iot: authentication signature to secure sensitive health ... · iot: authentication signature to...
TRANSCRIPT
1
IOT: Authentication Signature to Secure
Sensitive Health Care Data
Leonella Camilleri
Middlesex University Malta
Abstract — The Internet of Things (IoT) is one of the most
recent developments in communication and computing where
such technology allows the connection of physical devices and
the attached sensors to be connected to the Internet via wired or
wireless connections.
The main purpose of this research paper was to focus on IoT
health-based technology as various concerns currently exist and
research had showed that several health based IoT devices and
applications are highly susceptible to hackers. In fact, such
sensitive health data can become prone to access by hackers and
can be a threat for an individual’s privacy, security and health
conditions.
The proposed system was aimed to people who mainly require
continuous health monitoring such as individuals who suffer
from heart diseases and who are patients of a hospital. This may be better implemented for future generations since the younger
generation is currently more technological, when compared to
the former ones. Relative critical information can be monitored
using sensory technology and updated by the hospital/doctor
using a website/application for immediate action.
Consequently, such system can facilitate the daily life of an
individual. For this reason, the proposed system mainly focused
on how to secure such system’s front end when an individual
tries to log into the system to check relevant personal
information. Therefore, this system’s goal was to facilitate the
daily life of patients by providing a higher security method for
sensitive information or to monitor human health conditions.
Keywords— IoT; authentication; health care; data; hospital;
patients; monitoring; hackers;
I. INTRODUCTION
A. Proposed Problem & Solution
The Internet of Things (IoT) is one of the most recent
developments in communication and computing where such
technology allows the connection of physical devices and the
attached sensors to be connected to the Internet via wired or
wireless connections (Saranya & Nitha, 2015). Various things
such as fridges, cars, TV’s, smart meters, wearable and health
monitor devices can be connected to the internet and can be
managed remotely over the network by using an
application/website to exchange and collect data. However, it
will have a significant effect on the health sector (Saranya &
Nitha, 2015). According to Dimitrov’s (2016) research, it stated that forty
percent of IoT associated technology is going to focus on health
care by 2020, which will result in a majority increase in market
when compared to the other domains. Thus, it estimated to have
a profit overturn of $117 billion in the market (Dimitrov &
Dimiter V, 2016).
The proposed system was aimed for people who mainly require
continuous health monitoring such as individuals who suffer
from heart diseases and other individuals who are patients of a
hospital. This may be better implemented for future generations
since the younger generation is currently more technological,
when compared to the former ones. Relative critical information can be monitored using sensory technology and
updated by the hospital/doctor using a website/application for
immediate action. Consequently, such system could facilitate
the daily life of an individual.
For this reason, the proposed system mainly focused on how to
secure such system’s front end when some individual tries to
log into the system to check relevant personal information.
Therefore, this system’s goal was to facilitate the daily life of
everyone by providing a more secure environment for sensitive
information or assist human health interactions (Kashif &
Wolfgang, 2015). However, various concerns exist in IoT technology and
research had shown that various health based IoT devices and
applications are highly susceptible to hackers. In fact, the data
being transmitted can become susceptible to access by data
collectors, hackers or also by government agencies and can be
a threat for individual privacy, health conditions and can cause
a security threat. Such information could get circulated to a non-
intentional recipient who might exploit and ultimately trigger a
security breach. At the end, no individual enjoys getting
observed all the time (Limited, 2015) (Mayuri & Sudhir, 2015).
According to the Business Insider best research (2016) service, (BI Intelligence), since IoT devices’ security investment is a
crucial requirement, it will reach an overall of 30% in the
market of cybersecurity by 2020 (Meola, 2016).
2
IoT offer a huge opportunity for security and corporate
companies for data management. Nevertheless, high level of
information revelation and cyber threats are few of the
problems which cannot be ignored. Moreover, the
interconnection of several gadgets can make it easier for
malicious threats such as worms and malware, to spread throughout the whole network. Furthermore, various devices
are not designed to provide the necessary security as they may
have limited CPU power, thus these do not provide enough
processing power for security. Hence, these are more
vulnerable to attackers and hackers who might easily alter the
function of any gadget and can produce physical damage to the
entire system, or death in case of a health-related scenario.
However, if IoT devices are compromised, these can give a
clear picture by showing personal data to the attacker when
breaching the systems such as CCTV footage, health data and
location of the person (Limited, 2015) (Mayuri & Sudhir,
2015).
B. Background
In recent years, security breaches increased drastically, and
several companies believed that the solution to this is to use
two-factor authentication (2FA), which characteristically associates a password including a second layer of protection.
However, 2FA is built on a vulnerable characteristic since there
is still reliance on passwords. According to the research carried
out by ‘ITProPortal’ (2015), it was stated that most individuals
frequently utilise the same usual characters for their passwords
(cha, 2015). Moreover, it is stated that it is a monotonous and
tedious activity to insert password information. Thus, various
individuals prefer to use certain phrases which are common to
them to make things easier during
the process and this may have consequences to the security level
attained by 2FA which currently it still not sufficient (cha,
2015).
A novel security measure in health care IoT devices that still
needs to develop is the use of biometric security. Biometric
authentication is a logical method to prove an individual
identity (cha, 2015). This thesis was based on current security
authentication for IoT gadgets and focused on producing a rich
authentication signature, based on the IoT healthcare sector.
The user was provided with an application that is able to get
important data from a smart watch such as heart rate and if a
fainting is present or not. Additionally, this system had also
other critical data such as list of pills, allergies, list of doctors and appointments.
Moreover, the system consisted also of a website that a
doctor/hospital can use to update/view their patients’ health
remotely. Doctors were able to send the test results or other
relevant data to his/her patient and can be viewed by the patient
by utilising this application.
As means of security, it was implemented using a better
authentication which compromised by the following
characteristics:
▪ Something the patient know such as an ID Card and
password.
▪ Something the patient has such as one-time password
token, which is sent via email.
▪ Something the patient is such as eye recognition
image. To make it more original, geo location position pattern
comprised of the position of the smartphone were also
implemented on the system. This made it more complex for an
attacker to access sensitive data which was related to the
patient’s health. Moreover, the patient was capable capable to
access the system by his/her location or by doing a series of
gestures that only he/she knows about, such as keeping the
smartphone in a vertical/horizontal position or flip/shake it
various times.
C. Aims and Objectives
The aim of this research paper was to propose an authentication
method utilising IoT to produce a rich authentication signature
that makes it virtually impossible for an attacker to compromise
a Healthcare system. For this reason, this research could give
an individual more peace of mind, by controlling various
gadgets which can be connected to the network efficiently, safely and from the comfort of his/her home. Moreover, the user
could easily monitor his/her health status and any other type of
critical health data using the appropriate application.
Additionally, this system was also able to detect and alert any
heart rate abnormality and fainting. This in turn would send a
form of an alert such as a text message to the responsible person
of the patient such as doctor.
For this paper, the following were the key objectives that would
be achieved:
▪ Provided an overview and analysed Internet of Things (IoT) while provided various examples,
▪ Investigated other existing security methods applied to
IoT,
▪ Highlighted the advantages and drawbacks of such
systems,
▪ Focused on the major risks IoT bring along with it,
▪ Researched of any security laws that might be
applicable in relation to IoT within the healthcare
domain,
▪ Proposed a security authentication technique,
▪ Provided a simulation of a smart health care system using a website/application,
▪ Utilised IoT to produce a rich authentication signature.
3
D. Abbreviations and Acronyms
IoT Internet of Things
RFID Radio-Frequency Identification
M2M Machine-to-Machine
SOA Service-oriented Architecture
1FA Single Factor Authentication
2FA Two Factor Authentication
3FA Three Factor Authentication
DOS Denial of Service
EHR Electronic Health Records
NIST National Institute of Standards and
Technology
BAN Body Area Networks
BSN Body Sensor Network
SMS Short Message Service
FDA Food and Drug Administration
MIFA Medical Identity Fraud Alliance
PII Personally Identifiable Information
PHI Protected Health Information
VoIP Voice over IP
AES Advance Encryption Standard
ECG Electrocardiography
MICS Medical Implant Communication Services
UWB Ultra-wideband
EKG Electrocardiography
HTTPS Hypertext Transfer Protocol Secure
HTTP Hypertext Transfer Protocol
URL Uniform Resource Locator
API Application Programming Interface
SDK Software Development Kit
ADT Android Development Tool
APK Android Application Package
PHP Hypertext Pre-processor
MVC Model-View-Controller
SDLC System Development Life Cycle
II. IOT BACKGROUND
A. Introduction
In 1999, the concept of IoT was initially proposed and utilised
by Kevin Ashton who was the Executive Director of the Auto-
ID centre (Anzelmo, et al., 2011) (Somayya, et al., 2015).
Ashton, specified that Internet of Things (IoT) is defined as
physical gadgets that can connect to the Internet via embedded
sensors or systems, which work together to create significant
outcomes and ease to the customer’s community including the
use of Radio-Frequency Identification (RFID) technology
(Shancang, et al., 2014) and machine-to-machine (M2M) networks (Shruti & Soumyalatha, 2016). Nevertheless, it is still
subjective in terms of its exact definition due to various
perspectives taken (Shancang, et al., 2014) (ITU, 2013).
Moreover, IoT is intended to be the new invention of the
upcoming internet, which incorporates different technology
ranges including Service-oriented Architecture (SoA),
networking, intelligent data processing technologies,
communication and sensory (Shancang, et al., 2016) (Council,
2008) (Lim, et al., 2013).
However, IoT also brings various important challenges such as hybrid network integration, sensing technology and security
issues. When compared to the other characteristics, security is
the most crucial challenge which plays a very significant role to
protect the internet of things against malfunctions and attacks
(Shancang, et al., 2016) (Lopez, et al., 2011).
Usually, such security involves privacy, secure communication
and cryptography assurances. Nevertheless, within an IOT
sector security includes a wider variety of tasks comprising of
access control, data integrity, availability of services, anti-
malware, privacy protection and information confidentiality (Shancang, et al., 2016) (Sye, et al., 2014). Furthermore, as an
open ecosystem the security of IoT linked to other areas of
research is still orthogonal. The use of Internet of Things in
various domains such as smart cities, smart homes, smart
vehicles automation and smart healthcare makes the system
extremely susceptible to various attacks when compared to
hacking, cyber threats, identity theft amongst others (Shancang,
et al., 2016).
B. Internet of Things Architecture
According to Gartner’s predictions, the Internet of Things (IoT)
should be able to interconnect trillions or billions of
heterogeneous gadgets over the Internet and by 2020 it will
develop to twenty-six billion devices (Stamfrord, 2013)
(Gartner, 2017). Consequently, there should be a vital necessity
to have an architecture which incorporates flexible layers (Ala,
et al., 2015). The ever-expanding amount of suggested system related to architectures have not yet met a recommended
standard (Sethi & Smruti, 2017). There is no specific worldwide
consensus on how IoT architecture is divided. Hence, various
projects such as ‘IoT-A’ which aims to outline a basic
architecture related to the analysis of industry and researchers
(Ala, et al., 2015) (Sethi & Smruti, 2017). However, according
to various proposed researches, the latest, most used IoT
architecture is known as the ‘five-layer architecture’ which
involves the perception, network, middleware, application and
business layers (Vide Figure 1) (Rafiullah, et al., 2012).
4
Figure 1- Internet of Things Architecture (Rafiullah, et al., 2012)
C. Authentication
Authentication plays a significant role and is the process of authenticating the identity of an individual over the network by ensuring that the individual is the right person who is trying to access the system. Moreover, authentication depended on at least one of the following information types (Nath & Mondal, 2016) (Rouse, 2017):
▪ Something you know (example: Pin or password) (Idrus, et al., 2013),
▪ Something you have (example: Token or smartcards) (Idrus, et al., 2013),
▪ Something you are (example: biometrics) (Idrus, et al., 2013).
The traditional system is known as the Single Factor Authentication (1FA)/Single Step Verification – This authentication provides a verification process identity of an individual which can provide access to a website account over the network based on a collection of login credentials or one factor such as “something the user knows” like username and password (Rouse, 2017). According to Asoke’s (2017) research stated that this technique, was great for a certain period, however now a day such authentication method is classified as too weak and outdated since the number of daily vulnerable attacks have been increased (Nath & Mondal, 2016). Thus, it does not provide much protection and a hacker can easily compromise such system by maliciously intrude onto the system (Nath & Mondal, 2016) (Rouse, 2017).
The Two Factor Authentication (2FA) also known as Two Step Verification, offers additional security related to the sign in process (ltd, 2016). Furthermore, there are various services and devices to implement a 2FA system such as applications, RFID cards and hardware tokens (Nath & Mondal, 2016) (Rouse, 2017).
Additionally, 2FA products can be categorised into two sections: tokens which are distributed to the clients to be able to utilise them during the login process and software or infrastructure that authenticates and recognises access to the clients who are utilising correctly their tokens (Rouse, 2017). Moreover, 2FA techniques are based on various technologies, including the
Public Key Infrastructure (PKI) and the One Time Password (OTP) (Nath & Mondal, 2016) (Rouse, 2017).
The hardware tokens are physical devices that generates random One-time passwords (OTP) (Dmitrienko, et al., 2014). The OTPs are a ‘symmetric’ form of authentication, that incorporates a one-time password to be generated in two locations such as one on the hardware token and another one the authentication server or software token (Krogh, 2013). As soon as the OTP that is generated on the hardware token-matches the one generated on the authentication server, the system successfully grants access to the user (Nath & Mondal, 2016) (Rouse, 2017) (Tadokoro, 2017).
On the other hand, the hardware PKI certificate-based tokens, are an ‘asymmetric’ form authentication as it depends on different pair of encryption keys known as public and private encryption keys (Inc, 2004). This includes USB tokens and smart cards. When a user authenticates through a company’s server over the network, the server circulates a numeric ‘challenge’ (Tadokoro, 2017). Furthermore, such challenge is signed by making use of the private key and if there is a match between both keys then authentication is successful, and the user is granted access to the network (Nath & Mondal, 2016) (Rouse, 2017) (Tadokoro, 2017).
Moreover, such system requires the user to know both the username and password, as well as to present “something the user has” such as a verification code obtained from a second gadget (Nath & Mondal, 2016) (Rouse, 2017).
When an individual activates the 2FA for a service or website, one normally must provide the details of the phone number. Additionally, other options include the utilisation of an application or to have a token hardware, but according to Ericson (2015) research, the mobile phone is the mainly popular technique of utilising 2FA (Ericson, 2015). The majority forms of 2FA ask the client to sign in using his/her username and password, and then input a code which is sent to the user via a Short Message Service (SMS). However, the device should be registered to receive such codes (Nath & Mondal, 2016) (Rouse, 2017).
Generally, once the 2FA (Vide Figure 2) is used on a specific device, the user does not need to repeat the same process on the same device again (Rouse, 2017). However, certain services might only trust a device for a duration of a year or thirty days, and others might have the possibility to allow the gadget to be trusted permanently (Nath & Mondal, 2016) (Rouse, 2017).
Figure 2 – Two-Factor Authentication (OPNsense, 2016)
5
The Three Factor Authentication (3FA)
Three Factor Authentication (3FA) offers a more secure authentication when “something you have” and “something you know” are not sufficient to high risks data (Lungren, 2015) (Authlogics, 2017).
3FA involves and additional factor known as “something you are” where the user requires to provide three credentials to authenticate. The additional factor includes biometric such as fingerprint or facial or iris recognitions (Lungren, 2015) (Praveena, 2016).
D. Current use of 2FA
Two-Factor Authentication (2FA) is an important factor to be implemented and today’s devices still have such feature implemented (NIST, 2017). However, the National Institute of Standards and Technology (NIST) is no longer advising to use 2FA, sending codes via SMS messages (NIST, 2017). NIST issued a Digital Authentication Guideline to stop organisations from using authentication based on SMS (Lefkovitz, et al., 2017) (Rashid, 2016).
According to NIST, there is a considerable growth in attacks aiming to SMS-based 2FA. Moreover, according to this institute, SMS messages can be compromised through the Voice over IP (VoIP) services (Rashid, 2016). Furthermore, it also emphases that the SMS protocol is too weak to remotely interact with the applications on a specific smartphone and hack its owner’s data (Lefkovitz, et al., 2017) (Rashid, 2016).
Despite NIST warning guidelines, which were issued in the beginning of 2016, according to O’Neil’s (2016) research, people are still utilising 2FA with SMSs to protect their networks and accounts (O'Neill, 2016). However, according to co-founder and CEO at Clef, when SMS is the only option it can guarantee a more secure system. He also stated that SMS based 2FA is better than password security system (Clef, 2016).
On the other hand, NIST is suggesting that users make use of Biometrics rather than using two factor authentications (NIST, 2017). However, according to NIST (2017) research, the IoT medical devices are still not implemented with a three-factor authentication which implement the use of biometrics (Mohit, 2016) (NIST, 2017).
E. Health Wearable Sensors
Currently, the development of technology has aided the implementation of Body Area Networks (BAN) by utilising wireless communications, integrated low power circuits, storage and energy (Milošević, et al., 2011). Body Area Networks are classified as light weight gadgets, network platform and sensors that are intelligent (Milošević, et al., 2011).
BANs can connect nodes which are placed on the exterior of the body. Moreover, those nodes are attached to outfits or implanted into a patient’s body (Milošević, et al., 2011). In addition, each node is incorporated with a sensor which is utilised to monitor the crucial health signals such as Electrocardiography (ECG), blood pressure and whichever monitoring motion such as gyroscope and accelerometer (Milošević, et al., 2011).
Utilising wireless communication within Body Sensor Network (BSN) or BAN considerably increases the user’s intensity with the integration of the sensors (Milošević, et al., 2011). Additionally, it allows the installation of the sensors inside an individual’s body such as pacemakers including other applications such as monitoring common diseases and blood glucose (Milošević, et al., 2011).
This wireless technology is normally utilised in BANs such as ZigBee, ANT and Bluetooth. However, according to the research carried out by Bo (2009) stated that these technologies presently function on 2.4GHz (Bo, 2009). Moreover, the typical Bluetooth data rate is of 1 to 3 Mbit/s, ZigBee of 250 Kbit/s and ANT is of 1Mbit/s (Gomes, et al., 2013). In addition, there are further various wireless communication technologies utilised in BANs such as Medical Implant Communication Services (MICS), Ultra-wideband (UWB) and other wireless radios (Milošević, et al., 2011) (Zhen, et al., 2009) (Taparugssanagorn, et al., 2012).
For Patients suffering from cardiac diseases a fundamental data which requires to be monitored uninterruptedly is the heart rate. Such gadget was utilised by various medical professionals, who tend to observe the heat beat of the patient’s heart. Further to the result, the solution of the doctor is based on her/his knowledge and experience. Currently, tiny microchips are being developed which allows the monitoring of a patient’s vital conditions using digital processing (Milošević, et al., 2011). The first inventor was Budinger (2015), who concluded that it is possible to measure the heart rate using electrical waveform process using an electromagnetic stream (Budinger, 2015).
The BSN is incorporated using a set of compact physiological sensors which can be wore easy to carry (Budinger, 2015). Moreover, applications used to monitor physiological signs utilise low power sensors to calculate the patient’s crucial signals such as heart rate, accelerometer, blood oxygen and skin temperature (Budinger, 2015). A scenario where such system can be used is when an individual fails to respond, thus his/her health can be monitored remotely, and the data of each sensor can be processed and collected for further analysis (Vide Figure 2.7) in a device such as smartphone (Milošević, et al., 2011) (Miao, et al., 2012).
F. Wearable Gadgets
Currently, the manufacturing sector accountable for creating innovative wearable gadgets is increasing. Established organisations such as Sony (Sony, 2017), Apple (Apple, 2017) and Samsung (Samsung, 2017) are the leading companies implicated in such sector. Additionally, smaller industries such as Amiigo (Wavelet, n.d.) and Razer (Nabu, 2017) are also prominent to success. Mainly, the existing designed wearable health gadgets are directly worn around the wrist or other parts of the body or simply attached to an individual jacket or pocket (Commision, n.d.). These devices are computing wearable gadgets, generally in the form of a band which includes motion or biometric sensors. However, first wearable gadgets had many drawbacks such as limited features and functionalities (Weebly, 2015).
6
Currently, there is a lot of competition in manufacturing the best innovative product to provide various biometric sensors such as skin temperature, galvanic skin response, blood oxygen, sleep patterns, respiration, movement amongst others (Weebly, 2015). As hardware become much smaller in size, the capability of installing such parts in such gadgets is immeasurable. Nevertheless, with different selection of gadgets in the market it is very difficult to decide which band is classified to be superior (Weebly, 2015).
As stated by Westervelt’s research, the future wearables render gadgets cool and meaningful. Additionally, he also stated that the data and devices can advance everyone’s health and develop the environment (Westervelt, 2014). However, according to Pullen’s research (2016) he described that not every individual wants a gadget screen worn on their wrist and consequently he proposed seven wearable gadgets for individuals who do not like wearable gadgets like technological shirts, bracelets and signal bras amongst others (Pullen, 2016).
G. Health Care Applications
The latest technological novelties and advancements related to smartphones are bringing an important variation in the relationship among patients and their healthcare specialists (Kamil, 2017).
According to the research carried out by Kamil (2017), stated that patients require faster replies in relation to their healthcare problems and better mechanism upon wellness programs (Kamil, 2017). Additionally, he also stated that the expansion of novel healthcare applications in today’s market was predictable. Thus, such technologies are providing doctors and patients to communicate between them efficiently (Kamil, 2017).
As stated by Wanjek (2015) research, Dr. Iltifat Husain is in favour of health applications, stating that although various health applications are untested, they still have vast ability to reduce mortality (Wanjek, 2015). Conversely, Dr. Des Spence expressed a much harsher method to health applications during his BMJ review. He outlined the overuse of health technology to traditional medicine which may lead to misuse of such technology (Wanjek, 2015).
H. Hacked Healthcare Applicaions and IoT devices
According to the U.S. Food and Drug Administration (FDA) report, health institutions and health device manufacturers have increased security measures to protect against suspicious cybersecurity threats that might compromise the patient’s data privacy or devices (FDA, 2017) (Vide Figure 2.11).
However, 90% including both paid and free android medical/healthcare applications have been hacked with 22% of them being within the FDA approved list (Arxan, 2014) (Marin, et al., 2016) (Team, 2017).
William Maisel, who is the deputy director of FDA stated that over the past year, various vulnerabilities related to cyber security have been reported and these affected several medical devices and manufacturers (Marin, et al., 2016). In addition, the
reported events consisted of malware, malicious software or data theft (Marin, et al., 2016).
According to Marin’s researches, it was also determined that protocols which were classified as proprietary could be easily reverse-engineered and code tempering by a vulnerable rival without the need of physical access to the gadgets (Marin, et al., 2016).
According to the statistics carried out by Araxan security corporation (2014), 94% of the health companies have been suffering from cyber-attacks and 38% of global patients were suspicious of utilising a hacked medical IoT devices (Arxan, 2014).
I. Health Care Records
According to the “2017 Data Breach Industry Forecast” report the healthcare sector is predicted to be the most vulnerable industry for hackers in the coming years, since the health identity theft continues to be easy and lucrative to exploit (Experian, 2017). Additionally, personal health data continues to be a very important type of information for an attacker to steal. For this reason, cyber criminals will continue to resell this kind of sensitive data on the dark web market (Experian, 2017).
According to IBM’s report, more than hundred million health records have been compromised within the last few years, making it the top target for the hackers (Experian, 2017). Moreover, it is expected that the data theft will focus on different other aspects like hospital network in the coming years (Experian, 2017).
The distributed networks show a developed target for an attacker as it is usually difficult to support measures of security when compared to organisations which are centralised (Experian, 2017).
Experian, stated that a credit card which might be stolen may only be utilised until its holder reports it as lost, which normally does not take too long (Experian, 2017). On the other hand, stolen Electronic Health Records (EHR) are tending to be the main aim for an attacker since these can be utilised in various scams for a longer duration. Thus, such data is a bonus for an attacker who keeps on requesting for highly rewards (Experian, 2017).
Such applications, contains various information such as social security numbers, birth dates and various other crucial data like as diagnosis codes, billing information and policy numbers (Experian, 2017). Additionally, such information can be utilised to open counterfeit accounts of credit cards that can be detected after several months (Experian, 2017).
According to Reuters’ report stated that attackers could utilise such information to bill government or insurance companies for false medical services (Experian, 2017). Additionally, such data can be manipulated to create bogus identity documents, which can be utilised to purchase various drugs and medical equipment that can then be resold for other money (Experian, 2017). Moreover, the report also states that as more mobile health applications are being developed by various healthcare institutions, it may be likely that these organisations introduce
7
more security to protect from such vulnerabilities caused by attackers (Experian, 2017).
J. Cyber Atack in IoT
While Internet of Things (IoT) is being implemented in every individual’s life, security risks relating to IoT are increasing and altering rapidly (EY, 2015). In nowadays domain technology is always on, however according to the “Cybersecurity and the Internet of Things” report it is stated that there is not enough security awareness on the user’s part and hackers are finding innovative ways to bypass controls (EY, 2015).
The following are five common cyber-attacks in IoT:
Botnets
A Botnet is a combined network made of various systems with the intention of taking control and distribute malware remotely (Bertino & Islam, 2017). Additionally, they are controlled by hackers using botnet operators through Command-and-Control-Servers (C&C Sever) to steal private date, phishing, spam, and DDoS attacks (GlobalSign, 2016). With the increase of IoT, several gadgets are at risk of known thingbots (a botnet that includes autonomous connected devices) (GlobalSign, 2016) (Bertino & Islam, 2017).
Man-In-The-Middle
The Man-In-The-Middle method is when a hacker or attacker intention is to breach or interrupt communications among two separate systems (Cekerevac, et al., 2017). However, according to Global Sign (2016) research it can be a very critical attack because the intruder transmits and intercepts the data amongst two parties, without the knowledge of both parties, thinking they are legitimately receiving messages (GlobalSign, 2016). In IoT, it is extremely dangerous when it comes to critical health data (GlobalSign, 2016) (Cekerevac, et al., 2017).
Identity and Data Theft
Medical Identity and data theft can cause death or physical harm (D'Alfonso, 2015). According to the Medical Identity Fraud Alliance (MIFA), Medical Identity and data theft is outlined as the theft fraudulent of a patient’s Protected Health Information (PHI) and Personally Identifiable Information (PII) incorporating name of the patient or social security number. Thus, information is required to acquire medical services and goods or other benefits (GlobalSign, 2016). However, MIFA declares that counterfeit identities were utilised to execute Medical identity and data theft in which the Protected Health information of numerous patients may be assorted to produce separate identities (GlobalSign, 2016) (D'Alfonso, 2015).
Social Engineering
Social Engineering is technique of manipulating individuals to provide to an attacker confidential data (GlobalSign, 2016). The type of information related to health can vary according to the attacker’s needs such as providing passwords (GlobalSign, 2016).
Attackers utilise social engineering strategies because it is normally simpler to exploit the individual’s natural inclination to trust rather than other ways to hack the software (Webroot, n.d.) (GlobalSign, 2016).
Denial of Service
A Denial of service (DoS) attack occurs when a service that is required to operate is unreachable (Prasad, et al., 2014). Unavailability, occurs due to various reasons but normally happens due to an excessive load capacity on the infrastructure (GlobalSign, 2016). According to Biddle’s (2016) research, one of the largest Dos attack was carried out over a seven-day duration involving a children’s hospital with various devices such as smart IV pumps, computerised medication machines and electrocardiogram (EKG) machines (Biddle, 2016).
These turned out to be unreachable affecting day to day operations and slowed down the hospital system nearly to halt (GlobalSign, 2016) (Prasad, et al., 2014).
K. Cyber-attack Breaches
The following are some cyberattacks reported worldwide during the year 2016 by the Human Health and Services’ Office for Civil Rights Department (Vide Table 1) (HSS.gov, 2016) (HIPAA, 2017):
Table 1- 2016 largest data Healthcare breaches. (HIPPA,2017)
L. Key Trends
During 2016, two important key trends have been developed consisting of the evolution and discovery of Medical Device Hijack (MEDJACK, MEDJACK.2 and MEDJACK.3) (TrapX Security, 2016). This includes the creation of Ransomware within a comprehensive combination of targets (TrapX Security, 2016). Moreover, this is proved by accordance to the report
8
issued by HHS OCR and by continuing investigations worldwide of TrapX Labs (TrapX Security, 2016).
MEDJACK Attack
MEDJACK is a malware that was intentionally created in 2015 to attack the health devices such as CT, MRI and heart monitor, PAC systems and insulin pumps devices. Moreover, in 2016 MEDJACK.2 was developed and was even able to bypass security management (TrapX Security, 2016). It can utilise tools related to cybersecurity to setup backdoors and penetrate through a healthcare system without detecting it (TrapX Security, 2016).
Furthermore, TrapX researchers have recently detected a third version of MEDJACK known as MEDJACK.3 consisting of an older malware spreader to attack the health gadgets (TrapX Security, 2016).
Ransomware Attack
Ransomware is a malware utilised to make software, IT resources and data unavailable to individuals. It makes use of data encryption to possess control of the system, normally encrypted in bitcoin (TrapX Security, 2016). Consequently, such attack is utilised to force users to pay lots of money, with the hacker assuring to provide back access to the victims’ data and system if the ransom is paid (TrapX Security, 2016).
III. METHODOLOGY
A. Research Methods
The research method used for this thesis was based on the
System Development Life Cycle (SDLC) methodology which
according to half’s research (2017) is used by various software and website developers (Half, 2017). Thus, according to Half’s
research (2017) such methodology’s main purpose is to help
developers to deliver cost effectively and high-quality software
(Half, 2017). On the other hand, Cohen (2010) describes
“requirements planning, analysis, design, building coding,
testing, deployment and maintenance” as the crucial
components within the process of development (Cohen, 2010)
(Isaias & Issa, 2015).
According to Kothari (1990), research is a scientific and
systematic search of information on a specific area. He also
describes research as an artistic and scientific investigation (Kothari, 1990). Furthermore, research includes an
investigation which is established on a specific area or subject,
comprises the essential analysis, reviews and readings of the
recent information (Kothari, 1990).
The following is the research process diagram used for this
thesis (Vide Figure 3):
Figure 3 – Research model process diagram
Additionally, there are two primarily types of research methods,
which are known as qualitative and quantitative research
methods.
In the first chapter of this thesis, the key problem related to
healthcare data security was identified and backed up by
carrying out further research within the Literature Review
chapter. For this reason, research was carried out to gather more
information and better understand how to create/choose a
solution for various problems. Additionally, the target population was aimed for people who mainly suffer from heart
disease and are patients of a hospital. This may be better
implemented for future generations since the younger
generation is currently more technological, when compared to
the former ones.
When the study was conducted, the built prototype aimed to
answer the following research questions:
▪ What was the level of security in healthcare data?
▪ What were the requirements of today’s society?
▪ How important was the privacy of healthcare data?
▪ Could security be further developed? ▪ Currently, have data related to healthcare been
compromised?
Afterwards, based on the current available methods, the
researcher started to highlight the necessary key points to
include within the system. Thus, the researcher made use of
pencil sketches to design how she intended to create each
system feature within the Design chapter. It also incorporated,
the system and security architecture designs including Unified
Modeling Language (UML) diagram and Entity Relationship
diagram (ERD) to better understand the flow of this system. Subsequently, as soon as the design phase was completed, it
was followed by the implementation of the prototype which
included the use of the following tools/hardware:
9
- HostGator: - To provide hosting services such as server,
domain name and database to create the website frontend and
backend.
- Android Studio: - To create the android application making
use of an open source software offering tools such as emulator,
SDK and other various libraries. - Android Smartphone and Android Smartwatch were used as
these are open sources, which allowed the researcher to
demonstrate the functionality of the prototype.
- Language: - PHP, JAVA and HTML were the main languages
used to create the complete system.
The researcher carried out various test cases utilising the white
and black box testing within the entire stages of this research
which are further discussed in the Testing chapter based on the
Design tests to confirm the functionality and efficiency of such
system. However, as limitations to this thesis, the researcher
designed/implemented it and based it on her literature review research by reading various papers, blogs and websites. Thus,
offering a system which is continuously monitored. This
includes a better authentication method used to highly secure
the crucial data of the user.
Additionally, another limitation was that the testing was only
done by the researcher and no other individual was involved.
However, the researcher tried to create a friendly user interface
both from the website and application, keeping in mind the
targeted population. Moreover, step by step simple guides were
also created to facilitate the installation of the system.
IV. ANALYSIS AND DESIGN
A. Design Architecture
Figure 4 shows the system overview of a wearable gadget that
a patient should wear. It also comprised a smartphone gadget,
which automatically connects to the smartwatch device by
making use of Bluetooth technology.
Moreover, both IOT devices were Android based operating systems. However, if the Bluetooth connection was lost
between both gadgets, an immediate alert was automatically
sent by the system to the responsible individuals. Even tough,
the application was installed on a smartphone, it still operated
on the smartwatch gadget by synchronised the smartphones’
application. Thus, this prototype made use of two distinct
application modules for the IOT devices.
Furthermore, the smartwatch showed the physiological
information obtained from the sensors which was updated every
second and then transferred such information using the
Bluetooth capability of the smartwatch (Camilleri, 2015). Additionally, the collected data was then transmitted making
use of the wireless technology of the smartphone such as Wi-Fi
or 4G/3G. The information was then used to plot heart related
graphs which could be retrieved from the web page which was
linked to a server/database (Camilleri, 2015).
This application also provided different immediate alerts to the
relatives or doctors when encountered something abnormal by
utilised the Short Message Service (SMS) technology and made
use of heart rate and accelerometer sensors. The name of the
patient must be inputted the same as the account name
(Camilleri, 2015). For example, the system could send an alert
when it detected that the heart beat was below sixty or above
hundred beats. It was also able to send alerts when it detected
no movement of the patient in case of fainting (Camilleri, 2015).
The main features of this prototype involved the capability to
provide the patient with different information such as list of
doctors, pills prescription, disease allergies, appointments,
video calling and pill reminder. Additionally, such information
was only inputted by the responsible doctor from the website
that he/she has the right privileges. Afterwards, the doctor could
send an alert on the application of the perspective patient stating
that new updates are available. The patient could remotely see
such data based on his/her health records just by using his/her
right security credentials to access the system.
Figure 4 – System Design Architecture
Hardware used:
▪ Samsung Smartphone (Samsung, 2017),
▪ Samsung Gear Live Watch (Samsung, 2017).
Software used:
▪ JAVA (Oracle, 2017),
▪ Android Studio 3.01 (Studio, n.d.),
▪ PhpMyAdmin database (Group, 2017),
▪ JAVA Script (Oracle, 2017),
▪ PHP (Group, 2017),
▪ Android system (Android, n.d.),
▪ Apache Server (Foundation, 2017),
▪ Google Maps (Google, 2017),
▪ Android SDK/API (Studio, n.d.)
B. Security Design Architecture
Figure 5 briefly illustrates the security system design which
mainly focused on the authentication of a health application to
secure healthcare data. It also included other security methods
related to the website’s front and backend.
Smartphone Application
10
A new patient/doctor to access such system, he/she must first
register on the system, (for the first time only). Additionally,
the registration process had various data which must be inputted
by the user including ‘username’, ‘email address’, ‘password’,
‘user type’ and an option to select the smartphone’s secret
screen orientation and number of shake times. There were two types of options for the user. These included
the choice between; doctor or patient. As soon as all details are
inputted by the user in the registration page, the system
automatically sent a request to that inputted email. Then that
specific user must verify that he/she had the right email address.
To finish the process the user needed to follow the verification
link in the received email and if everything was correct, the
system allowed the user to proceed into the system. During the
registration process, the data obtained from the inputted fields,
was encrypted to JSON object which was then sent to the
webservices to be stored on the server.
Figure 5 – System Security Design Architecture
Upon registration, the user was prompted to capture his/her
eyes recognition image which was then converted into media in
a PNG format and sent to the server as a file. Afterwards, the
server decrypts that data received and stored that image in the
server.
Conversely, the system also had the restriction not to allow the
user to register his/her email address more than once or if the
data was incorrect. Thus, if such occurrences happened the user
was denied accessing the system.
Additionally, during the login process the system initially
prompted the user to enter his/her username and password. In
this phase, the system could identify the location of the user
through GPS by utilising the Google Application Programming
Interface (API) and sended such data to the server for
confirmation. However, if the server detected duplicate logins from any other worldwide place, the system did not allow the
user to login and displayed a warning to notify him/her.
If the inputted information was correct, the system prompted
the user to capture his/her eyes or else skip this phase. If the
click capture option was selected, the system automatically
opened the camera feature to allow the user to take a picture of
his/her eye. On the other hand, if the skip option was selected
the user was prompted to shake the device according to the
orientation secret he/she had selected during the registration
phase and could be either landscape or portrait.
Furthermore, a token was generated during the submission of
registration and was sent via an email, which was then
generated every 48 hours. Thus, the one-time password (OTP) had to be inputted by the user during the login phase whenever
it expired.
Website
The user, could also register for the first time from the website.
(this option could be done from the website or else from the
smartphone application)
Additionally, the registration process was the same as that of
the smartphone application which was mentioned in the
previous section.
As soon as the validation of email address and registration
process were completed, the user could then input his/her username and password to proceed to the main page. As
security measures, the system was designed not to give access
to the same account by making use of the Geolocation of the
user and offered also the token authentication method.
If the above measures were met, the system granted access to
the user to access the main page of the website.
V.IMPLEMENTATION
The aim of this research was to create a means of security
measurement for a health application based on an Android, that coould be utilised on IOT devices such as wearable and
smartphone gadgets. This could aid to assist persons who
mainly suffered from heart disease and required continuous
monitoring.
A. The Database/Server Backend
This section outlined the database/server’s development in
detail. This was utilised to operate the application, including the
server platform implementation. Moreover, this section also
illustrated the server and database backend. Backend was
developed in coordinator and design using HTML. The
response from the server was in form of JSON Array and JSON
Object.
Additionally, phpMyAdmin and hosting Cpanel Editor were
utilised to make the backend systems. On the other hand,
HostGator.com (HostGator, 2017) was used to provide a
proprietary domain and hosting options including Cpanel facility that offered support related to software, security, logs,
databases, security, links, preferences, file Manager and email
accounts, amongst others (HostGator, 2017).
For this thesis, an open source MySQL database was created for
the prototype system named ‘nell_dev’ with a username and
password respectively. This kind of database was selected
because each Web hosting service could be accessible.
For this prototype, various tables were created, each with
different columns and variables.
11
Additionally, the server was implemented utilising the PHP
language, were such language is accountable to transfer and
collect the data. However, to secure the database and server a
password and a username were needed to grant authorisation to
access the system. The server was linked to the database by producing a php file known as database.php which incorporated
all the data parameters such as database name, host and the
database username and password.
CodeIgniter (2017), which is an open source software was
installed on the server to offer rapid expansion web framework,
for developing the website using PHP language (EllisLab, n.d.)
(CodeIgniter, 2017). It is mainly based on the standard Model-
View-Controller (MVC) pattern development (EllisLab, n.d.)
(CodeIgniter, 2017). MVC is a software method that divides
logic from presentation (CodeIgniter, 2017). Moreover, the
directory of CodeIgniter structure was divided into three folders; ‘Application’, ‘System’, ‘Assets’ and ‘WordPress’.
On the other hand, the CodeIgniter’s ‘System’ folder contained
the libraries, helpers, core codes and additional files which aid
to make the coding simple. Additionally, such helpers and
libraries were loaded and utilised within the web application
environment.
B. Website front end
A website page was based on the design phase and was
implemented utilising PHP, Java and HTML languages.
As a security measure, a login page was implemented with two
different login options; one that can be used by the patients to
view the health-related data while the other one can be used by
doctors to view and send the data of their patients. The data was
collected from the MYSQL database via PHP.
Moreover, the patient/doctor required to input the username and
password to proceed to the system when accessed the web page. Additionally, the website was also implemented to detect the
Geolocation of the user. For this reason, duplicate accounts
from different places worldwide were not permitted. As a
security measure, it also made use of HTTPS for the URL by
utilising the encryption of JSON. Apache server was used to
create the website and this front end was capable to
communicate by utilising the HTTPCLIENT so that it could
POST data from the application to the server. Various files were
used to create the website such as login.php, registration.php
amongst others.
Moreover, it also stored data that can be inputted by the doctor such as allergies, test results, appointments, list of diseases and
other information which the patient could immediately view
from the website or application. It also offered the feature to
view the location of the patient by utilising the online Google
Maps incorporated within the Map API plugin and used also the
Java Script language.
Furthermore, the smartphone collected the data parameters
from the smartwatch making use of the attached sensors on the
IOT wearable device. The smartphone was then capable to
execute the information from the data log and the retrieved data
was then displayed in a graph form. To implement the graphs,
a php script free version was used and provided only basic
features (Graphs, 2017). MYSQL PHP query offered an HTML
list to save and transfer the data. A hosting and a domain were
utilised to be able to publish the website ‘healtmonitoring.com’ with IP address 192.185.4.66 of the online server.
C. The Client/Application
This prototype was implemented using two modules, for each
IOT gadgets. However, the system’s prototype was created
using one Android Application Package (APK), which must be
installed on the smartphone and automatically gets installed on the wearable device.
Furthermore, for the coding of the prototype of Android, Gardle
was utilised (Studio, n.d.). Gardle is an automated toolkit build
and is capable to authorise the structure in which projects are
implemented (Studio, n.d.). This project was configured and
managed through a set of configuration build in records. The
integration of Gardle in Android Studio software was carried
out by using specific plugins (Studio, n.d.).
Additionally, the Android Studio project (Studio, n.d.)
incorporateed a build file for both IOT devices’ modules. A top-level build file was utilised so that common configuration
options were added to all the modules/sub-projects (Studio,
n.d.). Furthermore, the used build files were recognised as
build.grade files and these files were individually classified as
text plain files that utilised the Groovy syntax to build
components provided by the Gardle plugin based on Android
(Studio, n.d.). This means that the smartphone and smartwatch
applications were categorized as part of the client list.
Therefore, the wearable application that was accountable to
read the physiological parameters, were such data is then
transmitted to the handheld device via Bluetooth technology.
Android provided a rich framework application which allowed the development of novel applications for various gadgets
based on Android Operating System (OS) and incorporated the
environment of JAVA language.
The application of the smartphone was accountable to process
the data which was achieved from the smartwatch. It transmited
this achieved information to the server which made use of a Wi-
Fi technology. Furthermore, it was also capable to obtain the
information inputted from the website to the application to
remind the patient about his/her appointments, to take pills,
track location, alarm, graphs, list all diseases, list of allergies and can video call with the doctor. Thus, the domain name was
declared in each class in order that the data was updated on the
android application from the Website. Additionally, for calling
the webservice from android, retrofit was used which is a
library to call the webservices.
Moreover, this prototype was created by making use of various
files such as java, manifests and other resources. The activity
features were stored in the subfolder of the main folder, named
‘util’.
12
Additionally, the Bluetooth technology was utilised to connect
the smartwatch and the smartphone together including further
authentication. However, to use such method, Android wear 2.0
(Android, 2014) application was required, and this can be
downloaded from the Play store (Google, 2017) for free. This
application is the formal application Manager for android wearable devices. Furthermore, both modules were created
using the Android Software Development Kit (SDK) package
manager which can be obtained for free via Google (Studio,
n.d.). This SDK provides Application Programming Interface
(API) libraries and further tools that were needed to test, build
and debug any application (Studio, n.d.).
SDK 26.0.2 and API 26 were used for both modules. These
were used since the used prototype smartphone has an Android
7.1.1 OS (Studio, n.d.).
This specific software was utilised since it provided various
features such packaging resources and setup of the project
which were not offered within the Android Development Tools (ADT) (Studio, n.d.).
VI.TESTING
The testing stage was followed once the research, design and
implementation chapters were concluded upon the development
software life cycle. Moreover, this chapter illustrated the stages
of testing for the IOT’s android application.
A. Methods of Testing
Testing was continuously implemented throughout the lifecycle
of this thesis. Thus, during this phase, the prototype’s code was
added and modified accordingly. Additionally, every time a
feature was executed, it was tested to confirm whether there are any errors within the code before proceeding with another
stage.
B. The stages of the software development
Different comments were included in the prototype code for future debugging. The writing of the prototype code was
divided into five phases. It includes the implementation of the
smartphone’s health application, the smartwatch application,
the database/server, the website and the incorporation of the
security authentication of the application. The test cases, were
carried out utilising the white and black box testing.
VII.INTERPRETATION OF RESULTS
The aim of this research was targeted to patients who mainly
suffer from heart diseases and require continuous health monitoring. Therefore, it offered a better method to
continuously monitor such critical data by the doctor or a
responsible hospital employee. Alternatively, the patients could
also view immediately their health records from anywhere
around the world. Additionally, this research mainly focused on
how to secure such critical data when logging into a system to
check relevant personal health information since currently there
is still lack of security in such field.
The research was designed initially to incorporate a unique
system architecture to show the concept of health data and
offered to a patient, the comfortability to be continuously
monitored, can view immediately his/her health data and
offered other critical information by utilised a smartphone and
a smartwatch. This was also confirmed by Kamil (2017) (Kamil, 2017) and Wanjek (2015) research (Wanjek, 2015). On
the other hand, Dr. Des Spence (2015) outlined that due to
overuse of health technology to traditional medicine may lead
to misuse of such technology (Wanjek, 2015).
The continuous monitoring was designed/implemented using
the available sensors attached on the Samsung Gear Live watch.
The sensors include the heart rate and accelerometer to gather
the necessary health data. The heart rate data is sent to the smartphone and then to the server/database. If the system
detects below 60 or above 100 beats it sends an alert via a text
message.
On the other hand, the accelerometer of the smartwatch reads
the data to detect fainting or no movement. This data was then
sent to the smartphone and then to the server/database. If the
system detected no movement after 60 seconds, it resulted in a
fainting and an alert was sent to the responsible people.
The system was also designed/implemented to collect/show the
patient/doctor the individual’s critical health data. This was
carried out by providing various feature activities on the
application/website such as ‘Doctors, ‘Pills’, ‘Allergies’,
‘Disease’, ‘Reports’, ‘Video Call’, ‘Appointments’ and ‘Pill
Reminder’.
In this study, such technology is vital, and each year is being
developed further. This was also found in Westervelt’s (2014)
research (Westervelt, 2014). On the other hand, Pullen (2016)
stated that not everyone wants to have a gadget screen attached
to the wrist (Pullen, 2016).
The security design was then carried out keeping in mind of the
researcher the research that was carried out within the literature
review and that only 2FA authentication is implemented in a
related healthcare area. Thus, based on this research, the
prototype was designed to find and offer an effective method to
overcome such security breaches in a healthcare sector. This
was confirmed by Cha (2015), ITProPortal and NIST (cha,
2015) (NIST, 2017). As a security authentication, the researcher
has designed/implemented this thesis prototype using a mixture
of username and password, Geo location, token, shake pattern
and eye recognition features. Thus, a unique authentication signature was created and at the same time the level of security
was increased to the system. However, in this study the current
health applications which currently are available in market are
not secure enough to protect breaches of such critical health
records. This was also confirmed in the report issued by the U.S.
Food and Drug Administration (FDA, 2017). William Maisel
(2016), also confirmed that various vulnerabilities related to
cyber security have been reported and affected various
manufacturers and medical devices (Marin, et al., 2016). Also,
13
according to Arxan’s statistics (2014), 94% of the health
companies have been suffering from cyber-attacks and 38% of
global patients were suspicious of utilising hacked medical IoT
devices (Arxan, 2014).
The following are the security features results when are in
operation:
▪ Username and password,
▪ Geo location,
▪ Token,
▪ Shake orientation and pattern,
▪ Eye recognition.
Therefore, the goals of this thesis were achieved by
implementing such health application that provided sensory
data and offered a rich authentication signature to the healthcare
sensitive data. This might be very useful to implement in the
future market since such applications contain various data such
as social security numbers, birth date and various other crucial
data like diagnosis codes, billing information and policy
numbers. This was also confirmed by Experian (2017) research
(Experian, 2017). On the other hand, stolen Electronic Health
Records (EHR) are tending to be the main aim for an attacker
since these can be utilised in various scams for a longer duration. Thus, such data
is a bonus for an attacker
who keeps on requesting
for highly rewards
(Experian, 2017). Figure
6 and 7 are the main page
results for both the
website and Android
Application
Figure 6– Result of the Android Application Main screen
Figure 7– Result of the Website Main screen
VIII.EVALUATION
C. Prototype simulation concerns and issues
The principal issue of this thesis concerned the limitations of
device hardware both for the smartphone and smartwatch. The
researcher initially planned to use Samsung S8 or S8+ as a
smartphone to use its iris scanner. However, this scanner is still
not available for developers to use it as one desires incorporated
to a specific application (Samsung, 2017). As an outcome, the researcher had to limit the thesis by using Samsung Galaxy S6
and implemented this thesis to just capture the eye as an image.
On the other hand, the smartwatch Samsung Gear Live Watch
was limited to two sensors; the heart rate and accelerometer.
Another concern which the researcher came across were the
errors within the prototype’s software. Additionally, randomly
the health application stopped operating properly.
Consequently, to solve such problem, the researcher had to shut
down and restart it again.
Moreover, the application does not work on apple phones and
was limited to android devices. However, on Samsung Galaxy S6, for some reason the application crashed randomly.
The send notification option within the website/application,
sends the message to the patient’s application. However, from
the website an error was being displayed. Furthermore, the
video call option was not functioning from both the website and
application. Thus, an error was being displayed.
The Shake feature had some sort of bug in the prototype. The
number of shakes that the user required to perform is not very
accurate. Consequently, the user must shake the smartphone
with a larger force to be affective.
Eye Recognition had also an issue that it scanned all the face
including the eyes and nose. Thus, the system was not functioning as the researcher expected since the image was
being stored with other details not only the eye image.
Additionally, when installing the prototype on another android
device, this feature randomly crashed the entire application.
Moreover, the prototype cannot detect when the user was
wearing a normal glasses or sunglasses. Thus, the image was
still being captured and stored on the server.
Additionally, another issue that the researcher came across
during this thesis was that sometimes the heart rate sensor kept
switched on even when the watch was removed from the wrist. Thus, the heart rate measurements were still measured even
when the watch was not attached to the wrist.
Moreover, another issue the researcher came across was that
both device’s battery had to be charged frequently.
This system did automatically keep a backup of all the vital data
logs of the patients including the data being stored on the
website/application.
The system was targeted to individuals who mostly suffer from
heart disease, thus most of them might not be technological individuals and may find it difficult for them to install such
14
system. Simple and easy guides to follow were created and a
user-friendly interface was implemented.
Another issue of the prototype was that if the patient is sleeping
with the smartwatch, the system keeps functioning. Thus, the
prototype cannot detect whether the user is sleeping or not and
the data will be still gathered including the alerts. On the other hand, when it comes to the geolocation feature, the
prototype is not able to detect when the same account is logged
on the same device. Thus, when this happens the system permits
access to both scenarios using the same account.
When the user registers for the first time, after completion of
the data entry and email is sent to the email address inputted by
the user. However, the email is sent as a spam and stored in the
junk or spam folder where the user might not notice it.
Currently, if the user forgets the password, there is no other
means to change/reset. Moreover, it is implemented to delete
the account from the database.
IX.SUGGESTIONS FOR FUTURE WORK
Although, the proposed prototype was operational, further
system enhancements could be implemented.
A. Smartphone and smartwatch improvements
The main problem encountered with this project involved the
battery charge, which this can be solved by making sure to have
a backup battery for each device. The smartwatch’s battery at
stand by lasts approximately up to 35 hours (GSMArena, 2017). As a result, the user could immediately replace the backup
battery as soon as the primary one is drained. Additionally,
another option would be to automatically charge the battery
through wireless technology or by using solar energy.
Further physiological sensors could be implemented to take
other various physiological readings including skin
temperature, glucose level, blood type and respiration pattern.
For this reason, would have more features to reach the patient’s
needs.
Further improvements can be carried out by using a camera on
the smartwatch (GSMArena, 2017). This might be an essential
feature for the patient in case of an emergency since it can be
used by the doctors/hospital to remotely check the environment
of the individual. Additionally, this feature can also be used as
one of the security measures to allow the patient to access the
system.
B. Improvements of the Android application/Website
This thesis prototype was developed on an android OS.
However, it would also be ideal to have such system supporting
other operating systems such as Blackberry and Apple IOS.
Furthermore, other improvements can be done on the design of
the interface depending on the individual’s requirements.
Moreover, this can be enhanced by incorporating additional
features to the applications such as including voice commands
so that the sick patient can find it easier to choose a selection
from the main screen. Conversely, this prototype only provides
the availability to present such application in
English language. Thus, an option to select different languages
can be provided to offer further enhancements to the current
system. In addition, the font size utilised in this application,
could also be enlarged to mainly assist those older patients to
read.
It would also be ideal to fix the error of the send notification
option from the website that is displayed after the ‘Send’ button
is clicked. Additionally, one requires to fix the ‘Video call’
option from both the website and application.
C. Improvements related to Backup and secuirty
measurements
To improve the security measure of the eye recognition one can
implement it using an iris recognition scanner. However, for
this prototype it couldn’t be implemented since the current
android phones including Samsung Galaxy S8 and S8+, do not
allow developers to use their iris scanners for other applications
(Samsung, 2017). Thus, such system is only allowed to be used
on the phone rather than being implemented on another
application, since it is not an open source.
The shake feature can be further improved by making it to be
more accurate and sensible when using it on the device. This
can be done by initially offering a calibration of the smartphone
on signup, to proceed to the actual login phase using the shake
orientation. For this reason, this feature can be more accurate
and efficient.
Moreover, one can create an option so that the user would be
able to change/reset the password or username. Additionally,
the registration password inputted should be improved by
implementing the length property for a stronger password.
Thus, include upper case, lower case and numeric characters.
The token can be implemented by creating a random number on
the smartwatch, were the system will automatically synchronise
such digits when logging into the application or website.
Although this system is dealing with high sensitive information,
the prototype should automatically keep a backup of all the
patient’s logs. Additionally, such backup should be regularly
done and should include a copy of the data in a hospital
secondary data centre.
X.CONCLUSION
The main aim of thesis was to produce a prototype to aid
securing the critical personal health data of several individuals.
Initially, it was essential to understand the current security
technologies in relation to health applications which are
currently implemented within the current market sector.
15
Within this research, (which was included within the Literature
Review chapter), the researcher observed that this method is not
found on the current market. However, there are some health
systems which include some basic authentication.
Even though, it was challenging to create this complete
prototype, the researcher had developed various essential skills
such as utilising JAVA, JavaScript, PHP and HTML languages.
The proposal behind the planned prototype could be improved
by further research study. Its presence in the sector of health
care could improve the monitoring and security mechanisms of an individual’s health records and condition, which can even
save her/his life using a technological system.
One can conclude that an individual can certainly monitor the
health condition of the patient and keep all the crucial records
up to date, using a more secure method. Moreover, the patient
can immediately observe all the essential health data remotely
and alert the responsible persons in a more efficient way. For
this reason, this system can save a patient’s life.
XI.ACKNOWLEDGEMENT
The research work disclosed in this publication is partially
funded by the Endeavour Scholarship Scheme (Malta).
Scholarships are part-financed by the European Union -
European Social Fund (ESF) - Operational Programme II –
Cohesion Policy 2014-2020
“Investing in human capital to create more opportunities and promote the well-being of society”.
XII.REFERENCES
Android, 2014. Android Wear. [Online]
Available at: https://www.android.com/wear/
[Accessed 10 December 2017].
Android, n.d. Support Library Packages. [Online]
Available at:
https://developer.android.com/topic/libraries/support-
library/packages.html
[Accessed 1 September 2017].
Android, n.d. Using the Design Support Library. [Online] Available at:
https://developer.android.com/training/material/design-
library.html
[Accessed 1 September 2017].
Anzelmo, E., Bassi, A., Caprio, D. & Dodson, S., 2011.
Discussion Paper on the Internet of Things.
Apple, 2017. iphone. [Online]
Available at: https://www.apple.com/
[Accessed 8 August 2017].
Arxan, 2014. State of Mobile App Security, s.l.: ARXAN.
Authlogics, 2017. 3 Factor Authentication. [Online] Available at: https://authlogics.com/technology/3fa/
[Accessed 2 August 2017].
Biddle, S., 2016. 3 Ways Recent DDoS and Ransomware
Attacks Have Put Healthcare Institutions on Alert. [Online]
Available at: https://blog.fortinet.com/2016/12/02/3-ways-
recent-ddos-and-ransomware-attacks-have-put-healthcare-
institutions-on-alert [Accessed 8 August 2017].
Biometrics, F., 2014. Facial Recognition. [Online]
Available at: https://findbiometrics.com/solutions/facial-
recognition/
[Accessed 30 July 2017].
Bo, Y., 2009. Wireless Body Area Networks for Healthcare: A
Feasibility Study, Florida: University of Florida.
Budinger, T. F., 2015. Biomonitoring With Wireless
Communications. Annual Review of Biomedical Engineering,
Volume 5, pp. 383-412.
Camilleri, L., 2015. A health Monitoring System for People
with Heart Disease, s.l.: s.n. Cekerevac, Z., Dvorak, Z., Prigoda, L. & Cekerevac, P., 2017.
INTERNET OF THINGS AND THE MAN-INTHE-MIDDLE
ATTACKS - SECURITY AND ECONOMIC RISKS. MEST
Journal, Volume 5, pp. 15-25.
cha, A. G., 2015. Biometric security: Authentication for a
more secure IoT. [Online]
Available at:
http://www.itproportal.com/2015/08/08/biometric-security-
authentication-for-a-more-secure-iot/
[Accessed 12 March 2017].
Clef, C. a. c.-f. a., 2016. How to protect your account when SMS is the only 2FA option. [Online]
Available at: https://blog.instant2fa.com/how-to-prevent-sms-
2fa-account-takeover-d7218e727cfc
[Accessed 19 August 2017].
CodeIgniter, 2017. CodeIgniter - Installing. [Online]
Available at:
https://www.tutorialspoint.com/codeigniter/codeigniter_applic
ation_architecture.htm
[Accessed 1 August 2017].
Cohen, S. D. D. &. d. U. H. A., 2010. A software system
development Life Cycle model. International Journal of Computers Communications & Control, Volume 1, pp. 23-44.
Commision, E., n.d. Smart Wearables: Reflection and
Orientation Paper. Digital Industry Competitive Electronics
Industry.
Corporation, O., 2017. MySQL Documentation. [Online]
Available at: https://dev.mysql.com/doc/
[Accessed 20 August 2017].
Council, N. I., 2008. Disruptive civil technologies: six
technologies with potential impacts on US interests out to
2025, s.l.: SRI Consulting Business Intelligence.
D'Alfonso, S., 2015. The Growing Problem of Medical
Identity Theft. [Online] Available at: https://securityintelligence.com/the-growing-
problem-of-medical-identity-theft/
[Accessed 5 August 2017].
16
Dimitrov & Dimiter V, 2016. Medical Internet of Things and
Big Data in Healthcare. Health Inform Res., 22 July, pp. 156-
163.
Dmitrienko, A., Liebchen , C., Rossow, . C. & Sadeghi, A.-R.,
2014. Security Analysus of Mobile Two-Factor Authentication
Schemes. Intel Technology Journal, 18(4), pp. 138-161. EllisLab, n.d. Why CodeIgniter?. [Online]
Available at: https://codeigniter.com/
[Accessed 1 August 2017].
Ericson, C., 2015. Two-factor Authentication in Smartphones:
Implementations and Attacks. [Online]
Available at:
http://lup.lub.lu.se/luur/download?func=downloadFile&record
OId=7792889&fileOId=7792890
[Accessed 18 August 2017].
Experian, 2017. Data Breack Industry Forecast, s.l.: Experian.
EY, 2015. Cybersecurity and the Internet of Things, s.l.: EY.
Fadele Ayotunde Alabaa, M. O. I. A. T. H. F. A., 2017. Internet of Things security: A survey. Journal of Network and
Computer Applications, Volume 88, pp. 10-28.
FDA, 2017. U.S. Food & Drug Administration. [Online]
Available at: https://www.fda.gov/
[Accessed 12 August 2017].
Foundation, T. A. S., 2017. Apache. [Online]
Available at: https://httpd.apache.org/
[Accessed 1 August 2017].
Gartner, 2017. Gartner. [Online]
Available at: http://www.gartner.com/technology/home.jsp
[Accessed 18 August 2017]. GlobalSign, 2016. 5 Common Cyber Attacks in the IoT -
Threat Alert on a Grand Scale. [Online]
Available at: https://www.globalsign.com/en/blog/five-
common-cyber-attacks-in-the-iot/
[Accessed 4 August 2017].
Gomes, D., Gonçalves, C., Afonso, J. A. & Mem, 2013.
Performance Evaluation of ZigBee Protocol for High Data
Rate Body Sensor Networks.. Proceedings of the World
Congress on Engineering, Volume 2, pp. 3-5.
Google, 2017. Google Play. [Online]
Available at: https://play.google.com/store [Accessed 10 December 2017].
Google, I., 2017. Google Maps API. [Online]
Available at: https://developers.google.com/maps/
[Accessed 8 Spetember 2017].
Group, P., 2017. PHP. [Online]
Available at: http://php.net/
[Accessed 1 August 2017].
Half, R., 2017. 6 Basic SDLC Methodologies: Which One is
Best?. [Online]
Available at: https://www.roberthalf.com/blog/salaries-and-
skills/6-basic-sdlc-methodologies-which-one-is-best
[Accessed 26 November 2017]. HIPAA, 2017. Largest Healthcare Data Breaches of 2016, s.l.:
HIPAA Journal.
HostGator, 2017. HostGator. [Online]
Available at: https://www.hostgator.com/
[Accessed 16 October 2017].
HSS.gov, 2016. Office for Civil Rights (OCR). [Online]
Available at: https://www.hhs.gov/ocr/index.html
[Accessed 31 July 2017].
Idrus, S. Z. S., Cherrier, E., Rosenberger, C. & Schwartzmann,
J.-J., 2013. A Review on Authentication Methods. Australian
Journal of Basic and Applied Sciences, 7(5), pp. 95-107. Inc, C. G., 2004. Public Key Encryption and Digital Signature:
How do they work?. [Online]
Available at: https://www.cgi.com/files/white-
papers/cgi_whpr_35_pki_e.pdf
[Accessed 18 August 2017].
Inc, G., 2017. webrtc/apprtc. [Online]
Available at: https://github.com/webrtc/apprtc
[Accessed 28 August 2017].
Inc, M., 2017. Word 2016. [Online]
Available at: https://products.office.com/en-us/word
[Accessed 1 August 2017].
Inc, R. S., n.d. Renaissance Systems, Inc. Adopts and Isaias, P. & Issa, T., 2015. Information System Development
Life. In: High Level Models and Methodologies for
Information Systems. New York: Springer Science+Business
Media, pp. 21-40.
ITU, 2013. The Internet of Things, International
Telecommunication Union (ITU) Internet, London:
International Telecommunication Union.
Kamil, R., 2017. 5 Apps Changing How The Healthcare
Industry Works. [Online]
Available at:
http://www.corporatewellnessmagazine.com/technology/5-apps-changing-healthcare-industry-works/
[Accessed 10 July 2017].
Kashif, . H. & Wolfgang, L., 2015. Context-Aware
Authentication for the Internet of Things. ICAS 2015: The
Eleventh International Conference on Autonomic and
Autonomous Systems, Volume 1, pp. 134-139.
Kothari, C. M., 1990. Research Methodology. Second Revised
Edition ed. New Delhi: New Age International (P) Ltd..
Krogh, C. J. v., 2013. One time password authentication.
Patent Application Publication , pp. 1-10.
Lefkovitz, N. B., Danker, J. . M. & Paul , G. A., 2017. NIST Special Publication 800-63B Digital Identity Guidelines, s.l.:
National Institute of Standards and Technology.
Limited, i., 2015. Limitations of IoT. [Online]
Available at:
http://www.iottechworld.com/networking/limitations-of-
iot.html
[Accessed 11 February 2017].
Lim, M. K., Bahr, W., C.H. , S. & Leung, 2013. RFID in the
warehouse: a literature analysis (1995-2010) of its
applications, benefits, challenges and future trends.
International Journal of Production Economics, 145(1), pp.
409-430. Lopez, J., Roman, R. & Najera, P., 2011. Securing the Internet
of Things. IEEE Computer, Volume 44, pp. 51-58.
Loveday, J., n.d. Update: Radiation in CT Testing—Are Heart
Tests Safe?. [Online]
17
Available at: http://www.honesthealthnews.org/update-
radiation-in-ct-testing-are-heart-tests-safe/
[Accessed 23 December 2017].
ltd, S., 2016. What is 2FA?. [Online]
Available at: https://www.securenvoy.com/two-factor-
authentication/what-is-2fa.shtm [Accessed 18 August 2017].
Lungren, J., 2015. THE FACTORS OF AUTHENTICATION.
[Online]
Available at: https://www.sinch.com/learn/factors-
authentication/
[Accessed 1 August 2017].
Marin, E. et al., 2016. On the (in)security of the Latest
Generation Implantable Cardiac Defibrillators and How to
Secure Them. ACSAC '16 Proceedings of the 32nd Annual
Conference on Computer Security Applications, pp. 226-236.
Mayuri, A. B. & Sudhir , T. B., 2015. nternet of Things:
Architecture, Security Issues and Countermeasures. International Journal of Computer Applications, 125(14), pp.
1-4.
Meola, A., 2016. A major red flag about security could
threaten the entire IoT. [Online]
Available at: http://www.businessinsider.com/iot-cyber-
security-hacking-problems-internet-of-things-2016-3
[Accessed 11 February 2017].
Miao, F., Miao, X., Shangguan, W. & Li, Y., 2012.
MobiHealthcare System: Body Sensor Network Based M-
Health System for Healthcare Application. E-Health
Telecommunication Systems and Networks, 1(1), pp. 12-18. Milošević, M., Shrove, M. T. & Jovanov, E., 2011.
APPLICATIONS OF SMARTPHONES FOR UBIQUITOUS
HEALTH MONITORING AND WELLBEING
MANAGEMENT. Journal of Information Technology and
Applications, Volume 1, pp. 7-15.
Mohit, K., 2016. End of SMS-based 2-Factor Authentication;
Yes, It's Insecure!. [Online]
Available at: http://thehackernews.com/2016/07/two-factor-
authentication.html
[Accessed 3 August 2017].
Nabu, R., 2017. Live Smarter. [Online] Available at: https://www2.razerzone.com/nabu
[Accessed 8 August 2017].
Nath, A. & Mondal, T., 2016. Issues and Challenges in Two
Factor Authentication Algorithms. International Journal of
Laatest Trends in Engineering and Technology (IJLTET),
6(3), pp. 318-327.
O'Neill, P. H., 2016. Despite NIST's warnings, SMS still being
used for two-factor authentication. [Online]
Available at: https://www.cyberscoop.com/two-factor-
authentication-nist-duo-security/
[Accessed 19 August 2017].
OPNsense, 2016. Two-factor authentication. [Online] Available at:
https://docs.opnsense.org/manual/two_factor.html
[Accessed 2 August 2017].
Oracle, 2017. Java. [Online]
Available at: https://java.com/en/download/
[Accessed 1 August 2017].
Prasad, M. K., Reddy, M. A. R. & Rao, V. K., 2014. DoS and
DDoS Attacks: Defense, Detection and Traceback. Global
Journal of Computer Science and Technology: E Network,
Web & Security, 14(7).
Praveena, T., 2016. An Efficient Tri-factor Authentication for Cloud. Special Issue on Computational Science, Mathematics
and Biology, pp. 259-263.
Pullen, J. P., 2016. 7 Wearable Gadgets for People Who Hate
Wearable Gadgets. [Online]
Available at: http://time.com/4233813/wearable-gadgets/
[Accessed 19 August 2017].
Rafiullah, K., Sarmad, U. K., Rifaqat, Z. & Shahid, K., 2012.
Future Internet: The Internet of Things Architecture, Possible
Applications and Key Challenges. 2012 10th International
Conference on Frontiers of Information Technology, pp. 257-
260.
Rashid, F. Y., 2016. NIST is no longer hot for SMS-based two-factor authentication. [Online]
Available at:
http://www.infoworld.com/article/3100685/authentication/nist
-no-longer-hot-for-sms-based-two-factor-authentication.html
[Accessed 3 August 2017].
Rouse, M., 2017. two-factor authentication (2FA). [Online]
Available at:
http://searchsecurity.techtarget.com/definition/two-factor-
authentication
[Accessed 17 July 2017].
Samsung, 2017. Samsung. [Online] Available at: http://www.samsung.com/us/
[Accessed 8 August 2017].
Samsung, 2017. Samsung Developers. [Online]
Available at: http://developer.samsung.com/galaxy/camera
[Accessed 24 December 2017].
Saranya, C. M. & Nitha, K. P., 2015. Analysis of Security
methods in Internet of Things.. International Journal on
Recent and Innovation Trends in Computing and, 3(4).
Sarsohn-Kahn, J., 2011. The connected Patient: Charting the
vital sins of remote health monitoring, California: California
Health Foundation. Sethi, S. P. & Smruti , R., 2017. Internet of Things:
Architectures, Protocols, and Applications. Journal of
Electrical and Computer Engineering, Volume 2017, pp. 1-25.
Shancang, L., Honglei, L. & Theo, T., 2016. The Internet of
Things: a security point of view. Shancang Li Theo Tryfonas
Honglei Li , (2016),"The Internet of Things: a security point
of view", 26(2), pp. 337-359.
Shancang, L., Li , D. X. & Shanshan, . Z., 2014. The internet
of things: a survey. Information Systems Frontiers, 17(2), pp.
243-259.
Shruti, G. H. & Soumyalatha, 2016. Internet of Things (IoT):
A study on Architectural elements, Communication Technologies and Applications. International Journal of
Advanced Research in Computer and Communication
Engineering, 5(9), pp. 189-193.
18
Somayya , M., Ramaswamy, R. & Tripathi, S., 2015. Internet
of Things (IoT): A Literature. Journal of Computer and
Communications, Volume 3, pp. 164-173.
Sony, 2017. Sony. [Online]
Available at: https://www.sony.com/
[Accessed 8 August 2017]. Stamfrord, C., 2013. Gartner Says the Internet of Things
Installed Base Will Grow to 26 Billion Units By 2020.
[Online]
Available at: http://www.gartner.com/newsroom/id/2636073
[Accessed 1 August 2017].
Studio, A., n.d. About Android Plugin for Gradle 3.0.0.
[Online]
Available at:
https://developer.android.com/studio/build/gradle-plugin-3-0-
0.html
[Accessed 1 October 2017].
Studio, A., n.d. Android Studio. [Online] Available at: https://developer.android.com/studio/index.html
[Accessed 1 October 2017].
Sye, L. K., Sandeep, S. K. & Hannes, T., 2014. Securing the
Internet of Things: A Standardization Perspective. IEEE
INTERNET OF THINGS JOURNAL, 1(3), pp. 265-275.
Tadokoro, M., 2017. Two-Factor Authentication (2FA)
Solutions. [Online]
Available at: https://safenet.gemalto.com/multi-factor-
authentication/two-factor-authentication-2fa/
[Accessed 30 July 2017].
Taparugssanagorn, A. et al., 2012. The UWB Channel Modeling for Wireless Body Area Networks in Medical
Applications.
Team, B., 2017. Crisis Management Risk: Your Apps Have
Been Hacked. [Online]
Available at:
https://www.bernsteincrisismanagement.com/crisis-
management-risk-apps-hacked/
[Accessed 31 July 2017].
TrapX Security, I., 2016. Health Care Cyber Breach Research
Report for 2016, s.l.: TrapX Security, Inc.
Wanjek, C., 2015. Are Health Apps Harmful or Helpful? Experts Debate. [Online]
Available at: https://www.livescience.com/50489-are-health-
apps-harmful-or-helpful-experts-debate.htmlAre Health Apps
Harmful or Helpful? Experts Debate
[Accessed 19 August 2017].
Wavelet, n.d. AMIIGO IS WAVELET HEALTH. [Online]
Available at: http://amiigo.com/
[Accessed 7 August 2017].
Webroot, n.d. What is Social Engineering?. [Online]
Available at:
https://www.webroot.com/us/en/home/resources/tips/online-
shopping-banking/secure-what-is-social-engineering [Accessed 5 August 2017].
Weebly, 2015. ACTIVITY TRACKER COMPARISON
CHART. [Online]
Available at:
http://www.bestfitnesstrackerreviews.com/comparison-
chart.html
[Accessed 4 August 2017].
Westervelt, A., 2014. The Future of Wearables Makes Cool
Gadgets Meaningful. [Online] Available at:
https://www.theatlantic.com/technology/archive/2014/05/the-
future-of-wearables-makes-cool-gadgets-meaningful/371849/
[Accessed 19 August 2017].
Zhen, B., Li, H.-B. & Kohno, R., 2009. Networking issues in
medical implant communications. International Journal of
Multimedia and Ubiquitous Engineering, 4(1), pp. 23-38.
XIII.BIBLIOGRAPHY
Aliferi, C., 2016. Android Programming Cookbook. s.l.:Exelixis Media P.C.
Android, 2014. Android Wear. [Online]
Available at: https://www.android.com/wear/
[Accessed 10 December 2017].
Android, n.d. Using the Design Support Library. [Online]
Available at:
https://developer.android.com/training/material/design-
library.html
[Accessed 1 September 2017].
Cloud Academy, I., 2016. Google Vision API: Image Analysis
as a Service. [Online] Available at: https://cloudacademy.com/blog/google-vision-
api-image-analysis/
[Accessed 28 August 2017].
CodeIgniter, 2017. CodeIgniter - Installing. [Online]
Available at:
https://www.tutorialspoint.com/codeigniter/codeigniter_applic
ation_architecture.htm
[Accessed 1 August 2017].
Corporation, O., 2017. MySQL Documentation. [Online]
Available at: https://dev.mysql.com/doc/
[Accessed 20 August 2017]. Developers, G., 2017. Google Maps Android API Utility
Library. [Online]
Available at:
https://developers.google.com/maps/documentation/android-
api/utility/
[Accessed 12 October 2017].
Dockter, H. & Murdoch, A., 2017. Gradle User Guide.
[Online]
Available at:
https://docs.gradle.org/current/userguide/userguide.html
[Accessed 12 August 2017].
EllisLab, n.d. Why CodeIgniter?. [Online] Available at: https://codeigniter.com/
[Accessed 1 August 2017].
Gerber, A. & Craig, C., 2015. Learn Android Studio. New
York: A press.
19
Google, 2017. Google Play. [Online]
Available at: https://play.google.com/store
[Accessed 10 December 2017].
Google, I., 2017. Google Maps API. [Online]
Available at: https://developers.google.com/maps/
[Accessed 8 Spetember 2017]. Grant, K. & Haseman, C., 2014. Begining Android
Programming. United States of America: Peachpit Press.
HostGator, 2017. HostGator. [Online]
Available at: https://www.hostgator.com/
[Accessed 16 October 2017].
Inc, G., 2017. webrtc/apprtc. [Online]
Available at: https://github.com/webrtc/apprtc
[Accessed 28 August 2017].
Inc, M., 2017. Word 2016. [Online]
Available at: https://products.office.com/en-us/word
[Accessed 1 August 2017].
Laurie, B. & Laurie, P., 2009. Apache: The Definitive Guide. 3rd Edition ed. s.l.:O'Reilly Media.
Oracle, 2017. Java. [Online]
Available at: https://java.com/en/download/
[Accessed 1 August 2017].
Pandeli, T., 2017. Retrofit, a Simple HTTP Client for Android
and Java. [Online]
Available at: https://www.sitepoint.com/retrofit-a-simple-http-
client-for-android-and-java/
[Accessed 14 August 2017].
Schildt, H., n.d. Java The Complete Reference. seventh edition
ed. s.l.:The McGraw-Hill Companies. Smyth, N., Neil Smyth. Android Studio Development
Essentials. second edition ed. s.l.:eBook Frenzy.
Square, 2013. Retrofit. [Online]
Available at: http://square.github.io/retrofit/
[Accessed 12 August 2017].
Welling, L. & Thomson, L., 2017. PHP and MySQL Web
Development. 5th Edition ed. United States of America:
Pearson Education, Inc..