Securing mHealth Applications Using IoTsecM Security Modelling: Dentify.Me mApp Case Study for Urgent Care Management

Authors

  • Ponciano Jorge Escamilla Ambrosio Instituto Politécnico Nacional, Centro de Investigación en Computación
  • David Robles Ramírez Instituto Politécnico Nacional, Centro de Investigación en Computación
  • Shada Alsalamah King Saud University
  • Theo Tryfonas University of Bristol, Faculty of Engineering
  • Sandra Orantes Jiménez Instituto Politécnico Nacional, Centro de Investigación en Computación
  • Abraham Rodríguez Mota Instituto Politécnico Nacional, Centro de Investigación en Computación
  • Sakher AlQahtani College of Dentistry
  • Thamer Nouh College of Dentistry
  • Hessah Alsalamah King Saud University
  • Shahad Almutawaa King Saud University
  • Hend Alkabani King Saud University
  • Mshael Alsmari King Saud University
  • Nouf Alashgar King Saud University
  • Abeer Alrajeh King Saud University
  • Heba Kurdi Cambridge, Mechanical Engineering Department

DOI:

https://doi.org/10.13053/cys-23-4-3093

Keywords:

mHealth, mobile application design, information security, internet of things, modelling, UML, SysML, UML extension, security controls, disaster management

Abstract

Mobile devices and the Internet of Things (IoT) are revolutionizing today’s digital sectors, including healthcare. eHealth services delivery enables integrated mHealth care and informed-decision making for emergency medical services, especially in the event of disasters when every second could mean the difference between life or death. The risk of cyber-attacks directed to mHealth applications can compromise the availability and integrity of patient information, crippling care mobility and sometimes threatening patients’ lives if decisions are made based on invalid information. Such risks can be treated by considering appropriate information security controls at the early stages of the mobile Application (mApp) development lifecycle for mHealth model of care. However, most developers consider security at a later stage, and even if they do, there is a lack of an appropriate tool to help them represent security requirements in design models. This has proven to be bad practice, resulting in insecure mApp development. This paper aims to bridge this gap by equipping analysts with the tool necessary to identify risks and treat them while designing the application. Therefore, we propose the approach referred to as Internet of Things Security Modelling (IoTsecM) for mApp security modelling in mHealth. IoTsecM is a UML extension to model identified security controls against possible attacks to guarantee the existence of a security analysis and security mechanisms. Results show that IoTsecM, first, allows mHealth designers to apply and depict non-functional security requirements with the functional requirements. Second, its annotation illustrates meaningful information security requirements at early design stages as part of the mHealth application development lifecycle and not afterwards.

Author Biographies

Ponciano Jorge Escamilla Ambrosio, Instituto Politécnico Nacional, Centro de Investigación en Computación

Ponciano Jorge Escamilla-Ambrosio received the B.Sc. degree in Mechanical Electrical Engineering and the M.Sc. degree in Electrical Engineering, from the National Autonomous University of Mexico (UNAM) in 1995 and 2000, respectively. He received the Ph.D. degree from the University of Sheffield, UK, in 2004. From 2003 to 2010 he was researcher at the University of Bristol, UK, within the departments of Aerospace Engineering and Computer Science. From 2010 to 2011 he was researcher at the National Institute of Astrophysics Optics and Electronics, Mexico. From 2011 to 2013 Dr. Escamilla was General Director of Innovation and Development at the Scientific Division of the Federal Secretariat of Security, Mexico. Currently, he is researcher at the Computing Research Centre (CIC) at the National Polytechnic Institute (IPN), Mexico. He is member of the National Research System (SNI), Mexico, level 1. Dr. Escamilla has more than 85 publications among journals, conference proceedings and book chapters.

Shada Alsalamah, King Saud University

Downloads

Published

2019-12-20

Issue

Vol. 23 No. 4 (2019): 23-4(2019)

Section

Articles

License 

Hereby I transfer exclusively to the Journal "Computación y 
Sistemas", published by the Computing Research Center (CIC-IPN),
the Copyright of the aforementioned paper. I also accept that these 
rights will not be transferred to any other publication, in any other 
format, language or other existing means of developing.
I certify that the paper has not been previously disclosed or simultaneo
usly submitted to any other publication, and that it does not contain 
material whose publication would violate the Copyright or other 
proprietary rights of any person, company or institution. I certify that 
I have the permission from the institution or company where I work or 
study to publish this work.
The representative author accepts the responsibility for the publication
of this paper on behalf of each and every one of the authors. 
This transfer is subject to the following conditions:
  • The authors retain all ownership rights (such as patent rights) of this work, except for the publishing rights transferred to the CIC, through this document.
  • Authors retain the right to publish the work in whole or in part in any book they are the authors or publishers. They can also make use of this work in conferences, courses, personal web pages, and so on.
  • Authors may include working as part of his thesis, for non-profit distribution only.