TY - JOUR
T1 - Risk Evaluation and Attack Detection in Heterogeneous IoMT Devices Using Hybrid Fuzzy Logic Analytical Approach
AU - Pritika, null
AU - Shanmugam, Bharanidharan
AU - Azam, Sami
N1 - Publisher Copyright:
© 2024 by the authors.
PY - 2024/5
Y1 - 2024/5
N2 - The rapidly expanding Internet of Medical Things (IoMT) landscape fosters enormous opportunities for personalized healthcare, yet it also exposes patients and healthcare systems to diverse security threats. Heterogeneous IoMT devices present challenges that need comprehensive risk assessment due to their varying functionality, protocols, and vulnerabilities. Hence, to achieve the goal of having risk-free IoMT devices, the authors used a hybrid approach using fuzzy logic and the Fuzzy Analytical Hierarchy Process (FAHP) to evaluate risks, providing effective and useful results for developers and researchers. The presented approach specifies qualitative descriptors such as the frequency of occurrence, consequence severity, weight factor, and risk level. A case study with risk events in three different IoMT devices was carried out to illustrate the proposed method. We performed a Bluetooth Low Energy (BLE) attack on an oximeter, smartwatch, and smart peak flow meter to discover their vulnerabilities. Using the FAHP method, we calculated fuzzy weights and risk levels, which helped us to prioritize criteria and alternatives in decision-making. Smartwatches were found to have a risk level of 8.57 for injection attacks, which is of extreme importance and needs immediate attention. Conversely, jamming attacks registered the lowest risk level of 1, with 9 being the maximum risk level and 1 the minimum. Based on this risk assessment, appropriate security measures can be implemented to address the severity of potential threats. The findings will assist healthcare industry decision-makers in evaluating the relative importance of risk factors, aiding informed decisions through weight comparison.
AB - The rapidly expanding Internet of Medical Things (IoMT) landscape fosters enormous opportunities for personalized healthcare, yet it also exposes patients and healthcare systems to diverse security threats. Heterogeneous IoMT devices present challenges that need comprehensive risk assessment due to their varying functionality, protocols, and vulnerabilities. Hence, to achieve the goal of having risk-free IoMT devices, the authors used a hybrid approach using fuzzy logic and the Fuzzy Analytical Hierarchy Process (FAHP) to evaluate risks, providing effective and useful results for developers and researchers. The presented approach specifies qualitative descriptors such as the frequency of occurrence, consequence severity, weight factor, and risk level. A case study with risk events in three different IoMT devices was carried out to illustrate the proposed method. We performed a Bluetooth Low Energy (BLE) attack on an oximeter, smartwatch, and smart peak flow meter to discover their vulnerabilities. Using the FAHP method, we calculated fuzzy weights and risk levels, which helped us to prioritize criteria and alternatives in decision-making. Smartwatches were found to have a risk level of 8.57 for injection attacks, which is of extreme importance and needs immediate attention. Conversely, jamming attacks registered the lowest risk level of 1, with 9 being the maximum risk level and 1 the minimum. Based on this risk assessment, appropriate security measures can be implemented to address the severity of potential threats. The findings will assist healthcare industry decision-makers in evaluating the relative importance of risk factors, aiding informed decisions through weight comparison.
KW - analytical hierarchy process
KW - injection
KW - IoMT
KW - jamming
KW - risk assessment
KW - sniffing
UR - http://www.scopus.com/inward/record.url?scp=85194219710&partnerID=8YFLogxK
U2 - 10.3390/s24103223
DO - 10.3390/s24103223
M3 - Article
C2 - 38794078
AN - SCOPUS:85194219710
SN - 1424-8220
VL - 24
SP - 1
EP - 20
JO - Sensors
JF - Sensors
IS - 10
M1 - 3223
ER -