A Framework to secure data transmission in wearable heart-rate monitors using Elliptic Curve Cryptography (ECC)

Abstract

The wearable technology refers to biological sensors which are conveniently attached to the patient’s body to collect data about their heart rates, body temperature, oxygen levels, and physical activities. They mostly include smart watches. Unfortunately, maintaining data security in terms of integrity, confidentiality, and authenticity of the data during transfer in these wearables is becoming a challenge. Since cyber-criminals are always looking for new avenues to exploit, particularly in a sensitive field like healthcare, wearables can become their next big targets. This study designs and implements an application-based security framework that uses Elliptic Curve Cryptography (ECC) to secure patient data during transmission from wearable heart-rate monitors. The study used integrative and methodological reviews to understand wearable technology by considering the technologies that support patient data sharing, techniques used to abstract data to enhance security during data transmission in wearable devices, and suitable public key encryption algorithms that can be implemented to ensure data security. It then proceeds to apply the Elliptic-Curve Cryptography (ECC) to develop the encryption application-based framework. The results showed that Wi-Fi, Bluetooth, Global Positioning System (GPS), and Cellular Communication are the primary technologies supporting the wearables' data sharing. Data abstraction in wearables is achieved through differences in data models, data names, and counters. ECC was suitable for the implementation because it has smaller keys and can be computed substantially faster. The system’s provision of authentication, confidentiality, and integrity was tested and validated through user tests. It was noted that data in the wearable devices regarding the heart-rate measurement were saved in an encrypted format using the user-generated cryptographic keys. Thus, an unauthorized person could not have access to the data. The passwords, keys, and usernames the user-created were stored using the SHA-hash algorithm in the server. The encrypted were uploaded to the server and could only be viewed or modified after decryption to ensure integrity.