Title: Safe and Dependable Sensor Networking for Pervasive Healthcare
1Safe and Dependable Sensor Networking for
Pervasive Healthcare
- SANDEEP GUPTA
- Ira A. Fulton School of Engineering
- Department of Computer Science and Engineering
- Arizona State University
- Tempe, Arizona
- sandeep.gupta_at_asu.edu
2Tempe, Fulton School of Engg CSE
3IMPACT (Intelligent Mobile Pervasive Autonomic
Computing Technologies) LAB
- Research Goals
- Enable Context-Aware Pervasive Applications
- Dependable Distributed Sensor Networking
- Projects
- Wireless Solution for Smart Sensors Biomedical
Applications (NSF - ITR) - Context-Aware Middleware for Pervasive Computing
(NSF NMI) - Thermal Management Datacenters (NSF)
- Location Based Access Control (CES)
- Identity Assurance (NSF, CES)
- Mobility-Tolerant Multicast (NSF)
- Ayushman Infrastructure Testbed for Sensor
Based Health Monitoring (Mediserve Inc.) - Group
- Faculty Dr. Sandeep K. S. Gupta
- 5 PhD 3MS 1 UG Students
Department of Computer Science Engineering,
Tempe, Arizona
http//impact.asu.edu
Sponsors
4IMPACT Research
- Use-inspired research in pervasive computing
wireless sensor networking
- Goal
- Pervasive Health monitoring
- Evaluation of medical applications
- Features
- Secure, Dependable and Reliable data collection,
storage and communication - Sponsor
- Goal
- Evaluation of crisis response management
- Features
- Theoretical model
- Performance evaluation
- Access control for crisis management
- Sponsor
Medical Devices, Mobile Pervasive Embedded Sensor
Networks
BOOK Fundamentals of Mobile and Pervasive
Computing, Publisher McGraw-Hill Dec. 2004
5Pervasive Healthcare
6Motivation Challenges
- Motivation
- Department of Health projects by 2050 over 20 of
the population will be above 65. - Possible Consequences
- Acute shortage of medical professionals.
- Decline in the quality of medical care.
- Increase in the medical costs.
- Challenges
- Automated continuous monitoring of patients can
reveal problems at an early stage leading to
better control. - Integrating diverse technologies (micro macro
computing entities), for health monitoring is a
challenge. - Designing safe, dependable, secure and scalable
system for health management is a very
challenging task.
7Pervasive Computing Healthcare
Pervasive Healthcare
Pervasive Computing
Use Pervasive Computing for day-to-day healthcare
management (monitoring treatment), made
possible by development of biomedical sensors
Personalized computing power available
everywhere, by embedding computing in users
environment.
Nano-scale Blood Glucose level detector Developed
_at_ UIUC
PAN
- Features
- Extends PAN with embedded medical sensors
- No time space restrictions for healthcare
- Better coverage and quality of care to all.
- Features
- Merger of Physical and Virtual Space
- Uses computing entities which are
- - tiny/ cheap
- - specialized
- - unsupervised
- - interconnected
Micro-needles array For Drug Delivery Developed
_at_ Georgia Tech
Medical Sensors
Medical Tele-sensor Can measure and transmit Body
temperature Developed _at_ Oak Ridge
National Laboratory
Overview
Some Applications
Feedback for Adaptation
Medical Sensor Plane
Actuation (drug-delivery)
Management Plane
Knowledge Generation Plane
Doctor
Sports Health Management
Assisted Living
Physiological Data
Knowledge
Patient
- Collect Medical Data
- Local Processing
- Medical Actuation
Disaster Relief Management
Medical Facility Management
- Storage Management
- Sensor Management
- Generate Context
Generate Knowledge
GOAL Enable independent living, general
wellness and disease management.
8Differences Advantages
- Pervasive Healthcare
- Continuous Patient Monitoring.
- Automated diagnosis and treatment.
- Utilizing medical facilities only if condition
very serious.
- Current Healthcare
- Detect symptoms
- Go to medical facilities (professionals)
- Medical professional performs diagnosis and
treatment.
- Automated
- Real-time
- Inexpensive
- Very efficient
- Manual
- Slow
- Costly
- In-efficient
Pervasive Healthcare Technology is Necessary to
Meet Future Needs
9Talk Overview
Minimize heat generated by health monitoring
sensors
Improve patient privacy by using efficient data
security protocols.
Provide automated emergency handling capability
Improve energy-efficiency of the medical sensors
used.
Provide localization based services.
10Medical Sensor Safety
11Tissue Heating
- Medical sensors implanted/worn by human need to
be safe. - Sensor activity causes heating in the tissue.
- Heating caused by RF inductive powering
- Radiation from wireless communication
- Power dissipation of circuitry
- Goal minimize tissue heating.
- Two solutions
- Communication scheduling for
- minimizing thermal effects
- Rotate cluster leader balance energy usage
distribute heat dissipation - Thermal aware routing route around thermal
hotspots
Tissue Blow-up
Heating Zone
Cluster leader
Disturbance Minimization
12Communication Scheduling
- System Model
- Consider only one cluster
- 2D Model
- Rotate cluster head to distribute energy
consumption reduce heating
- Requirements
- FCC Regulation
- Antenna vs. Freq trade-off
SAR s E2 / ? (W/kg)
E induced Electric Field ? tissue density s
electric conductivity of tissue
IEEE Requirement (1g Tissue)
Temperature Rise Pennes Bio-heat Equation
SAR 0.4W/Kg
Whole Body Average
SAR 8W/Kg
Peak Local
CE
SAR .08W/Kg
Whole Body Average
SAR 1.6W/Kg
Peak Local
UCE
Heat by metabolism
Heat by radiation
Heat by power dissipation
Heat accumulated
Heat transfer by convection
Heat transfer by conduction
- Solution
- Random selection may lead to higher temperature
rise - Similar to Traveling salesman problem but with
dynamic metric - Heuristic Leader selection based on sensor
location, rotation history
Results
FDTD enumeration
Optimal
720960 hrs (est.)
FDTD Genetic Algorithm
Near Optimal
100 hrs (est.)
TSP enumeration
Optimal
7.6 hrs
Near Optimal
TSP Genetic Algorithm
5 min
- Four Approaches
- FDTD enumeration
- FDTD Genetic Algorithm
- TSP enumeration
- TSP Genetic Algorithm
Temperature
Temp rise in sensor surroundings
Comparative Result
Coordinate y
Coordinate x
Q. Tang, N. Tummala, S. K. S. Gupta, and L.
Schwiebert, Communication scheduling to minimize
thermal effects of implanted biosensor networks
in homogeneous tissue, Proc of IEEE Transactions
of Biomedical Engineering
13Thermal Aware Routing
Area Hotspot
- In vivo environment maybe sensitive to the
heating of power dissipation and radiation of
Implanted sensors - Energy/load balancing is not equal to heating
balancing large time scale vs. short time scale
Link Hotspot
- Solution
- Modeling EM radiation and power dissipation of
sensors - Identifying hotspot area
- Withdrawal strategy to avoid overheated area
- Averaging power consumption and heat dissipation
- Slight degradation of delay
Temperature distribution of TARA
Q. Tang, N. Tummala, S. K. S. Gupta, and L.
Schwiebert, TARA Thermal-Aware Routing
Algorithm for Implanted Sensor Networks, Intl
Conference on Distributed Computing in Sensor
Systems, 2005
14Information Security
15Security in Pervasive Healthcare
- Need
- Healthcare systems collect sensitive medical data
from a patient. - Patients privacy is a legal requirement (HIPAA).
- Health information of a person can be taken
advantage of. - Reason (Weakness)
- Wireless connectivity always on.
- Devices are heterogeneous with limited
capabilities - No clear understanding of
- Trusted parties
- Security Policies
- Possible Attacks
- Fake emergency warnings.
- Legitimate emergency warnings prevented from
being reported in times. - Unnecessary communication malicious sensors can
cause - Battery power depletion
- Tissue heating
- Security Requirements
- Integrity
- Confidentiality
- Authentication
- Authorization
- Medical sensors have limited capabilities
- Setup (key distribution) takes too much resources
- Too expensive for long term monitoring
16Physiological Value based security
ECG, Heart/Pulse Rate
- Use of the physiological values (PV) from the
body to exchange the keys. - Possible Examples
- Simple
- Blood Pressure, Heart Rate, Glucose level
- Complex
- Temporal variations in different PVs.
- Combination of multiple PV
Blood Pressure
Properties
Blood Glucose
- Universal Should be measurable in everyone
- Distinctively collectable Should be measurable
in an unambiguous manner - Random To prevent brute-force attacks
- Time variant If broken, the next set of values
should not be guessable.
Easier and safe key generation
Cheaper key distribution
Sensors
Value
Time ?
GOOD CHOICES Inter-Pulse-Interval , Heart Rate
Variation FIND OTHERS
Sriram Cherukuri, Krishna K. Venkatasubramanian,
Sandeep K. S. Gupta, BioSec A Biometric Based
Approach for Securing Communication in Wireless
Networks of Biosensors Implanted in the Human
Body, in Proc of IEEE ICPP Workshops, 2003
17PV Based Data Security Protocol
Measure Pre-defined PV _at_ Sender PVs Receiver PVr
Generate Random Key _at_ sender
KeyRand
Encrypt message with Key Rand
C EKeyRand(Message)
? PVs ? KeyRand
Hide KeyRand using PV
Send encrypted message
Receiver encrypted message
KeyRand PVr ? ?
Unhide KeyRand using PVr
Message DPVr(C)
Decrypt message with Key Rand
K. Venkatasubramanian, and S.K.S. Gupta,
"Security For Pervasive Health Monitoring
Sensor Applications", To Appear in Proc of 4th
Intl. Conf. on Intelligent Sensing and
Information Processing (ICISIP), December 2006.
18Criticality-Awareness
19Critical Events Criticalities
- Critical Events
- cannot be responded to, using the routine set of
capabilities of the subjects. - Requirements
- Request based context evaluation is inadequate.
- Continuous context monitoring is required.
Tornado
Flooding
Hurricane
Medical Emergency
- Criticality
- consequences of critical events characterized by
urgency for taking remedial (mitigative) actions - Usually happen in groups (earthquake severely
hurt people)
Normal actions
Critical event
Exceptional actions
Criticality Awareness improves System
DEPENDABILITY
20Important Properties of Criticality
- Window of Opportunity (Wo)
- Time within which all mitigative actions should
ideally be taken - Value of Wo is criticality dependent.
- Example
- 90 Sec (Data Center, cooling failure)
- 5 Min (Tornado)
- 1 Hour (Heart Attack)
- 30 Days (Disaster Recovery)
- Responsiveness
- Measures the speed with which the system initiate
detection of criticalities - Correctness
- Determines the accuracy and confidence of the
detection process.
D Ta Wo
Time for Initiating mitigative actions
Time to take mitigative actions
21Criticality Mitigation Process
Detection (Humans, sensors etc)
Evaluation
Planning/ Scheduling
Enabling Actions
Planning Scheduling
Execution of Actions (Humans, Agents etc)
Control Access to Resources
22Criticality and Access Control
Hurricane (Natural Disasters)
Destruction and Flooding
Rescue
- FURTHER
- Traditional access to EHR is REACTIVE
- Initiated by medical professional after observing
the patient - Slow response
- How to speed it up
- Provide medical information (EHR) automatically
through - Patient medical sensors/ PDA /cell -phone
directly - Preserve patient privacy as per HIPAA disclose
EHR only to associated doctors - Rescue doctors dont get access as per HIPAA
- How to make it work
- Proactive system monitoring.
- Facilitates reaction within a window-of-opportuni
ty. - Provides privileges for non traditional accesses
for criticality mitigation. - Properties
- Proactive takes access control decisions
independently of specific user request - Alternate Privilege Provision provide any
privileges for mitigation, - Wo-aware rescind privileges after Wo expires
- Dynamicity not adhere to any assumpitons
regarding criticality or its behavior - Non-Repudiability maintain detailed records of
actions taken during criticality
Criticality Aware Access Control
S.K.S Gupta, T. Mukherjee, K. Venkatasubramanian,
Criticality Aware Access Control Models for
Pervasive Applications, In Proc of IEEE
Pervasive Computing, 2006.
23Criticality Aware Access Control
Detect Criticality
Plan/Schedule Actions
Execute Actions
Grant Privileges
- Locate people, provide aid, based on ailment
- Refer EHR for informed diagnosis and treatment
For each trapped hurt person , their pervasive
health monitoring system
- Obtain info on doctors in vicinity.
- Check if A1, A2 and A3 allowed for them
- If not present, generate privileges
- P1. View past health info
- P2. View current health info
- P3 . View allergy information
- Assign privileges to doctors simultaneously.
- Record actions, if taken
- People Injured in the aftermath of a natural
disaster - Check periodically for new criticalities
- New plan schedule if Wo expire or new
criticality - Reset all previous privilege assignment
Proactive
- Obtain health information
- Compute type of ailment, possible treatment, Wo.
- Generate list of actions to facilitate
treatment - A1. Provide past health info
- A2. Provide current health info
- A3. Provide allergy information
Alternate Privilege Provision
Wo-aware
Non-Repudiability
- Whole process carried out by Pervasive
healthcare system - Actions generated may sometimes contradict, such
cases may mandate sequential assignment of
privileges - Role-Privilege model used for implementation,
where doctors role changed for assigning
privileges. - Privileges provided for actions generated and
not predetermined for different criticalities
- Detection process done periodically interval
system dependent
Dynamicity
Comments
24Domain of CAAC
Context Aware Access Control (Reactive)
Criticality Aware Access Control (Proactive)
RBAC (Reactive)
CA-RBAC (Reactive)
Criticality Aware Access Control (non-role
based)
CAAC
- Traditional Access Control
- Reactive
- Slow in emergency management
- Manual and inflexible
- Pull based access
- Criticality Aware Access Control
- Proactive
- Fast in emergency management
- Automated and flexible
- Push based access
25 Context Awareness
Localization
Other Issues
Energy-Efficiency
26Context Awareness
- Medical Context
- Is an aggregate of 4 base contexts.
- Each physiological event has to be characterized
by all 4 base contexts for accurate
understanding on patients - health.
- A contextual template can be created for
specific physiological events for future
reference. -
Physiological (EKG, Perspiration, Heart Rate)
Context Processor
Spatial (Home, Gym, Office, Hospital, Park)
Medical Context
Aggregate Context
Temporal (Morning, Evening, Night)
Sensor Network
- Challenges
- How to determine the aggregate medical context
from the four base contexts? - How to create a contextual template for a
patient?
Environmental (Humidity, Temp)
Base Context
27Localization Service
- Need Tracking patients, medical personnel
equipment. - Challenges
- Highly-dynamic radio environment.
- Multipath propagation, shadowing, and scattering
effects. - Position, antenna orientation, and pedestrian
traffic cause extreme local variation in signal
strength. - Solution
- Proximity-based localization.
- Far less susceptible to variations in the local
radio environment. - Extremely-low power transmission limits effects
of scattering, shadowing, multipath propagation. - Low infrastructure and deployment costs.
Localization architecture
Localization used for Proximity Determination
28Access Control for Smart-Emergency Departments
(ED)
ED Workflow
- Need
- Patients follow well defined service paths in ED
workflow. - Several data systems need to be accessed, here,
requiring unique log-in process. - Such explicit session log-in/out process causes
distraction for caregivers and result in
vulnerabilities
Zone 2
- Requirement
- Primary focus of ED is to provide patient care.
- ED procedures which minimizes distraction for
caregivers is essential for its effectiveness. - Principal Idea
- Automatically provide access to resources when a
subject comes within its proximity.
Zone 1
Proximity-based Access
Proximity Zones
S. K. S. Gupta, T. Mukherjee, K.
Venkatasubramanian, and T. Taylor Proximity-based
Access Control in Smart ED Environments, In Proc
of 4th IEEE Conference on Pervasive Computing
Workshops (Ubicare), Pisa, Italy, 2006.
29Challenges and Solutions
Access Control Policies
- Challenges
- Design of proximity zone for a resource.
- Determination of proximity to a resource.
- Enforce appropriate access policy.
- Solution
- Subjects get access to resources automatically on
entering the proximity zone around a resource. - If more than one subject in proximity provide
access privileges are a function of individual
privileges of a user. - Prevents misuse when people in proximity without
intension of use. - Multiple-levels of access available
- Level0 general information (outside ED)
- Level1 information pertaining to users domain
such as ED, requires authentication (inside ED) - Level2 sensitive information requires
additional authentication (inside ED).
Access to Unoccupied Resources
Access to Occupied Resources
Policies Specification
Single Subject
Multiple Subjects
Multiple Subjects
Single Subject
Direct access
Wait for Resource to free
Random Choice
Log-in Initiate
Actual Proximity
- Implementation
- Built a preliminary prototype for PBAC using a
commercially available UWB-based positioning
system from Ubisense Inc. - Tested the accuracy of the positioning system at
a Level-I Trauma Center ED in the Phoenix Area. - Positioning accuracy of the system was within 2-8
inches.
30Energy Efficiency
Probable Solutions
- Need
- Sensors have very small battery source.
- Sensors need to be active for long time
durations. - For implantable sensors, it is not possible to
replace battery at short intervals. - Challenge
- Battery power not increasing at same rate as
processing power. - Small size (hence less energy) of the batteries
in sensors.
Better Battery
Solar Energy
Vibration
Body Thermal Power
Energy-Efficient Protocol Design at all Layers
31Energy-Efficiency Source Coding Biosensor
Communication
- Need
- Sensors have
- low data rate.
- Short range of operation.
- Demands low power and low complexity at both
circuit and system level.
- Solution
- Minimum Energy Coding
- Sources with unknown statistics.
- Minimum energy codes considered
- More energy efficient.
- Only one bit-1 per code
- Achieves
- Lesser number of bit-1 in the transmitted code
- Safely assign to source symbols of any
probability of occurrence. - Code Rate (k / n) (k / 2k-1)
System Model
Y. Prakash, S.K.S Gupta, Energy Efficient Source
Coding and Modulation for Wireless Applications,
IEEE Wireless Communications and Networking
Conference, 2003. WCNC 2003. Volume 1, 16-20
March 2003, Page(s) 212-217.
32Ayushman
33Ayushman A Pervasive Healthcare System
Sanskrit for long life
Environmental Sensors (Temperature etc)
- Project _at_ IMPACT Lab, Arizona State University
- To provide a dependable, non-intrusive, secure,
real-time automated health monitoring. - Should be scalable and flexible enough to be used
in diverse scenarios from home based monitoring
to disaster relief, with minimal customization.
Internet
Stargate Gateway
External Gateway
Central Server
Medical Sensors (EKG, BP) controlled By Mica2
motes
Medical Professional
Home/Ward Based Intelligence
Body Based Intelligence
Medical Facility Based Intelligence
Vision
- To provide a realistic environment (test-bed) for
testing communication - protocols and systems for medical
applications.
K. Venkatasubramanian, G. Deng, T. Mukherjee, J.
Quintero, V Annamalai and S. K. S.
Gupta, "Ayushman A Wireless Sensor Network Based
Health Monitoring Infrastructure and Testbed",
In Proc. of IEEE DCOSS June 2005
34Medical Data Management Architecture
35Ayushman Remote Medical Monitoring
- Testbed consists of medical devices interfaced
using crowssbow motes to a PDA. - Medical devices integrated include BP monitor
(Suntech), EKG monitor (Vernier), Gait Monitor
(MicaZ based sensors) and TelosB based
environment sensor
BP and EKG Monitoring
- Supports query based and continuous data
collection. - System Constrainst
- Low reliability
- Lack of bandwidth
- Low memory for processing.
Gait Monitoring
36Ayushman Client Screen Shot
Patient Details
Current Sensor Value
Sensor Values Trend
Query Result Archived Data
Location of Server
37Other Similar Projects
- Proactive Health Project _at_ Intel
- Developing sensor network based pervasive
computing systems - Managing daily health and wellness of people at
homes - Proactively anticipate patients need and improve
quality of life. - Code Blue Project Sensor network based health
monitoring - _at_ Harvard
- Developing sensor network based medical
applications for - Emergency Care
- Disaster Management
- Stroke patient rehabilitation
- AMON Project _at_ ETH, Zurich
- Developing multi-functional wearable health
monitor - E.g. BP, pulse, SpO2, ECG, Temperature
- Aware Project _at_ the Center Pervasive Healthcare,
- University of Aarhus, Denmark.
- Applying context aware computing to hospital
scenarios
38Conclusions
- The global e-healthcare and telemedicine market
is currently valued at 7billion (Cap Gemini
Ernst Young) and is showing an explosive growth. - Such systems will become increasingly more useful
because of the aging world population. - Next generation medical system are being designed
to provide pervasive, scalable, cheap,
non-intrusive heathcare to all. - Aysuhman - a sensor network based health
monitoring system that is dependable, secure and
safe.
39List of Publications
- L. Schwiebert, S. K. S. Gupta, J. Weinmann et
al., Research Challenges in Wireless Networks of
Biomedical Sensors, The Seventh Annual
International Conference on Mobile Computing and
Networking, pp 151-165, Rome Italy, July 2001. - Q. Tang, N. Tummala, S. K. S. Gupta, and L.
Schwiebert, Communication scheduling to minimize
thermal effects of implanted biosensor networks
in homogeneous tissue, Proc of IEEE Transactions
of Biomedical Engineering. - Q. Tang, N. Tummala, S. K. S. Gupta, and L.
Schwiebert, TARA Thermal-Aware Routing
Algorithm for Implanted Sensor Networks, Intl
Conference on Distributed Computing in Sensor
Systems, 2005 - Sriram Cherukuri, Krishna K. Venkatasubramanian,
Sandeep K. S. Gupta, BioSec A Biometric Based
Approach for Securing Communication in Wireless
Networks of Biosensors Implanted in the Human
Body, in Proc of IEEE ICPP Workshops, 2003 - K. Venkatasubramanian, and S.K.S. Gupta,
"Security For Pervasive Health Monitoring Sensor
Applications", To Appear in Proc of 4th Intl.
Conf. on Intelligent Sensing and Information
Processing (ICISIP), December 2006. - S.K.S Gupta, T. Mukherjee, K. Venkatasubramanian,
Criticality Aware Access Control Models for
Pervasive Applications, In Proc of IEEE
Pervasive Computing, 2006. - S. K. S. Gupta, T. Mukherjee, K.
Venkatasubramanian, and T. Taylor Proximity-based
Access Control in Smart ED Environments, In Proc
of 4th IEEE Conference on Pervasive Computing
Workshops (Ubicare), Pisa, Italy, 2006. - Y. Prakash, S.K.S Gupta, Energy Efficient Source
Coding and Modulation for Wireless Applications,
IEEE Wireless Communications and Networking
Conference, 2003. WCNC 2003. Volume 1, 16-20
March 2003, Page(s) 212-217. - K. Venkatasubramanian, G. Deng, T. Mukherjee, J.
Quintero, V Annamalai and S. K. S. Gupta,
"Ayushman A Wireless Sensor Network Based Health
Monitoring Infrastructure and Testbed", In Proc.
of IEEE DCOSS June 2005