33 Proc. of the Fourth Intl. Conf. Advances in Computing, Communication and Information Technology- CCIT 2016 Copyright © Institute of Research Engineers and Doctors, USA .All rights reserved. ISBN: 978-1-63248-092-7 doi: 10.15224/ 978-1-63248-092-7-16 A Secure and Investigation-aware Smart Healthcare Cyber Physical System Nourhene Ellouze, Slim Rekhis, and Noureddine Boudriga Abstract— The aim of this research is to develop a Smart Healthcare Cyber Physical System (CPS) which allows to: a) enhance the responsiveness of implantable medical systems to health abnormalities; b) protect the patients from security threats and attacks from outsiders; c) provide a remote supervision of the patients’ health, and of the vital equipment that he/she wears; and d) forensically generate evidentiary data to promote the forensic investigation of healthcare attacks. In this paper, we define the CPS architecture together with the functions it implements. A mutual authentication protocol between the CPS and the remote physician is proposed. A technique for the investigation of healthcare attacks on that CPS using incident response cognitive maps is also described. Keywords— Cyber Physical Systems, Implantable Medical Devices, Wearable and Embedded Sensors, Security. I. Introduction A Healthcare Cyber Physical System (CPS) is a networked solution that introduces intelligence to the health. It interconnects the physical system to a virtual word, where computation, control, and communication can be provided. Medical sensors, actuators, and clouds are among the technologies that made CPSs popular in healthcare applications. One of the most autonomous devices that can be integrated to CPSs is the Implantable Medical Devices (IMDs). They are miniaturized programmable platforms which have limited computational and energy resources. They are surgically implanted into the patients’ bodies to supervise their physiological state, detect anomalies, and deliver therapeutic functions. This kind of CPS is cost effective in improving the patient’s life quality, and accelerating the detection and response to chronic disorders. Recent research works have addressed several concerns about the security of IMD based CPSs. They have identified a set of security weaknesses, which make IMDs subject to attacks threatening the privacy and the life of patients. For instance, an adversary, who gets access to the IMD, modifies the therapy settings in such a way that the device could not react appropriately to future arrhythmias, which could be lethal. To deal with these concerns, several approaches protecting IMDs were proposed in the literature. In [1, 5], a 3-tier architecture, which integrates in addition to the IMDs and the programmers, an Authentication Server, was proposed. This server allows authenticating programmers and distributing credentials (useful for establishing secure communication with the IMD). However, these proposals do not provide a practical solution allowing a secure access to IMDs during emergency situations where the user could not be able to provide the credentials to the physician. To cope with this limitation, some approaches introduced the use of a wearable device N. Ellouze, S. Rekhis and N. Boudriga Communication Networks and Security Research Laboratory, Tunisia. (Shield [3], Guardian [7]). Such a device allows enforcing the secrecy of the traffic exchange between the IMD and the programmer. Access during emergency situations is enabled by switching off the device. The limits of these solutions are related to the inefficient protection against battery depletion attacks, and the insecure access during emergency. Because of their crucial role in improving the quality of life of patients, it becomes essential to not only protect IMDs, but also to improve the functions they implement. In particular, to improve the detection of abnormalities, IMDs need to be complemented with a set of wearable sensors to sense the physical activity of the patients, detect the security threats occurring in their vicinity, and improve the responses to the detected emergency situations. Moreover, IMDs need to be remotely accessible by physicians to respond at time to critical health situations. To guarantee the safety of patients carrying them, IMDs need to be supervised and controlled, so that any potential failure could be detected and corrected. We provide in this research a Smart Healthcare cyber physical system integrating implantable and wearable sensors to increase the efficiency of IMDs in delivering the required therapy and response to abnormalities, detect security threats and attacks from outsiders, enable a remote surveillance of the whole CPS, and forensically generate evidentiary data to promote the forensic investigation of healthcare attacks on these IMDs. In this proposal, the IMD architecture is extended to enable the powerless and secure exchange of data with remote authenticated programmers and applications through a wearable gateway. The paper contribution is four-fold. First, to improve the efficiency of IMDs in identifying the patients’ physical activity and sensing sensitive events crucial for the automated update of the delivered therapy and response, we design a healthcare CPS promoting the communication of IMDs with wearable sensors. Second, we integrate the use of a wearable gateway for protecting IMDs. Such a gateway implements complex security mechanisms that require a lot of computational resources and high energy consumption, including the provision of secure remote access, the detection of attacks, the collection of digital traces, and the forensic investigation of healthcare attacks. Third, a mutual authentication protocol between the gateway and the physician allowing the secure sharing of a session key is also proposed. An Authentication and Authorization Server is involved to alleviate the authentication burden, by taking the responsibility of searching an available physician, checking its authenticity, and ensuring the secure generation and sharing of a session key between himself and the patient’s gateway. Fourth, the framework of Incident Response Cognitive Maps is used for the investigation of lethal attacks on IMD based CPS. The remaining part of the paper is organized as follows. Section II presents the healthcare CPS architecture. In Section III, we detail the security functions implemented within the CPS. Section IV presents the proposed security