Evaluating Security of Internet of Medical Things Using the Analytic Network Process Method

Internet of Medical (ings (IoMT) plays an important role in healthcare. Different devices such as smart sensors, wearable devices, handheld, and many other devices are connected in a network in the form of Internet of (ings (IoT) for the smooth running of communication in healthcare. Security of these devices in healthcare is important due to its nature of functionality and efficiency. An efficient and robust security system is in dire need to cope with the attacks, threats, and vulnerability. (e security evaluation of IoMTis an issue since couple of years.(erefore, the aim of the proposed study is to evaluate the security of IoMT by using the analytic network (ANP) process. (e proposed approach is applied using ISO/IEC 27002 (ISO 27002) standard and some other important features from the literature. (e results of the proposed research demonstrate the effective IoMT components which can further be used as secure IoMT.


Introduction
Internet of ings has several applications in the daily life and has made life very easy. From industry to education, healthcare, and other places, the IoT is mostly used. Internet of Medical ings is the advanced version of IoT which has a key role in healthcare. Devices such as wearable, handheld, sensors, actuator, and others are connected for communication through Internet. For the smooth communication of these devices, security is important to run in an effective and efficient way. Security is the protection from unauthorized access of illegal users. In healthcare, the devices are sometimes connected through heterogeneous environment with the support of different IoT devices. So, the security evaluation is important for them to ensure that the communication is safe and secure. IoMT plays an important role in remote exchange data processes.
e IoT devices have limited capabilities due to low processing, tiny memory, and limited storage, so implementing security will be a challenging task. e security and privacy in IoMT devices are vital due to a number of reasons as IoMT devices are ubiquitous and their applications are employed in health. For this purpose, reinforcing a security mechanism is indispensable to cope with these attacks, vulnerabilities, and security and privacy challenges. Security can be one of the important factors for IoHT [1][2][3][4][5][6]. e existing research regarding the security of IoMT covers different aspects. However, there is a lack of knowledge that how to evaluate the security of IoMT based on security attributes and features. So, to overcome this limitation, the proposed research presents the ANP approach for the evaluation of security of IoMT in term of the ISO/IEC 27002 (ISO 27002) standard, and some other important features identified from the literature. e ANP method incorporates the criteria given for achieving the goal based on the available alternatives. is method helps in situation when complexity arises. e organization of the paper is as follows: Section 2 presents the related work to the security evaluation of IoMT, along with the existing approaches for security evaluations are discussed. In Section 3, the research method is briefly described. Section 4 concludes the paper.

Related Work
Several approaches have been used by researchers for the evaluation security. e basic security requirements are defined in confidentiality, integrity, and availability (the CIA model) [7][8][9][10][11][12]. e IoMT devices are vulnerable to several threats of security, attacks, and vulnerabilities. IoMT devices suffer from enormous security threats due to low cost and power unlike traditional desktop and mobile devices. e malware can replicates itself by compromising the   connection that links IoTdevices [13]. Different frameworks, models, reviews, surveys, and analysis pertaining to the security of IoT-based systems for security analysis are used. Frustaci et al. [14] evaluated IoT security issues at three different layers of IoT such as perception, transportation, and application. Leister et al. [15] evaluated the security of IoT in e-health by presenting a scenario-based framework. Alrawi et al. [16] proposed component-based analysis such as IoT device, mobile application, communication channel, and cloud end points for the home-based IoT system. Tekeoglu and Tosun [17] presented a layer-based packet capturing framework for investigating security and privacy of IoT devices. Cherneyshev and Hannay [18] evaluated IoT security by using two smart TVs against the multisurface attacks. Ali and Awad [19] assessed the security of IoT smart home in terms of vulnerability. Mazhelis and Tyrväinen [20] evaluated IoT platforms from application provider perspectives. Apart from these approaches, several other approaches are being available in the literature [21][22][23][24]. Similarly, mobile computing services can be used in IoT by using services of mobile phones and apps or through the M-Health care system. e M-Health contributes to the IoT by furnishing various services such as compactness, IP connectivity, consumption of low power, and security [25]. Recently, many applications have been developed to deliver mobile-based services to the users in healthcare. e applications of smart phone enable the patients to know about their diseases after the analysis in the field of gynaecology and paediatrics [26]. e purpose of this section is to study the existing literature to know about the work done in the area of security evaluation. For this purpose, the popular libraries including ACM, IEEE, ScienceDirect, and Springer were searched. Different types of information were obtained, and the details    Figure 1 shows the type of publication along with the total number of papers published in the ACM library. Figure 2 shows the content type along with the total number of publications. e purpose of searching different libraries was to know more about the research done in the area. For this purpose, the IEEE library was also searched. Figure 3 shows the type of publication along with the total number of papers published in the IEEE library.  Figure 6 shows the number of publications along with the type of publication. Figure 7 shows the publication title along with the number of publications.     Evaluating security of Internet of Medical Things Figure 10: Goal, security criteria, and alternatives of the proposed research. e overall process of the proposed research is shown in Figure 11.

Security and Communication Networks
Finally, the library of Springer was searched for the detail information in the area. Figure 8 shows the number of publications with the type of publications in the Springer library. Figure 9 shows the article topic along with the total number of publications.

Applications of the Analytic Network Process for Evaluating Security of Internet of Medical Things
e analytic network process has several applications in different areas [11,24,[27][28][29]. e reason behind using this method was to evaluate the security of IoMT, as this method works very well in situation where complexity exists. In the proposed research work, the analytic network process approach is used for security evaluation of Internet of Medical ings. e ANP method incorporates the criteria given for achieving the goal based on the available alternatives. is method helps in situation when complexity arises. e method adopted the ISO standard of security along with the identified security features from the literature. e ANP method consists of three parts: (a) the goal, (b) criteria, and (c) alternatives. Details regarding the ANP can be found in [30]; however, the following are the main steps: (a) A particular phenomenon is to be divided into subparts (b) A qualitative scale of measure is applied while this can be converted into a quantitative scale between 1 and 9 (c) e pairwise comparison is done for all the criteria along with alternatives (d) e relative importance is found by finding the principal eigenvalue and the related eigenvector of the comparison matrix (e) e consistency of matrix is measured Priority vector "w" is calculated as follows: (1) λ max is the major eigenvalue of the matrix "A," and "w" is its eigenvector. e value of "λ" is obtained by summing the column of the original matrix multiplied by the normalized EV. e principal EV is obtained by the sum of all "λ". e "consistency index (CI)" and "consistency random (CR)" of the pairwise comparison matrix are computed by the following equation: (2) e random consistency index (RI) table is given by Saaty and is shown in Table 1 [30].
(f ) Construction of the supermatrix (g) Conversion of the weighted supermatrix into the limit matrix for making the decision (h) Deciding the most appropriate alternative from the limit matrix Figure 10 shows the goal, criteria, and alternatives of the proposed research.
(i) Identification of attributes and scoring process: the process of identification of attributes was very tricky due to the reason that important attribute should be missed. For this purpose, the literature was searched and finally the attributes of the International Standard Organization (ISO) information security standard such as ISO/IEC 27000-series (ISO/IEC, 2018) along with 8 important attributes from the literature were identified. ISO/IEC 27000-series (ISO/IEC, 2018) is a well-known standard and widely accepted standard [12]. Table 2 shows the list of selected attributes. After selecting the attributes for security evaluation, these attributes were shared with the experts in the field. e reason of sharing was to gather appropriate score for each component with respect to the defined attribute. Assigning the score to the relevant attribute was based on the expertise of the expert. Table 3 shows the comparison with respect to IoMT1. Table 4 shows the comparison with respect to IoMT2. Table 5 shows the comparison with respect to IoMT3. Table 6 shows the comparison with respect to IoMT. e rest of the calculations for the remaining attributes to IoMT were done the same as Table 6. After pairwise comparisons, all the calculations were brought together into the weighted supermatrix for the purpose to convert it into the limit matrix for decision-making about security evaluation. Table 7 shows the weighted supermatrix. e weighted matrix was converted into the limit matrix by taking the power of the weighted matrix. is process was done till all the elements of each row become the same. e reason was to make decision based on the limit matrix. Table 8 shows the limit matrix.     Based on the limit matrix, we conclude that IoMT1 is the most secure component followed by IoMT2 and then IoMT3. Figure 12 shows the ranking of IoMT components.

Conclusion
e Internet of Medical ings is considered to be a significant part of healthcare which plays an important role. Communication among different devices such as smart sensors, wearable devices, handheld, and many other devices are connected in a network is possible due to the success of Internet of ings. For efficient and smooth running of healthcare, the security of different devices connected is mandatory. An efficient and robust security system is in dire need to cope with the attacks, threats, and vulnerability. e security evaluation of IoMT is an issue since the last few years. e proposed study is an endeavor toward the evaluation of the security of IoMT and using the analytic network process. e approach is applied using the ISO/IEC 27002 (ISO 27002) standard with the collection of some other important features from the literature. e results of the proposed research demonstrate the effective IoMT components which can further be used as secure IoMT.

Data Availability
No data were used to support the study. Security and Communication Networks 13