A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs Saini Das 1 & Arunabha Mukhopadhyay 2 & Debashis Saha 3 & Samir Sadhukhan 3 # Springer Science+Business Media, LLC 2017 Abstract Information security breaches are of major concern for healthcare mobile ad-hoc networks (h-MANETs). In this paper, we propose a model that identifies and assesses risk in an h-MANET deployed by a healthcare institution in a disaster- prone region a priori by modeling the possible routes a hacker might follow to compromise a target. Our model proposes a novel method to compute the transition probability of each hop in the h-MANET. Next, it employs Markov theory to com- pute the maximum and minimum number of hops required to compromise the target for a given source-target <S-T> pair. It then determines the vulnerability for all the paths comprising minimum to maximum hops only for each <S-T> pair by com- puting their overall transition probability. Finally, our model computes the risk associated with each of these paths. Based on the calculated risk level of each path, the management can recommend an appropriate risk mitigation strategy. Keywords Healthcare MANET . Risk assessment . Risk mitigation . Direction-based diurnal mobility . Transition probability . Markov theory 1 Introduction A mobile ad-hoc network (MANET) is an infrastructure less network of ad-hoc, dynamic, self-organizing mobile nodes (such as sensors, computers, or database servers) that commu- nicates over open wireless links and has the potential to en- hance network coverage and allow signal transmission from a region which has limited or non-existent coverage (Sneha and Varshney 2013). Packets sent by a source node are transmitted through several intermediate nodes before reaching the desti- nation node. Every intermediate node plays the role of a vir- tual router (Wu et al. 2007). Since MANET is not pre- designed by an organization, its security management is a big challenge. Any transportable device having wireless com- munication capabilities can join a MANET at any time dy- namically, thereby creating a security risk. Still MANETs are very popular for rescue and emergency operations in battle fields, during military operations, in the event of disasters (both natural and man-made), and during outages in mission-critical applications (such as an ongoing operation in a hospital). Life-saving procedures are initialized and man- aged over MANETs, where damaged and/or non-existing in- frastructure stalls usual telecommunication but quick installa- tion of a transmission network is urgently required. Following an emergency situation such as a non-premeditated disaster (e.g., cyclone/flood/tsunami/earthquake, etc.) or a premeditat- ed disaster (e.g., terrorist attack) and the disruption of regular communication networks it becomes extremely difficult to provide quick and coordinated assistance to the victims (Martí et al. 2009; Martín-Campillo et al. 2013; Park et al. 2015). In such a scenario local government authorities resort to the use of MANETs to provide survivors with relief and medical aid (Panaousis et al. 2012; Narula et al. 2008; Jang et al. 2009). MANETs can use cellular or satellite networks to connect with Emergency Coordination Centers (ECCs) or hospital control rooms located near the disaster zone (Martí et al. 2009). Recently, MANETs are also being used in remote pastoral areas of hilly terrains under normal situations because deploying infrastructure is too costly to justify return on * Saini Das saini@vgsom.iitkgp.ernet.in 1 Present address: Indian Institute of Technology Kharagpur, Kharagpur, West Bengal 721302, India 2 Indian Institute of Management Lucknow, Lucknow, India 3 Indian Institute of Management Calcutta, Kolkata, India Inf Syst Front https://doi.org/10.1007/s10796-017-9809-4