7. Major problem in healthcare:
Lack of ability from patient/physician for frequent health
monitoring
Smartphone and PDAs:
Overcome such a barrier due to its functionality
Strong impact on:
typical remote monitoring system
healthcare alerting system
clinical and administrative data collection
patient records maintain
8. Mobile Health Application
Development Limitation
1. Small Screen
2. Limited Storage Space & Slow Processing
3. Security Limitation
4. Inadequate Third Party Application Support
9. Without Jailbreak
1. Using AFC Protocol to
Retrieve Data Stored on
the Device
2. Retrieving Data From
Backups
With Jailbreak
1. Retrieving User
Password & Keychain
Content
2. Retrieving the 0x835
Key
Practical iOS Attacks
10. Defending iOS Application
Checking for Jailbreak:
Check for jailbreak files such as
“/Application/Cydia.app”,
“/bin/apt/”, “/usr/sbin/sshd/”…
Checking for shell which comes with
jailbreak. calling system(0)
nonzero → shell is available.
zero → shell is not available
Defending Technique:
1. Anti-Analysis 1
Use anti-debugging feature
2. Anti-Analysis 2
Silently wipe all confidential data
and encryption keys.
focusing on not only construction and development of ios application on health perspective, but also trying to introduce our own security mechanism into our research project.
In order to achieve this goal and gain this domain-specific knowledge, our group have kept researching in this quarter by reviewing published papers to broaden our overall insight on this specific topic.
me: security problem on mobile computing and the solutions
Jeen: why we need to use mobile devices in health service; some of practical attacks and the mitigations
in papers i have reviewed, researchers discovered security problems, two of them
unlike the traditional web browser, today’s mobile os do not have a comparable security mechanism such as SOP, which prevents the the resource of one domain directly accessing the resource from different domain, as a result, those resource could be exposed to the harms from a malicious origin on the mobile device.
three ways to communicate
intent: it’s an inter-process msg delivered through an IPC, only available on android
provided several utility class for apps to communicate with the web
scheme allows an app or web service to use a URL to invoke another app on ios, when such a call is invoked, the os will launch the target app with this URL as input
example: health care provider’s device, app launched by an URL from malicious origin to overdose to a patient.
so that the devs could build protections based on such information
like devs could specify their intentions such as creating the form of whitelist of origins can get msg from and send the msg to
DDos as one of major threats in current internet and the challenges when it comes to dealing with the attacks on mobile device because of their limited resource.
some of researchers introduced techniques for contracting denial of service on mobile devices that being used in provision of mobile health services. Their model makes use of IPSec protocol for traceback and prevention of attack traffic at upstream nodes
As shown in Figure 1, the information captured by different body sensors is forwarded to user’s mobile device using wireless technologies such as Bluetooth, and WLAN. And since the body sensor information has to be accessed by the HSPs, this could incur high overhead on the mobile devices for storing the keys required for secure communication, establishing secure channels and transferring the body sensor information. In addition, the mobile devices are also used for other purposes such as accessing internet, social networks and playing online games, so they are easily vulnerable to DoS attacks in Current Scenario.
Figure 2 shows the proposed model for securing the mobile healthcare services. They consider that all users’ traffic that need to be protected from DoS attacks passed through a Security Enforcement Component ( SEC ). SEC can be implemented on an existing router or can be realized as add on module to existing routers. So in this model, the attacks can be prevented at the upstream nodes which co-operate with the SEC.
Major problem in healthcare is the lack of ability from patient/physician for frequent health monitoring, especially for patient who live in remote rural area or travel constantly are still inaccessible to receive health monitoring or treatment. Smartphone and personal digital assistants (PDAs) has several technologies – such as Wi-Fi, 3G/GSM, GPS receiver, and processing and storage capability – that make a strong impact on health-care models such as typical remote monitoring system, healthcare alerting system, clinical and administrative data collection, patient records maintain, healthcare delivery program, and detection and prevention system.
Small Screen
Minimize text-based data entry
Limited Storage Space & Slow Processing
Data should be store on file other than database on mobile application
Complicated tasks and storage function should be mostly on the desktop application
Choose a device that supports Compact Framework.
Security Limitation & Inadequate Third Party Application Support
Select the device and implementation platform that supports those developments.