Available online at www.sciencedirect.

com
Available online at www.sciencedirect.com
Available online at www.sciencedirect.com

ScienceDirect
Procedia Computer Science 00 (2021) 000–000
Procedia
Procedia Computer
Computer Science
Science 00 (2021)
192 (2021) 000–000
2068–2076 www.elsevier.com/locate/procedia
www.elsevier.com/locate/procedia

25th International Conference on Knowledge-Based and Intelligent Information & Engineering

25th International Conference on Knowledge-Based
Systems and Intelligent Information & Engineering
Systems
Cybersecurity
Cybersecurity in
in Active
Active and
and Healthy
Healthy Ageing
Ageing Era
Era
Maria J. Santofimiaa,∗, Felix J. Villanuevaaa , Egor Litvinovb,a , Ilia Viksninb , Antonio
Maria J. Santofimiaa,∗, FelixFernandes
J. Villanueva
c , Egor a b,a , Ilia Viksninb , Antonio
Litvinov
, Juan C. Lopez
a
Fernandesc , Juan C. Lopeza
School of Computing, University of Castilla-La Mancha, Paseo de la Universidad, s/n, 13072 Ciudad Real, Spain
a Schoolof Computing, University of Castilla-La
b ITMO University, KronverkskyMancha, PaseoA,de
Pr. 49, bldg. St.laPetersburg,
Universidad, s/n, 13072
197101, Ciudad Real, Spain
Russia
b ITMO University, Kronverksky Pr. 49, bldg. A, St. Petersburg, 197101, Russia
c OdiseIA. Observatory of the societal and ethical impacts of Artificial Intelligence. Spain
c OdiseIA. Observatory of the societal and ethical impacts of Artificial Intelligence. Spain

Abstract
Abstract
The active and healthy ageing paradigm is gaining momentum as technology is turning the futuristic scenarios envisioning smart
The
homesactive
into and healthy
reality. ageing paradigm
An ecosystem is gaining
of services momentum
and devices devoted as to
technology is turning
risk prevention, the futuristic
prediction and earlyscenarios envisioning
intervention smart
will support
homes into reality.
older people An ecosystem
in extending the timeofthey
services and devices devoted
live independently. Despite to the
risksimilarities
prevention,found
prediction andthe
between early intervention
field of Active and will Healthy
support
older
Ageing people
and thein extending
Internet ofthe time they
Things, thereliveareindependently.
two main aspects Despite the similarities
that justify foundanalysis.
a dissociated betweenFirst,
the field
mostofofActive and Healthy
the targeted users
Ageing
can and the Internet
be somehow of Things,
considered thereeither
vulnerable, are two main of
because aspects that of
their lack justify a dissociated
technological analysis.
literacy First, they
or because mostmayof the
eventargeted users
suffer some
can
kindbeofsomehow
cognitiveconsidered
impairments vulnerable,
(althougheither because
this might of atheir
be in verylack of stage).
early technological
Second,literacy or because are
such ecosystems theythought
may evento be suffer some
deployed
kind
in oneofof
cognitive
the mostimpairments (although
private spheres this might
of a human be in
being, as aitvery
is theearly
home.stage).
For Second, suchspecial
this reason, ecosystems are thought
protection shouldtobebegranted
deployedto
in one
the of the
devices andmost private
services spheresinofthis
deployed a human
domain.being, as it is
However, thecontrast
this home. with
For this reason, state
the current special protection
of the shouldfor
cybersecurity be Active
grantedand
to
the devices
Healthy and services
Ageing. There aredeployed in thisstudies,
no specific domain.standards
However,orthis contrast available
guidelines with the current
to assiststate of the cybersecurity
manufacturers for Active
and developers and
in their
Healthy
work. ThisAgeing.
does notThere aretono
apply specific
ethical studies,security
or general standards or guidelines
concerns that have available to assist addressed.
been adequately manufacturers andsense,
In this developers in their
it is necessary
work. This does not apply to ethical or general security concerns that have been adequately addressed. In
to complement existing ethical and data privacy and security guidelines, with other aspects related to the security of IT systems this sense, it is necessary
to complement
for this particularexisting ethical
application andThis
field. data paper
privacy andtosecurity
aims fill this guidelines, with other
gap by presenting aspects
a general relatedoftothe
analysis themain
security
issuesof that
IT systems
require
for this attention
special particularfromapplication field. This
a cybersecurity paper aims to fill this gap by presenting a general analysis of the main issues that require
perspective.
special attention from a cybersecurity perspective.
c 2021

© 2021 The
The Authors.
Authors. Published
Published by
by Elsevier
Elsevier B.V.
B.V.
c 2021an

This The Authors. Published by Elsevier B.V.
This is
is an open
open access
access article
article under
under the
the CC
CC BY-NC-ND
BY-NC-ND license
license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
(https://creativecommons.org/licenses/by-nc-nd/4.0)
This is an open
Peer-review
Peer-review access
under
under article under
responsibility
responsibility the
ofofthe CC BY-NC-ND
thescientific
scientific license
committee
committeeofof(http://creativecommons.org/licenses/by-nc-nd/4.0/)
the KESInternational.
KES International.
Peer-review under responsibility of the scientific committee of the KES International.
Keywords: Cybersecurity; Active and Healthy Ageing; Security frameworks
Keywords: Cybersecurity; Active and Healthy Ageing; Security frameworks

1. Introduction
1. Introduction
According to the 2015 Ageing Report published by the European Commission[? ], there will be a dramatic change
According
in the to the 2015
age structure of theAgeing Report published
EU population by future.
in the near the European
While Commission[?
the overall size],ofthere
the will be a dramatic
population change
is expected to
in the age structure of the EU population in the near future. While the overall size of the population is expected to

∗ Corresponding author. Tel.: +0-000-000-0000 ; fax: +0-000-000-0000.

∗ Corresponding
E-mail address:author. Tel.: +0-000-000-0000 ; fax: +0-000-000-0000.
author@institute.xxx
E-mail address: author@institute.xxx
1877-0509  c 2021 The Authors. Published by Elsevier B.V.
1877-0509
This c 2021

is an open Thearticle
access Authors. Published
under by Elsevier B.V.
the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
1877-0509
This is an © 2021
open Thearticle
access Authors. Published
under by Elsevier B.V.
the scientific
CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Peer-review under
This is an open responsibility
access of the
article under committee
the CC BY-NC-ND oflicense
the KES(https://creativecommons.org/licenses/by-nc-nd/4.0)
International.
Peer-review under responsibility of the scientific committee of the KES International.
Peer-review under responsibility of the scientific committee of KES International.
10.1016/j.procs.2021.08.214
 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076 2069
2 M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000

increase by 2060, the population will be much older, as predicted by the Eurostat population [? ]. In fact, the size of
population over 65 is expected to increase from 18% to 28% by 2060.
This is undoubtedly one of humanity’s greatest triumphs, as the World Health Organisation has affirmed[? ].
Nonetheless, supporting an ageing population entails significant challenges and opportunities for governments and
societies. While older people bring positive returns and contributions to society with their accumulated experience
and wisdom, there is an increased burden on health systems that challenges the sustainability of social security sys-
tems[? ].
Active ageing is defined by the World Health Organization as “the process of optimizing opportunities for health,
participation and security in order to enhance quality of life as people age”. This paradigm pursues, among other
aspects, the maintenance or improvement of physical, mental and social well-being as people age. ICT technologies
can play an essential role in improving older adults health, well-being and quality of life. This has led industry and
scientific community to focus efforts on aspects such as user acceptance [? ? ], interoperability [? ] or, ethics [? ] and
data privacy or security [? ]. While these are essential enablers for Active and Healthy Ageing (AHA) domains, it
cannot be neglected that there are other aspects that still need to be considered, specially those regarding computer
system security (including hardware, software, firmware, information, data and telecommunications).
AHA domains rely on devices and services using today’s most cutting-edge technologies: IoT and AI. These
innovative technologies, due to their maturity level, have not yet been extensively tested, as may be the case, for
example, with the same type of technologies (IoT and AI) in other fields such as industry. Most of the time, it is
being overlooked that in this particular domain, technology will be operating in particularly sensitive environments
(homes) and with vulnerable users (older adults), so enforced protection should be ensured. This protection should not
be limited to ethics and data privacy. On the contrary, a broader protection is expected, encompassing the hardware,
software and data assets present in such domains.
This paper provides an overview of the current state of cybersecurity in AHA domains. First, the most relevant
security frameworks for AHA ecosystems are reviewed. Section 3 analyze the different assets, threads and attacks
under AHA domains. This analysis will serve to identify those aspects of cybersecurity that have not been addressed
from the perspective of the AHA paradigm. A systematic analysis will be carried out starting by an identification
of the main assets demanding protection in an AHA domain, as well as the main threats and attacks targeting these
assets. Finally, Section 4 present the most relevant conclusions of the analysis carried out as well as the future works.

2. Security frameworks for Active and Healthy Ageing Ecosystems

The European Union Agency for Cybersecurity (ENISA) published a report about cybersecurity and related ter-
minology [? ] in which the following definition for cybersecurity is provided: the “Cybersecurity covers all aspects
of prevention, forecasting; tolerance; detection; mitigation, removal, analysis and investigation of cyber incidents.
Considering the different types of components of the cyber space, cybersecurity should cover the following attributes:
Availability, Reliability, Safety, Confidentiality, Integrity, Maintainability (for tangible systems, information and net-
works) Robustness, Survivability, Resilience (to support the dynamicity of the cyber space), Accountability, Authen-
ticity and Non-repudiation (to support information security). ” Indeed, ENISA clearly states that network and in-
formation security are considered subsets of cybersecurity. In this sense, information security is defined is defined,
according to the classic model for information security as the pursuing of three objectives, as known: Confidentiality,
Integrity, and Availability. On the other hand, the ENISA regulation 526/2013 defined Network and information se-
curity as “ the ability of a network or an information system to resist, at a given level of confidence, accidental events
or unlawful or malicious actions that compromise the Availability, Authenticity, Integrity and Confidentiality of stored
or transmitted data and the related services offered by or accessible via those networks and systems.” [? ].
ENISA, in its endeavour of making Europe cyber secure, published in 2019 a report about good practices for
security of IoT [? ]. Internet of Things (IoT) objects are inherently interconnected, meaning they are exposed to the
open world and attention should be paid at preventing malicious or careless actions leading to security breaches. The
Active and Healthy Ageing (AHA) paradigm is mainly enabled by the advances on IoT or the possibility of having
interconnected devices and services gathering and processing data, on real time, that eventually inform and support
intelligent processes in decision making. Among the different dimensions of an individual’s life (at work, at home or
2070 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076
M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000 3

on the move) the one at home is particularly relevant for older adults. This is where they spend most of their time,
specially in the current context of the COVID-19 pandemic.
Smart home devices and services, when applied to the context of AHA, should receive special attention as they
are dealing with potentially vulnerable users as well as for being deployed in one of the most private dimensions
of an individual’s life (home). These two circumstances call for stronger and reliable security mechanisms to ensure
the confidentiality, integrity, and availability of the different information system resources present in a smart home
environment intended to support AHA functionalities.
Smart homes are extremely complex environments when it comes to ensuring that their computer systems are
secure. This is mainly due to the heterogeneity of the devices and services deployed in these environments, as well
as for their limited resources. For many years, IoT efforts have focused on achieving real interoperability (this matter
is still a work in progress though), neglecting security aspects. There was a false assumption that the implications of
a security breach in devices, such as light bulbs or smart plugs, unable to record images or sounds, would not have a
serious impact. A major turning point was reached when the Mirai malware [? ] enabled one of the biggest Distributed
Denial of Service (DDoS) attack against one of the major DNS server, leading to a service disruption for providers
such as Twitter, Spotify, or GitHub. At that moment, the true potential of an insecure IoT network was understood.
ENISA1 , the European Union Agency for Cybersecurity, defines a set of Baseline Security Recommendations for
IoT [? ] aware of the risks associated to the rapid development of IoT technology and the lack of clear security
frameworks. This agency has also analysed the risk and security implications in the home automation environment.
As a result, in 2015, they published a set of good practices and recommendations for Security and Resilience of Smart
Home Environments [? ]. This publication came up with a list of good practices targeted to the different relevant actors
of Smart Home Environments. Despite the fact that these recommendations are still in place, they do not cover all
particularities of AHA domains.
The Ambient and Assisted Living Programme 2 published a guideline document for ethics, data privacy and security
regarding digital solutions for the Active and Healthy Ageing domain [? ]. Nonetheless, this document addresses
security issues from a general perspective, focusing on compliance with existing standards and regulations and how
these ensure the security of products coming to the market. This document does not, however, address security issues
from a computer system perspective.
The Directive (EU) 2016/1148 concerning measures for a high common level of security of network and informa-
tion systems across the Union 3 is intended to ensure the security of the network and information systems of operators
of essential services article. The Health Sector is considered one of these operators of essential services. However,
the scope of this sector is broader than the services considered under the AHA domain. On the other hand, the Regu-
lation (EU) 2019/881 on ENISA and on information and communications technology cybersecurity certification and
repealing Regulation (EU) No 526/2013 (Cybersecurity Act, also knonw as CSA)4 aim to achieve a high level of
cybersecurity, cyber resilience and trust for ICT products, services and processes. This regulation therefore applies
to the different system and services provided under the scope of the AHA domain. One of the main objectives of
this regulation is, in fact, to lay down a framework for establishing a cybersecurity certification scheme, intended to
ensure an adequate level of cybersecurity for ICT products, ICT services and ICT processes. In accordance with this
mandate, ENISA is working in the cybersecurity certification EUCC (a candidate cybersecurity certification scheme
to serve as a successor to the existing SOG-IS) [? ]. This scheme resorts to a selection of components of the catalogue
of Security Functional Requirements and Security Assurance Requirements to cover the security objectives stated by
the CSA in its Article 51.
The ETSI EN 303645 is the European Standard that states the baseline requirements for Cybersecurity for Consume
Internet of Things [? ]. This standard provides a set of good practice for devising secure IoT devices and services.
This standard, in compliance with the UK [? ], Australian [? ] and U.S [? ] directives, proposes 60 provisions grouped
in 13 best practices [? ].

1 European Union Agency for Cybersecurity https://www.enisa.europa.eu

2 http://www.aal-europe.eu/
3 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016L1148
4 https://eur-lex.europa.eu/eli/reg/2019/881/oj
 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076 2071
4 M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000

The objectives listed in the CSA (Article 51), the catalogue of Security Functional Requirements and Security
Assurance Requirements of the Common Criteria and the EN 303645 provides an appropriate framework for ensuring
the provision of secure, reliable and trusted services for AHA.

3. Cybersecurity assets, threats, and attacks under Active and Healthy Ageing domains

The legal and regulatory framework analysis carried out in the previous section reveals that, while not specifically
targeting AHA, the existing frameworks are applicable to such domain. Whether these frameworks are adequate to
cover, to the full extent, the threats and attacks to which these domains may be subject is a different matter. This
section identifies the main assets that should be protected in the AHA domain, as well as the main threats and attacks
that will compromise them.

3.1. Cybersecurity assets in the Active and Healthy Ageing domain

Computer security is about protecting a set of computing resources from attacks and threats. In order to guarantee
the security of an AHA environment, it is therefore essential to start from the correct identification of what resources
need to be protected. ENISA in [? ] proposes a taxonomy of IoT resources, relevant from the perspective of the
software development life cycle. This classification may not be totally applicable to the AHA domain, as a more
comprehensive perspective is required, focused on the users and goals pursued by such domain (e.g.: quality of live,
support independent living, healthy style of life, etc.). Similarly, the work in [? ] also provides an asset taxonomy but,
this time, the perspective is too broad, dealing with IoT ecosystems in general. A more specific analysis is required to
identify the specific assets that need to be protected in the particular domain of Active and Healthy Ageing ecosystems.
In this sense, and following the approach proposed in [? ], assets will be initially categorised as hardware, software,
or data. For the hardware and software category, resources will, at the same time, be categorised as assets deployed in
the Edge, the Fog or the Cloud Computing layer.
The hardware assets encompass all resources that are physically tangible and play a role in the different solutions
supporting AHA. Some of these devices will be deployed within the home premises whereas some others will work
off-premises, generally, in the cloud.

• The Edge
– Sensors
– Actuators
– System-On-Chip, micro-controllers, and microprocessors
• The Fog
– Gateways
– Routers
– Hardware firewalls (IDS or Intrusion Detection Systems, IPS or Intrusion Prevention Systems)
– Dedicated hardware (FPGAs, GPUs)
– Temporal buffering storage in case of connectivity lost
• The Cloud
– Storage (data lakes o data warehouses), data analytic, and visualisation
– Big data infrastructure

The software category encompass all resources that, as executable code, run in a hardware device. Similarly to
the hardware assets, software assets can run on local devices, deployed within the home premises, or off-premises,
generally, in the cloud:

• The Edge
– Messaging system clients
– Wrappers and filters
– Basic cyphering mechanisms
2072 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076
M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000 5

– Basic data processing algorithms (mean, maximum value, standard deviation, etc.)
– Remote control (including the firmware updates, change in the logging preferences, etc.)
– Provision services (update, status, etc.)
• The Fog
– Messaging brokers and adapters
– Translators, wrappers and filters
– Security mechanisms (cyphering, AAA services, etc.)
– Provision services (update, status, etc.)
– Analytics software (dimensionality reduction, data fusion, advanced filtering, etc.)
– Service level agreement monitoring
• The Cloud
– Messaging brokers and adapters
– Service level agreement monitoring
– Security mechanisms (cyphering, AAA services, etc.)
– Analytics software (utilities for High Performance Computing like Hadoop, MapReduce)

The data category encompasses that broad category of information being gathered or generated from the sensing de-
vices or derived from the user behaviour. This information can also be stored locally, within premises or off-premises,
generally in the cloud. However, this aspect is not relevant for the identification of the different type of data. On the
contrary, this categorisation will be based the source generating the data or information:

• Environmental data
– Outdoor environmental data (humidity, temperature, noise level, light, geo-positioned data, etc.)
– Indoor environmental data
• Activity data (what)
– Public/professional
– Private
• Social (who)
• Spatial-temporal (where and when)
• Mental
• Physiological (smartband information, glucometer, weight, etc.)
• Individual identity and digital identity (personal data and digital trace)

These three asset categories have identified the resources requesting protection from the different actions (indepen-
dently on whether intentional or accidental) compromising them.

3.2. Cybersecurity threats and attacks challenging the Active and Healthy Ageing Domain

The RFC 2828 [? ] defines a threat as a possible danger that might exploit a vulnerability. A threat can be either
“intentional” (i.e., intelligent; e.g., an individual cracker or a criminal organization) or “accidental” (e.g., the possi-
bility of a computer malfunctioning, or the possibility of an “act of God” such as an earthquake, a fire, or a tornado).
Moreover, [? ] describes four kinds of threat consequences, and also lists and describes the kinds of threat actions that
cause each consequence. This section analyses these threat consequences and the attacks that might cause them, from
the perspective of the AHA domain. Please note that it is out of the scope of this work to provide a throughout analysis
of the different threats and attacks that might target AHA domains. On the contrary, this section focuses on identifying
the most sensitive assets given the current trends in cybersecurity attacks. The purpose is to identify those aspects of
the AHA domain that should be strengthened and in which special security mechanisms should be enforced.

3.2.1. Unauthorised disclosure

The unauthorised disclosure is defined by [? ] as the circumstance or event whereby an entity gains access to
data for which the entity is not authorized. An unauthorised disclosure is therefore a threat to the security principle of
confidentiality. Confidentiality is a term that encompasses two different aspects: 1) data confidentiality and 2) privacy.
 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076 2073
6 M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000

So, it should be possible to ensure the confidentiality of information that is not private, because confidentiality is about
preventing information from being disclosure to unauthorised parties and not only about keeping data private.
There are different actions or attacks [? ] that can lead to an unauthorised disclosure, as known: exposure, inter-
ception, inference, and intrusion. Because these actions threaten confidentiality, it is unlikely that hardware assets are
the target of such type of attacks. Software assets, on the other hand, can suffer from unauthorised disclosure, for
example, when the source code of an application is unintentionally released or by making unauthorised copies of an
application. Nevertheless, the specific software asset categories identified for the AHA domain are less prompted to
suffer such attacks, basically because most of the times there is no real intellectual property to protect. Moreover, the
most complex applications are generally run on the cloud and when this happens, the interest is in either the data being
processed or the technological infrastructure supporting the processing, not on the source code by itself.
The analysis about the assets that might suffer the consequences of an attack to confidentiality leading to an unau-
thorised disclosure can be therefore reduced to analyse the different data asset category and how can they suffer from
an unauthorised disclosure. It is important to highlight that there is data that is not private, because this information
is generated in a public sphere. This is, for example, the information obtained from monitoring the physical activity
that takes place in a public space like a gym. This information might not be private but still subject to confidentiality
assurance. Personal data5 will always be confidential, meaning that some of the personal data might not be private
but still, it is subject to the individual it refers to, to determine the degree to which he/she is willing to share such
information.
Implementing an exposure attack can be one of the ways how sensitive data can be released to an unauthorised
party. This can be the result of an intentional action, like an unsatisfied caregiver posting in a social network the activity
data gathered from a smartband. It can also be the result of an error. For example, when the individual him/herself, by
mistake, post his/her activity records on the social network of the smartband manufacturer. It is even possible that the
user might have not understood the implications of the actions he/she was about to perform when asked for consent
before posting the data on the social network. Even though the user might have granted the consent to publish the data
(which relieves the manufacture from liability), the fact that he/she did not do it on purpose, means the user ended up
with his/her data being exposed.
Others actions such interception, inference or intrusion will always be intentionally carried out by a third party,
ended up in the same result: unauthorised disclosure of information. Interception is one of the major challenges being
faced by the AHA domain, as such domains builds upon the Internet of Things paradigm. This paradigms is based
on different objects interacting seamlessly or, in other words, sharing information through a shared medium. Fog and
cloud computing resources already implement sufficiently robust mechanisms to prevent interception from occurring
or at least making it difficult. It is the indoor domain the one that present major challenges because it either relies on
the false sense of security given by being behind a firewall and the ISP router or because not outbound connections
are supported (for example, when using ZigBee or Bluetooth). The indoor domain is where interception, inference or
intrusion attacks are prompt to occur and where less security mechanisms are enforced. Remote attacks are possible
although after the Mirai attack efforts are already addressed to strengthen this side. The weakest point is that with
direct access. Being within the signal range (either Wi-Fi, ZigBee or Bluetooth) can be enough to implement an
interception, inference or intrusion attack, that can even go unnoticed for a long time (like a Man-in-the-Middle) as
the availability of the systems or applications might not affected. At the same time, the information disclosed in this
scenario is one of the most sensitive ones for belonging to the most private spheres of an individual.
Social engineering attacks are defined, according to [? ] as “the art of influencing people to divulge sensitive
information is known as social engineering and the process of doing so is known as a social engineering attack.”
These type of attacks are a serious threat to any type of information systems, but they are specially serious for the
AHA domain. Such domains, in contrast to company environments, lack of information security specialist protecting
the system. Furthermore, users have little knowledge about computer security and, most of the times, they have not
received any special training about such issues. This type of attacks should therefore received special attention in
order to ensure confidentiality for AHA domains.

5 According to the GDPR personal data is any information that relates to an identified or identifiable living individual
2074 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076
M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000 7

3.2.2. Deception
Deception is a threat consequence that, as defined by [? ] may result in an authorized entity receiving false data
and believing it to be true. This is particularly relevant in the AHA domain as different parameters of individuals life
are being monitored mainly to support early risk prediction, prevention and intervention. The techniques that support
risk prediction, prevention and intervention area are based on the data collected from sensing devices. It is therefore
essential that this information is precise, authentic, and genuine. The effects of working on the base of wrong (or
false) information can be catastrophic. Think of an application that provides the insulin level that should be injected
based on the measures provided by a glucommeter device. Forged information provided to that application could have
a serious impact on the health (even the life) of an individual.
Despite the importance that deception has on data assets, it cannot be overlooked the importance of such threat con-
sequence to software assets. This is particularly relevant to low resource devices with scarce capabilities lacking of
mechanisms to verify the authenticity and genuineness of a software (or firmware) update. Cybersecurity vulnerabili-
ties of cardiac implant electronic devices have received great attention from the scientific community [? ] so, despite
the identified flaws, efforts are being addressed to overcome them and prevent future ones. However, there are some
other devices whose criticality are not that obvious but should neither be left aside. It deems essential that effort start
being addressed to provide mechanisms to guarantee the authenticity and genuineness of code updates (also including
firmware updates) for AHA devices (IoT devices).
Deception can be therefore a threat to both data and software integrity. This threat can be carried out through three
types of actions or attacks, as known: masquerading, falsification, and repudiation.
In a masquerade attack, an unauthorised entity performs pretending to be an authorised entity. Imagine a non-
authorised sensor pretending to be part of the monitoring sensor network of a home, sending forge information about
a monitored parameter. It can also be an entity pretending to be an authorised agent in charge of deploying software
updates, that modifies the behaviour (based on the software run locally in the actuator) of a device. The use of cer-
tificates (based on both symmetric and asymmetric ciphering) is the most common approach to prevent such attacks
from taking place but the low capabilities resources of most IoT devices calls for new implementations that, based on
the same idea, can seamlessly run on such low computational resources devices.
A falsification attack resembles the masquerade one by deceiving an authorised entity with false data. The differ-
ence is that in the masquerading, data are not inherently false, but they do not come from an authorised source. In a
falsification attack, nothing is said about the source, but the focus is on the aspect that provided data are false.
Finally, in a repudiation attack an entity deceives another one by denying sending or receiving a data. The impact
of such an attack in a AHA domain is low although it is normally employed as a side tool to evade or hide the presence
of an intruder. This attack deplete the tracing capabilities of the security mechanisms in place.

3.2.3. Disruption
Disruption, is a thread to system availability or integrity and causes the interruption of system services and func-
tions, as defined by [? ]. This threat affects mainly to software and hardware assets, although data assets can also be
the target of corruption attacks. Independently on the affected asset (either hardware, software or data), threatening
system integrity or availability would result in a functionality disruption. The main purposes of the different applica-
tions deployed in an AHA domain pursue early risk prediction, prevention and intervention purposes. The impact of
the service outage, depending on the duration and the assets affected, can be a just uncomfortable situation or have
catastrophic effects.
There are three main types of actions or attacks that can lead to disruption consequences, as known: incapacitation,
corruption, and obstruction. An incapacitation attack can be either intentional or unintentional. Intentional attacks
include both those acts against a software asset using malware or those others that target a hardware asset by physically
destroying it. On the other hand, an unintentional event could involve a human error, or a bug or flaw in a software or
hardware component, but also due to natural disasters like a fire or a storm. The main feature of an incapacitation act
is that a system component is disabled and therefore this cause the whole system to be unusable. Among the different
assets, there are some of them working as enablers, such as those performing routing or determining the behaviour of
other systems. The incapacitation of such systems could have a great impact in the performance of the system and for
this reason, when monitoring life-dependant aspects of an individual, replication and backup systems should be ready
to intervene whenever the incapacitation of an essential module occurs. The identification of such essential systems
 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076 2075
8 M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000

should be carried out as part of a thorough risk assessment analysis, revised whenever a new functionality is deployed
in the AHA ecosystem.
The incapacitation of a system does not necessarily implies that an asset have suffer a permanent effect. On the
contrary, a corruption attacks involves the modification of an asset, leading to a disruption consequence. Again, a
corruption act can be the result of an intentionally action or an unintentional one. Either case, a reversion or restoration
mechanism should be devised to minimize the impact of such an attack. Similarly to the situations analysed for the
incapacitation attack, essential assets should be identified after a risk assessment analysis. The availability of such
particular assets should be guarantee either by replication or backup mechanisms, meanwhile the cause or source of
the attack is being handled.
Contrary to the previous two attacks, the obstruction one does not affect system components or integrity. It is
the delivery of functionalities what is being affected. Assets keep working normally but the service that rely on them
cannot be delivered. This type of attacks either target communication networks or computing capabilities.

3.2.4. Usurpation
Disruption is not the only threat that can affects the system integrity, usurpation can also affect it. This threat
consequence is defined by [? ] a circumstance or event that results in control of system services or functions by an
unauthorized entity. This is, probably, the most paradigmatic risk affecting IoT ecosystems since the Mirai attack. For
the first time, the true potential of the lack of basic security mechanism for IoT devices was experienced, causing an
Internet outage for several hours, in one of the major cyberattacks of history. There were not supercomputers behind
this attack, on the contrary, this was leveraged by IP cameras and smart bulbs, mainly.
The major challenge of this type of attacks is that they might go unnoticed for a long time, staying in a latent
phase, controlled by a remote party. Losing the control of relevant assets can be specially sensitive when involving
vulnerable users, like older adults with some cognitive impairments. Strong security mechanisms should be enforced
in both software and hardware assets before the deploying stage, ensuring that usurpation, in case of happening
(security cannot be guarantee 100%), it will be detected and halted. Aspects such as default passwords, hard-coded
passwords in firmware or similar situations should be totally prevented.

4. Conclusion and future works

The change in the population structure, specially in the European one, calls for technological solutions that support
people as they age to live a healthier life and to live independently for longer time. This is becoming a reality as
the Internet of Things and home automation advances are enabled continuous monitoring of different aspects of
individuals life. These advances are not intended to replace human assistance, but to alleviate pressure on health and
care systems and caregivers (either professional or from a family member). To achieve the scenarios envisioned in
the AHA paradigm, in which older adults assisted by technology live independently for longer, it is necessary to start
addressing more seriously the cybersecurity challenges of this particular ecosystem.
There are two aspects that make this ecosystem different from other computing systems: 1) the majority of the
individuals either using or being monitored by this technology will be technological illiteracy and, some of them,
vulnerable; 2) devices and solutions will be deployed in one of the most private spheres of a human being, subject to
a special protection, as it is the home. These two aspects call for specific guidelines or standards and route maps that
systematize the cybersecurity assurance for AHA ecosystems.
This paper analyzes the different assets, threats and attacks that should be particularly considered in an AHA
domain. It is out of the scope of this work to carry out a thorough analysis. On the contrary, it focuses on highlighting
those aspects that should be paid special attention based on the peculiarities of the AHA domain. Although, to the
best of our knowledge, there are not specific contributions on cybersecurity for AHA, future works will be intended to
perform a systematic revision of contributions made on other fields that can be directly applicable to this one as well as
to identify the missing gaps and propose solutions or directions towards which further research should be addressed.
2076 Maria J. Santofimia et al. / Procedia Computer Science 192 (2021) 2068–2076
M.J. Santofimia et al. / Procedia Computer Science 00 (2021) 000–000 9

Acknowledgements

This paper has been funded by European Union’s Horizon 2020 research and innovation programme under grant
agreement no. 857159, project SHAPES (Smart & Healthy Ageing through People Engaging in Supportive Sys-
tems), the Ministry of Economy and Competitiveness (MINECO) of the Spanish Government (PLATINO project,
no. TEC2017-86722-C4-4-R) and the Regional Government of Castilla-La Mancha under FEDER funding (SymbIoT
project, no. SBPLY-17-180501-000334).