Quantum Machine Learning for Security Assessment in IoMT: History
Please note this is an old version of this entry, which may differ significantly from the current revision.
Subjects: Others
Contributor: , , , , ,

Internet of Medical Things (IoMT) is an ecosystem composed of connected electronic items such as small sensors/actuators and other cyber-physical devices (CPDs) in medical services. When these devices are linked together, they can support patients through medical monitoring, analysis, and reporting in more autonomous and intelligent ways.

  • vulnerability prediction
  • Internet of Things
  • quantum machine learning

1. Introduction

Smart devices can be used to improve a wide range of services in ubiquitous computing. The gadgets that make up the “things” in the Internet of Things (IoT) can exist in any household, company, and city. The services based on IoT bring benefits but also security vulnerabilities in the form of blind spots and increased attack surfaces [1]. Smart devices with security vulnerabilities can allow malicious users to infiltrate private computing networks. Most IoT devices are vulnerable to cyber-attacks because they are not equipped with sufficient security features. These IoT networks are vulnerable to several factors, such as technological limitations and the users associated with the IoT applications [2].
Firstly, there are security vulnerabilities in IoT devices on the market because of their hardware limitations. IoT devices can only perform so much processing; their specific purpose is to provide minimized computing power (and constrained energy usage). Therefore, there are limited options for stronger data protection and security reinforcement. Secondly, diversity in the IoT device types brings challenges in establishing security protocols applicable to all IoT devices [3,4].
Most importantly, the lack of user control in IoT automation provides severe challenges to IoT security assurance [5]. As IoT applications are applied to various fields, including medical services (e.g., monitoring patients) where security is of paramount importance, proactive and preventative security assurance is vital in future applications of Internet of Medical Things (IoMTs) [6].

2. Review of IoT Applications

There are many new “smart” services and goods available, such as “smart” appliances, “smart” homes, “smart” watches, and “smart” TVs. These new “smart” services and products all contribute to the rapid proliferation and increasing ubiquity of Internet of Things (IoT) devices. The disclosure of sensitive personal data to a service provider is frequently required in exchange for smarter and more flexible service alternatives (which may at times be private information) [12]. This indicates that developing each product or service related to IoT should primarily emphasize protecting consumers’ personal information. Unfortunately, this is not the case with many commercially available Internet of Things (IoT) devices. In recent years, there has been an increase in the amount of scrutiny placed on the risks associated with using simple IoT devices in services that have access to sensitive information or important controls [13]. Examples of these services include a video recording of private environments, real-time personal location, health monitoring, building access control, industrial processes, and traffic lights. The recording of private areas through video, real-time monitoring of individuals, monitoring of health data, and monitoring of production lines are all services that fall under this category. Recent security breaches in media that target consumer IoT devices have heightened the public’s awareness of the risks that are inherently associated with the Internet of Things (IoT) ecosystem. Protecting commercial IoT devices from cyberattacks calls for first-principles design considerations [14]. However, because many different types of devices are connected to the IoT, it is difficult to create reliable security-by-design solutions. The capacity of many IoT devices to use electricity, transmit and receive data, and store information is severely limited. This makes things even more complicated than they already are. Owing to these difficulties, conventional and Internet-connected equipment cannot execute standard security measures similarly. A culture of cybersecurity is required by all parties involved in the Internet of Things (IoT), notably product designers and end users. This goes beyond technological factors that need to be considered. Many creators of IoT devices have been motivated to innovate by the demand for inexpensive sensors and actuators (e.g., home automation, light control, video surveillance, etc.). Because no other people utilize the system in remote locations where these devices are employed, the risk of security breaches is considerably reduced. This is because no other people use this system. As a consequence, many organizations have a poor understanding of cybersecurity and may remain naïve to the dangers posed by devices connected to the Internet [13].
Items connected to the Internet of Things have been brought to the market, even though their security was either disregarded or treated as an afterthought. This is because there is a lack of information, no production strategy, and a requirement to minimize both production costs and the amount of time it takes to enter the market. Additionally, most people do not alter the factory-set password on their devices, which is one of the most fundamental steps to increase safety. Consequently, a large amount of electrical hardware has been rendered useless. If a person is not given adequate credit to defend themselves and their own equipment, the user’s risk of being attacked increases.

3. Security Flaws in IoMT Devices

Many events, both in the real world and in academic research, have shown how serious IoT security flaws are and their potential consequences. The Open Web Application Security Project (OWASP), a group that works to improve software, publishes an annual list of the most dangerous security holes of IoT. Below are some examples of each of these mistakes. This flaw is often encountered in new malware. The server for the home automation system was not locked down, so sensitive information, such as the geolocation of the homes and hard-coded passwords, was exposed. The effects of a compromised automation platform are further discussed in this research.
The service providers with insecure networks aim to identify security flaws in products. The study showed that sensitive user information was leaked because the device had open ports that allowed it to connect to the Internet. It is not difficult to find examples of how people and networks have been compromised by device flaws, and more such cases are likely to occur in the future. The users need to know about these common flaws to protect themselves.
Threat actors can use vulnerable devices to move laterally, which allows them to move closer to important targets. Attackers can use vulnerabilities to take over specific devices, convert them into weapons for use in larger campaigns, or even use them to spread malware across an entire network. IoT botnets are an example of how dangerous device vulnerabilities can be and how sophisticated cybercriminals’ methods are in taking advantage of them. One of the most well-known types of IoT botnet malware is headlines, which use a network of thousands of infected home IoT devices to launch a distributed denial of service (DDoS) attack against a number of well-known websites [15]. There is no clear line between the security needs of businesses and homes. IoT devices, primarily when used for remote work, make that line even less clear. This is particularly true when people work in the same office. Bringing IoT devices into the home can increase the number of possible entry points for hackers. This could put the company’s network and employees in danger. This is a major concern for bring-your-own-device rules and arrangements allowing people to work from home. In addition, attackers can use weak Internet of Things (IoT) devices to enter internal networks. The growing list of threats includes new attacks that use side channels, such as infrared laser beam attacks on smart devices in homes and businesses and domain name service (DNS) rebinding attacks that can collect and send information from within networks.
The heterogeneity, velocity, and massivity in IoMT data communications pose serious challenges to traditional security solutions, as presented in Section 2.3.

4. Machine Learning Models in IoMT

In vulnerability prediction in IoMT-based applications, machine learning is used to analyze risks and find security vulnerabilities. It identifies and evaluates threats based on patterns in the network traffic generated by IoMT devices. It uses the features of dynamically updated threats to determine and assess them. The “vulnerability” of a system is a flaw that an attacker can take advantage of because it is built into the system. Most of the time, vulnerabilities can be found and possibly used, because they are common knowledge. On the other hand, risks consider not only the environment, configuration, behavior, and security policy but also one or more underlying weaknesses. Some risks can change how serious IoT Security [16] thinks a vulnerability is, but they only appear on the device details page and not on the vulnerability page. Specifically, IoT Security calls a vulnerability “possible” when it affects a specific device type, model, and version number. At least one device fits this type, but the model and version number are unknown. A device is vulnerable if it can be broken. If a flaw is only found in devices with a specific serial number, there are devices with unknown serial numbers that fit the description of the flaw; then the flaw is still a possibility. The vulnerability has not yet been used in this situation. The IoT has the potential to simultaneously improve patient care and lower healthcare costs at the same time. However, most IoT devices can be hacked, raising cybersecurity concerns that could hurt both patient care and business finances [17,18].
Ban et al. [19] summarized the typical research methods used in IoT security. Every study that finds a hole in the Internet of Things (IoT) infrastructure was carefully examined using a standard research method. Both the problems that needed to be solved and the tasks that needed to be performed were discussed.
Meneghello et al. [20] provided a thorough discussion of the security issues that plagued the Internet of Things (IoT) sector and looked at some of the ways that these issues were dealt with in the past. The authors provided a high-level overview of security in the IoT and then went into more detail about the specific security features built into the most popular IoT communication protocols. Next, the authors reported some of the attacks on real IoT devices in the literature. This was performed to show the importance of building security in IoT systems and the security problems common in commercial IoT solutions.
Zhao et al. [21] examined how safe MQ Telemetry Transport (MQTT) servers were to see whether vendors and users took safety measures. Their research showed that not all MQTT servers required a password to connect to the network. Their results provided an excellent way to investigate the safety of IoT devices and encouraged the creation of a more secure ecosystem for IoT systems.
Meidan et al. [22] obtained a lot of information about network activity from a wide range of commercial IoT devices and ran a series of tests to compare different ways of classifying security concerns. Their research showed that (a) the light gradient-boosting machine (LGBM) algorithm provided very accurate detection results, and (b) their flow-based approach was robust and could handle situations in which the other ways of identifying NAT devices could not (such as encrypted, non-TCP, or non-DNS traffics). The LGBM algorithm yielded outstanding results in terms of finding things. Other methods to find NAT-hidden devices had their limitations, but their flow-based method could work in these situations.
Al-Boghdady et al. [23] used machine learning to create a tool called iDetect that can detect security flaws in the C/C++ code of IoT operating systems (ML). With the help of the Software Assurance Reference Dataset (SARD) and the source code of 16 different releases of IoT operating systems, a tagged dataset of vulnerable and safe codes was created. This dataset was based on Common Weakness Enumeration (CWE), which was a list of flaws in IoT operating systems. Studies have shown that the C/C++ source code of low-end IoT operating systems had a minimal number of standard security holes and openings (CWEs).
Zeng et al. [24] used semi-supervised learning algorithms based on convolutional neural networks (CNNs) to find hidden features. Semi-supervised CNNs could learn from both labeled and unlabeled datasets. They could also learn from raw sensor data to use three different real-world datasets to show that their CNNs perform better than both supervised and standard semi-supervised learning methods by a mean F1-score margin of up to 18%.
Ramezani et al. [25] provided an overview about using machine learning (ML) in quantum computing (QC). It also examined the benefits of using quantum machines in terms of speed and complexity.
Qu et al. [26] considered quantum blockchain to secure the IoMT network. Zanbouri et al. [27] studied how quantum computing may be used to secure IoMT data transmission with comparable success.

5. Quantum Computing

Based on Boolean logic, traditional computing can only process data in one of two states. There is either “on” or “off” in these states. In a quantum computer, the numbers 0 and 1 can be represented by different fundamental particles, such as electrons or photons, depending on how they are charged or polarized. In the context of quantum computing, each of these particles is called a quantum bit or qubit [28].
Quantum entanglement and superposition of states are the two concepts in quantum physics that are thought to be the most important. Owing to quantum entanglement, qubits can talk to each other even if they are physically far apart (not restricted to the speed of light). Even if the connected particles are far apart, they are bound to each other. When quantum superposition and interposition are used together, they significantly affect the amount of computing power required. Traditional computers can only store one of four possible binary configurations (00, 01, 10, or 11) at any given time. However, a 2-qubit registry can store all four qubits simultaneously because each qubit represents two integers. However, traditional computers can store only one of four possible binary configurations. When more qubits are used, the capacity increases in a manner proportional to the square of the number of qubits [28].
Even though quantum machine learning (QML) has a lot of promise to make IoMT more secure, it is important to be aware of the challenges and limitations that will always come up during its implementation. First of all, smaller and medium-sized hospitals have a hard time buying and acquiring quantum computing technology because it is rare and expensive. Secondly, the settings for making and running QML algorithms are still in their early stages, just like quantum technology itself. There is a high entry barrier because the learning curve is steep and there are not any standard tools or guidelines. This is partially because of how hard quantum computing is to learn.
Quantum cryptography gives a higher level of protection, but it is not completely foolproof. If it is not kept in good shape, sensitive information about patients could be leaked, which would violate the patient’s right to privacy and could have legal consequences. When integrating quantum-based systems with traditional computer platforms, there may be problems with how well they work together. If QML is going to be used successfully for IoMT security, then future studies will have to focus on finding solutions to these problems.
In quantum physics, a “photon” is the smallest amount of light that can behave in a certain manner. Therefore, someone cannot listen in on a conversation, obtain one-half of a photon, and then use that photon to figure out how much it is worth before letting it keep going. The two people in QKD who are honest with each other devise a plan to throw off an eavesdropper by making mistakes in their conversation, thought to have started the field or created it, was the first person to suggest and show that quantum mechanical properties could be used in communication if information bits could be physically specified [29]. Information can be encoded and sent using the spin of an electron, the manner in which a photon scatters, or a combination of these and other quantum properties.
 

This entry is adapted from the peer-reviewed paper 10.3390/fi15080271

This entry is offline, you can click here to edit this entry!
ScholarVision Creations