Safe and Dependable Sensor Networking for Pervasive Healthcare

1
Safe and Dependable Sensor Networking for
Pervasive Healthcare

• SANDEEP GUPTA
• Ira A. Fulton School of Engineering
• Department of Computer Science and Engineering
• Arizona State University
• Tempe, Arizona
• sandeep.gupta_at_asu.edu

2
Tempe, Fulton School of Engg CSE
3
IMPACT (Intelligent Mobile Pervasive Autonomic
Computing Technologies) LAB

• Research Goals
• Enable Context-Aware Pervasive Applications
• Dependable Distributed Sensor Networking
• Projects
• Wireless Solution for Smart Sensors Biomedical
  Applications (NSF - ITR)
• Context-Aware Middleware for Pervasive Computing
  (NSF NMI)
• Thermal Management Datacenters (NSF)
• Location Based Access Control (CES)
• Identity Assurance (NSF, CES)
• Mobility-Tolerant Multicast (NSF)
• Ayushman Infrastructure Testbed for Sensor
  Based Health Monitoring (Mediserve Inc.)
• Group
• Faculty Dr. Sandeep K. S. Gupta
• 5 PhD 3MS 1 UG Students

Department of Computer Science Engineering,
Tempe, Arizona
http//impact.asu.edu
Sponsors
4
IMPACT Research

• Use-inspired research in pervasive computing
  wireless sensor networking

• Goal
• Pervasive Health monitoring
• Evaluation of medical applications
• Features
• Secure, Dependable and Reliable data collection,
  storage and communication
• Sponsor

• Goal
• Evaluation of crisis response management
• Features
• Theoretical model
• Performance evaluation
• Access control for crisis management
• Sponsor

Medical Devices, Mobile Pervasive Embedded Sensor
Networks
BOOK Fundamentals of Mobile and Pervasive
Computing, Publisher McGraw-Hill  Dec. 2004
5
Pervasive Healthcare
6
Motivation Challenges

• Motivation
• Department of Health projects by 2050 over 20 of
  the population will be above 65.
• Possible Consequences
• Acute shortage of medical professionals.
• Decline in the quality of medical care.
• Increase in the medical costs.
• Challenges
• Automated continuous monitoring of patients can
  reveal problems at an early stage leading to
  better control.
• Integrating diverse technologies (micro macro
  computing entities), for health monitoring is a
  challenge.
• Designing safe, dependable, secure and scalable
  system for health management is a very
  challenging task.

7
Pervasive Computing Healthcare
Pervasive Healthcare
Pervasive Computing
Use Pervasive Computing for day-to-day healthcare
management (monitoring treatment), made
possible by development of biomedical sensors
Personalized computing power available
everywhere, by embedding computing in users
environment.
Nano-scale Blood Glucose level detector Developed
_at_ UIUC
PAN

• Features
• Extends PAN with embedded medical sensors
• No time space restrictions for healthcare
• Better coverage and quality of care to all.

• Features
• Merger of Physical and Virtual Space
• Uses computing entities which are
• - tiny/ cheap
• - specialized
• - unsupervised
• - interconnected

Micro-needles array For Drug Delivery Developed
_at_ Georgia Tech
Medical Sensors
Medical Tele-sensor Can measure and transmit Body
temperature Developed _at_ Oak Ridge
National Laboratory
Overview
Some Applications
Feedback for Adaptation
Medical Sensor Plane
Actuation (drug-delivery)
Management Plane
Knowledge Generation Plane
Doctor
Sports Health Management
Assisted Living
Physiological Data
Knowledge
Patient

• Collect Medical Data
• Local Processing
• Medical Actuation

Disaster Relief Management
Medical Facility Management

• Storage Management
• Sensor Management
• Generate Context

Generate Knowledge
GOAL Enable independent living, general
wellness and disease management.
8
Differences Advantages

• Pervasive Healthcare
• Continuous Patient Monitoring.
• Automated diagnosis and treatment.
• Utilizing medical facilities only if condition
  very serious.

• Current Healthcare
• Detect symptoms
• Go to medical facilities (professionals)
• Medical professional performs diagnosis and
  treatment.

• Automated
• Real-time
• Inexpensive
• Very efficient

• Manual
• Slow
• Costly
• In-efficient

Pervasive Healthcare Technology is Necessary to
Meet Future Needs
9
Talk Overview
Minimize heat generated by health monitoring
sensors
Improve patient privacy by using efficient data
security protocols.
Provide automated emergency handling capability
Improve energy-efficiency of the medical sensors
used.
Provide localization based services.
10
Medical Sensor Safety
11
Tissue Heating

• Medical sensors implanted/worn by human need to
  be safe.
• Sensor activity causes heating in the tissue.
• Heating caused by RF inductive powering
• Radiation from wireless communication
• Power dissipation of circuitry
• Goal minimize tissue heating.
• Two solutions
• Communication scheduling for
• minimizing thermal effects
• Rotate cluster leader balance energy usage
  distribute heat dissipation
• Thermal aware routing route around thermal
  hotspots

Tissue Blow-up
Heating Zone
Cluster leader
Disturbance Minimization
12
Communication Scheduling

• System Model
• Consider only one cluster
• 2D Model
• Rotate cluster head to distribute energy
  consumption reduce heating

• Requirements
• FCC Regulation
• Antenna vs. Freq trade-off

SAR s E2 / ? (W/kg)
E induced Electric Field ? tissue density s
electric conductivity of tissue
IEEE Requirement (1g Tissue)
Temperature Rise Pennes Bio-heat Equation
SAR 0.4W/Kg
Whole Body Average
SAR 8W/Kg
Peak Local
CE
SAR .08W/Kg
Whole Body Average
SAR 1.6W/Kg
Peak Local
UCE
Heat by metabolism
Heat by radiation
Heat by power dissipation
Heat accumulated
Heat transfer by convection
Heat transfer by conduction

• Solution
• Random selection may lead to higher temperature
  rise
• Similar to Traveling salesman problem but with
  dynamic metric
• Heuristic Leader selection based on sensor
  location, rotation history

Results
FDTD enumeration
Optimal
720960 hrs (est.)
FDTD Genetic Algorithm
Near Optimal
100 hrs (est.)
TSP enumeration
Optimal
7.6 hrs
Near Optimal
TSP Genetic Algorithm
5 min

• Four Approaches
• FDTD enumeration
• FDTD Genetic Algorithm
• TSP enumeration
• TSP Genetic Algorithm

Temperature
Temp rise in sensor surroundings
Comparative Result
Coordinate y
Coordinate x
Q. Tang, N. Tummala, S. K. S. Gupta, and L.
Schwiebert, Communication scheduling to minimize
thermal effects of implanted biosensor networks
in homogeneous tissue, Proc of IEEE Transactions
of Biomedical Engineering
13
Thermal Aware Routing
Area Hotspot

• In vivo environment maybe sensitive to the
  heating of power dissipation and radiation of
  Implanted sensors
• Energy/load balancing is not equal to heating
  balancing large time scale vs. short time scale

Link Hotspot

• Solution
• Modeling EM radiation and power dissipation of
  sensors
• Identifying hotspot area
• Withdrawal strategy to avoid overheated area
• Averaging power consumption and heat dissipation
• Slight degradation of delay

Temperature distribution of TARA
Q. Tang, N. Tummala, S. K. S. Gupta, and L.
Schwiebert, TARA Thermal-Aware Routing
Algorithm for Implanted Sensor Networks, Intl
Conference on Distributed Computing in Sensor
Systems, 2005
14
Information Security
15
Security in Pervasive Healthcare

• Need
• Healthcare systems collect sensitive medical data
  from a patient.
• Patients privacy is a legal requirement (HIPAA).
• Health information of a person can be taken
  advantage of.
• Reason (Weakness)
• Wireless connectivity always on.
• Devices are heterogeneous with limited
  capabilities
• No clear understanding of
• Trusted parties
• Security Policies

• Possible Attacks
• Fake emergency warnings.
• Legitimate emergency warnings prevented from
  being reported in times.
• Unnecessary communication malicious sensors can
  cause
• Battery power depletion
• Tissue heating
• Security Requirements
• Integrity
• Confidentiality
• Authentication
• Authorization

• Medical sensors have limited capabilities
• Setup (key distribution) takes too much resources
• Too expensive for long term monitoring

16
Physiological Value based security
ECG, Heart/Pulse Rate

• Use of the physiological values (PV) from the
  body to exchange the keys.
• Possible Examples
• Simple
• Blood Pressure, Heart Rate, Glucose level
• Complex
• Temporal variations in different PVs.
• Combination of multiple PV

Blood Pressure
Properties
Blood Glucose

• Universal Should be measurable in everyone
• Distinctively collectable Should be measurable
  in an unambiguous manner
• Random To prevent brute-force attacks
• Time variant If broken, the next set of values
  should not be guessable.

Easier and safe key generation
Cheaper key distribution
Sensors
Value
Time ?
GOOD CHOICES Inter-Pulse-Interval , Heart Rate
Variation FIND OTHERS
Sriram Cherukuri, Krishna K. Venkatasubramanian,
Sandeep K. S. Gupta, BioSec A Biometric Based
Approach for Securing Communication in Wireless
Networks of Biosensors Implanted in the Human
Body, in Proc of IEEE ICPP Workshops, 2003
17
PV Based Data Security Protocol
Measure Pre-defined PV _at_ Sender PVs Receiver PVr
Generate Random Key _at_ sender
KeyRand
Encrypt message with Key Rand
C EKeyRand(Message)
? PVs ? KeyRand
Hide KeyRand using PV
Send encrypted message
Receiver encrypted message
KeyRand PVr ? ?
Unhide KeyRand using PVr
Message DPVr(C)
Decrypt message with Key Rand
K. Venkatasubramanian, and S.K.S. Gupta,
"Security For Pervasive Health Monitoring
Sensor Applications", To Appear in Proc of 4th
Intl. Conf. on Intelligent Sensing and
Information Processing (ICISIP), December 2006.
18
Criticality-Awareness
19
Critical Events Criticalities

• Critical Events
• cannot be responded to, using the routine set of
  capabilities of the subjects.
• Requirements
• Request based context evaluation is inadequate.
• Continuous context monitoring is required.

Tornado
Flooding
Hurricane
Medical Emergency

• Criticality
• consequences of critical events characterized by
  urgency for taking remedial (mitigative) actions
• Usually happen in groups (earthquake severely
  hurt people)

Normal actions
Critical event
Exceptional actions
Criticality Awareness improves System
DEPENDABILITY
20
Important Properties of Criticality

• Window of Opportunity (Wo)
• Time within which all mitigative actions should
  ideally be taken
• Value of Wo is criticality dependent.
• Example
• 90 Sec (Data Center, cooling failure)
• 5 Min (Tornado)
• 1 Hour (Heart Attack)
• 30 Days (Disaster Recovery)

• Responsiveness
• Measures the speed with which the system initiate
  detection of criticalities
• Correctness
• Determines the accuracy and confidence of the
  detection process.

D Ta Wo
Time for Initiating mitigative actions
Time to take mitigative actions
21
Criticality Mitigation Process
Detection (Humans, sensors etc)
Evaluation
Planning/ Scheduling
Enabling Actions
Planning Scheduling
Execution of Actions (Humans, Agents etc)
Control Access to Resources
22
Criticality and Access Control

Hurricane (Natural Disasters)
Destruction and Flooding
Rescue

• FURTHER
• Traditional access to EHR is REACTIVE
• Initiated by medical professional after observing
  the patient
• Slow response
• How to speed it up

• Provide medical information (EHR) automatically
  through
• Patient medical sensors/ PDA /cell -phone
  directly
• Preserve patient privacy as per HIPAA disclose
  EHR only to associated doctors
• Rescue doctors dont get access as per HIPAA
• How to make it work

• Proactive system monitoring.
• Facilitates reaction within a window-of-opportuni
  ty.
• Provides privileges for non traditional accesses
  for criticality mitigation.
• Properties
• Proactive takes access control decisions
  independently of specific user request
• Alternate Privilege Provision provide any
  privileges for mitigation,
• Wo-aware rescind privileges after Wo expires
• Dynamicity not adhere to any assumpitons
  regarding criticality or its behavior
• Non-Repudiability maintain detailed records of
  actions taken during criticality

Criticality Aware Access Control
S.K.S Gupta, T. Mukherjee, K. Venkatasubramanian,
Criticality Aware Access Control Models for
Pervasive Applications, In Proc of IEEE
Pervasive Computing, 2006.
23
Criticality Aware Access Control
Detect Criticality
Plan/Schedule Actions
Execute Actions
Grant Privileges

• Locate people, provide aid, based on ailment
• Refer EHR for informed diagnosis and treatment

For each trapped hurt person , their pervasive
health monitoring system

• Obtain info on doctors in vicinity.
• Check if A1, A2 and A3 allowed for them
• If not present, generate privileges
• P1. View past health info
• P2. View current health info
• P3 . View allergy information
• Assign privileges to doctors simultaneously.
• Record actions, if taken

• People Injured in the aftermath of a natural
  disaster
• Check periodically for new criticalities
• New plan schedule if Wo expire or new
  criticality
• Reset all previous privilege assignment

Proactive

• Obtain health information
• Compute type of ailment, possible treatment, Wo.
• Generate list of actions to facilitate
  treatment
• A1. Provide past health info
• A2. Provide current health info
• A3. Provide allergy information

Alternate Privilege Provision
Wo-aware
Non-Repudiability

• Whole process carried out by Pervasive
  healthcare system
• Actions generated may sometimes contradict, such
  cases may mandate sequential assignment of
  privileges
• Role-Privilege model used for implementation,
  where doctors role changed for assigning
  privileges.
• Privileges provided for actions generated and
  not predetermined for different criticalities

• Detection process done periodically interval
  system dependent

• Carried out by doctors

Dynamicity
Comments
24
Domain of CAAC
Context Aware Access Control (Reactive)
Criticality Aware Access Control (Proactive)
RBAC (Reactive)
CA-RBAC (Reactive)
Criticality Aware Access Control (non-role
based)
CAAC

• Traditional Access Control
• Reactive
• Slow in emergency management
• Manual and inflexible
• Pull based access

• Criticality Aware Access Control
• Proactive
• Fast in emergency management
• Automated and flexible
• Push based access

25
Context Awareness
Localization
Other Issues
Energy-Efficiency
26
Context Awareness

• Medical Context
• Is an aggregate of 4 base contexts.
• Each physiological event has to be characterized
  by all 4 base contexts for accurate
  understanding on patients
• health.
• A contextual template can be created for
  specific physiological events for future
  reference.

Physiological (EKG, Perspiration, Heart Rate)
Context Processor
Spatial (Home, Gym, Office, Hospital, Park)
Medical Context
Aggregate Context
Temporal (Morning, Evening, Night)
Sensor Network

• Challenges
• How to determine the aggregate medical context
  from the four base contexts?
• How to create a contextual template for a
  patient?

Environmental (Humidity, Temp)
Base Context
27
Localization Service

• Need Tracking patients, medical personnel
  equipment.
• Challenges
• Highly-dynamic radio environment.
• Multipath propagation, shadowing, and scattering
  effects.
• Position, antenna orientation, and pedestrian
  traffic cause extreme local variation in signal
  strength.
• Solution
• Proximity-based localization.
• Far less susceptible to variations in the local
  radio environment.
• Extremely-low power transmission limits effects
  of scattering, shadowing, multipath propagation.
• Low infrastructure and deployment costs.  

Localization architecture
Localization used for Proximity Determination
28
Access Control for Smart-Emergency Departments
(ED)
ED Workflow

• Need
• Patients follow well defined service paths in ED
  workflow.
• Several data systems need to be accessed, here,
  requiring unique log-in process.
• Such explicit session log-in/out process causes
  distraction for caregivers and result in
  vulnerabilities

Zone 2

• Requirement
• Primary focus of ED is to provide patient care.
• ED procedures which minimizes distraction for
  caregivers is essential for its effectiveness.
• Principal Idea
• Automatically provide access to resources when a
  subject comes within its proximity.

Zone 1
Proximity-based Access
Proximity Zones
S. K. S. Gupta, T. Mukherjee, K.
Venkatasubramanian, and T. Taylor Proximity-based
Access Control in Smart ED Environments, In Proc
of 4th IEEE Conference on Pervasive Computing
Workshops (Ubicare), Pisa, Italy, 2006.
29
Challenges and Solutions
Access Control Policies

• Challenges
• Design of proximity zone for a resource.
• Determination of proximity to a resource.
• Enforce appropriate access policy.
• Solution
• Subjects get access to resources automatically on
  entering the proximity zone around a resource.
• If more than one subject in proximity provide
  access privileges are a function of individual
  privileges of a user.
• Prevents misuse when people in proximity without
  intension of use.
• Multiple-levels of access available
• Level0 general information (outside ED)
• Level1 information pertaining to users domain
  such as ED, requires authentication (inside ED)
• Level2 sensitive information requires
  additional authentication (inside ED).

Access to Unoccupied Resources
Access to Occupied Resources
Policies Specification
Single Subject
Multiple Subjects
Multiple Subjects
Single Subject
Direct access
Wait for Resource to free
Random Choice
Log-in Initiate
Actual Proximity

• Implementation
• Built a preliminary prototype for PBAC using a
  commercially available UWB-based positioning
  system from Ubisense Inc.
• Tested the accuracy of the positioning system at
  a Level-I Trauma Center ED in the Phoenix Area.
• Positioning accuracy of the system was within 2-8
  inches.

30
Energy Efficiency
Probable Solutions

• Need
• Sensors have very small battery source.
• Sensors need to be active for long time
  durations.
• For implantable sensors, it is not possible to
  replace battery at short intervals.
• Challenge
• Battery power not increasing at same rate as
  processing power.
• Small size (hence less energy) of the batteries
  in sensors.

Better Battery
Solar Energy
Vibration
Body Thermal Power
Energy-Efficient Protocol Design at all Layers
31
Energy-Efficiency Source Coding Biosensor
Communication

• M Symbols 2k

• Need
• Sensors have
• low data rate.
• Short range of operation.
• Demands low power and low complexity at both
  circuit and system level.

• Solution
• Minimum Energy Coding
• Sources with unknown statistics.
• Minimum energy codes considered
• More energy efficient.
• Only one bit-1 per code
• Achieves
• Lesser number of bit-1 in the transmitted code
• Safely assign to source symbols of any
  probability of occurrence.
• Code Rate (k / n) (k / 2k-1)

System Model
Y. Prakash, S.K.S Gupta, Energy Efficient Source
Coding and Modulation for Wireless Applications,
IEEE Wireless Communications and Networking
Conference, 2003. WCNC 2003. Volume 1, 16-20
March 2003, Page(s) 212-217.
32
Ayushman
33
Ayushman A Pervasive Healthcare System
Sanskrit for long life
Environmental Sensors (Temperature etc)

• Project _at_ IMPACT Lab, Arizona State University
• To provide a dependable, non-intrusive, secure,
  real-time automated health monitoring.
• Should be scalable and flexible enough to be used
  in diverse scenarios from home based monitoring
  to disaster relief, with minimal customization.

Internet
Stargate Gateway
External Gateway
Central Server
Medical Sensors (EKG, BP) controlled By Mica2
motes
Medical Professional
Home/Ward Based Intelligence
Body Based Intelligence
Medical Facility Based Intelligence
Vision

• To provide a realistic environment (test-bed) for
  testing communication
• protocols and systems for medical
  applications. 

K. Venkatasubramanian, G. Deng, T. Mukherjee, J.
Quintero, V Annamalai and S. K. S.
Gupta, "Ayushman A Wireless Sensor Network Based
Health Monitoring Infrastructure and Testbed",
In Proc. of IEEE DCOSS June 2005
34
Medical Data Management Architecture
35
Ayushman Remote Medical Monitoring

• Testbed consists of medical devices interfaced
  using crowssbow motes to a PDA.
• Medical devices integrated include BP monitor
  (Suntech), EKG monitor (Vernier), Gait Monitor
  (MicaZ based sensors) and TelosB based
  environment sensor

BP and EKG Monitoring

• Supports query based and continuous data
  collection.
• System Constrainst
• Low reliability
• Lack of bandwidth
• Low memory for processing.

Gait Monitoring
36
Ayushman Client Screen Shot
Patient Details
Current Sensor Value
Sensor Values Trend
Query Result Archived Data
Location of Server
37
Other Similar Projects

• Proactive Health Project _at_ Intel
• Developing sensor network based pervasive
  computing systems
• Managing daily health and wellness of people at
  homes
• Proactively anticipate patients need and improve
  quality of life.
• Code Blue Project Sensor network based health
  monitoring
• _at_ Harvard
• Developing sensor network based medical
  applications for
• Emergency Care
• Disaster Management
• Stroke patient rehabilitation
• AMON Project _at_ ETH, Zurich
• Developing multi-functional wearable health
  monitor
• E.g. BP, pulse, SpO2, ECG, Temperature
• Aware Project _at_ the Center Pervasive Healthcare,
• University of Aarhus, Denmark.
• Applying context aware computing to hospital
  scenarios

38
Conclusions

• The global e-healthcare and telemedicine market
  is currently valued at 7billion (Cap Gemini
  Ernst Young) and is showing an explosive growth.
• Such systems will become increasingly more useful
  because of the aging world population.
• Next generation medical system are being designed
  to provide pervasive, scalable, cheap,
  non-intrusive heathcare to all.
• Aysuhman - a sensor network based health
  monitoring system that is dependable, secure and
  safe.

39
List of Publications

• L. Schwiebert, S. K. S. Gupta, J. Weinmann et
  al., Research Challenges in Wireless Networks of
  Biomedical Sensors, The Seventh Annual
  International Conference on Mobile Computing and
  Networking, pp 151-165, Rome Italy, July 2001.
• Q. Tang, N. Tummala, S. K. S. Gupta, and L.
  Schwiebert, Communication scheduling to minimize
  thermal effects of implanted biosensor networks
  in homogeneous tissue, Proc of IEEE Transactions
  of Biomedical Engineering.
• Q. Tang, N. Tummala, S. K. S. Gupta, and L.
  Schwiebert, TARA Thermal-Aware Routing
  Algorithm for Implanted Sensor Networks, Intl
  Conference on Distributed Computing in Sensor
  Systems, 2005
• Sriram Cherukuri, Krishna K. Venkatasubramanian,
  Sandeep K. S. Gupta, BioSec A Biometric Based
  Approach for Securing Communication in Wireless
  Networks of Biosensors Implanted in the Human
  Body, in Proc of IEEE ICPP Workshops, 2003
• K. Venkatasubramanian, and S.K.S. Gupta,
  "Security For Pervasive Health Monitoring Sensor
  Applications", To Appear in Proc of 4th Intl.
  Conf. on Intelligent Sensing and Information
  Processing (ICISIP), December 2006.
• S.K.S Gupta, T. Mukherjee, K. Venkatasubramanian,
  Criticality Aware Access Control Models for
  Pervasive Applications, In Proc of IEEE
  Pervasive Computing, 2006.
• S. K. S. Gupta, T. Mukherjee, K.
  Venkatasubramanian, and T. Taylor Proximity-based
  Access Control in Smart ED Environments, In Proc
  of 4th IEEE Conference on Pervasive Computing
  Workshops (Ubicare), Pisa, Italy, 2006.
• Y. Prakash, S.K.S Gupta, Energy Efficient Source
  Coding and Modulation for Wireless Applications,
  IEEE Wireless Communications and Networking
  Conference, 2003. WCNC 2003. Volume 1, 16-20
  March 2003, Page(s) 212-217.
• K. Venkatasubramanian, G. Deng, T. Mukherjee, J.
  Quintero, V Annamalai and S. K. S. Gupta,
  "Ayushman A Wireless Sensor Network Based Health
  Monitoring Infrastructure and Testbed", In Proc.
  of IEEE DCOSS June 2005