Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure Wearable Apps for Remote Healthcare Through Modern Cryptography

Andric Li, Grace Luo, Christopher Tao, Diego Zuluaga

TL;DR

The paper addresses privacy concerns in wearable-based remote healthcare by proposing a secure edge-to-cloud architecture that encrypts data at collection and uses a mutually authenticated channel to the cloud. It implements this approach on Android Studio/Wear OS, employing AES-GCM for data in transit and ECDH for session key agreement, with a cloud key manager handling keys and exposing only key handles to the device. The implementation relies on TLS/HTTPS, OpenSSL-based PKI, and Wear OS cryptography APIs to achieve confidentiality, integrity, and authenticity from the smartwatch to the remote server, while considering regulatory requirements from HIPAA and GDPR. The work demonstrates a practical, standards-aligned blueprint for privacy-preserving remote patient monitoring that can be adopted to improve security in wearable health applications.

Abstract

Wearable devices like smartwatches, wristbands, and fitness trackers are designed to be lightweight devices to be worn on the human body. With the increased connectivity of wearable devices, they will become integral to remote healthcare solutions. For example, a smartwatch can measure and upload a patient's vital signs to the cloud through a network which is monitored by software backed with Artificial Intelligence. When an anomaly of a patient is detected, it will be alerted to healthcare professionals for proper intervention. Remote healthcare offers substantial benefits for both patients and healthcare providers as patients may avoid expensive in-patient care by choosing the comfort of staying at home while being monitored after a surgery and healthcare providers can resolve challenges between limited resources and a growing population. While remote healthcare through wearable devices is ubiquitous and affordable, it raises concerns about patient privacy. Patients may wonder: Is my data stored in the cloud safe? Can anyone access and manipulate my data for blackmailing? Hence, securing patient private information end-to-end becomes crucial. This paper explores solutions for applying modern cryptography to secure wearable apps and ensure patient data is protected with confidentiality, integrity, and authenticity from wearable edge to cloud.

Secure Wearable Apps for Remote Healthcare Through Modern Cryptography

TL;DR

The paper addresses privacy concerns in wearable-based remote healthcare by proposing a secure edge-to-cloud architecture that encrypts data at collection and uses a mutually authenticated channel to the cloud. It implements this approach on Android Studio/Wear OS, employing AES-GCM for data in transit and ECDH for session key agreement, with a cloud key manager handling keys and exposing only key handles to the device. The implementation relies on TLS/HTTPS, OpenSSL-based PKI, and Wear OS cryptography APIs to achieve confidentiality, integrity, and authenticity from the smartwatch to the remote server, while considering regulatory requirements from HIPAA and GDPR. The work demonstrates a practical, standards-aligned blueprint for privacy-preserving remote patient monitoring that can be adopted to improve security in wearable health applications.

Abstract

Wearable devices like smartwatches, wristbands, and fitness trackers are designed to be lightweight devices to be worn on the human body. With the increased connectivity of wearable devices, they will become integral to remote healthcare solutions. For example, a smartwatch can measure and upload a patient's vital signs to the cloud through a network which is monitored by software backed with Artificial Intelligence. When an anomaly of a patient is detected, it will be alerted to healthcare professionals for proper intervention. Remote healthcare offers substantial benefits for both patients and healthcare providers as patients may avoid expensive in-patient care by choosing the comfort of staying at home while being monitored after a surgery and healthcare providers can resolve challenges between limited resources and a growing population. While remote healthcare through wearable devices is ubiquitous and affordable, it raises concerns about patient privacy. Patients may wonder: Is my data stored in the cloud safe? Can anyone access and manipulate my data for blackmailing? Hence, securing patient private information end-to-end becomes crucial. This paper explores solutions for applying modern cryptography to secure wearable apps and ensure patient data is protected with confidentiality, integrity, and authenticity from wearable edge to cloud.

Paper Structure

This paper contains 7 sections.

Table of Contents

  1. Introduction
  2. Standards And Government Regulations
  3. Cryptography for Securing remote healthcare applications
  4. Development platform
  5. Implementation
  6. Conclusion
  7. Acknowledgements