Cybersecurity risk management and evaluation framework for blockchain identity management systems in health internet of things

Health Internet of Things (HIoT) is used broadly in healthcare because of its advantages. It facilitates remote health monitoring and advances healthcare capabilities. Security solutions are developed to counter the rise of security attacks on healthcare systems, including HIoT. Identity Management (IdM) systems (also known as Identity and Access Management (IAM) systems) are crucial security solutions for any information system, such as healthcare information systems. They manage identities and control access to data in such systems. Attackers target HIoT applications due to the high volume and sensitivity of health data. Thus, IdM systems for HIoT must be built with high standards and based on reliable frameworks. Blockchain (BC) is an emerging technology widely used for developing decentralized IdM solutions. BC-IdM has the potential to increase security and privacy by allowing data subjects to control access to data and eliminate reliance on third parties. Although the integration of BC in HIoT for proposing IdM solutions has gained recent attention, several researchers recommend studying BC security and capabilities carefully before using it for IdM solutions in any domain, such as HIoT applications. A Systematic Literature Review (SLR) was conducted on the BC-based IdM systems in HIoT applications to investigate security and system architecture. We identified the main components and technologies in typical BC-based IdM systems and the layered architecture of the BC-based IdM system in HIoT. Accordingly, the security threats and requirements were summarized. The systematic review findings showed a need for a cybersecurity risk management framework and evaluation factors for BC-based IdM in HIoT applications. This PhD research developed a cybersecurity risk management and evaluation framework for HIoT BC-IdM systems by conducting SLR and Grey Literature (GL) and designing security risk taxonomy. The evaluation factors are essential in determining the reliability and suitability of such systems, particularly in security systems designed to be security guards, such as IdM systems. Thus, this research identified the components of the BC-IdM ecosystem and the evaluation factors for all aspects of the HIoT BC-based IdM systems. Following the Delphi method, the developed framework was evaluated and validated using feedback from thirteen experts from cybersecurity risk management, IdM system, HIoT security, and BC technology domains. In addition, the Simple Multi-Attribute Rating Technique (SMART) was used with experts to assign values to the identified evaluation factors, and an ongoing BC-IdM project in HIoT systems was evaluated based on the weights assigned to the evaluation factors. The developed cybersecurity risk management and evaluation framework plays a role in standardizing the application of BC-based IdM systems in HIoT. It will assist developers, researchers, and organizations in developing a secure and functional BC-based IdM. Also, it will help in selecting the most suitable IdM solution to ensure HIoT users' data privacy and security.