A SECURITY FRAMEWORK FOR MOBILE HEALTH APPLICATIONS ON ANDROID PLATFORM MUZAMMIL HUSSAIN FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY UNIVERSITY OF MALAYA UniversityKUALA LUMPUR of Malaya 2017 A SECURITY FRAMEWORK FOR MOBILE HEALTH APPLICATIONS ON ANDROID PLATFORM MUZAMMIL HUSSAIN THESIS SUBMITTED IN FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY FACULTY OF COMPUTER SCIENCE AND INFORMATION TECHNOLOGY UNIVERSITY OF MALAYA UniversityKUALA LUMPUR of Malaya 2017 UNIVERSITY OF MALAYA ORIGINAL LITERARY WORK DECLARATION Name of Candidate: Muzammil Hussain Matric No: WHA130038 Name of Degree: Doctor of Philosophy Title of Project Paper/Research Report/Dissertation/Thesis (“this Work”): A SECURITY FRAMEWORK FOR MOBILE HEALTH APPLICATIONS ON ANDROID PLATFORM Field of Study: Network Security (Computer Science) I do solemnly and sincerely declare that: (1) I am the sole author/writer of this Work; (2) This Work is original; (3) Any use of any work in which copyright exists was done by way of fair dealing and for permitted purposes and any excerpt or extract from, or reference to or reproduction of any copyright work has been disclosed expressly and sufficiently and the title of the Work and its authorship have been acknowledged in this Work; (4) I do not have any actual knowledge nor do I ought reasonably to know that the making of this work constitutes an infringement of any copyright work; (5) I hereby assign all and every rights in the copyright to this Work to the University of Malaya (“UM”), who henceforth shall be owner of the copyright in this Work and that any reproduction or use in any form or by any means whatsoever is prohibited without the written consent of UM having been first had and obtained; (6) I am fully aware that if in the course of making this Work I have infringed any copyright whether intentionally or otherwise, I may be subject to legal action or any other action as may be determined by UM. Candidate’s Signature Date: UniversitySubscribed and solemnly declared before, of Malaya Witness’s Signature Date: Name: Prof. Dr. Miss Laiha Binti Mat Kiah Designation: Professor ii ABSTRACT The advent of smartphones dramatically changed the way of communication, computation, and the model of many services, including healthcare delivery. The adoption of smartphones in the healthcare system is rapidly growing, and enormous number of apps are being developed to monitor patient health, access patient records, test results, prescribe medications, and for numerous related purposes under the collective term of mobile Health (mHealth). These apps are readily accessible to the average user of mobile devices, and despite the potential of mHealth apps to improve the availability, affordability and effectiveness of delivering healthcare services, they handle sensitive medical data, and as such, have also the potential to carry substantial risks to the security and privacy of their users. Developers of apps are usually unknown, and users are unaware of how their data are being managed and used. This is combined with the emergence of new threats due to the deficiency in mobile apps development or the design ambiguities of the current mobile operating systems. A number of mobile operating systems are available in the market, but the Android platform has gained the topmost popularity. However, Android security model is short of completely ensuring the privacy and security of users’ data, including the data of mHealth apps. Despite the security mechanisms provided by Android such as permissions and sandboxing, mHealth apps are still plagued by serious privacy and security issues. These security issues need to be addressedUniversity in order to improve the acceptance of of mHealthMalaya apps among users and the efficacy of mHealth apps in the healthcare system. The focus of this research is on the security of mHealth apps, and the main objective is to propose a coherent, practical and efficient framework to improve the security of medical data associated with Android mHealth apps, as well as to protect the privacy of their users. The proposed framework provides its intended protection mainly through a set of security checks and policies that iii ensure protection against traditional as well as recently published threats to mHealth apps. The design of the framework comprises two layers: a Security Module Layer (SML) that implements the security-check modules, and a System Interface Layer (SIL) that interfaces SML to the Android OS. SML enforces security and privacy policies at different levels of Android platform through SIL. The proposed framework is validated via a prototypic implementation on actual Android devices to show its practicality and evaluate its performance. The framework is evaluated in terms of effectiveness and efficiency. Effectiveness is evaluated by demonstrating the performance of the framework against a selected set of attacks, while efficiency is evaluated by comparing the performance overhead in terms of energy consumption, memory and CPU utilization, with the performance of a mainline, stock version of Android. Results of the experimental evaluations showed that the proposed framework can successfully protect mHealth apps against a wide range of attacks with negligible overhead, so it is both effective and practical. Furthermore, this framework is available to other researchers for research purposes as well as for real-world deployments. University of Malaya iv ABSTRAK Kemunculan telefon pintar secara mendadak mengubah cara komunikasi, pengiraan, dan pelbagai model perkhidmatan, termasuk penyampaian penjagaan kesihatan. Penggunaan telefon pintar dalam sistem penjagaan kesihatan berkembang pesat, dan sejumlah besar aplikasi yang sedang dibangunkan untuk memantau kesihatan pesakit, rekod akses pesakit, keputusan ujian, menetapkan ubat-ubatan, dan untuk pelbagai tujuan berkaitan di bawah istilah kolektif Kesihatan mudah alih (mHealth). Aplikasi ini adalah mudah diakses oleh pengguna purata peranti mudah alih, dan walaupun potensi mHealth aplikasi untuk meningkatkan ketersediaan, kemampuan dan keberkesanan penyampaian perkhidmatan penjagaan kesihatan, mereka mengendalikan data perubatan yang sensitif, dan oleh itu, mempunyai juga potensi untuk membawa besar risiko kepada keselamatan dan privasi pengguna mereka. Pemaju aplikasi biasanya tidak diketahui, dan pengguna tidak tahu bahawa bagaimana data mereka diuruskan dan digunakan. Ini digabungkan dengan munculnya ancaman baru kerana kekurangan dalam pembangunan aplikasi mudah alih atau kekaburan reka bentuk sistem operasi mudah alih semasa. Beberapa sistem operasi mudah alih yang terdapat di pasaran, tetapi platform Android telah mendapat populariti yang paling atas. Walau bagaimanapun, model keselamatan Android adalah pada masa ini belum sepenuhnya mampu memastikan privasi dan keselamatan data pengguna, termasuk data aplikasi mHealth. Walaupun mekanisme keselamatan yang disediakanUniversity oleh Android seperti kebenaran of dan kotakMalaya pasir, aplikasi mHealth masih berhadapan dengan isu-isu privasi dan keselamatan yang serius. Isu-isu keselamatan perlu diberi perhatian dalam usaha untuk meningkatkan penerimaan aplikasi mHealth dikalangan pengguna dan keberkesanan aplikasi mHealth dalam sistem penjagaan kesihatan. Fokus kajian ini adalah pada keselamatan aplikasi mHealth, dan objektif utama adalah untuk mencadangkan rangka kerja yang jelas, praktikal dan berkesan untuk meningkatkan keselamatan data kesihatan yang berkaitan dengan aplikasi Android v mHealth, serta untuk melindungi privasi pengguna mereka. Rangka kerja yang dicadangkan memperuntukkan perlindungan yang dimaksudkan terutamanya melalui satu set cek dan dasar-dasar yang memastikan perlindungan terhadap tradisional serta ancaman baru-baru ini diterbitkan untuk aplikasi mHealth keselamatan. Reka bentuk rangka kerja terdiri daripada dua lapisan: lapisan Modul Keselamatan Layer (SML) yang melaksanakan modul keselamatan cek, dan Layer Interface System (SIL) yang mempunyai ruang kaitan SML untuk OS Android. SML menguatkuasakan dasar keselamatan dan privasi pada tahap Android Platform yang berbeza melalui SIL. Rangka kerja yang dicadangkan itu disahkan melalui pelaksanaan prototypic pada peranti Android yang sebenar untuk menunjukkan praktikal dan menilai prestasinya. Rangka kerja ini dinilai dari segi keberkesanan dan kecekapan. Keberkesanan dinilai dengan menunjukkan prestasi rangka kerja terhadap set serangan yang dipilih, manakala kecekapan dinilai dengan membandingkan overhed prestasi dari segi penggunaan tenaga, ingatan dan CPU, dengan pelaksanaan laluan utama, versi stok Android. Keputusan penilaian uji kaji menunjukkan bahawa rangka kerja yang dicadangkan berjaya boleh melindungi aplikasi mHealth daripada pelbagai serangan dengan overhead diabaikan, jadi kedua-dua ia adalah berkesan dan praktikal. Tambahan pula, rangka kerja ini disediakan kepada penyelidik lain untuk tujuan penyelidikan dan juga untuk pergerakan dunia sebenar. University of Malaya vi ACKNOWLEDGEMENT All Praise be to Allah, Almighty, Lord of the worlds, The Most Gracious, The Most Merciful, and peace be upon His Messenger. First and foremost, I am thankful to Almighty Allah for enabling me to complete this challenging task. I would like to express my heartiest gratitude and appreciation to my supervisors, Prof. Dr. Miss Laiha Binti Mat Kiah, and Dr. Nor Badrul Anuar Bin Jumaat for their invaluable guidance, supervision, unparalleled patience, exemplary kindness, support, and encouragement to me throughout
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages208 Page
-
File Size-