Professional Documents
Culture Documents
Received August 4, 2020, accepted August 13, 2020, date of publication August 17, 2020, date of current version August 28, 2020.
Digital Object Identifier 10.1109/ACCESS.2020.3017221
ABSTRACT Security has become a vital factor for any Internet of things network but it is of paramount
importance for Internet of Health Things (IoHT). IoHT also known as Internet of Medical Things (IoMT)
is integration of IoT and healthcare environment, where fragile data related to the patients is transmitted
from IoT devices to server. During this transmission, if, any eavesdropping or intrusion occurs then it will
not only lead to the serious mutilation of entire network but this data will be handled maliciously for wrong
doings as well. Therefore, a proper security is indispensable for IoHT based equipments due to exposure to
different attacks. Security of IoHT has been the burning issue in last couple of years. In this regard different
security models, surveys, frameworks have been presented. In this article, a proposed Identified Security
Attributes (ISA) framework is presented to evaluate the security features of IoHT based device in healthcare
environment. The proposed framework uses hybrid MCDM methods such as Analytical Hierarchical Process
(AHP) and Technique for Order Preference by Similarity to Ideal Solution (TOPSIS). This framework works
in two phase: in first phase the weights of attributes are derived by using AHP method and in second phase
security assessment of alternatives is performed based upon security criteria by using TOPSIS method. The
outcomes of proposed security assessment framework demonstrate that the reliable and secure alternative
among alternatives is selected in IoMT system. This approach can be used as a guideline for future use in
IoMT systems or any other IoT based domain. To the best of our knowledge, it is novel approach to address
the security assessment of IoT and these MCDM methods have never been used before for assessment and
decision making in IoHT system for security.
I. INTRODUCTION livan analysis report, IoMT market was worth $22.5 billion
Internet of health thing (IoHT) also knowna as Internet of in 2016; this figure is expected to touch $72.02 billion in 2021
Medical things (IoMT), is the network of healthcare devices [2]. IoMT is sharply increasing such that 60% of global health
connected to the cloud for sending and receiving data related care organizations have adapted it and by the end of 2020 it
to the chronical diseases of patients [1]. IoMT allows to is estimated to increase by 27% [3].
reduce the unnecessary visits to hospital and alleviates burden IoT devices operating in healthcare environment are sus-
on medical care system by providing connectivity over secure ceptible to various cyber threats and attacks.The healthcare
network between medical experts and patients; which, ulti- industry faces 340% more security issues than any other
mately leads to saving of a lot of time and money [2], [3]. This industry and it’s 200% more susceptible to data theft [3].
is the reason, the number of IoT devices in healthcare network According to report over 90% of enterprises are facing at least
are increasing exponentially in last few years and contributed on security breach [4]. Another study suggested that there is
a lot towards the financial zone. According to Frost & Sul- an average of 164 cyber threats detected per 1,000 connected
host devices in IoMT system [5]. IoMT devices are deployed
The associate editor coordinating the review of this manuscript and in network without considering the security in mind, this is
approving it for publication was Gautam Srivastava . the main reason that these devices suffer from confidentiality,
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
152316 VOLUME 8, 2020
L. Wang et al.: ISA Evaluation Framework for Security of IoHT System Using AHP-TOPSIS Methods
integrity and availability issues [6]. These vulnerabilities smart grid, smart agriculture, and smart city. The IoT security
allow the cybercriminals to get access into the IoMT network goals can be achieved by evaluating all the security require-
and obtain the sensitive and personal data about the patients. ments and implementing them for protecting IoT devices.
One of the serious problems faced by IoMT devices is secu- In this research work, security of IoHT devices is assessed by
rity and privacy issues. According to Jhonson and Jhonson using multi criteria decision making (MCDM) method and
IoMT devices like digital insulins are vulnerable to cyber best option/equipment is to be selected from the alternatives.
threats [7]. In IoHT system, data relevant to patients is stored The organization of the paper is as follows: section II
in the cloud and it is moving back and forth through millions describes motivation, in section III literature review has been
of IoT devices and thus it spawns the vulnerability to data in discussed. In section IV, research method has been discussed,
their applications. Due to this vulnerability, many enterprises which includes criteria selection processes and proposed
may not be willing to store IoT applications on the cloud. framework discussed along with and its validation by MCDM
Therefore, risk assessment is mandatory prior to put their methods. Section V ends with conclusion.
applications to the cloud and for mobile devices installing the
IoT applications [8]. II. CONTRIBUTION AND RESEARCH GAP
Sometimes, decision making regarding the selection of The contributions made by earlier methods for security eval-
best security option for IoHT devices is an issue due to the uation in IoHT system are great but still there exists some
many factors involved like evolving complex criteria pertain- drawbacks and gaps that are required to be addressed:
ing to security, huge number of heterogeneous IoT devices,
• Criteria identified by previous studies are not suffi-
limited processing, and memory capabilities of these device.
cient enough to meet the all security requirements of
In light of these circumstances, lacking of proper security
IoT. Therefore, for security assessment a complete pack
procedures and criteria is not a good approach. Keeping in
of security requirements needs to be considered. This
view these factors, in this research work, we are presenting
work has targeted the same to include all the security
an evaluation framework in healthcare environment, which
requirements in order to provide full-fledge IoT security
attempts to evaluate the IoT devices in light of security criteria
solution in healthcare environment. Criteria like conti-
and select the best IoT device as alternative among the list
nuity, trustworthiness, network monitoring and secure
of devices. Security criteria or requirements are identified
key management were neglected by previous works.
from literature review and International standard Organiza-
• In previous works, the security requirements are col-
tion (ISO) standard. A multi criteria is built in light of iden-
lected only from the literature but in this work, we inte-
tified security requirements for decision making purposes.
grated both literature and ISO security standard ISO/IEC
This selection criteria defines a full package of security,
27000-series (ISO/IEC, 2018), which is well-known
which can be implemented in any IoT devices in healthcare
security standard for implementing security all over the
environment. A full-fledged secure IoHT system can be well
world.
described by fulfilling the security requirements or criteria
• In this work, two MCDM methods such as AHP and
such as confidentiality, integrity, availability, access control,
TOPSIS have been used, which are ideal to provide
authentication, authorization, network monitoring, physical
a good platform for assessment and decision making.
security, network monitoring, secure key management, con-
AHP requires less quantitative data and in TOPSIS infor-
tinuity, trustworthiness, auditing and non-repudiation. These
mation loss is less in the evaluation processes.
requirements define the architecture of IoMT network in
• To the best of our knowledge, this is novel approach,
terms of considering different issues and challenges. The
which combines both AHP-TOPSIS for security assess-
basic security requirements are defined in confidentiality
ment in and decision making purposes in healthcare
integrity and availability (CIA model) [9], [10]–[13], [14].
environment
The security of IoHT system has been addressed by different
methods, but, in this regard, the multi criteria decision making
(MCDM) approach is significant to mention. MCDM is also III. MOTIVATION
known as Multi Criteria Decision Analysis (MCDA) [15]. The proposed research work is motivated to achieve the fol-
Multi criteria decision-making methods have various appli- lowing objectives.
cations in different domains. Sometimes, it becomes very • Decision making in IoHT is big challenge due the
hard to find appropriate solution to the problems. Decision number of criteria and sub-criteria involved. The prime
making is always a tough job due to imprecise, uncertainties focus of this research work is to select the best security
and subjective nature of criteria [16]. solutions for IoHT systems by using hybrid MCDM
For this purpose in this research work, we present ISA approach
framework for security assessment and selection of IoHT • The security of IoMT system is getting a burning topic in
based equipment with respect to identified security require- last decade so this motivation led us to assess the security
ments or criteria in healthcare environment. These security of IoMT based system
requirements of IoT not only limited to specific application • There exists a research gap between existing work and
domain but they cover almost every area such as smart home, proposed work. This proposed work is based upon
V. RESEARCH METHOD
The security of IoHT devices is indispensable due to ubiq-
uitous and multi sensor approach adapted by IoHT network.
FIGURE 1. Research trend in IoT security.
In this research, our prime focus is to present proposed ISA
framework to provide solution towards the security chal-
lenges faced by IoMT system. The proposed security frame-
security requirements identified from both sources such work of security evaluation and selection of IoHT devices
as ISO security standard and literature. ISO standard for based upon identified set of attributes as depicted in Fig-
security requirements have never been used before for ure 1. The main idea is before introducing an IoT device
security evaluation or assessment criteria into operating environment such as healthcare environment,
it is necessary to check its security with respect to security
IV. RELATED WORK criteria. In this research, both MCDM methods such AHP and
IoT devices have limited processing, bandwidth and mem- TOPSIS have been used for assessment and selection of IoHT
ory capabilities due to their limited structures, which device with respect to security features. Research method has
make them vulnerable to many security threats and the following subsections: In first section, security require-
attacks [17], [18]–[20]. This is the main reason, that IoT secu- ments or criteria are identified, in second section, proposed
rity has been the most intriguing and busy research area since framework is presented, in third section weights are assigned
last decade i.e. 2011 to 2019 as shown in Fig 1. To address the to criteria by using AHP and fourth section describes how
security and privacy issues in IoT different frameworks have TOPSIS method has been used for assessment and decision
been presented like [21]–[26]. IoT devices experience more making.
serious privacy security risks [27]. Especially, in healthcare
environment these risks become more serious and sever due A. SELECTION OF SECURITY REQUIREMENTS OR
the nature of data handled by the network. As, data related to CRITERIA
patients are stored in cloud server of hospital center, required The security requirements also known criteria are identified
to be kept secured [28]. and selected for the security evaluation of IoT devices in
For security of IoMT or IoHT many works are available healthcare environment. These security requirements not only
but in this literature study, we are restricting our discussion to limited to specific application domain but they cover almost
MCDM methods such as AHP and TOPSIS. But, still, some every application domains such as smart health, smart home,
frameworks for security in IoMT are discussed like Leis- smart grid, smart agriculture, smart city etc. The security
ter et al. [29] presented evaluation framework for adaptive goal of IoHT can be achieved by evaluating all the security
security in IoHT. Nkomo and Brown [30] presented a hybrid requirements and implementing them for protecting the IoT
cybersecurity framework for IoMT. Jan et al. [31] presented devices in healthcare environment. In this research work,
the authentication of nodes for streaming of data. Similarly, security requirements are identified from both sources such
there are many other frameworks intended to address the as literature and International Standard Organization (ISO)
security of IoMT system are presented [32]–[38]. information security standard such as ISO/IEC 27000-series
MCDM methods have wide range of applications in IoMT (ISO/IEC, 2018). ISO/IEC 27000-series (ISO/IEC, 2018) is a
system. The role of multi criteria decision making analysis in well-known standard and widely accepted standard [14]. This
healthcare has been briefly discussed by Frazão et al. [39]. standard implements an information security management
These methods not only address the security issues but are system based upon defined set of basic requirements. This
also applied for variety of the purposes like assessment and is also current standard in Australia. This standard, provides
selection in IoMT. Drake et al. [40] used MCDM methods guidance pertaining to controlling, implementation, manag-
for contracts and tender process in healthcare environment. ing measures and approach towards risk management [14].
Liu et al. [41] presented a hybrid MCDM model for mobile Similarly, after studying literature, many security require-
healthcare system. ments or criteria from various research articles are collected
We highlighted those related work, which addressed the and detail about these is given in Table 3. In this research
security of IoT in healthcare by using multi criteria deci- work, 8 security requirements from literature and 5 attributes
sion making methods such as AHP and TOPSIS or both are derived from ISO/IEC 27000 (2018) standard. Finally,
total of 13 security requirements are selected based upon their The main objective of framework is to achieve the security
impact on IoMT security, frequency of occurrence and fac- evaluation of IoT devices or alternatives based upon the
tor of commonality in literature. Selected security attributes identified security criteria in healthcare environment. After
along with sources are marked in Table 4. The overall picture identifying and selection of security requirement or attributes,
of steps taken towards the completion of research work in the IoT devices as alternative are selected and data is collected
summarised fashion is depicted in Fig 2. from by consulting the security experts in the field of IoT
Frequency of attributes citation based on number of papers security. Our data collection technique inspired by Delphi
in literature is depicted in Fig 3. method [68]. The proposed security framework for evaluation
The overall procedure for selection of security require- and decision making about security of IoT devices in medical
ments consists of different steps: in step one 119 attributes care system is shown in Fig 6. This framework works in
are identified from literature, in second step duplicates or rep- two phases: in first phase AHP method assigns weights and
etition of attributes is removed, in third step attributes are in second phase TOPSIS method has been used for ranking
identified from ISO standard, in 4th step all attributes are of alternatives.
combined and in last step final attributes for security assess-
ment have been selected. Procedure for selection of security
C. ASSIGNING WEIGHTS TO SECURITY REQUIREMENTS
attributes/criteria is shown in Fig 4.
OR CRITERIA BY USING AHP
All finally selected attributes for security assessment in this
research work have been explained in Table 5. In this research Analytic Hierarchy Process (AHP) method
In this research work, four IoT based equipments or devices has been used for assigning weights to the criteria. This
are selected as alternatives for decision making. These alter- method is ideal for problem situations that involve multi-
natives are labelled as D1 D2 , D3 and D4 . The hierarchical criteria decision making situations. There are many reasons
structure of 13 security requirements for ‘‘n’’ number of for selecting this method like, it focuses upon diminishing
alternatives or IoHT devices is depicted in Fig 5. the cognitive errors by simplifying, partitioning, and com-
paring multiple attributes. It is not only suitable for com-
paring qualitative indices but also for quantitative indices.
B. PROPOSED FRAME WORK FOR SECURITY EVALUATION Thus, it has various applications in domains like selection,
AND DECISION MAKING assessment, resource allocation, conflicts resolution, priority
The proposed framework for security evaluation is also and ranking, and optimization. AHP method is subjective in
known as Identified Security Attributes (ISA) framework. nature, it means the experts or decision makers assign weights
TABLE 3. List of all security requirements collected from literature and ISO standard.
based upon their opinions [69]. AHP is a technique which Step-1. Identification of criteria and alternatives
prioritizes each alternative based upon their significance of In first step criteria, sub-criteria and alternatives are iden-
hierarchy or goals identification [70]. According to [71]–[73] tified and they are represented in the form of hierarchical
the AHP method involves the following steps. shape.
FIGURE 6. Proposed ISA framework for security evaluation and decision making.
malized pairwise comparison matrix by using equation (2) + 13.866 + 13.793 + 13.817 + 14.393]
and results are depicted in Table 8. The criteria weights 1
λmax = [192.96]
are numbers, which show the importance of each criterion. 13
C1 is given more weight or score among the criteria listed λmax = 14.8
in Table 8, it means it is very important criteria as suggested
The Random Index (R.I) for ‘‘N’’ number of criteria is
by the experts’ panel. Similarly, C12 and C13 both criteria are
shown in Table 9 [74]. In this research work, we have used
having lowest values among others, it means that these are
13 security requirements as the number of criteria, so the
not important criteria as other criteria are important.
value of R.I is 1.56 according to Table 9.
The calculated criteria weights are further verified by con-
Consistency index is calculated by using equation (3) as
sistency ratio (C.R) value and the procedure of verification
given as below.
is continued by finding the Lambda max. By using equation
(2), Lambda max (λmax ) can be calculated as follows. 14.8 − 13
C.I = = 0.15
13 − 1
λmax
2.27 1.96 2.13 1.72 1.82 1.06 1.03 Consistency Ratio (C.R) is calculated by using equation (4)
1 0.15 0.12 + 0.14 + 0.11 + 0.11 + 0.07 + 0.07
+ below as.
= 0.15
13 0.86 0.88 0.48 0.47 0.31 0.23 = 0.96 < 0.1 or (9.6% < 10%)
+ + + + + + C.R =
0.06 0.07 0.03 0.03 0.02 0.02 1.56
1 As, the value of C.R is less than 0.1 or 10 %, it means that
λmax = [15.528 + 16.029 + 15.689 + 15.067 inconsistency is reliable and we can proceed towards further
13
+ 16.027 + 15.497 + 14.802 + 15.045 + 13.409 security evaluation.
TABLE 9. Random index values. The data of the decision matrix D comes from various
sources, therefore, it has to be normalized to transform it into
a dimensionless matrix. Dimension matrix allows the com-
parison of different criteria. A normalized decision matrix is
built by using the following formula.
Xij
Rij = qP (6)
m 2
i=1 xij
C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 C11 C12 C13
D1 7 9 9 8 6 7 4 6 8 4 7 4 6
D2
D= 8 7 8 7 7 5 4 5 8 5 7 5 7
D3 9 6 9 8 8 6 3 6 7 4 8 5 6
D4 8 7 8 6 9 6 5 3 9 6 9 4 7
TABLE 14. Ranking preferences. terms of security. This framework can be used for providing
future guideline for selection of best security solution for
IoHT based system and it can be used for making more
suitable frameworks in future.
Our future work is to extend this framework by including
more security requirements and alternatives and to use other
multi criteria decision making approaches for assessment and
0.022 0.022
Ci (D2 ) = = = 0.417 decision making.
0.031 + 0.022 0.053
0.034 0.034 CONFLICT OF INTEREST
Ci (D3 ) = = = 0.516 The authors declare no conflict of interest regarding this
0.032 + 0.034 0.067
0.033 0.033 article.
Ci (D4 ) = = = 0.518
0.031 + 0.033 0.064
REFERENCES
Based upon scoring of Ci , ranking is performed and higher [1] S. Makkar, A. K. Singh, and S. Mohapatra, ‘‘Challenges and opportunities
value of Ci indicates best alternative among the four alter- of Internet of Things for health care,’’ in A Handbook of Internet of Things
natives such as D1 , D2 , D3 and D4 . After the calculation of in Biomedical and Cyber Physical System. Berlin, Germany: Springer,
2019, pp. 301–314.
relative closeness (Ci ) then ranking is performed based upon [2] Alliance of Advanced BioMedical Engineering, Frost & Sullivan.
the value of Ci . D1 alternative has higher value among the Internet of Medical Things Revolutionizing Healthcare. Accessed:
other alternatives so it ranked as 1st based on higher value of Jul. 19, 2020. [Online]. Available: https://aabme.asme.org/posts/internet-
of-medical-things-revolutionizing-healthcare
Ci . The results of all alternatives based on higher score are [3] Internet of Medical Things (IoMT): New Era in Healthcare Industry,
given as D1 >D4 >D3 >D2 and their ranking preferences Fuzon, Los Angeles, CA, USA, 2019.
[4] S. Elder. (2017). 87% of Healthcare Organizations Will Adopt
have been displayed in Table 14. Internet of Things Technology by 2019. [Online]. Available:
In Table 14, according to ranking D1 alternative is higher in https://www.hipaajournal.com/87pc-healthcare-organizations-adopt-
rank than other alternatives based upon the security require- internet-of-things-technology-2019-8712/
[5] A. Arampatzis. (2019). Protecting Modern IoMT Against Cybersecu-
ments or criteria so it can be described as most reliable and rity Challenges. [Online]. Available: https://www.tripwire.com/state-of-
secure IoT equipment in healthcare environment. security/healthcare/modern-iomt-cybersecurity-challenges/
[6] F. Alsubaei, A. Abuhussein, and S. Shiva, ‘‘Security and privacy in the
Internet of medical things: Taxonomy and risk assessment,’’ in Proc. IEEE
VI. CONCLUSION 42nd Conf. Local Comput. Netw. Workshops (LCN Workshops), Oct. 2017,
The security of IoT is important due to its fast growing and pp. 112–120.
[7] J. D. Rockoff, ‘‘J&J warned insulin pump vulnerable to cyber hacking,’’
multi-application nature. In this research work, a framework Wall Street J., Internet, Jul. 2020. [Online]. Available: https://www.wsj.
towards the security evaluation is applied for the security com/articles/j-j-warns-insulin-pump-vulnerable-to-cyber-hacking-
ranking of IoT devices in healthcare environment. This secu- 1475610989?mg=prod/accounts-wsj
[8] A. Mondal, P. Rao, and S. K. Madria, ‘‘Mobile computing, IoT and big
rity evaluation framework is presented in light of using multi data for urban informatics: Challenges and opportunities,’’ in Handbook of
criteria decision making approaches. Requirements for secu- Smart Cities. Cham, Switzerland: Springer, 2018, pp. 81–113.
[9] S. Alam, M. M. R. Chowdhury, and J. Noll, ‘‘Interoperability of security-
rity assessment are selected from both sources literature and enabled Internet of Things,’’ Wireless Pers. Commun., vol. 61, no. 3,
ISO security standard. Then, MCDM methods such as AHP pp. 567–586, Dec. 2011.
and TOPSIS are applied to validate the proposed framework. [10] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, ‘‘Blockchain for
IoT security and privacy: The case study of a smart home,’’ in Proc. IEEE
Weights are assigned by using AHP method and then TOP- Int. Conf. Pervas. Comput. Commun. Workshops (PerCom Workshops),
SIS method is used evaluate the security requirements for Mar. 2017, pp. 618–623.
the ranking of alternatives. Precise and accurate results are [11] R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, ‘‘Internet of Things
(IoT) security: Current status, challenges and prospective measures,’’ in
obtained after the empirical work and these results can be Proc. 10th Int. Conf. Internet Technol. Secured Trans. (ICITST), Dec. 2015,
used as metric of selecting the most reliable IoT solution in pp. 336–341.
[12] A. W. Atamli and A. Martin, ‘‘Threat-based security analysis for the Inter- [37] H. Jahankhani and J. Ibarra, ‘‘Digital forensic investigation for the Internet
net of Things,’’ in Proc. Int. Workshop Secure Internet Things, Sep. 2014, of medical things (IoMT),’’ Forensic Leg. Investig. Sci., vol. 5, no. 2, p. 029,
pp. 35–43. Aug. 2019, doi: 10.24966/FLIS-733X/100029.
[13] K. C. Park and D.-H. Shin, ‘‘Security assessment framework for IoT [38] X. Li, H.-N. Dai, Q. Wang, M. Imran, D. Li, and M. A. Imran, ‘‘Secur-
service,’’ Telecommun. Syst., vol. 64, no. 1, pp. 193–209, Jan. 2017. ing Internet of medical things with friendly-jamming schemes,’’ Comput.
[14] R. Diesch, M. Pfaff, and H. Krcmar, ‘‘A comprehensive model of infor- Commun., vol. 160, pp. 431–442, Jul. 2020.
mation security factors for decision-makers,’’ Comput. Secur., vol. 92, [39] T. D. C. Frazão, D. G. G. Camilo, E. L. S. Cabral, and R. P. Souza,
May 2020, Art. no. 101747. ‘‘Multicriteria decision analysis (MCDA) in health care: A systematic
[15] I. M. Abdelwahed, N. Ramadan, and H. A. Hefny, ‘‘Cybersecurity risks review of the main characteristics and methodological steps,’’ BMC Med.
of blockchain technology,’’ Int. J. Comput. Appl. (0975–8887), vol. 177, Informat. Decis. Making, vol. 18, no. 1, p. 90, Dec. 2018.
no. 42, Mar. 2020. [40] J. I. Drake, J. C. T. de Hart, C. Monleón, W. Toro, and J. Valentim,
[16] B. Song and S. Kang, ‘‘A method of assigning weights using a ranking and ‘‘Utilization of multiple-criteria decision analysis (MCDA) to support
nonhierarchy comparison,’’ Adv. Decis. Sci., vol. 2016, pp. 1–9, Apr. 2016. healthcare decision-making FIFARMA, 2016,’’ J. Market Access Health
[17] I. Lee and K. Lee, ‘‘The Internet of Things (IoT): Applications, invest- Policy, vol. 5, no. 1, Jan. 2017, Art. no. 1360545.
ments, and challenges for enterprises,’’ Bus. Horizons, vol. 58, no. 4, [41] Y. Liu, Y. Yang, Y. Liu, and G.-H. Tzeng, ‘‘Improving sustainable mobile
pp. 431–440, Jul. 2015. health care promotion: A novel hybrid MCDM method,’’ Sustainability,
[18] M. Aly, F. Khomh, M. Haoues, A. Quintero, and S. Yacout, ‘‘Enforcing vol. 11, no. 3, p. 752, Jan. 2019.
security in Internet of Things frameworks: A systematic literature review,’’ [42] F. Alsubaei, A. Abuhussein, V. Shandilya, and S. Shiva, ‘‘IoMT-SAF: Inter-
Internet Things, vol. 6, Jun. 2019, Art. no. 100050. net of medical things security assessment framework,’’ Internet Things,
[19] J. Ahamed and A. V. Rajan, ‘‘Internet of Things (IoT): Application systems vol. 8, Dec. 2019, Art. no. 100123.
and security vulnerabilities,’’ in Proc. 5th Int. Conf. Electron. Devices, Syst. [43] W.-H. Liao and W.-L. Qiu, ‘‘Applying analytic hierarchy process to
Appl. (ICEDSA), Dec. 2016, pp. 1–5. assess healthcare-oriented cloud computing service systems,’’ Springer-
[20] C. Hosmer, ‘‘IoT vulnerabilities,’’ in Defending IoT Infrastructures With Plus, vol. 5, no. 1, p. 1030, Dec. 2016.
the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real [44] F. Alsubaei, A. Abuhussein, and S. Shiva, ‘‘A framework for ranking
Time. Berkeley, CA, USA: Apress, 2018, pp. 1–15. IoMT solutions based on measuring security and privacy,’’ in Proc. Future
[21] A. Tekeoglu and A. Ş. Tosun, ‘‘An experimental framework for investigat- Technol. Conf., 2018, pp. 205–224.
ing security and privacy of IoT devices,’’ in Proc. Int. Conf. Intell., Secure, [45] M. Rajasekaran, A. Yassine, M. S. Hossain, M. F. Alhamid, and
Dependable Syst. Distrib. Cloud Environ., 2017, pp. 63–83. M. Guizani, ‘‘Autonomous monitoring in healthcare environment:
[22] M. Frustaci, P. Pace, G. Aloi, and G. Fortino, ‘‘Evaluating critical security Reward-based energy charging mechanism for IoMT wireless sensing
issues of the IoT world: Present and future challenges,’’ IEEE Internet nodes,’’ Future Gener. Comput. Syst., vol. 98, pp. 565–576, Sep. 2019.
Things J., vol. 5, no. 4, pp. 2483–2495, Aug. 2018. [46] R. Kumar, A. K. Pandey, A. Baz, H. Alhakami, W. Alhakami, A. Agrawal,
[23] O. Alrawi, C. Lever, M. Antonakakis, and F. Monrose, ‘‘SoK: Security and R. A. Khan, ‘‘Fuzzy-based symmetrical multi-criteria decision-making
evaluation of home-based IoT deployments,’’ in Proc. IEEE Symp. Secur. procedure for evaluating the impact of harmful factors of healthcare infor-
Privacy (SP), May 2019, pp. 1362–1380. mation security,’’ Symmetry, vol. 12, no. 4, p. 664, Apr. 2020.
[24] M. Chernyshev and P. Hannay, ‘‘Security assessment of IoT devices: [47] N. Dimitrioglou, D. Kardaras, and S. Barbounaki, ‘‘Multicriteria eval-
The case of two smart TVs,’’ in Proc. 13th Austral. Digit. Forensics uation of the Internet of Things potential in health care: The case of
Conf. Perth, WA, Australia: Edith Cowan Univ. Joondalup Campus, dementia care,’’ in Proc. IEEE 19th Conf. Bus. Informat. (CBI), Jul. 2017,
Nov./Dec. 2015, pp. 85–94. [Online]. Available: https://ro.ecu.edu.au/ pp. 454–462.
adf/153 https://ro.ecu.edu.au/adf/153, doi: 10.4225/75/57b3fa87fb88d. [48] F. A. Al-Zahrani, ‘‘Evaluating the usable-security of healthcare software
[25] B. Ali and A. Awad, ‘‘Cyber and physical security vulnerability assessment through unified technique of fuzzy logic, ANP and TOPSIS,’’ IEEE Access,
for IoT-based smart homes,’’ Sensors, vol. 18, no. 3, p. 817, Mar. 2018. vol. 8, pp. 109905–109916, 2020.
[26] O. Mazhelis and P. Tyrvainen, ‘‘A framework for evaluating Internet-of- [49] M. Rajak and K. Shaw, ‘‘Evaluation and selection of mobile health
Things platforms: Application provider viewpoint,’’ in Proc. IEEE World (mHealth) applications using AHP and fuzzy TOPSIS,’’ Technol. Soc.,
Forum Internet Things (WF-IoT), Mar. 2014, pp. 147–152. vol. 59, Nov. 2019, Art. no. 101186.
[27] W. Xi and L. Ling, ‘‘Research on IoT privacy security risks,’’ in Proc. [50] G. Büyüközkan and G. Çifçi, ‘‘A combined fuzzy AHP and fuzzy TOPSIS
Int. Conf. Ind. Informat.-Comput. Technol., Intell. Technol., Ind. Inf. Integr. based strategic analysis of electronic service quality in healthcare indus-
(ICIICII), Dec. 2016, pp. 259–262. try,’’ Expert Syst. Appl., vol. 39, no. 3, pp. 2341–2354, Feb. 2012.
[28] S. S. Rani, J. A. Alzubi, S. K. Lakshmanaprabu, D. Gupta, and −
[51] Ž. Radenović and I. Veselinović, ‘‘Integrated AHP-TOPSIS method for the
R. Manikandan, ‘‘Optimal users based secure data transmissionon the assessment of health management information systems efficiency,’’ Econ.
internet of healthcare things (IoHT) with lightweight blockciphers,’’ Mul- Themes, vol. 55, no. 1, pp. 121–142, Mar. 2017.
timedia Tools Appl., vol. 18, no. 3, pp. 1–20, 2019. [52] A. Hinduja and M. Pandey, ‘‘An ANP-GRA-eased evaluation model for
[29] W. Leister, M. Hamdi, H. Abie, S. Poslad, and A. Torjusen, ‘‘Anevaluation security features of IoT systems,’’ in Intelligent Communication, Control
framework for adaptive security for the IoT in ehealth,’’ Int. J. Adv. Secur., and Devices. Singapore: Springer, 2020, pp. 243–253.
vol. 7, nos. 3–4, pp. 93–109, 2014. [53] M. Ammar, G. Russello, and B. Crispo, ‘‘Internet of Things: A survey on
[30] D. Nkomo and R. Brown, ‘‘Hybrid cybersecurity framework for the Inter- the security of IoT frameworks,’’ J. Inf. Secur. Appl., vol. 38, pp. 8–27,
net of medical things (IOMT),’’ in Proc. IEEE 12th Int. Conf. Global Feb. 2018.
Secur., Saf. Sustainability (ICGS), Jan. 2019, p. 212. [54] M. M. Hossain, M. Fotouhi, and R. Hasan, ‘‘Towards an analysis of security
[31] M. A. Jan, M. Usman, X. He, and A. U. Rehman, ‘‘SAMS: A seamless and issues, challenges, and open problems in the Internet of Things,’’ in Proc.
authorized multimedia streaming framework for WMSN-based IoMT,’’ IEEE World Congr. Services, Jun. 2015, pp. 21–28.
IEEE Internet Things J., vol. 6, no. 2, pp. 1576–1583, Apr. 2019. [55] H.-J. Kim, H.-S. Chang, J.-J. Suh, and T.-S. Shon, ‘‘A study on device
[32] M. Usman, M. A. Jan, X. He, and J. Chen, ‘‘P2DCA: A privacy-preserving- security in IoT convergence,’’ in Proc. Int. Conf. Ind. Eng., Manage. Sci.
based data collection and analysis framework for IoMT applications,’’ Appl. (ICIMSA), May 2016, pp. 1–4.
IEEE J. Sel. Areas Commun., vol. 37, no. 6, pp. 1222–1230, Jun. 2019. [56] L. M. R. Tarouco, L. M. Bertholdo, L. Z. Granville, L. M. R. Arbiza,
[33] D. Rizk, R. Rizk, and S. Hsu, ‘‘Applied layered-security model to IoMT,’’ F. Carbone, M. Marotta, and J. J. C. de Santanna, ‘‘Internet of Things in
in Proc. IEEE Int. Conf. Intell. Secur. Informat. (ISI), Jul. 2019, p. 227. healthcare: Interoperatibility and security issues,’’ in Proc. IEEE Int. Conf.
[34] J. Cecil, A. Gupta, M. Pirela-Cruz, and P. Ramanathan, ‘‘An IoMT based Commun. (ICC), Jun. 2012, pp. 6121–6125.
cyber training framework for orthopedic surgery using next generation [57] I. Alqassem and D. Svetinovic, ‘‘A taxonomy of security and privacy
Internet technologies,’’ Informat. Med. Unlocked, vol. 12, pp. 128–137, requirements for the Internet of Things (IoT),’’ in Proc. IEEE Int. Conf.
2018. Ind. Eng. Eng. Manage., Dec. 2014, pp. 1244–1248.
[35] M. A. Bilal and M. A. Hassan, ‘‘A distributed secure framework for sharing [58] T. Xu, J. B. Wendt, and M. Potkonjak, ‘‘Security of IoT systems: Design
patient’s data among IoMT devices,’’ Pakistan J. Eng. Appl. Sci., vol. 24, challenges and opportunities,’’ in Proc. IEEE/ACM Int. Conf. Comput.-
no. 1, pp. 1–12, Oct. 2019. Aided Design (ICCAD), Nov. 2014, pp. 417–423.
[36] S. Liaqat, A. Akhunzada, F. S. Shaikh, A. Giannetsos, and M. A. Jan, [59] M. Abdur, S. Habib, M. Ali, and S. Ullah, ‘‘Security issues in the Internet
‘‘SDN orchestration to combat evolving cyber threats in Internet of medical of Things (IoT): A comprehensive study,’’ Int. J. Adv. Comput. Sci. Appl.,
things (IoMT),’’ Comput. Commun., vol. 160, pp. 697–705, Jul. 2020. vol. 8, no. 6, pp. 383–388, 2017.
[60] C. Lee, L. Zappaterra, K. Choi, and H.-A. Choi, ‘‘Securing smart home: YASIR ALI received the M.Sc. degree in computer
Technologies, security challenges, and security requirements,’’ in Proc. science from the University of Peshawar. He is
IEEE Conf. Commun. Netw. Secur., Oct. 2014, pp. 67–72. currently pursuing the M.S. degree in computer
[61] S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad, ‘‘Proposed science with the Department of Computer Science,
security model and threat taxonomy for the Internet of Things (IoT),’’ in University of Swabi. He is also working as a Lec-
Proc. Int. Conf. Netw. Secur. Appl., 2010, pp. 420–429.
turer with the Government Postgraduate College,
[62] B.-C. Chifor, I. Bica, V.-V. Patriciu, and F. Pop, ‘‘A security authorization
scheme for smart home Internet of Things devices,’’ Future Gener. Comput. Swabi. His research interests include the Internet
Syst., vol. 86, pp. 740–749, Sep. 2018. of Things and security evaluation.
[63] S. Hameed, F. I. Khan, and B. Hameed, ‘‘Understanding security require-
ments and challenges in Internet of Things (IoT): A review,’’ J. Comput.
Netw. Commun., vol. 2019, pp. 1–14, Jan. 2019.
[64] K. Chen, S. Zhang, Z. Li, Y. Zhang, Q. Deng, S. Ray, and Y. Jin, ‘‘Internet-
of-Things security and vulnerabilities: Taxonomy, challenges, and prac-
tice,’’ J. Hardw. Syst. Secur., vol. 2, no. 2, pp. 97–110, Jun. 2018.
[65] M. G. Samaila, M. Neto, D. A. B. Fernandes, M. M. Freire, and
P. R. M. Inácio, ‘‘Challenges of securing Internet of Things devices: A sur-
vey,’’ Secur. Privacy, vol. 1, no. 2, p. e20, Mar. 2018.
[66] S. Ziegler, C. Crettaz, E. Kim, A. Skarmeta, J. B. Bernabe, R. Trapero,
and S. Bianchi, ‘‘Privacy and security threats on the Internet of
Things,’’ in Internet of Things Security and Data Protection. Cham,
Switzerland: Springer, 2019, pp. 9–43.
[67] F. Meneghello, M. Calore, D. Zucchetto, M. Polese, and A. Zanella, ‘‘IoT:
Internet of threats? A survey of practical security vulnerabilities in real IoT
devices,’’ IEEE Internet Things J., vol. 6, no. 5, pp. 8182–8201, Oct. 2019. SHAH NAZIR received the Ph.D. degree in com-
[68] C. Okoli and S. D. Pawlowski, ‘‘The delphi method as a research tool: An puter science with a specialization in software
example, design considerations and applications,’’ Inf. Manage., vol. 42, engineering. He has worked at the University of
no. 1, pp. 15–29, Dec. 2004. Peshawar. He is currently serving as an Assistant
[69] D. Pamučar, Ž. Stević, and S. Sremac, ‘‘A new model for determining
weight coefficients of criteria in MCDM models: Full consistency method
Professor and the Head of the Department of Com-
(FUCOM),’’ Symmetry, vol. 10, no. 9, p. 393, Sep. 2018. puter Science, University of Swabi. He has several
[70] M. S. D. Putra, S. Andryana, Fauziah, and A. Gunaryati, ‘‘Fuzzy analytical research publications in well-reputed international
hierarchy process method to determine the quality of gemstones,’’ Adv. journals and conference proceedings. His research
Fuzzy Syst., vol. 2018, pp. 1–6, Oct. 2018. interests include component-based software engi-
[71] F. G. M. Al-Azab and M. A. Ayu, ‘‘Web based multi criteria decision neering, software birthmark, systematic literature
making using AHP method,’’ in Proc. 3rd Int. Conf. Inf. Commun. Technol. review, and decision making. He is a reviewer of several journals and
Moslem World (ICTM), Dec. 2010, pp. A6–A12. conferences.
[72] S. K. Sehra, D. Y. S. Brar, and D. N. Kaur, ‘‘Multi criteria decision making
approach for selecting effort estimation model,’’ 2013, arXiv:1310.5220.
[Online]. Available: http://arxiv.org/abs/1310.5220
[73] S. S. S. Nazir and S. B. S. Abid, ‘‘Selecting software design based on
birthmark,’’ Life Sci. J., vol. 11, no. 12, pp. 1–5, 2014.
[74] T. L. Saaty and L. T. Tran, ‘‘On the invalidity of fuzzifying numerical
judgments in the analytic hierarchy process,’’ Math. Comput. Model.,
vol. 46, nos. 7–8, pp. 962–975, Oct. 2007.
[75] R. A. Krohling and A. G. C. Pacheco, ‘‘A-TOPSIS—An approach based
on TOPSIS for ranking evolutionary algorithms,’’ Procedia Comput. Sci.,
vol. 55, pp. 308–317, Jan. 2015.
[76] P. Wang, B. Li, H. Shi, Y. Shen, and D. Wang, ‘‘Revisiting anonymous two-
factor authentication schemes for IoT-enabled devices in cloud computing
environments,’’ Secur. Commun. Netw., vol. 2019, pp. 1–13, May 2019. MAHMOOD NIAZI is currently an Associate
Professor of software engineering with the Infor-
mation and Computer Science Department, King
Fahd University of Petroleum and Minerals, Saudi
Arabia. He has spent over a decade with lead-
LANJING WANG was born in Henan, China, ing technology firms and universities as a Process
in 1975. He received the B.M. degree in library sci- Analyst, a Senior Systems Analyst, the Project
ence from Zhengzhou University, Henan, the M.S. Manager, a Lecturer, and a Professor. He has par-
degree in basic mathematics from Henan Univer- ticipated in and managed several software develop-
sity, Henan, in 2008, and the Ph.D. degree in man- ment projects. He has published over 100 articles
agement from Nanjing University, Jiangsu, China, in peer-reviewed conferences and journals. His research interests include
in 2012. From 2013 to 2015, he was a Lecturer evidence-based software engineering, requirements engineering, sustainable,
with the School of Business, Henan University, reliable, and secure software engineering processes, global system develop-
where he has been an Associate Professor, since ment and management, project management, and software process improve-
2016. He is the author of one book, more than ment. His work has received over 3000 citations and has received awards for
20 articles. His research interests include logistics information management, best papers at several conferences.
innovation management, and digital economy.