View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        Authentication and Authorization for the Internet of Things for Health

        Thumbnail
        View/Open
        Authentication and Authorization for the IoT for Health - 6075142 (Thesis).pdf (571.6Kb)
        Publication date
        2019
        Author
        Bredenoord, B.J.B.
        Metadata
        Show full item record
        Summary
        Background: The Internet of Things (IoT) may transform health and other sectors but this requires (technological) solutions that ensure adequate security and privacy. Proper authentication and authorization are essential to achieve these goals, but may also harm these if the solutions for authentication and authorization are designed or configured improperly. Goal: The goal of this thesis project is to find out how authentication and authorization can help ensuring security and privacy for IoT devices in the health sector. Method: Current solutions for authentication and authorization in the IoT are analyzed. Using semi-structured interviews, requirements for authentication and authorization solutions for the IoT in health are presented. Results: The analysis of available solutions for authentication and authorization shows that there are many different models, architectures, and mechanisms for authentication and authorization, each having their own advantages and disadvantages. The results of the interviews show that the main objectives of authentication and authorization are related to privacy, confidentiality, and integrity of data. The most important challenges to achieve these objectives are heterogeneity and a lack of standardization, as well as problems related to managing (large amounts of) data. To achieve a desired level of security and privacy, authentication and authorization must offer transparency, anonymity / pseudonymity, unlinkability, unobservability, confidentiality, integrity, availability, usability, accountability, auditability, trustworthiness, and non-repuditation. A general set of guidelines for secure and privacy preserving authentication and authorization is proposed and validated. Conclusion: In health care, organizations are vulnerable to security and privacy threats. In some cases there is a trade-off between some security and privacy objectives. There is an orientation towards centralized IoT solutions. Potential negative effects for privacy are avoided through legal and organizational measures. Current trends such as virtualization of networks may affect the way authentication and authorization is carried out.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/32673
        Collections
        • Theses
        Utrecht university logo