Improved usable-security in user authentication of the internet of medical things

Abstract

The ever-increasing global disease burden, exacerbated by pandemics like COVID-19 and other global scourges, underscores the critical need for robust healthcare solutions that complement often overburdened medical staff. The Internet of Medical Things (IoMT) offers a transformative possibility, especially for regions such as Sub-Saharan Africa (SSA), where conventional healthcare models are predominant, yet they encounter significant challenges. However, the successful adoption of IoMT is hampered by prevalent cybersecurity threats, mostly stemming from the increased online activity of untrained users and the inherent security and usability deficiencies of current authentication systems. This thesis contributes to addressing these critical gaps by developing and evaluating a novel Machine Learning (ML) based adaptive user authentication framework aimed at improving secure and seamless access to medical IoT resources. The framework employs an edge-centric methodology, fusing the Naive Bayes classifier with the CoFRA model to dynamically evaluate the authenticity and associated risk of a login attempt. This risk assessment is based on a comprehensive set of inputs, including biometric wearable sensor data, non-biometric smartphone sensor data, and predefined user contextual information. Through a User-Centred Design (UCD) methodology, an Android application was developed and tested with a PineTime smartwatch connected via Bluetooth Low Energy, demonstrating the practical application of the model. Our results show that users consistently prefer basic physiological biometrics for authentication, regardless of their age, experience, or level of ICT proficiency. Simulation was conducted and comparative analyses across various ML algorithms, including Naive Bayes variations, Decision Trees, SVM, XGB, and Random Forests, demonstrated superior performance with weighted datasets, highlighting the importance of data characteristics and splitting methodologies. Other classifiers performed exceptionally well in multi-classification circumstances, whereas Naive Bayes demonstrated optimum performance for up to three authentication classes. Despite noted shortcomings, including class imbalance and a 19% false rejection rate, post-deployment evaluations verified good accuracy (100% and 98.6% in useful security metrics) and great user acceptability of the application. ______________________________________________________________________ ii Ultimately, this research provides a user-centric and context-aware authentication solution that adapts to individuals’ personal profiles such as age, risk scores, and health conditions, enabling secure access while striking a balance between security rigor and usability. By enhancing technology adherence and fostering confidence in digital health solutions, this adaptive authentication model significantly contributes to improving patient care, easing caregiver burdens, and advancing the attainment of Sustainable Development Goal (SDG) 3: Ensure healthy lives and promote well-being for all at all ages. Future work will explore explainable AI and advanced risk assessments to further refine the framework's capabilities.