monitoring patients via a secure and mobile healthcare ... - IEEE Xplore

BOUKERCHE LAYOUT

2/9/10

1:49 PM

Page 59

W I R E L E S S T E C H N O L O G I E S F O R E-H E A LT H C A R E

MONITORING PATIENTS VIA A SECURE AND MOBILE HEALTHCARE SYSTEM YONGLIN REN, RICHARD WERNER NELEM PAZZI, AND AZZEDINE BOUKERCHE, PARADISE RESEARCH LABORATORY, UNIVERSITY OF OTTAWA

ABSTRACT

EEG sensor

ECG sensor

Pulse

The authors present several techniques that can be used to monitor patients effectively and enhance the functionality of telemedicine systems, and discuss how current secure strategies can improve the security of mobile healthcare.

Patient monitoring provides flexible and powerful patient surveillance through wearable devices at any time and anywhere. The increasing feasibility and convenience of mobile healthcare has already introduced several significant challenges for healthcare providers, policy makers, hospitals, and patients. A major challenge is to provide round-the-clock healthcare services to those patients who require it via wearable wireless medical devices. Furthermore, many patients have privacy concerns when it comes to releasing their personal information over open wireless channels. As a consequence, one of the most important and challenging issues that healthcare providers must deal with is how to secure the personal information of patients and to eliminate their privacy concerns. In this article we present several techniques that can be used to monitor patients effectively and enhance the functionality of telemedicine systems, and discuss how current secure strategies can impede the attacks faced by wireless communications in healthcare systems and improve the security of mobile healthcare.

INTRODUCTION The application of wireless and mobile technologies has stimulated a great advance in facilitating the development of electronic healthcare (ehealthcare). On one hand, wireless devices and mobile networks allow medical professionals to operate in hands-free mode, while communicating with other colleagues in a hospital. On the other hand, wearable sensors enable e-healthcare users to have flexibility and mobility, making it possible for patients to be monitored at arbitrary times and places. This can prevent paroxysmal sickness even if patients are not in hospitals or nursing centers, and thereby patients are given maximum freedom while still receiving This work is partially supported by grants from NSERC, Canada Research Chair Program, MRI/ORF funds, Early Researcher Award (EAR), and Ontario Distinguished Researcher Award.

IEEE Wireless Communications • February 2010

professional medical supervision. Both paramedics and patients can benefit from mobile healthcare (m-healthcare). Therefore, the introduction of wireless and mobile technologies makes mobile electronic healthcare systems more realistic and feasible. Because portable and wearable sensors can monitor a patient’s health status in real time and automatically transmit the sensed data to patient healthcare management centers, patient monitoring offers the most important foundation to m-healthcare. In order to apply m-healthcare to our daily lives, patient monitoring takes advantage of typical wireless and mobile networks, such as the mobile ad hoc network (MANET) and the body sensor network (BSN), to operate in areas that lack a predeployed infrastructure. These networks can support as many patients as possible and allow the maximum mobility of patients [1]. As there is no fixed infrastructure, data communication in these ad hoc networks fully relies on cooperation among wireless devices. When two medical sensors are in each other’s transmission ranges, they can directly communicate with each other; otherwise, other sensors or devices can cooperate to relay the transmitted data. Thus, the cooperation of these nodes must be reliable and requires high security. Figure 1 illustrates an m-healthcare architecture with patient monitoring devices and an emergency response center. Security is a significant requirement for any communication environment; a mobile healthcare system with patient monitoring is no exception. Although real-time monitoring and data transmission provides necessary information quickly, it also can expose a patient’s medical data to malicious intruders or eavesdroppers [2, 3]. If an mhealthcare system lacks the necessary protection when communicating data, unauthorized parties or persons can easily access the private data of a patient, medical records may be modified freely by malicious attackers, and false information can be injected into the data stream by a prohibited node. As a result, when planning mobile healthcare systems, security is indispensable because of the shared nature of wireless devices, the mobility of the patients, and the susceptibility of dynamic and pervasive environments.

1536-1284/10/$25.00 © 2010 IEEE

59

BOUKERCHE LAYOUT

2/9/10

1:49 PM

Page 60

Hospital

Ambulance

Police vehicle

Emergency response center

Patient monitored at home

Figure 1. An architecture of mobile healthcare systems. Due to the important function of m-healthcare, patient monitoring can be a vulnerable point by which an attacker may jeopardize the entire functioning of the system, and even mislead medical professionals to make improper decisions. In this article we study the issues of patient monitoring from the viewpoint of mobile healthcare, and show how current secure strategies are applied to achieve the security and privacy requirements. In the next section we briefly describe the reliability, efficiency and security issues of m-healthcare and BSNs. Subsequently, we focus on the techniques of patient monitoring and secure healthcare mechanisms. Finally, we present our conclusions.

PROBLEM STATEMENT Based on the implementation of existing patient monitoring techniques, wireless patient monitoring primarily makes use of portable wireless devices such as clothing-embedded sensors or wearable biosensors for heart rate, ECG, EEG, EOG, and EMG,1 and then communicates monitored data in real time through wireless networks such as cellular networks and wireless LANs [4]. However, real-time patient monitoring and data transmission pose the following challenges to mobile healthcare: • The quality and reliability of patient monitoring • The power management of patients’ devices • Context awareness • Security and privacy Because a MANET operates in a dynamic but agile environment with wireless links and mobile nodes, the MANET has special requirements of reliability, efficiency, and security. In 1

EEG: electroencephalogram; ECG: electrocardiogram; EOG: electrooculogram; EMG: electromyogram.

60

particular, wireless devices are equipped with batteries and hence have very limited power, which indicates that monitoring sensors must utilize their energy efficiently. These devices generally have a short transmission range, which requires active cooperation from other nodes. Moreover, wireless networks have open and shared characteristics, so information and network security is extremely important here. For a BSN, patients can freely move with wearable sensors, and their flexible mobility leads to rapid topological changes. Specifically, the Health Insurance Portability Accountability Act (HIPAA) presents a set of regulations about security and privacy [5]. The regulations require the protection of data confidentiality, the privacy of patients’ personal information, proper access to patients’ medical records, the privileged limitation of clinicians, and exceptional emergency treatment. Additionally, how to apply traditional secure mechanisms to current m-healthcare systems is another popular topic.

PATIENT MONITORING Patient monitoring plays a vital role in a mobile healthcare system, but many factors affect the quality of patient monitoring, so a reliable patient monitoring system needs reliability, efficiency, and context awareness in order to perform well. First, wearable sensors can monitor both mobile and immobile patients in real time. Unlike immobile patients, who are mainly monitored indoors, mobile patients form a dynamic environment due to their mobility, and thus their monitoring has to extend the monitoring environment to the outdoors. Periodically, these attached sensors should send messages, including sensed data, to a centralized processing center through a wireless channel to report the healthy state of monitored objects [6]. In general, these messages are classified into two categories: routine signal and emergency signal. Routine signals involve periodic monitoring for some vital signs; emergency signals, which are event-driven, observe the sensors carried by patients and monitor for abnormal signs or sudden disease, and these emergency messages usually have the highest priority during the process of delivery. In addition, when the information on a monitored patient is transmitted over wireless networks, it should remain confidential and private.

MOBILE HEALTHCARE SYSTEMS WITH WEARABLE DEVICES A variety of approaches attempt to address the issue of reliable and efficient message delivery from deployed sensors to central processing units. Several solutions are provided in [7]. Under this circumstance, the reliability of transmission is defined as the probability with which a message is successfully delivered from the source to the receiver, while minimizing the power consumption of message delivery. It is a significant challenge to find the right trade-off between reliability and energy efficiency, because a system always wants to maximize the amount of delivered messages with the minimum energy budget.


BOUKERCHE LAYOUT

2/9/10

1:49 PM

Page 61

Source node

Intermediate node

P1: Packet 1 P1, P1, P1

(a)

(b)

(c)

(d)

Figure 2. Schematic diagrams of different data transmission methodologies in m-healthcare systems: a) increased power transmission; b) multiple retransmissions; c) multicast transmission; d) broadcast transmission.

In an ad hoc environment the success of message delivery not only is related to the consumed power, but also depends on the cooperation of neighboring devices. This network of cooperation is shown through the following example: a message Msg is sent from S s to S r through a series of intermediate sensors Ii, where Ss is the source sensor, and Sr is the destination sensor or unit. In order to improve the message delivery reliability, each node is encouraged to participate in packet forwarding [8]; however, regardless of the transmission method adopted, the cooperation of sensors is important. Reliability is realized based on different methodologies, as shown in Fig. 2: Increased power transmission: When the source Ss fails to find cooperating devices, it will increase the level of transmitted power in order to successfully transmit data. Although this method is able to improve reliability, its disadvantage is that the source node S s may run out of power very quickly. Multiple retransmissions: If S s does not receive any acknowledgment (ACK) from its neighboring sensors, it will repeatedly send the same message until it receives one that confirms the receipt of this message. Obviously, multiple retransmissions can guarantee the optimal reliability of transmission; nevertheless, it also results in the significant increase of network traffic, due to retransmission and hop-by-hop ACK. Multicast transmission: Ss sends Msg through designated sensors to a set of receivers (e.g., medical professionals). Thus, the reliability of delivery can be improved with the increase of complexity in terms of message delivery and end-to-end delays. Broadcast transmission: In this methodology Ss broadcasts Msg to all possible sensors in order to forward Msg to the destination Sr. However, such broadcast will result in highly reliable delivery of information at the cost of considerable network traffic. Although we know that multicast transmission may be the best way to transmit data, we have to take the factor of power management into account, because mobile devices usually use batteries as their power supply; hence, these sensors have very limited energy. A device’s power consumption is related to how many messages it sends and how many messages it forwards as a


router for other neighboring devices, because its cooperation is required when it joins a mobile ad hoc healthcare system. The device is not only a message sender on its own, but also a router for other devices [6]. If the distance between Ss and Sr is D, and there are n intermediate devices I to help with the relaying of data,

Although we know that multicast transmission may be the best way to transmit data , we have to take the factor of power management into account, because mobile devices usually use batteries as their power supply; hence, these sensors have very limited energy.

r

D = ∑ di , i=s

where d i is the direct distance between two neighboring devices, for example, from Ss to I1, from I1 to I2, or from In to Sr. Moreover, if the power spent on the transmission over di is Pi, the total power is P = P s–1 (d 1 ) + P 1–2 (d 2 ) + ⋅⋅⋅ + Pn–r(dn). Based on the above theoretical framework, a diversity of protocols are developed aiming to minimize the hop count of forwarding: Random power from the patient’s device: Although this protocol is the simplest one, it is perhaps the worst case from the power consumption point of view, because Ss could send a message with a certain random power level between the minimum and maximum power availability. For example, Ss sends a message at the maximum power level; however, some neighboring device I i is very close to it, and it only needs to use a much lower power level. Thus, this protocol is not more efficient in terms of power consumption. Maximum power from the patient’s device: In this protocol S s always sends messages at the maximum power level. Thus, it is possible that Msg is forwarded in fewer hops, but its power consumption is pretty high. Consequently, this protocol is suitable for emergency signaling. Optimal power from both patient and cooperating devices: Ss and intermediate nodes Ii all transmit signals to reach the nearest node, and thus find an optimal level of power. This protocol has lower reliability and higher efficiency. Maximum power from patient devices and optimal power from cooperating devices: S s sends messages at a maximum power level, but cooperating nodes forward Msg at the optimum level of power. Therefore, a patient’s device can obtain higher reliability, and at the same time, intermediate devices can lower their power consumption.

61

BOUKERCHE LAYOUT

2/9/10

The IDM can detect a patient’s medical condition through wearable sensor systems by dynamically adjusting the sensor set based on the patient’s state. The core of the IDM is an inference engine, which has three components: feature extraction, naïve Bayes classifier, and sensor selection.

1:49 PM

Page 62

EEG sensor

Blood pressure

ECG sensor

Pulse

Pedometer

Figure 3. An example of a body sensor network.

Based on the above discussion, we learn that it is impossible to use a single method to coordinate multiple entities in a dynamic and complex environment. When it comes to data communication in a mobile ad hoc healthcare system, it is important to find a proper balance between the reliability of successful delivery and energy saving of wearable devices. Apparently, patient monitoring has become an interdisciplinary topic and needs more intelligent technologies from other subjects (e.g., artificial intelligence [AI]). The Ambient Cardiac Expert (ACE) monitoring system [9] is a case study of cardiac patient monitoring, which collects physiological data observed by sensor networks together with gene expression data to predict the heart failure rate. Clinical data monitored by attached sensors on patients’ bodies are used by clinical SVM to generate training data to predict the odds of heart failure. In the meantime, machine learning methods intelligently make decisions regarding the criticality level of cardiac patients. Elderly dementia patient monitoring is another application of mobile healthcare systems [1]. An indoor and outdoor active safety monitoring mechanism was built based on radio frequency identification (RFID) technology. As an example, the monitoring system can automatically remind caregivers once an elderly patient is close to a dangerous area or too far from caregivers. During the information exchange process, the Tame Transformation Signatures (TTS) algorithm is applied to encrypt tag IDs and protect patients’ privacy.

BODY SENSOR NETWORKS A body sensor network (BSN), which is also known as a body area network (BAN), consists of miniaturized, low-cost, and wearable or implantable biosensors, and is able to provide continuous monitoring of a patient’s physiological and contextual states [3]. In addition to the design of biosensors, wireless communication and energy management are vital factors to con-

62

ceive a pervasive BSN. With respect to wireless communication, it mainly uses a point-to-point connection between sensors and a monitoring object, and can thereby ensure a BSN’s connectivity. Figure 3 shows an example of a BSN. Generally, a BSN consists of portable devices such as PDAs, cellular phones, and medical sensors, and uses wireless communication technologies such as Bluetooth, IEEE 802.x, and General Packet Radio Service (GPRS). To this day, the development of BSNs needs a multidisciplinary collaboration of biology, electronics, chemistry, and mechanics. IEEE 802.15.4/Zigbee technology is utilized by a BAN [10] to detect and predict the human physiological states of wakefulness, fatigue, and stress. Different monitoring sensors are integrated to attach to a patient’s body, aiming to acquire signals about EEG, ECG, EOG, and EMG. The proposed BAN is a typical wireless sensor network and comprises two modules: a personal data processing unit (PDPU), which controls all sensors and is connected to external networks, and a sensor communication module (SCM) which uses wireless links, including IEEE 802.15.4 and Zigbee, to communicate with a PDPU. The issue of context awareness is well studied in a lot of research. A patient may be physiologically very sensitive to context or environment changes, and such contextual factors include the patient’s activity, current temperature of the outside environment, time of day, and so on [8]. Many artificial intelligence techniques including artificial neural networks, Bayesian networks, and hidden Markov models, are applied to sense environmental changes. Then the collected data is classified based on the aforementioned AI techniques to deduce the context of a BSN accordingly. A BSN-based context-aware QRS detection algorithm [11] makes use of context information observed by the BSN to improve the QRS detection performance. It classifies the readings from ECG sensors to record the local condition of monitored patients, and to cluster the patients’ daily activities, suchas sitting, lying down, walking, and running. Intelligence is involved in BSNs to filter out irrelevant information, make decisions in an expert-like manner, and consider a user’s preferences. The incremental diagnosis method (IDM) can detect a patient’s medical condition through wearable sensor systems by dynamically adjusting the sensor set based on the patient’s state [12]. The core of the IDM is an inference engine, which has three components: • Feature extraction: The frequency and energy of each sensor are extracted as the features for physical activity recognition. • Naïve Bayes classifier: This classifier model infers a patient’s state probabilities based on the sensor feature vector extracted in the previous step. • Sensor selection: This step determines if the diagnosis meets the required level of accuracy, and a utility function decides if the suggested actions are recommended to the user or not. Thus, a small number of sensors are required for initial detection, while additional sensors are added when necessary.


BOUKERCHE LAYOUT

2/9/10

1:49 PM

Page 63

SECURITY AND PRIVACY Undoubtedly, both wireless communication and biosensor technologies have provided a lot of benefits for mobile healthcare, yet there are many concerns about security and privacy that need to be solved to protect the users’ information in m-healthcare systems. Typical concerns include how to prevent the disclosure of a patient’s data, who should have the right to access the patient’s medical record, and how to protect the privacy of the patient. In particular, m-healthcare systems have open wireless links, shared resources, and mobile users, so this increases the difficulty of system security. Much work has been done to secure a pervasive environment [5].

Encryption

Decryption

KS Receiver

Sender

Decryption

Encryption KR

THE CONFIDENTIALITY OF PATIENTS’ INFORMATION Most current solutions protect data confidentiality by using cryptography. Either symmetric or asymmetric key cryptography uses encryption/ decryption to hide a patient’s data. Symmetric keys, such as secret key, session key, or private key, are generally distributed to a user of mhealthcare when he/she registers in the system. However, asymmetric keys are more able to protect data confidentiality [13], so elliptic-curve cryptography (ECC) is implemented in mobile healthcare systems to reduce the computational costs of public key cryptography. Thus, a secure patient monitoring application can achieve a digital signature, encryption and authentication at a regular mobile device (e.g., a PDA), and highlevel encryption becomes more practical. Figure 4 shows the process of data encryption/decryption. Because there are a variety of keys in mhealthcare systems, it is critical to manage these keys so that they are not disclosed to unauthorized third parties or attackers. An HIPAA-compliant key management solution [5] considers two crucial regulations of HIPAA: security and privacy. In the registration phase each patient has to register at an authorized server and submit his/her signed consent. To encrypt a patient’s information, a smart card is used to verify the patient’s biometric information and protect his/her privacy.

SECURE M-HEALTHCARE AND BSN The EKG-based key agreement (EKA) scheme [14] employs electrocardiogram (EKG) signals to generate cryptographic keys, and avoids traditional predefined key establishment phases. Specifically, the keys from physiological value are distinct for different patients, so these keys are unique after they are generated. When two sensors in a BSN want to securely communicate using EKG, these two sensors will simultaneously sample EKG signals following the same procedure. Then the collected EKG signals are transformed into a binary stream and thereby used to form a common key agreed on by the communicating sensors. Biometrics can take advantage of the communication channels already available on a monitored patient’s body in a BSN. For instance, entity identifiers (EIs) are used as a method to secure wireless communications instead of main-


Figure 4. The encryption and decryption process of a patient's information.

taining a dependence on cryptographic keys [15]. Physiological characteristics can be captured by a BSN’s sensors and thereby generate EIs to identify sensors in a biometric approach. When generating an entity identifier, interpulse intervals (IPIs) of heartbeats are measured as a biometric trait. In general, the master node in a BSN sends a synchronization signal to ask for the network-wide EI generation. Once other nodes receive this synchronization request, they begin to record at least one cardiovascular signal. Thus, each node calculates a series of IPIs, and distinctive keys can be generated via concatenation in each block of EIs. The emerging trust technology is also applied in the realm of mobile healthcare systems [16]. A secure multicast strategy (TrE) employs a device’s trustworthiness as the selective criterion of multicast, and evaluates the behavior of each sensor based on its contribution to data relay, so only trustworthy nodes are allowed to participate in communications, while the misbehavior of malicious nodes is effectively prevented. As shown in Fig. 5, the sender S sets a trust requirement Medium, so only its neighbors A and F can forward packets for S because their trust values satisfy TR, while E does not meet this requirement. Particularly, the trust evaluation model in TrE does not follow traditional linear function to evaluate a device, but makes use of different increase-shapes to update the device’s trust value. Meanwhile, a device’s historical behavior is an important factor in the evaluation of the device’s current trust.

PATIENTS’ PRIVACY The users of healthcare systems often worry about the disclosure of their private medical information. Quality of privacy (QoP) is introduced to measure the probability that a mobile healthcare system meets a given privacy requirement [3]. Thus, a patient can specify a certain QoP level as an anonymous user. Privacy-aware

63

BOUKERCHE LAYOUT

2/9/10

1:49 PM

Page 64

Trust: High

systems to address patients’ concerns about security and privacy in the presence of malicious nodes and compromised environments.

Trust: Medium

A

B

REFERENCES

TR: Medium E

S

R

Trust: Low Source node/ destination node F

Trustworthy intermediate node

Trust: Medium

Untrustworthy intermediate node

Figure 5. Trust-based multicast in a mobile ad hoc healthcare system. autonomous agents are developed to offer services relevant to the users’ activities, to convey information, to negotiate services with other agents, to execute an action, and to handle communication among ubiquitous devices. Apparently, agents are responsible for running their users in an autonomous way. When an agent receives a patient’s demanded QoP level, it indicates how much information the patient is willing to share. If the result of negotiation cannot satisfy the patient’s requested QoP, the agent will inform the patient to negotiate a new privacy contract. Here negotiation would be agent to agent; thus, this is a multi-agent system. Elliptic curve cryptography (ECC) has been demonstrated to have similar security to Rivest, Shamir, and Adleman (RSA), but at relatively low computational cost. The ECC-based key distribution algorithm in [4] aims to enforce a patient’s privacy. Symmetric and asymmetric keys are both used in the key distribution phase. Individual sessions are set between clinician, nurse, and patient, and each session has a limited time period, as well as its corresponding session key. This session key will be updated with the information of each session and used to control each member’s access rights. These distributed keys can be used to authenticate a user without revealing his/her identity, and thus protect the user’s privacy accordingly.

CONCLUSION In this article the diversity of factors that take part in the design of reliable, intelligent, secure patient monitoring and management systems has been presented. We show why patient monitoring is so important in m-healthcare, and thus how to construct a monitoring system over reliable and efficient communications. First, we discuss several possibilities to improve the reliability of data communication and effectively manage wearable medical devices’ energy. Then we describe the issues concerning BSNs, showing several techniques that could be used to enhance the functionality of BSNs. After that, we demonstrate the techniques used by current secure m-healthcare

64

[1] C.-C. Lin et al., “A Healthcare Integration System for Disease Assessment and Safety Monitoring of Dementia Patients,” IEEE Trans. Info. Tech. Biomedicine, vol. 12, 2008, pp. 579–86. [2] A. Boukerche, Handbook of Algorithms for Wireless and Mobile Networks and Computing, Chapman and Hall/CRC, 2005. [3] M. Tentori, J. Favela, and M. D. Rodriguez, “PrivacyAware Autonomous Agents for Pervasive Healthcare,” IEEE Intelligent Sys., vol. 21, 2006, pp. 55–62. [4] J. Misic, “Enforcing Patient Privacy in Healthcare WSNs Using ECC Implemented on 802.15.4 Beacon Enabled Clusters,” Proc. 6th Annual IEEE Int’l. Conf. Pervasive Comp. Commun., 2008, pp. 686–91. [5] W.-B. Lee and C.-D. Lee, “A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations,” IEEE Trans. Info. Tech. Biomedicine, vol. 12, 2008, pp. 34–41. [6] I. Martinez et al., “Implementation of an End-to-End Standard-Based Patient Monitoring Solution,” IET Commun., vol. 41, 2008, pp. 56–62. [7] B. Braem et al., “Improving Reliability in Multi-hop Body Sensor Networks,” Proc. 2nd Int’l. Conf. Sensor Tech. Apps., 2008, pp. 342–47. [8] U. Varshney, “Pervasive Healthcare and Wireless Health Monitoring,” Mobile Net. Apps., vol. 12, 2006, pp. 113–27. [9] S. Sehgal, M. Iqbal, and J. Kamruzzaman, “Ambient Cardiac Expert: A Cardiac Patient Monitoring System Using Genetic and Clinical Knowledge Fusion,” Proc. 6th IEEE/ACIS Int’l. Conf. Comp. Info. Sci., 2007, pp. 496–501. [10] E. Monton et al., “Body Area Network for Wireless Patient Monitoring,” IET Commun., 2008, pp. 215–22. [11] H. Li and J. Tan, “Body Sensor Network Based Context Aware QRS Detection,” Proc. 28th Annual IEEE Int’l. Conf. Eng. Med. Bio. Soc., 2006, pp. 3266–69. [12] W. H. Wu et al., “Incremental Diagnosis Method for Intelligent Wearable Sensor Systems,” IEEE Trans. Info. Tech. Biomed., vol. 11, 2007, pp. 553–62. [13] K. Malhotra, S. Gardner, and R. Patz, “Implementation of Elliptic-Curve Cryptography on Mobile Healthcare Devices,” Proc. IEEE Int’l. Conf. Net., Sensing, and Control, 2007, pp. 239–44. [14] K. K. Venkatasubramanian, A. Banerjee, and S. K. S. Gupta, “EKG-based Key Agreement in Body Sensor Networks,” Proc. INFOCOM Wksps., 2008. [15] S.-D. Bao et al., “Using the Timing Information of Heartbeats as an Entity Identifier to Secure Body Sensor Network,” IEEE Trans. Info. Tech. Biomed., vol. 12, 2008, pp. 772–79. [16] A. Boukerche and Y. Ren, “A Secure Mobile Healthcare System Using Trust-Based Multicast Scheme,” IEEE JSAC, vol. 27, 2009, pp. 387–99.

BIOGRAPHIES YONGLIN REN ([email protected]) finished his Master’s degree in computer science from the University of New Brunswick (UNB), Canada. Currently he is working toward his Ph.D. degree in computer science at the University of Ottawa. He was the recipient of Best Research Paper Awards from ACM IWCMC 2009. His main areas of interest include network security, wireless and mobile security, trust-based communication schemes, key management, and anonymity. R ICHARD W. P AZZI ([email protected]) received his B.Sc. and M.Sc. degrees in computer science from the Federal University of Sao Carlos, Brazil in 2002 and 2004, respectively. He received his Ph.D. degree from the University of Ottawa, Canada, in 2008. He is currently a research associate at the PARADISE Research Laboratory at the University of Ottawa. He was the recipient of Best Research Paper Awards from ICC 2009 and IWCMC 2009. He has been working on fault-tolerant protocols for wireless sensor networks and mobile computing. His research interests also include vehicular ad hoc networks, multimedia communications, secure communications, networked 3D virtual environments, and computer graphics. A ZZEDINE B OUKERCHE ([email protected]) is a full professor and holds a Canada Research Chair position at the University of Ottawa. He is the founding director of the


BOUKERCHE LAYOUT

2/9/10

1:49 PM

Page 65

PARADISE Research Laboratory at the university. Prior to this, he held a faculty position at the University of North Texas and worked as a senior scientist at the Simulation Sciences Division, Metron Corporation, San Diego, California. He was also employed on the faculty of the School of Computer Science, McGill University, and taught at Polytechnic of Montreal. He spent a year at the JPL/NASA-California Institute of Technology, where he contributed to a project centered on the specification and verification of the software used to control interplanetary spacecraft operated by JPL/NASA Laboratory. His current research interests include wireless ad hoc and sensor networks, wireless networks, mobile and pervasive computing, wireless multimedia, QoS service provisioning, performance evaluation and modeling of large-scale distributed systems, distributed computing, large-scale distributed interactive simulation, and parallel discrete-event simulation. He has published several research papers in these areas. He was the recipient of the Best Research Paper Award at IEEE ICC ’08 and ’09, IWCMC ’09, IEEE/ACM PADS ‘97–99, and ACM MobiWac ‘06; of the 3rd National Award for Telecommunication Software 1999 for his work on a distributed security sys-


tem for mobile phone operations; and was nominated for the Best Paper Award at IEEE/ACM PADS ‘99 and ACM MSWiM ‘01. He is a holder of an Ontario Early Research Excellence Award (previously known as the Premier of Ontario Research Excellence Award), an Ontario Distinguished Researcher Award, and a Glinski Research Excellence Award. He is a co-founder of QShine, the International Conference on Quality of Service for Wireless/Wired Heterogeneous Networks, served as a General Chair for the 8th ACM/IEEE Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems, and the 9th ACM/IEEE Symposium on Distributed Simulation and Real-Time Application; has been Program Chair for ACM Workshop on QoS and Security for Wireless and Mobile Networks, ACM/IFIPS Europar 2002, IEEE/SCS Annual Simulation Symposium ‘02, ACM WWW ‘02, IEEE MWCN ‘02, IEEE/ACM MASCOTS ‘02, IEEE Wireless Local Networks (WLN) ‘03–‘04, IEEE WMAN ‘04–‘05, and ACM MSWiM ‘98–99; and has been a Technical Program Committee member for numerous IEEE and ACM sponsored conferences. He has served as a Guest Editor for several publications.

65