Risk and Compliance in IoT- Health Data Propagation: A Security-Aware Provenance based Approach

Data generated from various dynamic applications of Internet of Things (IoT) based healthcare technology is effectively used for decision-making, providing reliable and smart healthcare services to the elderly and patients with chronic diseases. Since these precious data are susceptible to various security attacks, continuous monitoring of the system's compliance and identification of security risks in IoT data propagation is essential through potentially several layers of applications. This paper pinpoints how security-aware data provenance graphs can support compliance checking and risk estimation by including sufficient information on security controls and other security-relevant evidence. Real-time analysis of these security evidence to enable a step-wise validation and providing the evidence of this validation to end-users is currently not possible with the available data. This paper analyzes the security concerns in different phases of data propagation in a designed IoT-health scenario and promotes step-wise validation of security evidence. It proposes a system model with a novel protocol that documents and verifies evidence for security controls for data-object relations in data provenance graphs to assist compliance checking of security regulation of healthcare systems. With this regard, this paper discusses the proposed system model design with the requirements for technical safeguards of the Health Insurance Portability and Accountability Act (HIPAA). Based on the verification output at each phase, the proposed protocol reports this chain of verification by creating certain security tokens. Finally, the paper provides a formal security validation and security design analysis to show the applicability of this step-wise validation within the proposed system model.