR NOVEL SOLUTIONS.......... 35 4.1 Introduction .................................................................................................. 35 4.2 Summary of Our Practical Attack Scenarios ............................................... 35 4.3 Our Novel Solutions .................................................................................... 36
4.3.1 Bluetooth Pairing Process Using Steganography .............................. 37 4.3.2 Novel Implementation of Digital Watermarking Technique ............ 38
5 CONCLUSION AND FUTURE WORK................................................. 43
6 BIBLIOGRAPHY ................................................................................. 47 ORIGINAL PUBLICATIONS (I-IV) ....................................................... 51
18
19
1 INTRODUCTION
The research and development efforts for smart homes are increasing, but are faced with data and information security related issues. Smart homes provide excellent infrastructure, which is being utilized to enable a comfortable and secure living for its users; smart homes also promote independent living at home for disabled and elderly people, which in turns improves their quality of life [1–2]. However, the increasing threats and abuse of smart environments is a major source of concern as there are vulnerabilities found in the various protocols utilized in the implementation of smart homes, and these vulnerabilities can be exploited by intruders. In a scenario when smart homes can store and release healthcare data to third parties, the collected healthcare data within these homes are vulnerable to severe security and privacy abuses [1–2]. Identification of these security issues and taking appropriate steps towards mitigating them to ensure security of healthcare data collected in smart home is essential.
SEAL (Smart Environment for Assisted Living) is developed in the Computational Intelligence (CI) research group at the University of Eastern Finland (UEF). SEAL is a comprehensive combination of smart home and mobile health subsystems. The subsystems provide functionalities to home residents that help them to achieve secure, healthy, and easy living and working environment even if they are suffering from chronic conditions or just want to automate equipment functionalities in their home/office or to be more aware about their health condition [2–3].
SEAL is developed for use in home healthcare organizations, occupational health studies, and individual use, where ambitious and challenging interdisciplinary research work can be conducted and later on companies can transfer these novel research findings into everyday use within new mobile health products. All SEAL subsystems are planned be realized as separate entities, which will work seamlessly together with an open and common communication interface. SEAL can be separated into two subsystem entities, which are the Assisted Living & Home Automation subsystem and the mHealth subsystem. These two subsystems work seamlessly together in the same application and measurements can be seen in the same UI (User Interface). The architectural logic behind the system is divided by the application programming interfaces (APIs), which collect the measurement data from different sources [2–3].
The mHealth subsystem can be used for active monitoring of patients in chronic conditions or active health information monitoring (e.g., weight and blood pressure) for fitness and well-being purposes. In SEAL, the vital signs and periodic measurements are collected by biosensors or measurement devices and information is transferred by wireless sensor network to the SEAL Application. The SEAL Application can be located either in a smartphone, tablet computer, or house
18
19
1 INTRODUCTION
The research and development efforts for smart homes are increasing, but are faced with data and information security related issues. Smart homes provide excellent infrastructure, which is being utilized to enable a comfortable and secure living for its users; smart homes also promote independent living at home for disabled and elderly people, which in turns improves their quality of life [1–2]. However, the increasing threats and abuse of smart environments is a major source of concern as there are vulnerabilities found in the various protocols utilized in the implementation of smart homes, and these vulnerabilities can be exploited by intruders. In a scenario when smart homes can store and release healthcare data to third parties, the collected healthcare data within these homes are vulnerable to severe security and privacy abuses [1–2]. Identification of these security issues and taking appropriate steps towards mitigating them to ensure security of healthcare data collected in smart home is essential.
SEAL (Smart Environment for Assisted Living) is developed in the Computational Intelligence (CI) research group at the University of Eastern Finland (UEF). SEAL is a comprehensive combination of smart home and mobile health subsystems. The subsystems provide functionalities to home residents that help them to achieve secure, healthy, and easy living and working environment even if they are suffering from chronic conditions or just want to automate equipment functionalities in their home/office or to be more aware about their health condition [2–3].
SEAL is developed for use in home healthcare organizations, occupational health studies, and individual use, where ambitious and challenging interdisciplinary research work can be conducted and later on companies can transfer these novel research findings into everyday use within new mobile health products. All SEAL subsystems are planned be realized as separate entities, which will work seamlessly together with an open and common communication interface. SEAL can be separated into two subsystem entities, which are the Assisted Living & Home Automation subsystem and the mHealth subsystem. These two subsystems work seamlessly together in the same application and measurements can be seen in the same UI (User Interface). The architectural logic behind the system is divided by the application programming interfaces (APIs), which collect the measurement data from different sources [2–3].
The mHealth subsystem can be used for active monitoring of patients in chronic conditions or active health information monitoring (e.g., weight and blood pressure) for fitness and well-being purposes. In SEAL, the vital signs and periodic measurements are collected by biosensors or measurement devices and information is transferred by wireless sensor network to the SEAL Application. The SEAL Application can be located either in a smartphone, tablet computer, or house
20
automation mini-PC. The data is collected by applications located in a mobile device or in a home gateway application, depending on user location (indoor / outdoor) [2–3].
In the Assisted Living & Home Automation subsystem, the wireless network collects the environmental data from ambient sensors, which are located in the resident’s home. The SEAL system analyzes the collected data and changes the house automation functionality accordingly. The SEAL Application will be designed to operate in multiple mobile platforms and provide functionalities to several end-user groups, such as healthcare professionals, healthy users who want to monitor their health status, or people who want assistance when using intelligent house technology. SEAL will provide comprehensive security measures for wireless authentication, data transmission, and data storage in mobile devices to help to achieve user needs and regulatory requirements for transferring and storing personal health data [2–3]. Figure 1 illustrates our SEAL system that can be utilized in mHealth, Smart Home, and Smart Office use cases.
Figure 1. SEAL System for mHealth, Smart Home, and Smart Office use cases. [2]
The necessity of wireless networks in realising smart home and mHealth
systems are very significant. Wireless interfaces mainly Bluetooth, ZigBee, and/or WLAN (Wireless Local Area Network) are commonly used for data transmission in smart environments, and these wireless protocols have serious security challenges, which make us to think if smart homes will ever be safe for use. Transmitted data in smart environments are classified as sensitive, because they are important to the wellbeing of users [2, 5]; and they must be well protected both in transmission and
21
at rest. The recent occurrences of smart environment hacking raise an alarm of the need to urgently research unique techniques to ensure security of these homes.
The aim of our work is to provide an investigation into the possible security issues in smart home systems. In addition, we analyzed smart environments with an emphasis on the security challenges of the wireless network interfaces being utilized in these systems.
Our research work can be divided into four parts. In the first part, we conducted a detailed literature based investigation into the possible security attacks against smart environments and we then applied threat modelling process to our SEAL system to identify the assets and threats to the system and propose possible countermeasures to mitigate these threats. We also examined how the SEAL system can be designed in a more secure way that will guarantee a maximum protection of data transmitted across the system.
In the second part, we studied individually two major protocols used in the implementation of smart homes. The weaknesses of ZigBee security and different types of attacks against ZigBee security were investigated. We also practically demonstrated some of these attacks in our research laboratory and proposed countermeasures against each type of attack. Much work had already been done by Haataja et al. [6–10] on Bluetooth security, so we only studied critically these previous papers and moved on to design unique solutions to some of the problems discovered.
In the third part, we proposed a novel method that will strengthen the Bluetooth pairing process by employing Steganography in which secret messages and key are hidden in a cover object. We also demonstrated this technique with experimental figures to show its uniqueness and we believe this technique will draw a robust Bluetooth pairing model, which can counteract MITM attacks.
Finally, we presented a novel approach to improve the security and authentication of healthcare images transmitted via wireless network based on digital watermarking technique. In this approach, a special digital image is embedded into the RONI (Region of Non-Interest) sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity.
The rest of the thesis is organized as follows. Chapter 2 gives an overview of smart homes and mobile health systems; current security issues in smart Homes are explained. Chapter 3 gives an overview of ZigBee and Bluetooth security basics. We also presented briefly about the vulnerability of Bluetooth security mechanism and existing countermeasures and their limitations. Chapter 4 presents summary of our practical experiments and our novel solutions to possibly enhance the security of the wireless interfaces. Chapter 6 presents a summary of our contribution to scientific research. Chapter 7 concludes the thesis and sketches future work.
20
automation mini-PC. The data is collected by applications located in a mobile device or in a home gateway application, depending on user location (indoor / outdoor) [2–3].
In the Assisted Living & Home Automation subsystem, the wireless network collects the environmental data from ambient sensors, which are located in the resident’s home. The SEAL system analyzes the collected data and changes the house automation functionality accordingly. The SEAL Application will be designed to operate in multiple mobile platforms and provide functionalities to several end-user groups, such as healthcare professionals, healthy users who want to monitor their health status, or people who want assistance when using intelligent house technology. SEAL will provide comprehensive security measures for wireless authentication, data transmission, and data storage in mobile devices to help to achieve user needs and regulatory requirements for transferring and storing personal health data [2–3]. Figure 1 illustrates our SEAL system that can be utilized in mHealth, Smart Home, and Smart Office use cases.
Figure 1. SEAL System for mHealth, Smart Home, and Smart Office use cases. [2]
The necessity of wireless networks in realising smart home and mHealth
systems are very significant. Wireless interfaces mainly Bluetooth, ZigBee, and/or WLAN (Wireless Local Area Network) are commonly used for data transmission in smart environments, and these wireless protocols have serious security challenges, which make us to think if smart homes will ever be safe for use. Transmitted data in smart environments are classified as sensitive, because they are important to the wellbeing of users [2, 5]; and they must be well protected both in transmission and
21
at rest. The recent occurrences of smart environment hacking raise an alarm of the need to urgently research unique techniques to ensure security of these homes.
The aim of our work is to provide an investigation into the possible security issues in smart home systems. In addition, we analyzed smart environments with an emphasis on the security challenges of the wireless network interfaces being utilized in these systems.
Our research work can be divided into four parts. In the first part, we conducted a detailed literature based investigation into the possible security attacks against smart environments and we then applied threat modelling process to our SEAL system to identify the assets and threats to the system and propose possible countermeasures to mitigate these threats. We also examined how the SEAL system can be designed in a more secure way that will guarantee a maximum protection of data transmitted across the system.
In the second part, we studied individually two major protocols used in the implementation of smart homes. The weaknesses of ZigBee security and different types of attacks against ZigBee security were investigated. We also practically demonstrated some of these attacks in our research laboratory and proposed countermeasures against each type of attack. Much work had already been done by Haataja et al. [6–10] on Bluetooth security, so we only studied critically these previous papers and moved on to design unique solutions to some of the problems discovered.
In the third part, we proposed a novel method that will strengthen the Bluetooth pairing process by employing Steganography in which secret messages and key are hidden in a cover object. We also demonstrated this technique with experimental figures to show its uniqueness and we believe this technique will draw a robust Bluetooth pairing model, which can counteract MITM attacks.
Finally, we presented a novel approach to improve the security and authentication of healthcare images transmitted via wireless network based on digital watermarking technique. In this approach, a special digital image is embedded into the RONI (Region of Non-Interest) sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity.
The rest of the thesis is organized as follows. Chapter 2 gives an overview of smart homes and mobile health systems; current security issues in smart Homes are explained. Chapter 3 gives an overview of ZigBee and Bluetooth security basics. We also presented briefly about the vulnerability of Bluetooth security mechanism and existing countermeasures and their limitations. Chapter 4 presents summary of our practical experiments and our novel solutions to possibly enhance the security of the wireless interfaces. Chapter 6 presents a summary of our contribution to scientific research. Chapter 7 concludes the thesis and sketches future work.
22
23
2 SMART HOME AND MOBILE HEALTH SYSTEMS
2.1 INTRODUCTION
Smart homes are homes that connect several devices (such as sensors) and systems that can be accessed remotely, monitored, and controlled with the use of various communication networks [11–12]. Smart homes make it possible for all devices and appliances in the home to be connected and communicate with each other at the control of the home owner [13]. A typical scenario is when a home user controls the temperature gauge or controls the lighting system with the use of a ZigBee or Bluetooth-enabled remote control.
According to researchers in [14], smart homes comprise of three major areas, which are the physical components (sensors/actuators), a control system (expert system/artificial intelligence) and lastly, the communication system (wired/wireless), which interfaces the physical component and the control system. Smart homes sense the environment with the help of the physical components. Information is passed to the control system with the help of the home network and the decision are made by the control system, which then passes the control information to the actuator for appropriate action [14]. Figure 2 below depicts a typical structure of a smart home system.
Figure 2. Structure of a Smart Home system. [4]
22
23
2 SMART HOME AND MOBILE HEALTH SYSTEMS
2.1 INTRODUCTION
Smart homes are homes that connect several devices (such as sensors) and systems that can be accessed remotely, monitored, and controlled with the use of various communication networks [11–12]. Smart homes make it possible for all devices and appliances in the home to be connected and communicate with each other at the control of the home owner [13]. A typical scenario is when a home user controls the temperature gauge or controls the lighting system with the use of a ZigBee or Bluetooth-enabled remote control.
According to researchers in [14], smart homes comprise of three major areas, which are the physical components (sensors/actuators), a control system (expert system/artificial intelligence) and lastly, the communication system (wired/wireless), which interfaces the physical component and the control system. Smart homes sense the environment with the help of the physical components. Information is passed to the control system with the help of the home network and the decision are made by the control system, which then passes the control information to the actuator for appropriate action [14]. Figure 2 below depicts a typical structure of a smart home system.
Figure 2. Structure of a Smart Home system. [4]
24
2.2 POSSIBLE SECURITY THREATS IN SMART HOME AND MOBILE HEALTH SYSTEMS
Wireless networks are significant in realizing smart home and mHealth systems.
Wireless interfaces, mainly Bluetooth, ZigBee, and/or WLAN, are commonly used for data transmission in Smart environments, and these wireless protocols have serious security challenges, that make smart homes vulnerable to different attacks.
In Publication I, we presented the possible security threats in smart home environments, which can be classified into two main categories [15–16]: internal threat and external threat. Internal threat originate within the smart home, due to many reasons, which may be improper network configuration or weak passwords [2], while external threats are derived from external nodes. In Publication I, we focused our investigation on external threats to smart homes. External threats are categorized either as, passive attacks or active attacks, which are explained in Sections 2.2.1 and 2.2.2. 2.2.1 Passive Attacks
In passive attack, transmitted messages are not modified and an intruder only monitors the transmission to gain adequate knowledge about the senders and receivers [2, 15-17]. Therefore, since no modification was made, these kinds of attacks are difficult to detect. There are two types of attacks under this category: [2, 15–17].
I. Eavesdropping Attack: In eavesdropping attacks, an attacker only monitors the home user’s activities, like web surfing, phone communications etc., and all this is done without any modification or alerting the legitimate communication parties. Once an attacker has adequate knowledge of the home users and their activities, then further attacks are inevitable. Eavesdropping is a major attack in smart homes; it builds foundation for other attacks. In [18], we practically demonstrated this attack on ZigBee network and we proposed possible countermeasures we believe will work efficiently to mitigate them.
II. Traffic Analysis: Traffic analysis is very similar to the eavesdropping attack; an attacker simply observes the traffic pattern in communication between the home user and the communicating parties. From these observations, the attacker can gain adequate knowledge and conclusion on the subject matter, for example (frequency of messages, location, etc.). Traffic analysis is hard to detect, because no modifications are made and thus no evidence of an attack ever occurred [2, 15–17].
25
2.2.2 Active Attacks In active attacks, modification of transmitted data or introduction of fraudulent
data into smart home networks is attempted. Seven subcategories of active attacks can be defined: [2, 15–17]
I. Masquerade Attacks: In a masquerade attack, it is possible for an attacker to gain unauthorized privileges or take on a false identity to have access to the smart home internal network remotely to obtain confidential information. Once a masquerade attack is successful, then all other attacks are possible [2, 15–17].
II. Replay Attacks: In a replay attack, an intruder can capture a previously sent message between two legitimate parties and re-transmit the message while pretending to be a legitimate entity. Reply attack is possible in smart homes, where the home user’s bank transaction or medical request can be captured by an attacker and re-transmitted later, pretending to be from a legitimate user [15–16]. As mentioned in Publication II, the effect of a reply attack depends on the content of the data being replayed. It may be a minor one or a severe one.
III. Message Modification Attacks: As the name implies, message modification simply means a certain part of a genuine message is altered; this kind of attack may also include an attacker delaying the message or reordering it to produce illegitimate effect [2, 15–17].
IV. Denial-of-Service (DoS) Attacks: In a DoS attack, the smart home’s internal network can be flooded with messages by an attacker in order to overload its resources with traffic, thereby making it impossible for an authorized user to access the resources. Moreover, internal traffic transmitted within the smart home can be blocked by an attacker sending several messages to the web server. [2, 15–17, 19].
V. Interception Attacks: Interception attacks deny authorized users access to services in the smart home network. An attacker can intercept packets destined to a remote user from the smart environment [2, 16–17, 19].
VI. Session-Stealing Attacks: In session stealing attacks, an attacker will patiently wait for a legitimate user to be authenticated and successfully login into an application, and then the session is hijacked by impersonation of the identity of the genuine user or node [2, 16–17, 19].
VII. Malicious Codes: Malicious codes are threats that exploit various vulnerabilities found in smart home internal networks. Malicious code may be viruses, trapdoors, logic bombs, or Trojan horses that can be used by an attacker to exploit smart home internal networks, modifying/destroying data, and even gaining unauthorized access to confidential data. These treats can be introduced into smart homes via emails, surfing fraudulent web pages unintentionally, etc. [2, 15, 16–17, 19]
24
2.2 POSSIBLE SECURITY THREATS IN SMART HOME AND MOBILE HEALTH SYSTEMS
Wireless networks are significant in realizing smart home and mHealth systems.
Wireless interfaces, mainly Bluetooth, ZigBee, and/or WLAN, are commonly used for data transmission in Smart environments, and these wireless protocols have serious security challenges, that make smart homes vulnerable to different attacks.
In Publication I, we presented the possible security threats in smart home environments, which can be classified into two main categories [15–16]: internal threat and external threat. Internal threat originate within the smart home, due to many reasons, which may be improper network configuration or weak passwords [2], while external threats are derived from external nodes. In Publication I, we focused our investigation on external threats to smart homes. External threats are categorized either as, passive attacks or active attacks, which are explained in Sections 2.2.1 and 2.2.2. 2.2.1 Passive Attacks
In passive attack, transmitted messages are not modified and an intruder only monitors the transmission to gain adequate knowledge about the senders and receivers [2, 15-17]. Therefore, since no modification was made, these kinds of attacks are difficult to detect. There are two types of attacks under this category: [2, 15–17].
I. Eavesdropping Attack: In eavesdropping attacks, an attacker only monitors the home user’s activities, like web surfing, phone communications etc., and all this is done without any modification or alerting the legitimate communication parties. Once an attacker has adequate knowledge of the home users and their activities, then further attacks are inevitable. Eavesdropping is a major attack in smart homes; it builds foundation for other attacks. In [18], we practically demonstrated this attack on ZigBee network and we proposed possible countermeasures we believe will work efficiently to mitigate them.
II. Traffic Analysis: Traffic analysis is very similar to the eavesdropping attack; an attacker simply observes the traffic pattern in communication between the home user and the communicating parties. From these observations, the attacker can gain adequate knowledge and conclusion on the subject matter, for example (frequency of messages, location, etc.). Traffic analysis is hard to detect, because no modifications are made and thus no evidence of an attack ever occurred [2, 15–17].
25
2.2.2 Active Attacks In active attacks, modification of transmitted data or introduction of fraudulent
data into smart home networks is attempted. Seven subcategories of active attacks can be defined: [2, 15–17]
I. Masquerade Attacks: In a masquerade attack, it is possible for an attacker to gain unauthorized privileges or take on a false identity to have access to the smart home internal network remotely to obtain confidential information. Once a masquerade attack is successful, then all other attacks are possible [2, 15–17].
II. Replay Attacks: In a replay attack, an intruder can capture a previously sent message between two legitimate parties and re-transmit the message while pretending to be a legitimate entity. Reply attack is possible in smart homes, where the home user’s bank transaction or medical request can be captured by an attacker and re-transmitted later, pretending to be from a legitimate user [15–16]. As mentioned in Publication II, the effect of a reply attack depends on the content of the data being replayed. It may be a minor one or a severe one.
III. Message Modification Attacks: As the name implies, message modification simply means a certain part of a genuine message is altered; this kind of attack may also include an attacker delaying the message or reordering it to produce illegitimate effect [2, 15–17].
IV. Denial-of-Service (DoS) Attacks: In a DoS attack, the smart home’s internal network can be flooded with messages by an attacker in order to overload its resources with traffic, thereby making it impossible for an authorized user to access the resources. Moreover, internal traffic transmitted within the smart home can be blocked by an attacker sending several messages to the web server. [2, 15–17, 19].
V. Interception Attacks: Interception attacks deny authorized users access to services in the smart home network. An attacker can intercept packets destined to a remote user from the smart environment [2, 16–17, 19].
VI. Session-Stealing Attacks: In session stealing attacks, an attacker will patiently wait for a legitimate user to be authenticated and successfully login into an application, and then the session is hijacked by impersonation of the identity of the genuine user or node [2, 16–17, 19].
VII. Malicious Codes: Malicious codes are threats that exploit various vulnerabilities found in smart home internal networks. Malicious code may be viruses, trapdoors, logic bombs, or Trojan horses that can be used by an attacker to exploit smart home internal networks, modifying/destroying data, and even gaining unauthorized access to confidential data. These treats can be introduced into smart homes via emails, surfing fraudulent web pages unintentionally, etc. [2, 15, 16–17, 19]
26
27
3 OVERVIEW OF ZIGBEE & BLUETOOTH SECURITY
3.1 INTRODUCTION
In recent years, the use of wireless communication systems, especially Wireless Personal Area Networks (WPANs), and their interconnections via networks have grown rapidly. Wireless communication network transmit and receive data wirelessly over the air utilizing wireless media, e.g., radio frequency (RF) technology, which can penetrate obstacles and make it possible for wireless devices to communicate with no direct line-of-sight between them [20]. RF technology is flexible and easier to set up and use than wired communication [20]. However, wireless communication does not replace wired networks, rather it augments it. Attackers can disrupt wireless RF communication more easily than wired communication, and for this reason, they need novel ways that will ensure communication via wireless networks are secured [20]. 3.2 OVERVIEW OF ZIGBEE TECHNOLOGY
ZigBee is a developing low-power wireless technology being used for applications, which require a simple protocol stack, low data rate, and long battery life. ZigBee has already been deployed for a range of applications from smart thermostat communication to hospital patient monitoring systems [20–24]. ZigBee is based on the IEEE 802.15.4 specification and supports data rates up to 250 Kbps, which is lower than Bluetooth that supports data rates of 3 Mbps and Wi-Fi that is now capable of data rates up to even several Gbps [20-24]. However, ZigBee can be implemented in only 120 KB of memory and is capable of operating on embedded, battery-powered devices for years as opposed to days or hours, as can usually be expected from Bluetooth or Wi-Fi enabled portable devices. These characteristics make ZigBee useful for applications which do not require high data rates [20–24].
Much of the interest in ZigBee is driven by development of home automation systems or smart homes, where ZigBee is being used for communication between electrical devices/equipment, security systems, ventilating and air conditioning (HVAC) systems, etc. [20–24] Smart-grid technology is another area in which ZigBee is being used, such as Advanced Metering Infrastructure (AMI) system, which is able to provide electricity consumers with information about pricing in real-time. In addition to these commercial systems, it was reported that large companies develop in-house systems that make use of the ZigBee protocol for environmental monitoring, production, and retail purposes. These systems are
26
27
3 OVERVIEW OF ZIGBEE & BLUETOOTH SECURITY
3.1 INTRODUCTION
In recent years, the use of wireless communication systems, especially Wireless Personal Area Networks (WPANs), and their interconnections via networks have grown rapidly. Wireless communication network transmit and receive data wirelessly over the air utilizing wireless media, e.g., radio frequency (RF) technology, which can penetrate obstacles and make it possible for wireless devices to communicate with no direct line-of-sight between them [20]. RF technology is flexible and easier to set up and use than wired communication [20]. However, wireless communication does not replace wired networks, rather it augments it. Attackers can disrupt wireless RF communication more easily than wired communication, and for this reason, they need novel ways that will ensure communication via wireless networks are secured [20]. 3.2 OVERVIEW OF ZIGBEE TECHNOLOGY
ZigBee is a developing low-power wireless technology being used for applications, which require a simple protocol stack, low data rate, and long battery life. ZigBee has already been deployed for a range of applications from smart thermostat communication to hospital patient monitoring systems [20–24]. ZigBee is based on the IEEE 802.15.4 specification and supports data rates up to 250 Kbps, which is lower than Bluetooth that supports data rates of 3 Mbps and Wi-Fi that is now capable of data rates up to even several Gbps [20-24]. However, ZigBee can be implemented in only 120 KB of memory and is capable of operating on embedded, battery-powered devices for years as opposed to days or hours, as can usually be expected from Bluetooth or Wi-Fi enabled portable devices. These characteristics make ZigBee useful for applications which do not require high data rates [20–24].
Much of the interest in ZigBee is driven by development of home automation systems or smart homes, where ZigBee is being used for communication between electrical devices/equipment, security systems, ventilating and air conditioning (HVAC) systems, etc. [20–24] Smart-grid technology is another area in which ZigBee is being used, such as Advanced Metering Infrastructure (AMI) system, which is able to provide electricity consumers with information about pricing in real-time. In addition to these commercial systems, it was reported that large companies develop in-house systems that make use of the ZigBee protocol for environmental monitoring, production, and retail purposes. These systems are
28
likely to transmit commercially sensitive and financial information using the ZigBee protocol later in the future [20–24].
3.3 ZIGBEE SECURITY BASICS AND EXISTING ATTACKS
There are four main concepts of ZigBee security: [18, 20, 23, 25–26] I. Security Level: ZigBee supports two different security levels: High Security
(which is also referred to as Commercial Security) and Standard Security (also referred to as Residential Security). The differences between these two security levels are mainly in the key management and distribution.
II. Trust Center (TC): The TC is one of the devices in a ZigBee-enabled network, and it is responsible for the security management. Three keys are used by the TC to provide a safety mechanism: the network key, the master key, and the link key. Moreover, the TC is responsible for selecting the suitable security level and for the key management. All ZigBee devices share the common network key, while the link key can be shared by any two ZigBee devices. The link key is derived from the master key, which is the basis for long-term security between two ZigBee devices.
III. Authentication and Data Encryption: Data is encrypted using 128-bit Advanced Encryption Standard (AES) with CCM (CCM = CBC-MAC = Counter with Cipher Block Chaining Message Authentication Code) mode allowing authentication and data encryption, thus forming a Federal Information Processing Standards (FIPS) compliant security mode called AES-CCM. The CCM mode is a mode of operation only for 128-bit cryptographic block ciphers. It combines the counter mode with the CBC-MAC authentication and uses the same encryption key for both modes. ZigBee uses a slightly modified version of CCM called CCM*, which gives more flexibility than the standard CCM: CCM* enables to use either authentication or encryption, while both are always required in CCM.
IV. Integrity and Freshness of Data: There are several different security keys and methods used to ensure the integrity and freshness of data. The Message Integrity Code (MIC) can be used to make sure that the data has not been altered in transit (see Figure 3). ZigBee supports 16-, 32-, 64-, and 128-bit MIC lengths. The MIC is generated using the CCM* protocol.
29
Figure 3. Ensuring the integrity and freshness of data using MIC. [20, 26]
Key distributions in ZigBee-enabled devices can either be over-the-air
transmission or by pre-installing them onto the devices, depending on the security level. [20] At high security level, the network key is always transmitted encrypted over-the-air and its distribution is secured using the master key. Thus, communicating devices can establish a trusted relationship between them. However, at Standard Security level, the network key is transmitted unencrypted over-the-air, which is a serious vulnerability for the security of the ZigBee-enabled networks leading to the conclusion that the Standard Security level cannot be recommended for safety-critical systems.
There are various security threats against ZigBee-enabled systems, which can be exploited by attackers. In [20], the researchers proposed two practical attacks and carried out the latter one of them. The first attack is ZigBee End-Device (ZED) Sabotage attack and it is based on sabotaging the ZED by sending a special signal that makes it wake-up constantly until the battery runs out. This attack is possible because ZEDs, such as sensors and actuators, often run on battery and have low duty cycle (i.e., ratio of active radio time compared to the silent period). To save battery life, there is a predefined wake-up interval, which also opens new doors to practically perform successful Denial-of-Service (DoS) attacks. In a DoS attack, it is possible for an attacker to repeatedly jam the medium during both the Contention Access Period (CAP) and the Contention Free Period (CFP). In this way, the victim device can be put on endless retransmission loop, which may eventually reduce the battery life or completely exhaust the battery of victim device. [20, 27–28]
The second attack is ZigBee Network Key Sniffing attack that is based on exploiting the key exchange process in ZigBee when using the Standard Security level defined by the ZigBee specification in order to intercept the network key and use it for attacking purposes against the compromised ZigBee-enabled network [20].
28
likely to transmit commercially sensitive and financial information using the ZigBee protocol later in the future [20–24].
3.3 ZIGBEE SECURITY BASICS AND EXISTING ATTACKS
There are four main concepts of ZigBee security: [18, 20, 23, 25–26] I. Security Level: ZigBee supports two different security levels: High Security
(which is also referred to as Commercial Security) and Standard Security (also referred to as Residential Security). The differences between these two security levels are mainly in the key management and distribution.
II. Trust Center (TC): The TC is one of the devices in a ZigBee-enabled network, and it is responsible for the security management. Three keys are used by the TC to provide a safety mechanism: the network key, the master key, and the link key. Moreover, the TC is responsible for selecting the suitable security level and for the key management. All ZigBee devices share the common network key, while the link key can be shared by any two ZigBee devices. The link key is derived from the master key, which is the basis for long-term security between two ZigBee devices.
III. Authentication and Data Encryption: Data is encrypted using 128-bit Advanced Encryption Standard (AES) with CCM (CCM = CBC-MAC = Counter with Cipher Block Chaining Message Authentication Code) mode allowing authentication and data encryption, thus forming a Federal Information Processing Standards (FIPS) compliant security mode called AES-CCM. The CCM mode is a mode of operation only for 128-bit cryptographic block ciphers. It combines the counter mode with the CBC-MAC authentication and uses the same encryption key for both modes. ZigBee uses a slightly modified version of CCM called CCM*, which gives more flexibility than the standard CCM: CCM* enables to use either authentication or encryption, while both are always required in CCM.
IV. Integrity and Freshness of Data: There are several different security keys and methods used to ensure the integrity and freshness of data. The Message Integrity Code (MIC) can be used to make sure that the data has not been altered in transit (see Figure 3). ZigBee supports 16-, 32-, 64-, and 128-bit MIC lengths. The MIC is generated using the CCM* protocol.
29
Figure 3. Ensuring the integrity and freshness of data using MIC. [20, 26]
Key distributions in ZigBee-enabled devices can either be over-the-air
transmission or by pre-installing them onto the devices, depending on the security level. [20] At high security level, the network key is always transmitted encrypted over-the-air and its distribution is secured using the master key. Thus, communicating devices can establish a trusted relationship between them. However, at Standard Security level, the network key is transmitted unencrypted over-the-air, which is a serious vulnerability for the security of the ZigBee-enabled networks leading to the conclusion that the Standard Security level cannot be recommended for safety-critical systems.
There are various security threats against ZigBee-enabled systems, which can be exploited by attackers. In [20], the researchers proposed two practical attacks and carried out the latter one of them. The first attack is ZigBee End-Device (ZED) Sabotage attack and it is based on sabotaging the ZED by sending a special signal that makes it wake-up constantly until the battery runs out. This attack is possible because ZEDs, such as sensors and actuators, often run on battery and have low duty cycle (i.e., ratio of active radio time compared to the silent period). To save battery life, there is a predefined wake-up interval, which also opens new doors to practically perform successful Denial-of-Service (DoS) attacks. In a DoS attack, it is possible for an attacker to repeatedly jam the medium during both the Contention Access Period (CAP) and the Contention Free Period (CFP). In this way, the victim device can be put on endless retransmission loop, which may eventually reduce the battery life or completely exhaust the battery of victim device. [20, 27–28]
The second attack is ZigBee Network Key Sniffing attack that is based on exploiting the key exchange process in ZigBee when using the Standard Security level defined by the ZigBee specification in order to intercept the network key and use it for attacking purposes against the compromised ZigBee-enabled network [20].
30
3.4 OVERVIEW OF BLUETOOTH SECURITY
Bluetooth [29] is a low-power, short-range technology that allows communication and data transfer between electronic devices wirelessly at 2.4 GHz frequency in the free Industrial, Scientific, and Medical (ISM) band.
The popularity of Bluetooth technology is rapidly increasing and it is considered as the leading wireless technology in terms of sales. When Bluetooth was introduced, it had a data transfer limit of 1 Mbps [30], which has increased to transferring currently at 24 Mbps [31–32]. According to [33], over 3 billion Bluetooth enabled devices were sold in 2014 alone. Bluetooth is a short range technology (up to 100m) and it is mostly used to transfer personal data and other sensitive information, such as contact cards. Therefore, security of Bluetooth networks is very important, as there are various threats emerging to exploit the vulnerabilities of the technology and gain access to these private information [30–33].
According to researchers in [32], Bluetooth users are considered as the first layer of security, because they decide on the connectivity modes, which can be one of these four: silent, private, public, and LE (Low Energy) Privacy [34]. The pairing operation is relied upon for the level of security related to the secured configurations. Pairing is simply the connection of two devices to each other, through exchange of a shared secret key produced through a protocol or series of protocols all aimed at maximizing the security of the process [32].
Up to Bluetooth 2.0+EDR (Enhanced Data Rate), the pairing process is secured only through the exchange of a secret key [31], which employs the use of a four digit code. This leads to questions about the security of the technology, as it is generally known that these codes can be easily guessed by various methods, which may eventually make attacks possible, thereby jeopardizing the security of the devices.
There was a significant improvement with the introduction of the Secure Simple Pairing (SSP) feature in Bluetooth 2.1+EDR and the LE Privacy in Bluetooth 4.0 (i.e., the first version of Bluetooth LE). LE Privacy uses Advertisement, which is a method to utilize a Bluetooth device to deliver messages to other Bluetooth devices in connectionless mode [32, 35]. SSP is currently the standard pairing method used by most Bluetooth devices in the market.
3.5 VULNERABILITY OF BLUETOOTH SECURITY MECHANISM
Numerous researches has been carried out already on Bluetooth vulnerabilities, for example, by Haataja et al. [6–10], and also viable countermeasures have been proposed in order to mitigate these attacks.
31
As mentioned earlier, in Bluetooth versions up to 2.0+EDR (Enhanced Data Rate), the pairing process is secured only through the exchange of a secret key [31], which typically employs the use of a four digit code. However, there was a significant improvement with the introduction of the SSP feature in Bluetooth 2.1+EDR and the LE Privacy in Bluetooth 4.0, which aims to enhance the security of pairing process by adding shield of protection against MITM attacks as well as passive eavesdropping [32, 36]. SSP applies Elliptic Curve Diffie-Hellman (ECDH) public-key cryptography: for creating the link key, devices use public-private key pairs, Bluetooth addresses, and nonces. To strengthen the entire pairing process against MITM attacks, SSP requests users to compare two 6-digit numbers or utilizes Out-Of-Band (OOB) channel. Four distinct association models are used by SSP: Just Works (JW), Passkey Entry (PE), Numeric Comparison (NC), and Out-Of-Band (OOB). Unfortunately, research work in [9–10, 37–38] confirmed that these association models are vulnerable to MITM attack and several other attacks as reported in [6-10].
It is obvious that the security of Bluetooth pairing process is not adequately addressed by these current methods, as previous researches have proven that it is possible for attackers to intercept these messages during key exchange and later retransmit the messages, by sending his own public key to replace the requested one. In Publication III, we introduced a steganography technique into the pairing process of Bluetooth during data transfer and we believe this technique will be robust against MITM attacks.
3.6 EXISTING COUNTERMEASURES AND THEIR LIMITATIONS
Researchers in [32] have conducted a detailed literature review investigation into some of the existing countermeasures and the deficiencies that still affect their viability. They identified four separate reasons around user experience, processing power, battery drain, and imperfect security, which prevent their implementations. Table 1 provides a linkage of every countermeasure with the reason why it cannot be currently implemented. [32]
Table 1. MITM attacks on Bluetooth and the limitations to their countermeasures. [32]
Countermeasure: Limitation: Additional notes:
Disabling Bluetooth when not in use
User experience
More interaction by the user reduces ease of use
Deactivating unused services
User experience
More interaction by the user reduces ease of use
30
3.4 OVERVIEW OF BLUETOOTH SECURITY
Bluetooth [29] is a low-power, short-range technology that allows communication and data transfer between electronic devices wirelessly at 2.4 GHz frequency in the free Industrial, Scientific, and Medical (ISM) band.
The popularity of Bluetooth technology is rapidly increasing and it is considered as the leading wireless technology in terms of sales. When Bluetooth was introduced, it had a data transfer limit of 1 Mbps [30], which has increased to transferring currently at 24 Mbps [31–32]. According to [33], over 3 billion Bluetooth enabled devices were sold in 2014 alone. Bluetooth is a short range technology (up to 100m) and it is mostly used to transfer personal data and other sensitive information, such as contact cards. Therefore, security of Bluetooth networks is very important, as there are various threats emerging to exploit the vulnerabilities of the technology and gain access to these private information [30–33].
According to researchers in [32], Bluetooth users are considered as the first layer of security, because they decide on the connectivity modes, which can be one of these four: silent, private, public, and LE (Low Energy) Privacy [34]. The pairing operation is relied upon for the level of security related to the secured configurations. Pairing is simply the connection of two devices to each other, through exchange of a shared secret key produced through a protocol or series of protocols all aimed at maximizing the security of the process [32].
Up to Bluetooth 2.0+EDR (Enhanced Data Rate), the pairing process is secured only through the exchange of a secret key [31], which employs the use of a four digit code. This leads to questions about the security of the technology, as it is generally known that these codes can be easily guessed by various methods, which may eventually make attacks possible, thereby jeopardizing the security of the devices.
There was a significant improvement with the introduction of the Secure Simple Pairing (SSP) feature in Bluetooth 2.1+EDR and the LE Privacy in Bluetooth 4.0 (i.e., the first version of Bluetooth LE). LE Privacy uses Advertisement, which is a method to utilize a Bluetooth device to deliver messages to other Bluetooth devices in connectionless mode [32, 35]. SSP is currently the standard pairing method used by most Bluetooth devices in the market.
3.5 VULNERABILITY OF BLUETOOTH SECURITY MECHANISM
Numerous researches has been carried out already on Bluetooth vulnerabilities, for example, by Haataja et al. [6–10], and also viable countermeasures have been proposed in order to mitigate these attacks.
31
As mentioned earlier, in Bluetooth versions up to 2.0+EDR (Enhanced Data Rate), the pairing process is secured only through the exchange of a secret key [31], which typically employs the use of a four digit code. However, there was a significant improvement with the introduction of the SSP feature in Bluetooth 2.1+EDR and the LE Privacy in Bluetooth 4.0, which aims to enhance the security of pairing process by adding shield of protection against MITM attacks as well as passive eavesdropping [32, 36]. SSP applies Elliptic Curve Diffie-Hellman (ECDH) public-key cryptography: for creating the link key, devices use public-private key pairs, Bluetooth addresses, and nonces. To strengthen the entire pairing process against MITM attacks, SSP requests users to compare two 6-digit numbers or utilizes Out-Of-Band (OOB) channel. Four distinct association models are used by SSP: Just Works (JW), Passkey Entry (PE), Numeric Comparison (NC), and Out-Of-Band (OOB). Unfortunately, research work in [9–10, 37–38] confirmed that these association models are vulnerable to MITM attack and several other attacks as reported in [6-10].
It is obvious that the security of Bluetooth pairing process is not adequately addressed by these current methods, as previous researches have proven that it is possible for attackers to intercept these messages during key exchange and later retransmit the messages, by sending his own public key to replace the requested one. In Publication III, we introduced a steganography technique into the pairing process of Bluetooth during data transfer and we believe this technique will be robust against MITM attacks.
3.6 EXISTING COUNTERMEASURES AND THEIR LIMITATIONS
Researchers in [32] have conducted a detailed literature review investigation into some of the existing countermeasures and the deficiencies that still affect their viability. They identified four separate reasons around user experience, processing power, battery drain, and imperfect security, which prevent their implementations. Table 1 provides a linkage of every countermeasure with the reason why it cannot be currently implemented. [32]
Table 1. MITM attacks on Bluetooth and the limitations to their countermeasures. [32]
Countermeasure: Limitation: Additional notes:
Disabling Bluetooth when not in use
User experience
More interaction by the user reduces ease of use
Deactivating unused services
User experience
More interaction by the user reduces ease of use
32
Switching to non-discoverable
mode when idle
User experience
More interaction by the user reduces ease of use
Using Security mode 4 exclusively
User experience / imperfect
security
More interaction by the user reduces ease of use and Security mode 4 is not 100% safe
Avoiding Just Works (JW) association with
important data
User experience
Involves a change in user behavior, therefore reducing ease and
versatility of use
Choosing stronger PINs of at least 12
digits
User experience / Imperfect
security
More interaction by the user reduces ease of use and an MITM attacker can in fact
impersonate a legitimate device and try to find out its PIN code
Systematic refusal of files and messages
from untrusted devices
User experience
Requires more attention from the user
Never pairing with an untrusted device
User experience Requires more attention from the user
Frequently updating PINs
User experience More interaction by the user reduces ease of use
Adding another window at pairing user interface level
User experience
More interaction by the user reduces ease
of use
Adapting OOB as the mandatory
association model
User experience
This is impractical, because it makes Bluetooth pairing dependent on
another technology
Using RF signatures for device identity
check
Processing power / battery
drain
The capability can be implemented, but it still requires more research work to be
done
Prioritizing input validation during the development phase of
Bluetooth devices
Imperfect security
Cloning of Bluetooth Device Addresses (BD_ADDRs) can help the attacker bypass this countermeasure
Disabling unnecessary
Imperfect
This method does not fix
33
PSM/RFCOMM channels
security SSP’s vulnerability to MITM
Filtering out traffic that does not fit
Bluetooth specifications
Imperfect security
An attacker can carry out an attack through
traffic that fits Bluetooth specifications
Testing for possible vulnerabilities with the latest hacking
tools
Imperfect security
This can only protect from current and known MITM attacks, leaving the door
open to individual hacking and new intrusion methods
Offering two-factor authentication
User experience More interaction by the user reduces ease of use
Use of IDS and IPS at the physical layer
LE Privacy
Imperfect security /
processing power
Imperfect Security
This method still cannot detect all types of jamming and is still subject to fooling by the attacker. It also increases the required processing power to run a pairing process.
This mode still contains weaknesses that can be exploited by a hacker. [14]
By analyzing Table 1, we can conclude that some of these countermeasures looks
promising and adequate to provide security and prevent MITM attacks, but unfortunately, while trying to prevent intrusion, other areas, such as ease of use and practicality, suffer [32]. Some of the countermeasures affect user experience and thus makes the Bluetooth pairing process less practical. Some countermeasures consume too much power, which a lot of small devices do not possess. Lastly, imperfect security that does not surpass the current level and lack of necessary security requirements make it difficult to provide viable implementations that would significantly enhance the situation [32].
32
Switching to non-discoverable
mode when idle
User experience
More interaction by the user reduces ease of use
Using Security mode 4 exclusively
User experience / imperfect
security
More interaction by the user reduces ease of use and Security mode 4 is not 100% safe
Avoiding Just Works (JW) association with
important data
User experience
Involves a change in user behavior, therefore reducing ease and
versatility of use
Choosing stronger PINs of at least 12
digits
User experience / Imperfect
security
More interaction by the user reduces ease of use and an MITM attacker can in fact
impersonate a legitimate device and try to find out its PIN code
Systematic refusal of files and messages
from untrusted devices
User experience
Requires more attention from the user
Never pairing with an untrusted device
User experience Requires more attention from the user
Frequently updating PINs
User experience More interaction by the user reduces ease of use
Adding another window at pairing user interface level
User experience
More interaction by the user reduces ease
of use
Adapting OOB as the mandatory
association model
User experience
This is impractical, because it makes Bluetooth pairing dependent on
another technology
Using RF signatures for device identity
check
Processing power / battery
drain
The capability can be implemented, but it still requires more research work to be
done
Prioritizing input validation during the development phase of
Bluetooth devices
Imperfect security
Cloning of Bluetooth Device Addresses (BD_ADDRs) can help the attacker bypass this countermeasure
Disabling unnecessary
Imperfect
This method does not fix
33
PSM/RFCOMM channels
security SSP’s vulnerability to MITM
Filtering out traffic that does not fit
Bluetooth specifications
Imperfect security
An attacker can carry out an attack through
traffic that fits Bluetooth specifications
Testing for possible vulnerabilities with the latest hacking
tools
Imperfect security
This can only protect from current and known MITM attacks, leaving the door
open to individual hacking and new intrusion methods
Offering two-factor authentication
User experience More interaction by the user reduces ease of use
Use of IDS and IPS at the physical layer
LE Privacy
Imperfect security /
processing power
Imperfect Security
This method still cannot detect all types of jamming and is still subject to fooling by the attacker. It also increases the required processing power to run a pairing process.
This mode still contains weaknesses that can be exploited by a hacker. [14]
By analyzing Table 1, we can conclude that some of these countermeasures looks
promising and adequate to provide security and prevent MITM attacks, but unfortunately, while trying to prevent intrusion, other areas, such as ease of use and practicality, suffer [32]. Some of the countermeasures affect user experience and thus makes the Bluetooth pairing process less practical. Some countermeasures consume too much power, which a lot of small devices do not possess. Lastly, imperfect security that does not surpass the current level and lack of necessary security requirements make it difficult to provide viable implementations that would significantly enhance the situation [32].
34
35
4 PRACTICAL EXPERIMENTS AND OUR NOVEL SOLUTIONS
4.1 INTRODUCTION
Security of smart homes depends greatly on the security of the wireless interfaces used in their implementation. In this chapter, we summarize our practical attack scenarios and our novel solutions, which we believe will enhance the security of data transmitted in smart homes. Much work had already been done by Haataja et al. [6–10] on Bluetooth security, so we only studied critically these previous papers and moved on to investigate the security vulnerabilities in ZigBee network. Moreover, we also designed and experimented novel methods, which we believe will solve the problems discovered. 4.2 SUMMARY OF OUR PRACTICAL ATTACK SCENARIOS
In our research in Publication II, we utilized the vulnerabilities found in the main security components of ZigBee technology to practically exploit the network and successfully conducted three practical attacks against ZigBee-enabled devices. All these three attacks were carried out in practice in our laboratory environment. Detailed description of our practical experiments can be found in [18] and [22], and next we provide a short summary of them.
The first attack is Network Discovery and Device Identification Attack, which is based on discovering all ZigBee-enabled networks within range as well as the configurations of the corresponding ZigBee-enabled devices: This vital and fundamental basic information can be used for performing further and more severe attacks against the discovered ZigBee-enabled devices/networks. This attack is made possible because ZigBee devices will transmit beacon request frame on a given channel as part of the network discovery process. In response, ZigBee Routers and Coordinators that receive the beacon request frame will respond by disclosing the PAN ID, Coordinator’s or Router’s source address, stack profile, stack version, and extended IEEE address information [39]. This network discovery process can be mimicked by using KillerBee toolkits (zbstumbler) in order to collect this vital information: This can be accomplished by first sending beacon request frames and then displaying information about devices that have been discovered [39–40].
The second attack is Interception of Packets Attack and can be seen as an extension to the first attack; thus the prerequisite for it is the successful completion of the first attack. In the second attack, an attacker eavesdrops on the unencrypted
34
35
4 PRACTICAL EXPERIMENTS AND OUR NOVEL SOLUTIONS
4.1 INTRODUCTION
Security of smart homes depends greatly on the security of the wireless interfaces used in their implementation. In this chapter, we summarize our practical attack scenarios and our novel solutions, which we believe will enhance the security of data transmitted in smart homes. Much work had already been done by Haataja et al. [6–10] on Bluetooth security, so we only studied critically these previous papers and moved on to investigate the security vulnerabilities in ZigBee network. Moreover, we also designed and experimented novel methods, which we believe will solve the problems discovered. 4.2 SUMMARY OF OUR PRACTICAL ATTACK SCENARIOS
In our research in Publication II, we utilized the vulnerabilities found in the main security components of ZigBee technology to practically exploit the network and successfully conducted three practical attacks against ZigBee-enabled devices. All these three attacks were carried out in practice in our laboratory environment. Detailed description of our practical experiments can be found in [18] and [22], and next we provide a short summary of them.
The first attack is Network Discovery and Device Identification Attack, which is based on discovering all ZigBee-enabled networks within range as well as the configurations of the corresponding ZigBee-enabled devices: This vital and fundamental basic information can be used for performing further and more severe attacks against the discovered ZigBee-enabled devices/networks. This attack is made possible because ZigBee devices will transmit beacon request frame on a given channel as part of the network discovery process. In response, ZigBee Routers and Coordinators that receive the beacon request frame will respond by disclosing the PAN ID, Coordinator’s or Router’s source address, stack profile, stack version, and extended IEEE address information [39]. This network discovery process can be mimicked by using KillerBee toolkits (zbstumbler) in order to collect this vital information: This can be accomplished by first sending beacon request frames and then displaying information about devices that have been discovered [39–40].
The second attack is Interception of Packets Attack and can be seen as an extension to the first attack; thus the prerequisite for it is the successful completion of the first attack. In the second attack, an attacker eavesdrops on the unencrypted
36
or encrypted traffic of a ZigBee-enabled network in order to obtain and utilize any sensitive/useful information. The attack was performed using a KillerBee toolkit (zbdump). It captured and saved the traffic into a capture file, which was then opened and analyzed with Wireshark [41].
The third attack is based on replaying (re-transmitting) the captured data as if the original sender is sending the data again. The effect of a Replay attack on a network obviously depends on the content of the data being replayed: It can have only a minor effect or a severe one [41–42]. We practically conducted the Replay attack in our laboratory environment using KillerBee’s zbreplay tool. Prior to using the zbreplay tool, the captured data was converted into the DCF (Daintree Capture File) format by using KillerBee’s zbconvert tool. Then Replay attack was implemented by reading from a capture file and re-transmitting the frames with a pre-specified delay: zbreplay transmits each frame (without acknowledgement frames), thereby preserving the original integrity of the traffic. Thus, an attacker can manipulate the captured files and re-transmit only the frames needed to be replayed. As also noted in [39], the process is very straightforward: Wireshark [41] can be used for modifying captured files and also since Daintree SNA capture files are only saved as Windows-formatted plaintext files, the attacker can simply edit the files by opening the packet capture file in the editor, delete the lines that are not needed, and finally re-transmit the frame. 4.3 OUR NOVEL SOLUTIONS
We proposed two different novel solutions for the two wireless interfaces investigated in our research study and we believe these solutions will enhance their security. In Publication III, we proposed a novel method that will strengthen the Bluetooth pairing process by employing Steganography in which secret messages and key are hidden in a cover object. We also demonstrated this technique with experimental figures to show its uniqueness and we believe this technique will draw a robust Bluetooth pairing model, which can counteract MITM attacks. In Publication IV, we presented a novel approach to improve the security and authentication of healthcare images transmitted via wireless network based on digital watermarking technique. In this approach, a special digital image is embedded into the RONI sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity [43].
37
4.3.1 Bluetooth Pairing Process Using Steganography In Publication III, we proposed a novel method, which we believe will improve
the Bluetooth pairing process by concealing a secret message and key inside a cover object. Moreover, we practically experimented this technique to prove its efficiency against attacks, such as MITM attacks. This study was conducted mainly to improve the pairing process of Bluetooth network by integrating steganography into the pairing process to counter MITM attacks. Two major reasons were identified to fuel MITM attacks during Bluetooth pairing: the first is the lack of adequate security and the second is lack of mutual verification process, which has been taken into consideration in our novel technique in Publication III. There are three main phases in the experiment (as described in Publication III):
I. During the first phase, the requester generates a key and embeds it inside
an image. The aim of introducing steganography into this pairing process is to ensure that the process of pairing is completely unknown to the attacker. After embedding the key into the image at the requester’s side, the image is then transmitted to the responder. The responder on the other side receives this stego image, generates his own key, and sends it back to the requester. This is a two way process, which involves both the requester and responder to send keys in the initial phase.
II. During the second phase, key verification is carried out. Immediately after the requester obtains the responder’s key, a request is sent to check the key and confirm its authenticity. Once the authenticity is confirmed, a new key is generated based on requester and responder’s keys called the “Shared_Key”.
III. This is the final phase before a secure connection is successfully established between the pairing devices. A message will be embedded into the image and in order to obtain this message, a password is required, which is the “Shared_Key”, in order to successfully complete the process. To ensure there is a strong screening process, two requests will be generated: the first request aims at verifying the “Shared_Key” between the connecting devices, while the second request is to verify the originality of the message. All confirmation processes take place internally without any user interaction.
Our results in Publication III affirm the possibility of integrating Steganography
into Bluetooth pairing process to prevent attacks and we believe this method can efficiently secure the entire Bluetooth network by making the pairing process robust.
36
or encrypted traffic of a ZigBee-enabled network in order to obtain and utilize any sensitive/useful information. The attack was performed using a KillerBee toolkit (zbdump). It captured and saved the traffic into a capture file, which was then opened and analyzed with Wireshark [41].
The third attack is based on replaying (re-transmitting) the captured data as if the original sender is sending the data again. The effect of a Replay attack on a network obviously depends on the content of the data being replayed: It can have only a minor effect or a severe one [41–42]. We practically conducted the Replay attack in our laboratory environment using KillerBee’s zbreplay tool. Prior to using the zbreplay tool, the captured data was converted into the DCF (Daintree Capture File) format by using KillerBee’s zbconvert tool. Then Replay attack was implemented by reading from a capture file and re-transmitting the frames with a pre-specified delay: zbreplay transmits each frame (without acknowledgement frames), thereby preserving the original integrity of the traffic. Thus, an attacker can manipulate the captured files and re-transmit only the frames needed to be replayed. As also noted in [39], the process is very straightforward: Wireshark [41] can be used for modifying captured files and also since Daintree SNA capture files are only saved as Windows-formatted plaintext files, the attacker can simply edit the files by opening the packet capture file in the editor, delete the lines that are not needed, and finally re-transmit the frame. 4.3 OUR NOVEL SOLUTIONS
We proposed two different novel solutions for the two wireless interfaces investigated in our research study and we believe these solutions will enhance their security. In Publication III, we proposed a novel method that will strengthen the Bluetooth pairing process by employing Steganography in which secret messages and key are hidden in a cover object. We also demonstrated this technique with experimental figures to show its uniqueness and we believe this technique will draw a robust Bluetooth pairing model, which can counteract MITM attacks. In Publication IV, we presented a novel approach to improve the security and authentication of healthcare images transmitted via wireless network based on digital watermarking technique. In this approach, a special digital image is embedded into the RONI sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity [43].
37
4.3.1 Bluetooth Pairing Process Using Steganography In Publication III, we proposed a novel method, which we believe will improve
the Bluetooth pairing process by concealing a secret message and key inside a cover object. Moreover, we practically experimented this technique to prove its efficiency against attacks, such as MITM attacks. This study was conducted mainly to improve the pairing process of Bluetooth network by integrating steganography into the pairing process to counter MITM attacks. Two major reasons were identified to fuel MITM attacks during Bluetooth pairing: the first is the lack of adequate security and the second is lack of mutual verification process, which has been taken into consideration in our novel technique in Publication III. There are three main phases in the experiment (as described in Publication III):
I. During the first phase, the requester generates a key and embeds it inside
an image. The aim of introducing steganography into this pairing process is to ensure that the process of pairing is completely unknown to the attacker. After embedding the key into the image at the requester’s side, the image is then transmitted to the responder. The responder on the other side receives this stego image, generates his own key, and sends it back to the requester. This is a two way process, which involves both the requester and responder to send keys in the initial phase.
II. During the second phase, key verification is carried out. Immediately after the requester obtains the responder’s key, a request is sent to check the key and confirm its authenticity. Once the authenticity is confirmed, a new key is generated based on requester and responder’s keys called the “Shared_Key”.
III. This is the final phase before a secure connection is successfully established between the pairing devices. A message will be embedded into the image and in order to obtain this message, a password is required, which is the “Shared_Key”, in order to successfully complete the process. To ensure there is a strong screening process, two requests will be generated: the first request aims at verifying the “Shared_Key” between the connecting devices, while the second request is to verify the originality of the message. All confirmation processes take place internally without any user interaction.
Our results in Publication III affirm the possibility of integrating Steganography
into Bluetooth pairing process to prevent attacks and we believe this method can efficiently secure the entire Bluetooth network by making the pairing process robust.
38
4.3.2 Novel Implementation of Digital Watermarking Technique for Wireless Transmission of Data
In Publication IV, we presented a unique security and authentication technique
to securely transmit healthcare images in smart homes based on digital watermarking. The technique includes introducing digital watermarking [44–47] in which a special information or possibly another digital content is embedded into the healthcare images at the sender’s side. As described in Publication IV, our technique will be another unique way to adequately enhance the security of these healthcare images. The purpose of embedding a watermark into these healthcare images is to serve the purpose of access control, copyright protection, and authentication. Healthcare images are very sensitive and thus modification of these images is not allowed (nondestructive) [44, 48]. The method must also be reversible, i.e., the healthcare images must be accurately recovered back to their original state. Wireless networks are very important in realizing smart homes and mobile health systems, but the current state in terms of security is a major concern. As illustrated in details in Publication IV, there are two main processes involved in our technique:
I. Embedding process: This process takes place before transmission over the wireless network. The smart home user embeds a special information or another digital image into a healthcare image and then transmits it to the recipient, which in our case may be the consultant.
II. Extraction process: This process takes place at the recipient’s side after transmission over the wireless network. At this stage, the watermarked healthcare image is verified to determine its authenticity and if it has been tampered with or not. If after the verification process, the watermarked healthcare image is confirmed to be OK, then the original image and watermark are extracted and verified. Otherwise, the image is simply discarded.
The efficiency of digital watermarking method in enhancing security has been
confirmed by previous academic researchers [44–47]. We have proposed its novel implementation in Publication IV and we believe that it will significantly improve the security level for wirelessly transmitted healthcare images in smart homes and mobile heath systems.
As mentioned earlier, our technique has two parts: the first part is the RONI selection in which the Region of Non-Interest is separated from the Region of Interest (ROI). ROI is the sensitive region of the healthcare images and must not experience any change. After RONI has been selected, then the second part, which is the watermarking part, is carried out. In the second part, the watermark is embedded into the RONI. Healthcare images are sensitive images and watermark should not be embedded into the whole image, because the quality of the image
39
may be degraded. Thus, RONI was selected as a suitable place to embed this watermark [44, 49–52]. In Publication IV, we presented a freehand selection of RONI, since we feel that it guarantees the best results in our application, considering that different healthcare images would be transmitted and the ROI for each image differs.
Once RONI is selected, DWT watermarking technique is performed on the image, in which the image is decomposed into four sub-bands: one low frequency sub-band (LL, Approximate sub-band) and three high frequency sub-bands (LH, Vertical sub-band; HL, Horizontal sub-band; and HH, Diagonal sub-band), where L is Low-pass filter and H is High-pass filter [46, 50]. In our novel technique, we embed the watermark into the LL sub-band of the decomposed images, because it guarantees the best results in our application in terms of both imperceptibility and robustness of the healthcare images and watermark.
In Publication IV, we experimented our novel method in Matlab and tested the effectiveness using four healthcare X-Ray images provided by Kuopio University Hospital and a watermark. All images were in JPEG format. The four healthcare X-Ray images are Left Hip, Chest, Pelvis, and Leg of sizes 440x554, 605x568, 622x543, and 447x543 pixels respectively and the embedded watermark was the University of Eastern Finland’s logo with 75x75 pixels of size. Figure 4 depicts the original images and watermark before embedment.
As presented earlier in our experiment in Publication IV, Table 2 compares the original images with the watermarked images as well as with the images after the extraction process is carried out, while Table 3 compares the original watermarks before the embedding process with the extracted watermarks.
In our method in Publication IV, the watermarks were embedded into the healthcare images in such a way that they remain highly imperceptible and cannot be noticed with the naked eye, and the images experience no change at all. The histograms also depict the same results. However, when comparing the original watermarks and the extracted watermarks, we noticed slight changes in the quality of the extracted watermarks after extraction from the watermarked images. However, the aim of this experiment has been achieved, since the exacted images with no change in any pixels’ values were recovered.
Our results in Publication IV affirms that the technique is robust and reliable and it can be implemented in smart homes and mobile health systems for authentication and enhanced security of the healthcare images being transmitted via wireless networks to the recipient.
38
4.3.2 Novel Implementation of Digital Watermarking Technique for Wireless Transmission of Data
In Publication IV, we presented a unique security and authentication technique
to securely transmit healthcare images in smart homes based on digital watermarking. The technique includes introducing digital watermarking [44–47] in which a special information or possibly another digital content is embedded into the healthcare images at the sender’s side. As described in Publication IV, our technique will be another unique way to adequately enhance the security of these healthcare images. The purpose of embedding a watermark into these healthcare images is to serve the purpose of access control, copyright protection, and authentication. Healthcare images are very sensitive and thus modification of these images is not allowed (nondestructive) [44, 48]. The method must also be reversible, i.e., the healthcare images must be accurately recovered back to their original state. Wireless networks are very important in realizing smart homes and mobile health systems, but the current state in terms of security is a major concern. As illustrated in details in Publication IV, there are two main processes involved in our technique:
I. Embedding process: This process takes place before transmission over the wireless network. The smart home user embeds a special information or another digital image into a healthcare image and then transmits it to the recipient, which in our case may be the consultant.
II. Extraction process: This process takes place at the recipient’s side after transmission over the wireless network. At this stage, the watermarked healthcare image is verified to determine its authenticity and if it has been tampered with or not. If after the verification process, the watermarked healthcare image is confirmed to be OK, then the original image and watermark are extracted and verified. Otherwise, the image is simply discarded.
The efficiency of digital watermarking method in enhancing security has been
confirmed by previous academic researchers [44–47]. We have proposed its novel implementation in Publication IV and we believe that it will significantly improve the security level for wirelessly transmitted healthcare images in smart homes and mobile heath systems.
As mentioned earlier, our technique has two parts: the first part is the RONI selection in which the Region of Non-Interest is separated from the Region of Interest (ROI). ROI is the sensitive region of the healthcare images and must not experience any change. After RONI has been selected, then the second part, which is the watermarking part, is carried out. In the second part, the watermark is embedded into the RONI. Healthcare images are sensitive images and watermark should not be embedded into the whole image, because the quality of the image
39
may be degraded. Thus, RONI was selected as a suitable place to embed this watermark [44, 49–52]. In Publication IV, we presented a freehand selection of RONI, since we feel that it guarantees the best results in our application, considering that different healthcare images would be transmitted and the ROI for each image differs.
Once RONI is selected, DWT watermarking technique is performed on the image, in which the image is decomposed into four sub-bands: one low frequency sub-band (LL, Approximate sub-band) and three high frequency sub-bands (LH, Vertical sub-band; HL, Horizontal sub-band; and HH, Diagonal sub-band), where L is Low-pass filter and H is High-pass filter [46, 50]. In our novel technique, we embed the watermark into the LL sub-band of the decomposed images, because it guarantees the best results in our application in terms of both imperceptibility and robustness of the healthcare images and watermark.
In Publication IV, we experimented our novel method in Matlab and tested the effectiveness using four healthcare X-Ray images provided by Kuopio University Hospital and a watermark. All images were in JPEG format. The four healthcare X-Ray images are Left Hip, Chest, Pelvis, and Leg of sizes 440x554, 605x568, 622x543, and 447x543 pixels respectively and the embedded watermark was the University of Eastern Finland’s logo with 75x75 pixels of size. Figure 4 depicts the original images and watermark before embedment.
As presented earlier in our experiment in Publication IV, Table 2 compares the original images with the watermarked images as well as with the images after the extraction process is carried out, while Table 3 compares the original watermarks before the embedding process with the extracted watermarks.
In our method in Publication IV, the watermarks were embedded into the healthcare images in such a way that they remain highly imperceptible and cannot be noticed with the naked eye, and the images experience no change at all. The histograms also depict the same results. However, when comparing the original watermarks and the extracted watermarks, we noticed slight changes in the quality of the extracted watermarks after extraction from the watermarked images. However, the aim of this experiment has been achieved, since the exacted images with no change in any pixels’ values were recovered.
Our results in Publication IV affirms that the technique is robust and reliable and it can be implemented in smart homes and mobile health systems for authentication and enhanced security of the healthcare images being transmitted via wireless networks to the recipient.
40
Figure 4. (a) Original Left Hip X-Ray Image, (b) Original Chest X-Ray Image, (c) Original Pelvis
X-Ray Image, (d) Original Leg X-Ray Image, and(e) Original Watermark.
41
Table 2. Comparing Original, Watermarked, and Extracted Images. Image Name:
Original Image:
Watermarked Image:
Image After Extraction:
Left Hip
Chest
Pelvis
Leg
40
Figure 4. (a) Original Left Hip X-Ray Image, (b) Original Chest X-Ray Image, (c) Original Pelvis
X-Ray Image, (d) Original Leg X-Ray Image, and(e) Original Watermark.
41
Table 2. Comparing Original, Watermarked, and Extracted Images. Image Name:
Original Image:
Watermarked Image:
Image After Extraction:
Left Hip
Chest
Pelvis
Leg
42
Table 3. Comparing Original and Extracted Watermarks.
Experiment number:
Image: Embedded Original
Watermark: Extracted
Watermark:
1
Left Hip
2
Chest
3
Pelvis
4
Leg
43
5 CONCLUSION AND FUTURE WORK
Security is a very important issue in mart home environments due to the sensitive nature of private and confidential data being transmitted via wireless communication links. The wireless technologies being used in the implementation of smart homes have security issues that could have severe security implications if they are not carefully taken into account. Therefore, identification of these security issues is crucial to taking the appropriate steps towards mitigating them and enhancing the security of the collected data within these homes.
This thesis presents our studies on how to enhance the security of transmitted data via wireless interfaces in smart home environments. All our practical attacks and proposed techniques were experimented and practically demonstrated to show that truly these threats are real and how efficiently our proposed techniques will work in securing transmission of data via these interfaces in smart homes.
Firstly, we provided an investigation into the possible security issues in Smart Home Systems. In addition, we analyzed smart environments with an emphasis on the security challenges of the wireless network interfaces being utilized in these systems and we proposed possible countermeasures to mitigate these threats. We also applied threat modeling process to our SEAL system to identify the assets and threats to the system and we examined how the SEAL system can be designed in a more secure way that will guarantee a maximum protection of data transmitted across the system.
Secondly, we proposed and practically demonstrated in our laboratory environment three (3) attack scenarios against ZigBee network, which is commonly utilized for data transmission in smart homes. These attack scenarios are based on utilizing several vulnerabilities found from the main security components of ZigBee technology. We demonstrated with experimental figures that attack against ZigBee-enabled devices become practical by using our three attack scenarios. In addition, we proposed novel countermeasures related to the integration of time stamping mechanism into the encryption process of ZigBee and the use of intrusion detection and prevention system in the network, we believe our countermeasures will render these attacks impossible if the beacon frame process is continuously monitored and time stamped used for sent and received messages.
Thirdly, we proposed a novel method, which will strengthen the Bluetooth pairing process and thwart the MITM attacks by employing Steganography, and we demonstrated experimentally the efficiency of this technique using mobile phones. It is obvious that the security of Bluetooth pairing process is not adequately addressed by this current cryptographic method, as previous researches have proven that it is possible for an attacker to intercept these messages during key exchange and later retransmit the messages, by sending his own public key to replace the requested one. We believe that introducing steganography into the
42
Table 3. Comparing Original and Extracted Watermarks.
Experiment number:
Image: Embedded Original
Watermark: Extracted
Watermark:
1
Left Hip
2
Chest
3
Pelvis
4
Leg
43
5 CONCLUSION AND FUTURE WORK
Security is a very important issue in mart home environments due to the sensitive nature of private and confidential data being transmitted via wireless communication links. The wireless technologies being used in the implementation of smart homes have security issues that could have severe security implications if they are not carefully taken into account. Therefore, identification of these security issues is crucial to taking the appropriate steps towards mitigating them and enhancing the security of the collected data within these homes.
This thesis presents our studies on how to enhance the security of transmitted data via wireless interfaces in smart home environments. All our practical attacks and proposed techniques were experimented and practically demonstrated to show that truly these threats are real and how efficiently our proposed techniques will work in securing transmission of data via these interfaces in smart homes.
Firstly, we provided an investigation into the possible security issues in Smart Home Systems. In addition, we analyzed smart environments with an emphasis on the security challenges of the wireless network interfaces being utilized in these systems and we proposed possible countermeasures to mitigate these threats. We also applied threat modeling process to our SEAL system to identify the assets and threats to the system and we examined how the SEAL system can be designed in a more secure way that will guarantee a maximum protection of data transmitted across the system.
Secondly, we proposed and practically demonstrated in our laboratory environment three (3) attack scenarios against ZigBee network, which is commonly utilized for data transmission in smart homes. These attack scenarios are based on utilizing several vulnerabilities found from the main security components of ZigBee technology. We demonstrated with experimental figures that attack against ZigBee-enabled devices become practical by using our three attack scenarios. In addition, we proposed novel countermeasures related to the integration of time stamping mechanism into the encryption process of ZigBee and the use of intrusion detection and prevention system in the network, we believe our countermeasures will render these attacks impossible if the beacon frame process is continuously monitored and time stamped used for sent and received messages.
Thirdly, we proposed a novel method, which will strengthen the Bluetooth pairing process and thwart the MITM attacks by employing Steganography, and we demonstrated experimentally the efficiency of this technique using mobile phones. It is obvious that the security of Bluetooth pairing process is not adequately addressed by this current cryptographic method, as previous researches have proven that it is possible for an attacker to intercept these messages during key exchange and later retransmit the messages, by sending his own public key to replace the requested one. We believe that introducing steganography into the
44
pairing process during data transfer will be robust against MITM attacks. Steganography hides the existence of this process by embedding the keys inside a cover image before transmission to the recipient. The whole key exchange process is unknown to the attacker, because the attacker in this case will not even realise the images contain hidden data, only the recipient will be aware of the content; this is a major uniqueness of our technique. In our novel method, only the key will be sent to the receiver at the first phase and the receiver will reply back to the sender with his key. After both the sender and the receiver sent stego image, which has the key embedded, a shared key will be generated, which is in half of the sender's key and half of the receiver's key. In the second stage, the shared key will be verified by both sides. A message will be created at the final stage and integrated into the stego image. The stego image will be extracted by using the shared key in order to view the message and exchange it to check the originality of the hidden message.
Finally, we proposed a novel approach to improve the security and authentication of healthcare images transmitted via wireless network based on digital watermarking technique in which a special digital image is embedded into the RONI sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity. We demonstrated with experimental figures the effectiveness and robustness of this technique by implementing DWT algorithm to successfully embed a watermark into the RONI section of some healthcare images. The watermarks were embedded in such a way that the ROI sections of the images were not affected and the integrity of the images was protected. Our results in Publication IV show clearly that this technique is very robust and efficient in providing authentication and enhancing the security of healthcare images and it can be implemented for wireless communication in smart home and mobile health systems.
Security of smart homes depends greatly on the security of the wireless interfaces implemented for data transfer in these homes. Currently there are several challenges in smart homes and mobile health systems and these challenges are currently in the news as several attacks on smart homes were reported in recent years. In our study, we have analyzed in details the security issues currently faced in smart homes and we have practically demonstrated the reality of some attacks against wireless interfaces used in these homes. We have also proposed novel methods to enhance the security of this wireless interfaces if implemented, and we believe that our results presented in this thesis will be a very useful tool for security researchers to further develop other unique approaches for securing smart environments.
Smart homes are likely to be applicable not only in healthcare, but in various other sectors as well that affect our daily living. However, user’s acceptance of these technologies will be greatly dependent on how secure they are in the future.
45
The problems we want to investigate in our future research work are concerned with the following issues: 1. The adoption of smart homes is likely to increase, not only for healthcare
purposes, but in every sector that affect our daily living. Thus, new attacks against them are likely to be found. We want to further investigate more security issues in smart environments and propose countermeasures against discovered attacks.
2. Since smart homes are rapidly becoming more essential for healthcare use, which is evident based on our SEAL system use case, we proposed in Publication I the integration of intrusion detection/prevention systems into smart homes internal networks. We want to further research on how exactly this can be implemented to efficiently detect any intrusion or attacks and stop any malicious activities.
3. We have discussed in detail in Publication IV about the robustness of our digital watermarking technique if it is implemented for communications in wireless technology enabled smart home or mobile health systems. The SEAL system is currently being developed in the Computational Intelligence (CI) research group at the University of Eastern Finland (UEF). We plan to practically demonstrate our novel technique in the SEAL system, test the robustness of our technique, and show how it will best work in real life healthcare image transmission scenarios in smart environments.
4. We have also discussed in Publication IV some of the possible attacks against digital watermarked documents. One future plan we have is to practically demonstrate the impact of these attacks on our technique. We plan to apply several attacks, including both geometric and non-geometric attacks on the watermarked images to test the robustness of our algorithm and explore unique ways to further improve the robustness.
5. We plan to further improve the robustness of our novel DWT based technique in Publication IV by combining it with other digital watermarking techniques, such as Discrete Cosine Transform (DCT) or Least Significant Bit (LSB). We feel that this hybrid approach will generate the best results in terms of effectiveness and robustness against several watermarking attacks.
44
pairing process during data transfer will be robust against MITM attacks. Steganography hides the existence of this process by embedding the keys inside a cover image before transmission to the recipient. The whole key exchange process is unknown to the attacker, because the attacker in this case will not even realise the images contain hidden data, only the recipient will be aware of the content; this is a major uniqueness of our technique. In our novel method, only the key will be sent to the receiver at the first phase and the receiver will reply back to the sender with his key. After both the sender and the receiver sent stego image, which has the key embedded, a shared key will be generated, which is in half of the sender's key and half of the receiver's key. In the second stage, the shared key will be verified by both sides. A message will be created at the final stage and integrated into the stego image. The stego image will be extracted by using the shared key in order to view the message and exchange it to check the originality of the hidden message.
Finally, we proposed a novel approach to improve the security and authentication of healthcare images transmitted via wireless network based on digital watermarking technique in which a special digital image is embedded into the RONI sections of the healthcare images before transmission over wireless networks to the receiver. Then at the receiver’s side, the embedded special digital image is extracted from the healthcare image and verified to confirm its authenticity. We demonstrated with experimental figures the effectiveness and robustness of this technique by implementing DWT algorithm to successfully embed a watermark into the RONI section of some healthcare images. The watermarks were embedded in such a way that the ROI sections of the images were not affected and the integrity of the images was protected. Our results in Publication IV show clearly that this technique is very robust and efficient in providing authentication and enhancing the security of healthcare images and it can be implemented for wireless communication in smart home and mobile health systems.
Security of smart homes depends greatly on the security of the wireless interfaces implemented for data transfer in these homes. Currently there are several challenges in smart homes and mobile health systems and these challenges are currently in the news as several attacks on smart homes were reported in recent years. In our study, we have analyzed in details the security issues currently faced in smart homes and we have practically demonstrated the reality of some attacks against wireless interfaces used in these homes. We have also proposed novel methods to enhance the security of this wireless interfaces if implemented, and we believe that our results presented in this thesis will be a very useful tool for security researchers to further develop other unique approaches for securing smart environments.
Smart homes are likely to be applicable not only in healthcare, but in various other sectors as well that affect our daily living. However, user’s acceptance of these technologies will be greatly dependent on how secure they are in the future.
45
The problems we want to investigate in our future research work are concerned with the following issues: 1. The adoption of smart homes is likely to increase, not only for healthcare
purposes, but in every sector that affect our daily living. Thus, new attacks against them are likely to be found. We want to further investigate more security issues in smart environments and propose countermeasures against discovered attacks.
2. Since smart homes are rapidly becoming more essential for healthcare use, which is evident based on our SEAL system use case, we proposed in Publication I the integration of intrusion detection/prevention systems into smart homes internal networks. We want to further research on how exactly this can be implemented to efficiently detect any intrusion or attacks and stop any malicious activities.
3. We have discussed in detail in Publication IV about the robustness of our digital watermarking technique if it is implemented for communications in wireless technology enabled smart home or mobile health systems. The SEAL system is currently being developed in the Computational Intelligence (CI) research group at the University of Eastern Finland (UEF). We plan to practically demonstrate our novel technique in the SEAL system, test the robustness of our technique, and show how it will best work in real life healthcare image transmission scenarios in smart environments.
4. We have also discussed in Publication IV some of the possible attacks against digital watermarked documents. One future plan we have is to practically demonstrate the impact of these attacks on our technique. We plan to apply several attacks, including both geometric and non-geometric attacks on the watermarked images to test the robustness of our algorithm and explore unique ways to further improve the robustness.
5. We plan to further improve the robustness of our novel DWT based technique in Publication IV by combining it with other digital watermarking techniques, such as Discrete Cosine Transform (DCT) or Least Significant Bit (LSB). We feel that this hybrid approach will generate the best results in terms of effectiveness and robustness against several watermarking attacks.
46
47
6 BIBLIOGRAPHY
[1] Mouhcine G., Jonas T., Catherine W. and Khalil E., “Context-Based Access Control to Medical Data in Smart Homes,” International Conference on Computer Engineering and Applications (IPCSIT’2011), Vol. 2, IACSIT Press, Singapore, 2011, pp. 275–279.
[2] Olawumi, O., Väänänen, A., Haataja, K. and Toivanen, P., 2017. Security Issues in Smart Home and Mobile Health System: Threat Analysis, Possible Countermeasures and Lesson Learned. International Journal on Information Technologies and Security, 9(1), pp.31-52.
[3] Väänänen A., Haataja K., Asikainen M., Jantunen I., and Toivanen P., “Mobile Health Applications – A Comparative Analysis and a Novel Mobile Health Platform,” Proceedings of 5th Springer International Conference on Sensor Systems and Software (S-CUBE’2014), Coventry, Great Britain, 2014.
[4] John D., Security Issues with Wi-Fi, Bluetooth, and ZigBee. TechZone, 2012. [Online]. Available: http://www.digikey.com/us/en/techzone/wireless/resources/articles/security-issues-with-wi-fi-bluetooth-zigbee.html. Accessed on November 2, 2016.
[5] Steven M., Data Security in European Healthcare Information Systems. Doctoral Dissertation, University of Plymouth, Plymouth, UK, June 1995.Available: http://pearl.plymouth.ac.uk/handle/10026.1/411.Accessed on November 2, 2016.
[6] Haataja, K., 2009. Security threats and countermeasures in Bluetooth-enabled systems. University of Kuopio.
[7] Haataja, K., Hyppönen, K., Pasanen, S. and Toivanen, P., 2013. Bluetooth Security Attacks: Comparative Analysis, Attacks, and Countermeasures. Springer Science & Business Media.
[8] Haataja, K., Hypponen, K. and Toivanen, P., 2011. Ten years of bluetooth security attacks: Lessons learned. Computer Science I Like, 45.
[9] Haataja, K.M. and Hypponen, K., 2008, March. Man-in-the-middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures. In Communications, Control and Signal Processing, 2008. ISCCSP 2008. 3rd International Symposium on (pp. 1096-1102). IEEE.
[10] Haataja, K. and Toivanen, P., 2010. Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. IEEE Transactions on Wireless Communications, 9(1).
[11] Bugeja, J., Jacobsson, A. and Davidsson, P., 2016. On Privacy and Security Challenges in Smart Connected Homes.
[12] N. King, “Smart home - A Definition,” Milton Keynes: Intertek Research and Testing Centre, 2003
[13] Robles, R.J., Kim, T.H., Cook, D. and Das, S., 2010. A review on security in smart home development. International Journal of Advanced Science and Technology, 15.
[14] Kavitha, R., Nasira, G.M. and Nachamai, N., 2012. Smart Home Systems using Wireless Sensor Network-A Comparative Analysis. International Journal of Computer Engineering & Technology, 3(3), pp.94-103.
[15] Georgios M., Dimitrios L., and Nikos K., Security in Smart Home Environment. Wireless Technologies for Ambient Assisted Living and Healthcare – Systems and Applications (Book Chapter), IGI Global, 2011, pp. 170–191.
46
47
6 BIBLIOGRAPHY
[1] Mouhcine G., Jonas T., Catherine W. and Khalil E., “Context-Based Access Control to Medical Data in Smart Homes,” International Conference on Computer Engineering and Applications (IPCSIT’2011), Vol. 2, IACSIT Press, Singapore, 2011, pp. 275–279.
[2] Olawumi, O., Väänänen, A., Haataja, K. and Toivanen, P., 2017. Security Issues in Smart Home and Mobile Health System: Threat Analysis, Possible Countermeasures and Lesson Learned. International Journal on Information Technologies and Security, 9(1), pp.31-52.
[3] Väänänen A., Haataja K., Asikainen M., Jantunen I., and Toivanen P., “Mobile Health Applications – A Comparative Analysis and a Novel Mobile Health Platform,” Proceedings of 5th Springer International Conference on Sensor Systems and Software (S-CUBE’2014), Coventry, Great Britain, 2014.
[4] John D., Security Issues with Wi-Fi, Bluetooth, and ZigBee. TechZone, 2012. [Online]. Available: http://www.digikey.com/us/en/techzone/wireless/resources/articles/security-issues-with-wi-fi-bluetooth-zigbee.html. Accessed on November 2, 2016.
[5] Steven M., Data Security in European Healthcare Information Systems. Doctoral Dissertation, University of Plymouth, Plymouth, UK, June 1995.Available: http://pearl.plymouth.ac.uk/handle/10026.1/411.Accessed on November 2, 2016.
[6] Haataja, K., 2009. Security threats and countermeasures in Bluetooth-enabled systems. University of Kuopio.
[7] Haataja, K., Hyppönen, K., Pasanen, S. and Toivanen, P., 2013. Bluetooth Security Attacks: Comparative Analysis, Attacks, and Countermeasures. Springer Science & Business Media.
[8] Haataja, K., Hypponen, K. and Toivanen, P., 2011. Ten years of bluetooth security attacks: Lessons learned. Computer Science I Like, 45.
[9] Haataja, K.M. and Hypponen, K., 2008, March. Man-in-the-middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures. In Communications, Control and Signal Processing, 2008. ISCCSP 2008. 3rd International Symposium on (pp. 1096-1102). IEEE.
[10] Haataja, K. and Toivanen, P., 2010. Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. IEEE Transactions on Wireless Communications, 9(1).
[11] Bugeja, J., Jacobsson, A. and Davidsson, P., 2016. On Privacy and Security Challenges in Smart Connected Homes.
[12] N. King, “Smart home - A Definition,” Milton Keynes: Intertek Research and Testing Centre, 2003
[13] Robles, R.J., Kim, T.H., Cook, D. and Das, S., 2010. A review on security in smart home development. International Journal of Advanced Science and Technology, 15.
[14] Kavitha, R., Nasira, G.M. and Nachamai, N., 2012. Smart Home Systems using Wireless Sensor Network-A Comparative Analysis. International Journal of Computer Engineering & Technology, 3(3), pp.94-103.
[15] Georgios M., Dimitrios L., and Nikos K., Security in Smart Home Environment. Wireless Technologies for Ambient Assisted Living and Healthcare – Systems and Applications (Book Chapter), IGI Global, 2011, pp. 170–191.
48
[16] Guoyou H., Requirements for Security in Home Environments. Seminar on Internetworking, Helsinki University of Technology, spring 2002.
[17] William S., Cryptography and Network Security – Principles and Practice. Fifth Edition, Prentice Hall, 2011.
[18] Olawumi O., Haataja K., Asikainen M., Vidgren N., and Toivanen P., “Three Practical Attacks Against ZigBee Security – Attack Scenario Definition, Practical Experiment, Countermeasures, and Lessons Learned,”14th IEEE International Conference on Hybrid Intelligent Systems (HIS’2014), Kuwait, December 14–16, 2014.
[19] William S., Network Security Essentials – Applications and Standards. Fourth Edition, Prentice Hall, 2011.
[20] N. Vidgren, K. Haataja, J.L. Patiño-Andres, J.J. Ramírez-Sanchis, and P. Toivanen, “Security Threats in ZigBee-Enabled Systems – Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned,” in Proceedings of the 46th IEEE Hawaii International Conference on System Sciences (HICSS-46), Maui, Hawaii, January 7–10, 2013.
[21] L. Crowther, “Exploiting ZigBee CprE 537 Wireless Network Security Project Report”. Lowa State University, Computer Science Department. Lowa, USA.
[22] O. Olawumi, “Practical ZigBee Exploitation Using KillerBee Toolkits” Master thesis submitted to the University of Eastern Finland, Faculty of Science and Forestry. 2012.
[23] ZigBee Alliance, ZigBee Specifications: ZigBee and ZigBee Pro. [Online]. Available: http://www.zigbee.org. [Accessed Oct. 21, 2014].
[24] IEEE, IEEE 802.15.4-2003 Specification. [Online]. Available http://standards.ieee.org/getieee802/download/802.15.4-2003.pdf. [Accessed Oct. 21, 2014].
[25] I. P´erez-Gonz´alez, My Bandwidth Is Wider Than Yours: Ultra-Wideband, Wireless USB and WiNET in Linux. [Online]. Available: http://ols.fedoraproject.org/OLS/Reprints-2007/perez-gonzalez-Reprint.pdf. [Accessed Oct. 21, 2014].
[26] S. Farahani, ZigBee Wireless Networks and Transceivers,Newnes, Elsevier, Burlington, USA, 2008.
[27] R. Rodrigues da Silva Severino, On the Use of IEEE 802.15.4/ZigBee for Time-Sensitive Wireless Sensor Network Applications. [Online]. Available: http://www.cooperating-objects.eu/fileadmin/dissemination/2009-thesis-award/severino.pdf. [Accessed Oct. 21, 2014].
[28] I. Ramachandran, A. Das, and S. Roy, Analysis of the Contention Access Period of IEEE 802.15.4 MAC. [Online]. Available: http://www.ee.washington.edu/research/funlab/Publications/2006/CAP_802_15_4_Analysis.pdf. [Accessed Oct. 21, 2014].
[29] Bluetooth SIG, Bluetooth 4.2 Core Specification. [Online]. Available: https://www.bluetooth.com/specifications/adopted-specifications. [Accessed May 6, 2016].
[30] M. Nafie, A. Dabak, T. Schmidl, and A. Gatherer, "Enhancements to the Bluetooth Specification," in Proceedings of the IEEE 35th Asilomar Conference on Signals, Systems, and Computers, Vol. 2, Pacific Grove, CA, USA, Nov. 4–7, 2001, pp. 1591–1595.
[31] T. Mutchukota, S. Panigrahy, and S. Jena, "Man-in-the-Middle Attack and Its Countermeasure in Bluetooth Secure Simple Pairing," Computer Networks and Intelligent Computing, Communications in Computer and Information Science Series, Vol. 157, Springer Berlin Heidelberg, pp. 367–376, 2011.
49
[32] MA. Albahar, K. Haataja, P. Toivanen, 2016. Bluetooth MITM Vulnerabilities: A literature Review, Novel Attack Scenerios, Novel Countermeasures, and Lessons Learned. International Journal on Information Technologies & Security, 8(4).
[33] Bluetooth SIG, Bluetooth SIG Annual Report 2014. [Online]. Available: https://www.bluetooth.org/en-us/Members/Annual-Report/2014-Annual-Report/default.aspx. [Accessed May 6, 2016].
[34] M. Jakobsson and S. Wetzel, "Security Weaknesses in Bluetooth," LNCS, Vol. 2020, Springer Berlin Heidelberg, pp. 176–191, 2001.
[35] P. Wang, "Bluetooth Low Energy: Privacy Enhancement for Advertisement," M.Sc. Thesis, Norwegian University of Science and Technology, 2014.
[36] MA. Albahar, O. Olawumi, K. Haataja, P. Toivanen, 2017. A Novel Method for Bluetooth Pairing using Steganography. International Journal on Information Technologies & Security, 9(1), pp 53-66.
[37] Levi A., Cetintas E., Aydos M., Koc C., and Caglayan M., Relay Attacks on Bluetooth Authentication and Solutions, Lecture Notes in Computer Science, Springer-Verlag,(vol.3280), 2004, pp. 278–288.
[38] Barnickel J., Wang J., and Meyer U., Implementing an Attack on Bluetooth 2.1+ Secure Simple Pairing in Passkey Entry Mode, IEEE 11th International Conference onTrust, Security, and Privacy in Computing and Communications (TrustCom’2012),2012, pp. 17–24.
[39] J. Cache, J. Wright, and V. Liu, Hacking Exposed Wireless: Wireless Security Secrets and Solutions, McGraw-Hill, Second Edition, Jul. 2010.
[40] L. Crowther, ”Exploiting ZigBee,” Wireless Network Security Project Report, Lowa State University, Computer Science Department, Lowa, USA, 2011.
[41] Wireshark Foundation, Wireshark. [Online]. Available: http://www.wireshark.org. [Accessed Oct. 21, 2014].
[42] J. Wright, KillerBee: Practical ZigBee Exploitation Framework or ”Wireless Hacking and the Kinetic World”. [Online]. Available: http://www.willhackforsushi.com/presentations/toorcon11-wright.pdf. [Accessed Oct. 21, 2014].
[43] Olawumi, O., Haataja, K. and Toivanen, P., 2017. A Novel Security and Authentication Technique for Reliable Wireless Transmission of Healthcare Images in Smart Home and Mobile Health Systems Based on Digital Watermarking. International Journal on Information Technologies and Security, 9(1), pp.67-84.
[44] Ahmed M., Charlie O., Tarfa H., and Robert D., “Improving the Security of the Medical Images,” International Journal of Advanced Computer Science and Applications(IJACSA), Vol. 4, No. 9, 2013.
[45] Nassiri B., Latif R., Toumanari A., Maoulainine F., “Secure Transmission of Medical Images by Watermarking Technique,” IEEE International Conference on Complex Systems (ICCS’2012),Agadir, Morocco, Nov. 5–6, 2012.
[46] Neha D. and Neha P., “Analysis of Encryption and Watermarking Technique for Secure Bluetooth Transmission of Image Files,” International Journal of Engineering Research and Technology (IJERT), Vol. 2, No. 1, 2013.
[47] Christopher N., Gautam K., Ramesh C., and Taehyung W., “Digital Watermarking of Medical Images for Mobile Devices,” IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’2010), CA, USA, Jun. 7–9, 2010.
48
[16] Guoyou H., Requirements for Security in Home Environments. Seminar on Internetworking, Helsinki University of Technology, spring 2002.
[17] William S., Cryptography and Network Security – Principles and Practice. Fifth Edition, Prentice Hall, 2011.
[18] Olawumi O., Haataja K., Asikainen M., Vidgren N., and Toivanen P., “Three Practical Attacks Against ZigBee Security – Attack Scenario Definition, Practical Experiment, Countermeasures, and Lessons Learned,”14th IEEE International Conference on Hybrid Intelligent Systems (HIS’2014), Kuwait, December 14–16, 2014.
[19] William S., Network Security Essentials – Applications and Standards. Fourth Edition, Prentice Hall, 2011.
[20] N. Vidgren, K. Haataja, J.L. Patiño-Andres, J.J. Ramírez-Sanchis, and P. Toivanen, “Security Threats in ZigBee-Enabled Systems – Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned,” in Proceedings of the 46th IEEE Hawaii International Conference on System Sciences (HICSS-46), Maui, Hawaii, January 7–10, 2013.
[21] L. Crowther, “Exploiting ZigBee CprE 537 Wireless Network Security Project Report”. Lowa State University, Computer Science Department. Lowa, USA.
[22] O. Olawumi, “Practical ZigBee Exploitation Using KillerBee Toolkits” Master thesis submitted to the University of Eastern Finland, Faculty of Science and Forestry. 2012.
[23] ZigBee Alliance, ZigBee Specifications: ZigBee and ZigBee Pro. [Online]. Available: http://www.zigbee.org. [Accessed Oct. 21, 2014].
[24] IEEE, IEEE 802.15.4-2003 Specification. [Online]. Available http://standards.ieee.org/getieee802/download/802.15.4-2003.pdf. [Accessed Oct. 21, 2014].
[25] I. P´erez-Gonz´alez, My Bandwidth Is Wider Than Yours: Ultra-Wideband, Wireless USB and WiNET in Linux. [Online]. Available: http://ols.fedoraproject.org/OLS/Reprints-2007/perez-gonzalez-Reprint.pdf. [Accessed Oct. 21, 2014].
[26] S. Farahani, ZigBee Wireless Networks and Transceivers,Newnes, Elsevier, Burlington, USA, 2008.
[27] R. Rodrigues da Silva Severino, On the Use of IEEE 802.15.4/ZigBee for Time-Sensitive Wireless Sensor Network Applications. [Online]. Available: http://www.cooperating-objects.eu/fileadmin/dissemination/2009-thesis-award/severino.pdf. [Accessed Oct. 21, 2014].
[28] I. Ramachandran, A. Das, and S. Roy, Analysis of the Contention Access Period of IEEE 802.15.4 MAC. [Online]. Available: http://www.ee.washington.edu/research/funlab/Publications/2006/CAP_802_15_4_Analysis.pdf. [Accessed Oct. 21, 2014].
[29] Bluetooth SIG, Bluetooth 4.2 Core Specification. [Online]. Available: https://www.bluetooth.com/specifications/adopted-specifications. [Accessed May 6, 2016].
[30] M. Nafie, A. Dabak, T. Schmidl, and A. Gatherer, "Enhancements to the Bluetooth Specification," in Proceedings of the IEEE 35th Asilomar Conference on Signals, Systems, and Computers, Vol. 2, Pacific Grove, CA, USA, Nov. 4–7, 2001, pp. 1591–1595.
[31] T. Mutchukota, S. Panigrahy, and S. Jena, "Man-in-the-Middle Attack and Its Countermeasure in Bluetooth Secure Simple Pairing," Computer Networks and Intelligent Computing, Communications in Computer and Information Science Series, Vol. 157, Springer Berlin Heidelberg, pp. 367–376, 2011.
49
[32] MA. Albahar, K. Haataja, P. Toivanen, 2016. Bluetooth MITM Vulnerabilities: A literature Review, Novel Attack Scenerios, Novel Countermeasures, and Lessons Learned. International Journal on Information Technologies & Security, 8(4).
[33] Bluetooth SIG, Bluetooth SIG Annual Report 2014. [Online]. Available: https://www.bluetooth.org/en-us/Members/Annual-Report/2014-Annual-Report/default.aspx. [Accessed May 6, 2016].
[34] M. Jakobsson and S. Wetzel, "Security Weaknesses in Bluetooth," LNCS, Vol. 2020, Springer Berlin Heidelberg, pp. 176–191, 2001.
[35] P. Wang, "Bluetooth Low Energy: Privacy Enhancement for Advertisement," M.Sc. Thesis, Norwegian University of Science and Technology, 2014.
[36] MA. Albahar, O. Olawumi, K. Haataja, P. Toivanen, 2017. A Novel Method for Bluetooth Pairing using Steganography. International Journal on Information Technologies & Security, 9(1), pp 53-66.
[37] Levi A., Cetintas E., Aydos M., Koc C., and Caglayan M., Relay Attacks on Bluetooth Authentication and Solutions, Lecture Notes in Computer Science, Springer-Verlag,(vol.3280), 2004, pp. 278–288.
[38] Barnickel J., Wang J., and Meyer U., Implementing an Attack on Bluetooth 2.1+ Secure Simple Pairing in Passkey Entry Mode, IEEE 11th International Conference onTrust, Security, and Privacy in Computing and Communications (TrustCom’2012),2012, pp. 17–24.
[39] J. Cache, J. Wright, and V. Liu, Hacking Exposed Wireless: Wireless Security Secrets and Solutions, McGraw-Hill, Second Edition, Jul. 2010.
[40] L. Crowther, ”Exploiting ZigBee,” Wireless Network Security Project Report, Lowa State University, Computer Science Department, Lowa, USA, 2011.
[41] Wireshark Foundation, Wireshark. [Online]. Available: http://www.wireshark.org. [Accessed Oct. 21, 2014].
[42] J. Wright, KillerBee: Practical ZigBee Exploitation Framework or ”Wireless Hacking and the Kinetic World”. [Online]. Available: http://www.willhackforsushi.com/presentations/toorcon11-wright.pdf. [Accessed Oct. 21, 2014].
[43] Olawumi, O., Haataja, K. and Toivanen, P., 2017. A Novel Security and Authentication Technique for Reliable Wireless Transmission of Healthcare Images in Smart Home and Mobile Health Systems Based on Digital Watermarking. International Journal on Information Technologies and Security, 9(1), pp.67-84.
[44] Ahmed M., Charlie O., Tarfa H., and Robert D., “Improving the Security of the Medical Images,” International Journal of Advanced Computer Science and Applications(IJACSA), Vol. 4, No. 9, 2013.
[45] Nassiri B., Latif R., Toumanari A., Maoulainine F., “Secure Transmission of Medical Images by Watermarking Technique,” IEEE International Conference on Complex Systems (ICCS’2012),Agadir, Morocco, Nov. 5–6, 2012.
[46] Neha D. and Neha P., “Analysis of Encryption and Watermarking Technique for Secure Bluetooth Transmission of Image Files,” International Journal of Engineering Research and Technology (IJERT), Vol. 2, No. 1, 2013.
[47] Christopher N., Gautam K., Ramesh C., and Taehyung W., “Digital Watermarking of Medical Images for Mobile Devices,” IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC’2010), CA, USA, Jun. 7–9, 2010.
50
[48] Tomioka Y., Aida N., Kakehi K., Nagami K., Juzoji H., and Nakajima I., “Recent Survey on Patent Applications for Medical Communications and Telemedicine in Japan, USA, and Europe,” Proceedings of the 7th International Workshop on Enterprise Networking and Computing in Health (HEALTHCOM’2005),Jun. 23–25, 2005, pp. 79–82.
[49] Gunjal B. and Mali S.,“ROI Based Embedded Watermarking of Medical Images for Secured Communication in Telemedicine,” International Journal of Computer and Communication Engineering, pp. 293–298, May 12, 2012.
[50] Pawar C. and Gunjal B.,“A Survey of ROI Based Secured and Robust Medical Image Watermarking,” International Journal of Innovative Research in Computer Science and Communication Engineering, Vol. 3, No. 12, Dec. 2015.
[51] Lee, H.K., Kim, H.J., Kwon, K.R. and Lee, J.K. “ROI medical image watermarking using DWT and bit-plane”. In Communications, 2005 Asia-Pacific Conference on (pp. 512-515). IEEE.
[52] Gunjal B. and Mali S., “Applications of Digital Image Watermarking in Industries,” CSI Communications, Sep. 2012.
uef.fi
PUBLICATIONS OF THE UNIVERSITY OF EASTERN FINLAND
Dissertations in Forestry and Natural Sciences
ISBN 978-952-61-2577-0ISSN 1798-5668
Dissertations in Forestry and Natural Sciences
DIS
SE
RT
AT
ION
S | O
LA
YE
MI O
LA
OL
U O
LA
WU
MI | D
AT
A S
EC
UR
ITY
IN S
MA
RT
EN
VIR
ON
ME
NT
S F
OR
... | No
278
OLAYEMI OLAOLU OLAWUMI
DATA SECURITY IN SMART ENVIRONMENTS FOR ASSISTED LIVING
PUBLICATIONS OF THE UNIVERSITY OF EASTERN FINLAND
Security is a very important issue in Smart Home Environments due to the sensitive
nature of private and confidential data being transmitted via wireless communication links.
The wireless technologies being used in the implementation of smart homes have serious security issues that could have severe security
implications if they are not carefully taken into account. In this dissertation, we present
unique techniques to enhance the security of transmitted data via wireless interfaces
in smart home environments based on Steganography and Digital Watermarking.
OLAYEMI OLAOLU OLAWUMI