CYBER ATTACKS FOR DATA BREACH AND POSSIBLE DEFENSE STRATEGIES IN INTERNET OF HEALTHCARE THINGS ECOSYSTEM

Abstract

The widespread use of the Internet and the increase in Internet of Things (IoT) equipment paved the way for the development of user-friendly systems. The inclusion of many electronic systems in the IoT ecosystem, especially in homes, has improved remote control and monitoring features. In general, within the concept of smart home, voice, control and joint movements are used as command center and WIFI, Bluetooth, Zigbee and GSM etc. technologies are used for communication. Regular monitoring of some health problems of individuals occurs in some situations that require instant intervention. In this context, individuals in need of home care or under surveillance at home are checked with Internet of Healthcare Things equipment in the company of experts. The rapid spread of the IoT ecosystem has also increased data production. Especially sensitive health data is at the beginning of critical data and requires security measures to be taken. In this study, the IoT devices used for home patient care have been evaluated for the sources of data leaks and possible security measures that may be experienced in the process from the data owner to the data storage stage. In order to identify possible risks and threats, 4 different target scenarios were created. These scenarios include home internet connection resources, data transfer, data storage and access. 8 different attacks (Deauth, DDOS, brute force, hashcat, Man-in-the-middle, Injection, Short Address Attack, Smart Contract Overflow) were applied to these possible scenarios where data leakage could occur. In addition, recently, blockchain applications and smart contract transmissions are preferred for data security. Among the attack scenarios, Short Address Attack and Smart Contract Overflow are attack methodologies used for blockchain security. In particular, denial of service was encountered in all attacks on wireless networks. Configuration errors, wrong product selection, use of weak passwords and default configurations in the IOT ecosystem seem to be the main sources of data leaks. As a result, the study includes possible attacker scenarios and possible vulnerabilities have been extracted within the scope of real scenarios. In addition, the measures to be taken against these vulnerabilities were evaluated and recommendations were given to take maximum security measures to prevent data leaks from within the IoT ecosystem.