Strengthening Existing Internet of Things System Security: Case Study of Improved Security Structure in Smart Health

Sensor applications and Internet of Things (IoT) technology using many sensors and smart devices (IoT devices) have been commercially implemented and are significantly changing our daily lives. However, most IoT devices are vulnerable due to low power consumption and have inadequate physical security protection mechanisms. The information security protection of existing sensors is very limited, particularly when large numbers of smart devices are deployed in smart application systems. This limited protection is a major information security concern and has become an important personal privacy issue. The study of the IoT architecture and security taxonomy in the beginning of this paper will help readers understand our proposed concept for improving the security level of existing systems without taking down the whole deployed system, which is the key contribution of this article. Through an actual case study, we have found that by improving the network planning and security management mechanism and applying network segmentation, monitoring, filtering, and IoT trust connection, we can strengthen the security protection of existing IoT systems. We demonstrated that raising the security level of existing smart health systems will increase market value both now and in the future, and ad hoc IoT security solutions can be feasibly deployed in all sensor application fields.


Introduction
In April 2018, the National Health Service (NHS) of the United Kingdom was plagued by the WannaCry ransomware, which not only hampered its emergency care system and instantly forced patients to be transferred due to system failure, but also disrupted over 19000 appointments in one week. This incident shows that once smart devices or IoT systems are hacked, the consequences can be dire. Therefore, we need take the safety of IoT solutions seriously and reduce threats to cybersecurity. We need to ensure sufficient IoT information security and protection capability to ensure that systems can function continuously and achieve their purposes and expected benefits.
Breakthroughs in semiconductor manufacturing, communication technology, and cloud computing as well as artificial intelligence technologies have led to the development of lightweight, small-form-factor, and smart devices. IoT technology has become a significant field of research. IoT systems integrate various sensors, monitors, control components, and smart devices, and are connected via wireless sensor networks (WSNs), the Internet, and cloud services. IoT applications have been extensively used and have potential use in a wide variety of fields, such as healthcare, smart homes, smart cities, smart factories, transportation, and government projects.
However, the new technology deploys a plethora of intelligent devices, resulting in a potential threat due to the vulnerability of IoT information security. While there is growing attention on the topic of IoT and security, i.e., the nature of the components and computational capabilities of IoT devices, the variety of communications methods and the complex integration architecture of software interfaces have created more difficulties for managing security in IoT environments. Because of resource constraints and the complexity of environments, IoT devices suffer more serious security challenges than other fields. (1) Recently, some scholars have begun studying IoT information security with a threat taxonomy, and others have highlighted the necessity of information security defense measures for IoT systems. However, it is not easy to integrate new components into some existing systems, and information systems for industrial production processes cannot be rapidly updated. (2) IoT systems that have already been deployed and started operation are facing complicated security challenges. Meanwhile, past studies have not addressed the improvement of the security protection mechanism of IoT systems in current operation. Thus, how to prevent hacker attacks of such systems is the focus of our research. A critical issue is how to keep existing IoT systems running while upgrading their information security protection capability and ensuring their robustness to new cybersecurity threats.
In this paper, we first review the established research on the application architecture and information security taxonomy of the IoT. In addition, we perform a case study on a reengineering project of an ongoing operation in the smart health domain. The case study explores network planning, network gateway design, and strengthening information security management to achieve the goal of upgrading existing information security protection capabilities without changing all the deployed sensors and smart devices and the software of the IoT system. The reengineering project provides an efficient method for the future security enhancement and deployment of IoT systems.

IoT Framework
IoT refers to heterogeneously integrated systems with diverse applications. Researchers must first understand the nature and architecture of IoT solutions in order to propose the most appropriate method of minimizing threats to the cybersecurity of IoT systems. This section first outlines the characteristics of IoT systems, their areas of application, and the system architecture.

Synopsis of IoT
The concept of IoT is the enhancement of existing communications technology via the Internet to enable human-things and things-things communication. (3) Intrinsically, the purpose of the Internet is to satisfy the need for communication between humans. IoT solutions render a cascade of endpoint components, sensory devices, and digital controllers to adopt a new communications protocol, and such evolution contributes to the alignment of the Internet with data transmission tools that allow machines to directly connect with machines, toward achieving cloud computing. Smart devices and equipment can directly use the Internet to exchange data. Therefore, not only can IoT devices provide real-time data to relevant operators, but the devices can also exchange data, a mode of direct communication also known as machine-tomachine (M2M) communication, to achieve the goal of automated, collaborative operation, thus increasing the degree of system automation and optimizing the operation process.
Smart devices in IoT systems are also called "things", a word used to refer to all sorts of components such as sensors and actuators including pulse sensors, vital signs monitors, digital multimeters, thermostat sensors, controllers, and other endpoint devices. The devices have IP communication protocol capabilities and can use the Internet to conduct data transfer and information exchange. (4) In contrast, the IoT itself refers to heterogeneous integrated network systems that do not require human intervention to connect to physical equipment and virtual systems, such as sensors, embedded electronic systems, software systems, and smart devices, by automatically conducting data exchange through the Internet, generating even more value for users of digital applications. (5)

Areas of IoT applications
When sensors are combined with automated operation processing and the analysis capabilities of big data, artificial intelligence applications become the smart devices of IoT systems that have auto-feedback capabilities, providing real-time information of the selected on-site environment. Additionally, these smart things with integrated back-end software application systems conducive to IoT systems can provide businesses with multiple potentials for application development, the optimization of existing operation procedures, and increased market value. Multiple IoT applications have led to the recent widespread application of IoT in a wide range of smart service domains. Scholars have categorized IoT application domains into general classifications including traffic control and transportation, logistics management, healthcare, remote healthcare, education, personal and social applications, and intelligent application services. Examples of specific applications include smart factories, advanced planning systems, rural medical care, smart living environment control, smart grids, smart cities, intelligent workplaces, and smart homes. (1,2,5,(6)(7)(8)(9)(10)(11)(12) Recently, researchers have categorized new IoT cloud platforms into nine domains and 46 service applications, (13) indicating that IoT technology already has the potential for widespread adoption.

Architecture of IoT
IoT refers to complex heterogeneous networks and application systems. Various researchers have proposed approaches to facilitate the integration of different components, devices, communications functions, software interfaces, and application systems for functionality and manageability into IoT architectures. IoT architectures can be categorized into three primary layers: the perception layer, the network layer, and the application layer. The interconnection architecture of each layer is illustrated in Fig. 1. (14,15) The purpose of the perception layer is to use sensory components to collect the status and obtain data from the operating environment, then conduct signal processing and transmit the collected data to local or nearby points for aggregation at another IoT node for subsequent operational processing. The main purpose of the network layer is to enable IoT equipment to conduct data exchange. The designed structure supports communications functions among different near-end smart devices, is equipped with IP networking functions to provide the data transfer capability to IoT equipment at different locations, and is able to connect to the whole back-end system and a cloud platform. The application layer provides users with a platform to view, manipulate, and manage the whole system, capturing the essential spirit of IoT solutions. (6,(16)(17)(18)

IoT information security threats
Ukraine was hit by a cyberattack against its power grid system on Christmas Eve in 2015, leaving more than 250000 people without power during a freezing winter. In April 2018, the United Kingdom NHS system was plagued by the WannaCry ransomware. (19) Thus, we need sufficient IoT information security and protection capability to ensure that systems can function continuously and achieve their purposes and expected benefits.
In recent years, most implementations of IoT systems have not considered newly arising information security threats. This is attributed to the rapid pace of IoT deployment in various application services without acknowledging the lack of computational power and protective mechanisms in most sensor components and smart devices. As a result, IoT devices and software systems exposed to the Internet face serious cybersecurity risks and potential privacy breaches owing to insufficient security protection. (19)(20)(21)(22)(23) For example, in the domain of factory control applications, erroneous systems data and control commands will jeopardize the normal operations of critical system infrastructure. In the medical services domain, erroneous sensory data will endanger personal safety, and unauthorized user behavior could cause harm using sensitive information and threaten the privacy of relevant personnel. Therefore, it is clear that if the problems of IoT information security are not addressed, the future development of IoT applications will be precarious and severely undermined.

Information security
Regarding the security issues concerning information and networking systems, we extract and categorize several characteristics of information security that can serve as principles for planning and establishing IoT information security issues, as an IoT system is also part of the information communications system. (1,(24)(25)(26) The information security characteristics are categorized into the following: • Confidentiality: guaranteeing the privacy of the transmission and storage of information; preventing unauthorized personnel from accessing the contents. • Integrity: ensuring that data cannot be modified by a third party; securing the integrity of data during transmission and storage processes. • Availability: ensuring that legal users can access system services at any time.
• Authentication: authenticating equipment or user identity, and verifying the identity of sources transmitting data. • Non-repudiation: guaranteeing that a transmitter cannot deny that they transmitted the information at a later date. • Privacy: ensuring that a user or account identity cannot be identified, and that users of systems cannot be identified or tracked from their executions and actions. However, IoT security issues primarily originate from devices. Most smart devices of IoT systems do not have information security functions, making it difficult to manage a large number of IoT devices. IoT devices require only a connection to the Internet to conduct communications with other equipment and software systems. Hence, hackers can attack them at any time. (27,28) Therefore, businesses and organizations using IoT devices need to plan effective protection measures to ensure the continuous, active, and automated operation of their IoT systems.

Taxonomy of IoT security
To provide the necessary information security defense capabilities for IoT systems, we need to consider all possible information security threats and build a standardized IoT security taxonomy, which will assist researchers in identifying security leaks and operational risks of IoT more clearly, and thus develop a better-planned mechanism for system protection. Therefore, we consulted previous studies and proposed a taxonomy for IoT information security criteria, as illustrated in Fig. 2. (1,6,29,30) Sensor applications and IoT technology have been deployed in many fields. Several primary security technologies can be identified, including authentication, authorization, exhaustion of resources, policy enforcement, and trust management. These fundamental elements have been applied in application systems for information security protection.
In terms of the IoT architecture, no model is universally applicable to all IoT application settings as the whole structure is heterogeneous and complex. Notwithstanding, the IoT architecture can still use various information security defense technologies for a comprehensive upgrade of system-wide information security and protection capabilities, including the identification of devices, equipment, and personal identities; authentication; authorization; and secure middleware. (1,6,20,24,30,31) The communication functions require communications capability to be provided for smart devices as well as information exchange capability between subsystems of equipment at all levels. In terms of communications security protection, functions and technologies that have to be taken into account include the prevention of man-in-the-middle attacks, ensuring data transmission security, and lowering the risks of logging and eavesdropping. We can establish secure communication channels, network access control, and other management mechanisms paired with intrusion detection and prevention (IDP) technology to detect and monitor the network security status. Alternatively, we can use new software-defined networking (SDN) technology to construct a new secure communications environment and achieve secure data communication and storage. (6,(29)(30)(31) Protecting data confidentiality and the content privacy protection of operation procedures are critical issues being discussed in information security. Therefore, how to maintain content confidentiality from the viewpoint of IoT data security must be considered. Adopting privacy protection technology and data encryption technology is a conventional approach. Similarly, establishing trust mechanisms between different modules, personnel, and equipment within an IoT system is another protective measure. There is also new blockchain technology, which not only provides a data non-repudiation feature but also integrates smart contracts to directly facilitate negotiation with the components of the perception layer and increase the automation of system services. (1,30,32)

Defense methods in IoT security
In this section, we discuss various IoT information security threats in terms of the specific information security needs of the three layers of the IoT architecture. Information security application technologies proposed by earlier researchers are first addressed. Table 1 presents the various characteristics, solutions, and application technologies of information security needs.
Firstly, the perception layer of the IoT architecture is primarily concerned with obtaining, gathering, and processing actual data on-site. Once the sensory nodes are attacked or damaged, the entire IoT system becomes unreliable. However, a major security risk in IoT also originates from perception-layer devices with insufficient defense capabilities. If the protection of smart devices can be enforced, the weakest point in the IoT system in terms of the threat to information security can be effectively monitored and filtered. According to prior work on security protection for perception-level devices, the perception level of IoT must use devices and communication equipment with authentication and network access control capabilities to prevent unauthorized equipment from entering the network system. (7,17,25,30,31,33,34) At the same time, it is necessary to use secure encryption transmission channels and secure mediation gateways to protect the safety of the communication of exchanged data and to control nodal communications safety. Finally, cryptographic mechanisms and key management must be integrated to dramatically increase the confidentiality of transmitted contents and raise the confidentiality and integrity of point-to-point information exchange. Secondly, the network layer provides access network and core network functions, adopting the network as the vehicle to provide IoT devices with near-end communications and an interlayer transmission function at different locations. Applicable technologies proposed by previous researchers have provided information security protection capabilities including encryption wireless channels, authentication mechanisms, authorization management, and isolation subnets. (17,25,33) The core network is used to provide cross-site and cross-level interconnect functions and transmission communications. It has been suggested that the core network can use authorization mechanisms, network access control, firewalls, intrusion detection systems, secure communications, secure routing protocols, key management, and software-defined networks to increase Internet security and protection capabilities. (11,14,24,26,32,33,35) Also, the IoT application layer mainly provides users with an interactive interface with the IoT system by supporting various software functions and middleware in various service domains. However, owing to the wide-ranging nature of service domains and the diversity and complexity of the intermediary system, it has been recommended that authentication and authorization management, access control, encryption technology, digital signature, key management, trust mechanisms, data privacy and protection, point-to-point protection, information security policy management, blockchain technologies, and so on, be used at this level. A system planner should focus on an interface framework that can establish the appropriate information security and protection measures for each application service system. (1,7,13,17,25,27,(31)(32)(33)35)

Security management of IoT
Organizations seeking to protect IoT devices from attack must also address information security management, monitoring, and defensive measures to achieve the goal of continuous system operability. (9) Businesses should review all deployed devices and system equipment within the system environment, and at the same time, isolate network access control from services to prevent unauthorized equipment and anomalous connection behaviors. When certain equipment is under information security attack, measures must be taken to avoid the rapid spread of fallout that may impact standard equipment and other information systems. Secondly, businesses should monitor the operational situation of their IoT system and identify suspicious security threats from event logs, network traffic analysis, and IDP technology, and even renew their information security management policy and raise defense capabilities. In the case of an information security threat alert, businesses must react concurrently and terminate the attack to achieve their defense objective. Substantially, there must be more effort to strengthen information security, and a goal of management policy should be to raise future defensive capabilities of the IoT system after such an event.

Case study
The case study considered is an IoT application service system operating in the field of smart health. Smart things applied in a vital information console (VIC), a clinical cart, or a physiologic monitor are integrated and connected with a smart ward and a nursing station application system. Each nursing station subsystem is also instantaneously linked to the back-end system to integrate it with a nursing informatic system (NIS) and an electronic health record (EHR). In response to the high risk of an information security threat, the system director urgently requires the security of these intelligent facility systems to be improved without changing the existing IoT infrastructure, which has already been installed and is in operation at each station. The director hopes to reduce the risks of future operational disruption by increasing the information security performance via the upgrade of a limited number of components or subsystems.

Implementation of new and improved information security measures
As this case study requires no change to the existing IoT infrastructure in the information security reinforcement, three information security upgrade stages are planned. The stages are the implementation of a secure IoT networking process, the improvement of the smart application environment, and the strengthening of the information security management policy (Fig. 3). The methods of implementation are described in detail in the following.

Implementation of secure IoT networking process
Internet communication is one of the key features of an IoT system, which includes nearfield IoT device connection and front-end/back-end information exchange via the Internet. Establishing the following policy management rules will effectively ensure networking safety.
(1) Check the interconnections of the IoT devices and smart system First, the interconnections among the IoT devices and smart system must be identified. All communication requirements and possible intrusion points must be found. Using the three subnets in (3), different specific service set identifiers (SSIDs) of WiFi local access networks are used to connect different IoT devices, operator mobile devices, or computer and guest terminals. These different WiFi SSIDs can also be connected to specific VLANs to guarantee that the whole network (sensor SSID, managing staff SSID, and public Internet SSID) will perform normal information exchange. A wireless security encryption protocol is also activated to reduce the risks of WiFi internet data transfer theft, man-in-the-middle attacks, and intrusion events.

Improvement of smart application environment
The second stage is the improvement of the smart application environment to enhance security protection and prevent hacking events in each nursing station.
(5) Set network access control list Although existing IoT devices cannot be modified to include an authentication function, the network access control function of the new IoT network gateway can be used to control permitted devices in each VLAN, which would limit the addresses of a device and access to the IP subnet, and achieve effects comparable to device credential verification. (6) Initiate the firewall function Establish a firewall policy on the new network gateways installed in each nursing station to limit the access of the wide area network (WAN) and local area network (LAN) by authorizing limited devices or network addresses, thereby preventing the possibility of hacker intrusion from the Internet and local IoT environment.
(7) Use IDP function Activating the IDP function on the IoT network gateways of nursing stations can detect abnormal communication packets or signatures of attacks. Once abnormal behaviors in data traffic have been detected, the IoT network gateway can issue a warning message to the system operator, and thus block abnormal traffic to prevent denial of service (DOS) attacks from hackers.

Strengthening of information security management policy
The third stage is to add an authentication mechanism and strengthen security management in the existing software system. In the application layer, the smart application system leads the following management policies to boost the information security protection capabilities without rewriting software for the existing operating application systems or changing the current operational process in each station. The existing central firewall can be used to control the remote connecting addresses and communications ports of the back-end server system. It can also create white lists that limit access to trusted Internet connections to set up a line of defense for the back-end information system. (10) Reinforce the account privilege policy Improving the password strength level and password change frequency of the active directory (AD) can strengthen user password protection and reduce the chance of account/password leaks. Also, the system operator user privilege can be reviewed to minimize account privilege, and each user's access privilege can be limited to access only the specific operating functions required. This will strengthen account and privilege management.

Evaluation of IoT security
We use ISA/IEC 62443 as our gold standard to evaluate the security of the new strengthened system in the case study. An evaluation of our approaches to segmentation, monitoring, and strengthening the boundary of the existing system can help increase the reliability and security of the system. Table 2 shows the evaluation of the new implementation based on a seven-point Likert scale questionnaire of the security protection capability. The protection capability of each feature is calculated using the following formula: where P f is the protection capability from the measured feature and f i is a variant factor.

Improvement of IoT security
A comparison of the original system and the strengthened system in the case study was performed by analyzing the security protection measures of the smart health solution with its IoT information security taxonomy, and the results are illustrated in Table 2. Following reengineering, the system in the case study now has several features at the application level, including three information security protection functions: user authentication, authorization, and the trust mechanism. Structurally, the reengineering mechanism now enables device authentication and IDP. At the communications level, the network environment grants secure transmission via a backbone VPN, along with segregated LAN services, enabling defense against risks such as man-in-the-middle attacks and the logging or eavesdropping of transferred data, as well as network access control management. Finally, regarding data protection, the new system in the case study has a trusted connection environment and a higher level of data privacy.
In the past few years, several researchers have raised concerns about IoT security and provided individual protection features. However, hackers have continued to find the weakest points of information systems simultaneously, and easily damaged the functioning of the whole system. Our case study demonstrates the transformation of cybersecurity, in which a process of an existing IoT system in operation can illustrate useful content covering sensor applications and the enhancement of IoT systems, as discussed in Sect. 4.2 and shown in Fig. 3. This case study was conducted in a smart health environment, where a strengthened security protection mechanism was effectively endowed without replacing the existing sensors, smart things, or application software, in contrast to previous studies. A comparison of the scenarios in this study and previous studies is given in Table 3. The previous studies merely applied an individual method or performed an experiment to verify results, whereas our study covered several scenarios. We proposed three comprehensive IoT layers and performed a case study to demonstrate that methods of increasing security can be newly deployed in existing IoT systems in operation and also be potentially implemented in other fields.

Discussion
We proposed a comprehensive IoT solution for improving the security process and protection in an already deployed smart health field and demonstrated the success of the solution. The proposed procedure and solution of this study serve as a good reference model that can further be applied for other cybersecurity purposes, sensor applications, and IoT systems in many fields such as environment control, food and agriculture management, and infrastructure. According to Guo's paper, (2) it is impossible to remove all existing components in a short time in a manufacturing system, making it necessary to reinforce the protection capability while maintaining the existing structure. Our proposed solution has the propensity to be used for IoT and to enhance security management in existing manufacturing fields.

Conclusion
It is difficult for information security protection to achieve non-vulnerability. Instead, the challenge is to achieve the best information security protection level with a limited economic investment. The case study described in this paper aimed to achieve this by minimizing changes to the existing software and hardware infrastructure. The first step was to implement a secure network environment that permits IoT devices and information systems in each nursing station and the back-end server at the center site to function well without hacking. Secondly, a trusted system architecture that integrates access control and a device authentication mechanism was built up. Thirdly, the information security management policy was enhanced by strengthening user privilege management and by establishing a trusted Internet connection that increases security, preventing intruders from hacking the smart application system. The evaluation of the system demonstrated significant success in upgrading every aspect of the information security and defense capability measures of the smart health system, and the case study can be used for reference as a successful model.
For intelligent sensing devices of IoT systems already installed or in operation that cannot be easily or quickly replaced, we recommend implementing a new secure mediation gateway that embeds network access control and next-generation firewall features to achieve local data exchange security and safe remote communication. Additionally, to strengthen information security and management procedures, it is advisable to improve user authentication, device authentication, and operator authorization management at the application systems level. As a result, the privacy of the data can be more securely protected and the likelihood of hacker intrusion into the system can be further reduced.
It is challenging to improve currently operating IoT infrastructure without changing smart devices or running application software; thus, upgrading the security management system in a short timeframe is difficult. Our solution creates the best defense capabilities with minimal system modifications. From this practical and precise study, we have found that the security of IoT is not just a way to adjust hardware and software modules, but it can also be used to enhance information security and protection capabilities from the communications level, system architecture, and management policy. The modification of the networking connections and the authentication of the smart health system provide us with a new defense architecture for IoT systems and information security. We believe that the strengthened information security model proposed in this study provides an agile and highly economical solution to reinforcing the cybersecurity defense capabilities of IoT systems and sensor applications.