A Survey: To Govern, Protect, and Detect Security Principles on Internet of Medical Things (IoMT)

The integration of medical equipment into the Internet of Things (IoT) led to the introduction of Internet of Medical Things (IoMT). Variation of IoT devices have been equipped in medical facilities. These devices provided convenience to healthcare provider since they can continuously monitor their patients in real-time, while allowing them to have greater physical flexibility and mobility. However, users of healthcare services (such as patients and medical staff) often are less concerned about security issues associated with IoT. These alleviate existing problems and jeopardize the lives of their patients by making them susceptible to attacks. Furthermore, IoMT applications have direct access to healthcare services because it handles sensitive patient information. Therefore, it is extremely important to preserve and establish the security and privacy of IoMT. This further justifies the need to investigate and address the related issues. Despite existing literature on security and privacy mechanisms, the domain still requires more attention. Therefore, this paper aims to discuss the security and privacy principles, as well as challenges associated with IoMT. Besides, a comprehensive analysis of privacy and security solutions for IoMT is also presented. In addition, we introduced a novel taxonomy of IoMT security and privacy based on cyber security principles such as “govern,” “protect,” and “detect”. In conclusion, this paper provides a discussion on existing challenges and future direction for researchers.


I. INTRODUCTION
Healthcare systems need to handle variations of illnesses and treatments with an increased number of patients. The use of telemedicine systems are useful since patient can be treated at home, hence reducing the overtaxed costs of healthcare infrastructures [1]. Therefore, the development of Internet of Things (IoT) is expected to substantially improve the efficiency and standard treatment in the healthcare industry The associate editor coordinating the review of this manuscript and approving it for publication was Tony Thomas. which further known as the Internet of Healthcare (IoHT) or the Internet of Medical Things (IoMT) [2]. Specifically, IoMT can assist with the requirement of more genericity and scalability [1]. Many healthcare practitioners use IoMT applications to improve therapy, disease control, failure reduction, drug prescription management, and cost savings [3]. Furthermore, IoMT tremendously advances healthcare systems by expediting procedures that enable the adoption of cutting-edge diagnostic and therapeutic techniques via connected wearable sensor devices and real-time monitoring data available from IoT technologies [4]. VOLUME 10, 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ However, the dynamic architecture and openness of IoMT has led to an increased vulnerabilities in terms of security and privacy. Particularly, many security issues arise because of IoMT application usage including unauthorized access to user data, unauthorized remote control of smart devices, wasteful third-party use of personnel data, and so on [5].
Therefore, it is critical to address these security and privacy concerns, as well as associated attacks and drawbacks with a security maintenance. The basic structure of ontology includes elements such as concepts, relations, examples, and axioms. In the IoMT model, concepts represent a collection of entities. Whereas relations describe how concepts interact with each other. Meanwhile, axioms are defined as statements that limit the values that can be assigned to concepts or instances. This paper presents a comprehensive survey of existing literature that address these issues through the application of variety security and privacy principles. Throughout the survey, we included our points of view as a discussion. The cyber security principles, for example, are designed to provide strategic guidance on how to protect and detect IoMT systems and data from cyber threats. These cyber security concepts are classified into three groups: govern, protect, and detect. The Govern principle promotes company-wide awareness of cybersecurity risks to systems, people, assets, data, and capabilities. The Protect principle measures the precautions to secure the delivery of critical infrastructure services. Meanwhile, the Detect principle describes the procedures that must be followed to detect the onset of a cyber incident. These components are further elaborated in the following sections. The contributions of our work are highlighted as follows: • We proposed a novel taxonomy based on cybersecurity principles such as govern, protect, and detect for IoMT security and privacy approaches.
• We provided a comprehensive classification of security principles based on different groups of their IoMT application.
• We highlighted on an open research challenges for IoMT security and privacy, and recommended potential future research area.
This survey paper introduces several key principles of the IoMT and presents the scope of our discussion in Section II. Next, Section III, investigates the existing literature on the source of information used in the security of IoMT. Following that, Section IV highlights the IoMT challenges and issues. Then, Section V discusses a comparison analysis of related surveys. Section VI provides the proposed taxonomy of IoMT security principles. Section IX summarizes the discussion and future research directions. The final section discusses the summary of the work.

II. CONCEPTS AND SCOPE
IoT is a modern paradigm shift in the realm of information technology. In general, IoT enables a more direct integration of the real world with computer-based systems, as well as increased efficiency, accuracy, and financial benefits [5].
The well-proven IoT strategy is progressing into the healthcare and medical industries, which is referred to as IoMT.
IoMT refers to as the networking of communication-enabled medical equipment and their integration into broader health networks that is beneficial for the patients [1]. The architecture of IoMT is comprised of three layers, which are data gathering, data management, and medical services layer, as represented in Figure 1. The IoMT architecture has been adopted in several IoMT systems including [6]and [2].
• Data Collection Layer: this layer consists of sensors and medical equipment that collect patient data into a local network known as a Body Sensor Network (BSN) [7].
• Data Management Layer: this layer is responsible for locally processing and storing patient data generated by medical devices before it is transferred to a centralized medical server.
• Medical Service Layer: this layer allows medical personnel such as doctors to have remote access to their patients' data and provide timely advice to them. Moreover, the algorithms and computer programs for early diagnosis and assessments on the state condition of the patient is provided in this layer.

III. SOURCE OF INFORMATION
There are numerous sources of information that can substantially aid in the examination of IoMT security and privacy. In this regard, some researchers have advocated the utilization of a wide range of information sources to establish a secure IoMT system. This section examines the most relevant data sources for the IoMT systems that have been proposed.

A. ONTOLOGY DATABASE
Ontologies are powerful database repository that can be applied to a broad range of knowledge. They are composed of machine-readable definitions and formal descriptions of many concepts and relationships that exists among entities within a domain [8]. The illustration of our area of research can be presented by Alsubaei and others [9] in which they demonstrated a tool that uses a semantically enhanced ontology to represent the elements of the IoMT, security issues and solutions. The context-aware rules in the developed ontology enable reasoning to provide a recommendation system that enables users to reach well-informed decisions. The basic structure of ontology includes elements such as concepts, relations, examples, and axioms. In the IoMT model, concepts represent a collection of entities. Whereas relations describe how concepts interact with each other. Meanwhile, axioms are defined as statements that limit the values that can be assigned to concepts or instances.

B. VULNERABILITIES DATABASE
The Vulnerabilities database mostly been studied for use in intrusion detection systems [8]. It monitors all known exploits and system vulnerabilities, as well as the security patches associated with them. It is developed by gathering information about the monitored resource configurations, such as operating systems or network application services that could be exploited by the attackers.
In [9], the authors assembled a list of documented IoMTrelated issues from CVE Details and National Vulnerability Database (NVD) of NIST over the previous four years. The authors discovered 40 separate vulnerabilities after filtering all discovered vulnerabilities to eliminate those that were non-medical endpoint, for instance, those that are not relevant to IoMT. Then, they classified these flaws into 11 different scenarios. Next, they evaluated whether the tool had discovered the known vulnerability security issue for each associated scenario. The program was successful in identifying all security flaws such as absent or insufficient security measures.
In [10], the authors propose a path search algorithm that incorporates threat intelligence, solutions, stakeholders, and infrastructure. The stakeholders include medical practitioners, system or network administrators, and patients. The examples of solution include devices, services, and infrastructure. The search sought to investigate the threat intelligence issues and solutions for IoMT vulnerabilities.
The authors [11], proposed a risk study of ITS based on the threat, risk, and vulnerability analysis (TVRA) method, with an emphasis on ETSI ITS communication architecture. The TVRA methodology is based on the probability of a particular attack as well as the impact of the attack towards the system, which includes system assets and threats. Furthermore, the TVRA method identifies the threat agent attempting to compromise the system. Therefore, TVRA outputs include risk measures for previously identified threats, which can be calculated based on the probability of systemic effects.

C. INTRUSION DATABASE
Intrusion Database consists of activities that can be classified as either malicious or normal. The intrusion detection system (IDS) monitor and analyze the network traffic. The IDS system will trigger an alert if it detects any occurrences of malicious activity. Moreover, the network management agents can also trigger an alert using management protocols like SNMP traps, CMIP event reports, GrIDS, or even SCADA monitoring systems [8]. Nandy et al. [12] employed a secure IoMT framework based on Swarm-Neural Network using intrusion detection mechanism. The authors used real data known as ToN-IoT dataset for the proposed model. In [13], a deep neural network (DNN) was employed to develop an effective and efficient IDS to identify and predict unexpected cyber threats.

IV. IoMT CHALLENGES AND CONCERNS
In this section, the main concerns pertinent to IoT systems is presented with an emphasize on associated medical challenges as the following: There are numerous distinct sensors used for medical application with varying degrees of computer power, memory, power production, and embedded systems in the data gathering layer of the IoMT. The data formats used to collect patient physiological data vary by device, making data handling difficult in the data management layer [14]. Besides, the heterogeneity of wireless/wired protocols are another factor that contributes to poor interoperability. In such case, the medical devices collect the physiological data of patients and transfer the data to the servers. During the transmission process, various wireless protocols are used including WiFi, NB-IoT, and Bluetooth Low Energy (BLE). These are known to be used in certain powerful wearable medical sensor systems. Medical information interchange can be difficult at different medical facilities due to incompatibility between different IoMT systems [14].

B. PRIVACY AND SECURITY
The escalation of security and privacy issues are due to the dynamic architecture and openness of IoMT. According to the literature, installing IoMT applications introduced a diverse range of security issues, including unauthorized access to patient data and remote control of medical devices [5]. Patients may encounter major implications if their sensitive physiological information is disclosed [14]. Therefore, at the data management layer and health service layer, several access control mechanisms and identity authentication systems are introduced to ensure the confidentiality of sensitive patient information. [5]. However, these confidential data are still entrusted to a third party for privacy preservation, so the data server may be vulnerable to information breach. As a result, data storage may inadvertently or intentionally expose patient information [5].

C. BIG DATA ANALYTICS
According to [15], it is beneficial to evaluate healthcare through efficient illness management even though it may be time consuming. The literature introduces the CARE system, which employs big data analytics as a proactive in IoMT to support physicians in analyzing the status of their patients by enabling patient-physician interactions and sending physicians an alert when the patient's life is at risk. Another strategy for managing the massive amount of medical data is to develop an IoT-based information system for emergency medical services that unifies data formats and simplifies VOLUME 10, 2022 data accessibility, as well as a semantic model for data storage [16].

D. ENERGY CONSUMPTION
In general, IoMT relies heavily on sensors to collect realtime data from smart devices [5]. One way to improve the efficiency of sensors' capabilities is to regulate their energy consumption to extend their life span, which prevents communication breakdowns [5]. The authors in [17] introduced several strategies to preserve sensor energy by developing powerful batteries, introducing energy efficient protocols, and establishing energy preservation access points and gateways. Many studies have focused on preserving sensor energy, such as [18], which presented a wireless sensor network based on ZigBee and WiMax radios to achieve energy efficiency by selecting the gateway with the lowest link cost based on the distance from the internet and the remaining energy of sensors. In contrary, the authors in [19] believed that the integration of cloud and IoMT would result in more efficient energy usage and management.

E. NETWORK AND PROTOCOL DESIGN CHALLENGES
A routing protocol defines the flow of data between network routers, allowing them to choose routes between any two nodes in the same or different networks. A protocol is a set of rules that govern how data is exchanged between devices. Wireless network routing algorithms are more advanced than wired network routing algorithms in several areas, including network topology, power conservation, and channel efficacy. Routing systems in wireless networks must provide more than just data transfer between nodes [2].
Gatouillat et al. [1] reviewed recent contributions that attempt to improve the IoMT by incorporating formal approaches developed by the community of Cyber-Physical Systems (CPS). They demonstrated that the CPS strategy increases system robustness, security, and dependability, as well as verification and validation. Furthermore, a comprehensive list of CPS approaches used in the IoMT was provided and discussed. They then discussed how patients and medical professionals may benefit from medical technology's accessibility. However, their research does not provide a thorough analysis of the state-of-the-art in IoMT security and privacy. Conversely, their discussion on the survey papers focus mainly on device security.
Maria Papaioannou et al. [25] categorised actual and potential risks to the IoMT edge network based on critical security targets such as: Confidentiality, integrity, non-repudiation, authentication, authorization, and availability. They also provided a classification of security countermeasures against threats to IoMT networks based on literature. However, their investigation is narrow and limited to only selected survey papers considered.
In Sun et al. [2], reviewed the security and privacy issues that IoMT systems faced. They also explored on the privacy and security needs for IoMT based on data level, sensor level, personal server level, and medical server level. As conclusion, the authors presented a general overview of the current stateof-the-art techniques. Similar to prior work, their review is not comprehensive and lacks insights on each IoMT security principles.
Yaacoub et al. [20] provided an overview and analysis of security and privacy concerns associated to medical IoT systems. In addition, the source of attacks, and attributes, as well as their extent and impacts were described and explored in detail. The study also examines contemporary lightweight security solutions that use both cryptographic and non-cryptographic methods. However, they focused more on the IoMT challenges, risks, and cyber-attacks on IoMT scenarios on related survey papers. Accordingly, their paper provides a quick rundown of the current state of IoMT security solutions.
Hatzivasilis et al. [26] provides an overview of the key security and privacy controls that must be implemented in modern IoMT settings to protect the data of users and stakeholders. Nonetheless, their study was limited to security devices, with little discussion of the state of the art for each studied technique. Therefore, our paper thoroughly examined each study from a variety of perspectives, including risk management, how to secure an IoMT system, and how to detect any suspicious activity or security incidents. It also investigated the specific requirements and challenges of IoMT systems using diverse data sources. Table1 compares existing IoMT security surveys to our findings in key areas.

VI. TAXONOMY OF IoMT SECURITY PRINCIPLES
Based on our observation on existing literature review, several efforts have been made to provide taxonomies on related IoMT security and privacy approaches. However, most of them have adopted a classification criterion based solely on a few security principles. Therefore, we consider their perspective are only limited to a certain scope. In this paper, a new taxonomy for the existing IoMT security principles is proposed as shown in Figure 2. It attempts to provide a comprehensive understanding of the IoMT security issues, considering all aspects of security principles, rather than just a few of them. These cyber security principles are intended to provide give organizations with a strategic direction on how to secure their systems and data against cyber threats. These cyber security concepts are classified into three categories: govern, protect, and detect. The following sections describe the scope of all these aspects.

VII. GOVERN
Govern refers to the policies, procedures, and processes that will be used to manage and monitor regulatory, legal, risk, operational, and environmental standards that should be included in the risk management process [27]. The emergence of IoMT has led to new security concerns and threats because IoMT devices are susceptible to various attacks over their open wireless connectivity [28]. It is more likely that, attackers may get elevated privileges, implant malicious code, or infect devices with malware due to the inability of these devices to detect these threats and lack of security measures, as well as poor security authentication mechanisms. Moreover, medical devices are vulnerable to botnets or zombie attacks which can further jeopardize human patients physically [29]. This can happen because the attacker can identify their medical information and medical conditions, therefore putting the patients' lives in danger. Therefore, it is crucial protect against threats by addressing the key IoMT security concerns. Furthermore, the implementation of IoMT systems in healthcare involves a number of risks, including the possibility of any medical device's transmitted data being manipulated and edited (Data Falsification), a negative impact on patients' health, and a negative impact on the institution's reputation (Personal Information Disclosure).
Besides, the lack of proper training on nurses and doctors also may alleviate the risk of jeopardizing patients' lives [20] as these could seriously result in permanent disabilities or fatalities. Therefore, it is critical to implement a risk management strategy prior to any security risks. By definition, risk management attempts to govern and estimate risk before it manifests itself [28]. Subsequently, a new risk assessment approach is required to estimate the security risks of IoMT threats. However, it is challenging. In general, the first step in establishing the appropriate security solutions for IoMT applications and communication protocols is to address threats in IoMT and analyze their associated risks [20].

A. IoMT-SPECIFIC RISK ASSESSMENT
In risk assessment, the threat, risk, and vulnerability analysis (TVRA) technique are implemented. The risk assessment was carried out in accordance with the ISO/IEC 27005 standard for handling information security risks [30]. TVRA is based on the probability of a specified attack, as well as the impact of the attack on system assets and associated threats. Furthermore, the TVRA approach identifies the threat agent that is attempting to compromise the system. Hence, TVRA outputs include risk measures for previously identified threats that can be estimated based on their probability and effect on the system [20], [31].

1) THREAT ASSESSMENT
According to [32] threat modeling is a standard practice for identifying cyber security threats. Threat models are extensively used to generate a catalogue of prospective threats based on a profile of potential malicious actors' motivations, techniques, and resources to precisely prevent attacks from exploiting system vulnerabilities. Various studies introduced several ways of modeling and assessing threats, most of which are based on well-established methodologies. Some of the most common approaches are presented here, with the applicability of each strategy defined by specific characteristics [32].
• Attack path approach: The threat model based on attack pathways considers how the attacker's mobility, capabilities, and motivation influence the probability of an attack. One significant finding is that all opponents of the IoMT paradigm must be strongly motivated. Bluetooth security risks are classified into three categories in [33] exposure, integrity, and disruption of service.
• Asset-based approach: in [34], an adversarial model with an asset-based strategy is also provided. The au-thors classify essential assets and the vulnerabilities that a threat agent can exploit to damage a system.
• STRIDE: The STRIDE architecture is used by Consumer Health Wearables (CHW), a subcategory of IoMT devices, to indicate system areas that need to be further secured [35]. In another study [36], the STRIDE methodology is used to investigate and classify an adversary model across mobile healthcare systems, including IoMT. It identifies a wide range of threats, including spoofing, tampering, repudiation, information leak, denial of service, and privilege elevation [32].
• Attack-tree approach: threat modeling requires the prioritization and categorization of various threats. A treebased attack technique is described in [37], assessing a large number of related threats.
All adversaries of the IoMT paradigm must be extremely motivated. Other research categorizes threat agents differently. For example, in [38] threats are identified according to their capabilities, as well as the attackers' skills and resources. A threat-based medical cyber-physical systems (MCPS) concept is developed in [39],that partition users into four groups: trustworthy, trust-worthy but prone to errors, untrustworthy, and momentarily trustworthy. The study further describes why the attacker would violate patient privacy or have a direct impact on the patient's health. Reported in [40],the existing attacks that can be identified in health monitoring systems are described. The study in [41] proposed a system-theoretic process analysis (STPA) on an insulin pump device to detect accidents caused by security threats that are not protected by functional safety. In [30] used a threat-oriented analytical technique to assess the impacts of the attacks, a scenariobased analysis to determine the probability of threats occurring, and a composite analysis to select the most serious attack.

2) VULNERABILITY ASSESSMENT
A vulnerability assessment attempts to identify technical and/or non-technical security flaws that could be exploited by malicious users to create a security threat. The vulnerability assessment step is concerned with finding, quantifying, and prioritizing the multiple vulnerabilities in a system. The most common source of IoMT that enables vulnerability is, the medical equipment that is designed to be accessible for elderly people. Oftentimes, manufacturers frequently use poor authentication such as weak passwords for these types of systems. Furthermore, deploying robust encryption is not always achievable, and upgrading application environment firmware and evaluating the security of software APIs are not easy tasks for IoMT (such as implantable devices) [42]. Additionally, multiple levels should be considered in a full vulnerability assessment, including the devices, local and remote-control systems, and any other network-related services. Following that, various models for assessing the most common vulnerabilities for IoMT have been proposed. For example, a graph model is provided in [43] for determining the parameters that would be used to evaluate the damage on both actors and flows of medical equipment. Other studies examine three major components of a system to assess network-based vulnerabilities: databases, application software, and web servers [44]. In [34] the researchers provide a vulnerability framework for IoMT based on assets. The proposed framework known as Common Vulnerabilities, and Exposures (CVE) are utilized to identify vulnerabilities, while a Common Vulnerability Scoring System (CVSS) is used as a metric system to analyze the weaknesses of implantable devices. The authors of [45] compile a dataset of IoMT-related and medical software vulnerabilities across a range of medical devices using the ICS-CERT and NVD databases. A CVSS score of (7) or (9) indicates that the vulnerabilities detected are of high severity. In [46] the authors presented a goal-oriented questionnaires security evaluation methodology for IoMT solutions that includes extensive and simple questions. The framework can be used to assess the needs of a variety of stakeholders, as well as solutions and architectures. The authors examine all documented IoMT-related vulnerabilities from NIST's National Vulnerability Database (NVD) and CVE Details to validate the proposed methodology.

3) IMPACT ASSESSMENT
Numerous methods have been proposed in the literature for evaluating and quantifying the impact of IoMT attacks. Typically, the most common attribute in impact evaluation and control is patient harm, while other studies consider the monetary worth of the impact [47]. As presented in [38] four categories may be recognized in this case based on the severity of the damage, including brand value loss, life risk, data disclosure, and monetary worth. Other research examines the impact of IoMT attacks in terms of confidentiality, integrity, and availability. Further [48] proposes four impact groups: patient safety, service personnel, or environment safety, maintenance, and cost. Meanwhile in [49], they analyzed on the ''human aspect'', placing the user in the situation and investigating their role in the accident dynamics.

VIII. PROTECT
It is the process of implementing security measures in control to mitigate security risks. Access control refers to a set of security measures that determines who should have access to a system or a part of a system. It is designed to restrict access to limit access to those who have been granted permission [50]. The fundamental security attributes of an effective access control system are confidentiality (preventing unauthorized disclosure of information), integrity (preventing resource modification without authorization), and availability (preventing resource modification without authorization and assuring access to resource by legitimate users when needed) [51]. A complete access control system covers three primary functions: authentication, authorization, and accountability [51]. One of the most significant features of security and privacy in IoMT is the authentication process [51]. Therefore, this survey is solely focused on the authentication mechanism. Authentication is the process of identifying and verifying users on a secure system. In a secure system, the user must first identify himself or herself, and the system will then verify the identification before authorizing the user access [52]. There have been other approaches proposed, including those based on who you are, what you have, what you know, where you are, and what you can do [53]. According to the literature, authentication mechanisms can be classified into two types: physical authentication and technical authentication [50].

A. PHYSICAL AUTHENTICATIONS
Physical access control (sometimes known as physical safeguarding) is a method of preventing or restricting physical access to resources. It is critical to have a strong identification and verification procedure in place to prevent unauthorized access to IoMT systems. Nowadays, the most effective solution is biometric systems [20].
Researchers are looking into the use of biometric intrinsic characteristics that are unique to the individuals in IoMT healthcare systems since it is more difficult to be exploited by attackers compared to short password frequently employed in smartwatches [2]. Biometric authentication systems are divided into two phases: enrollment and matching. During the enrollment phase, subjects register their raw biometric samples in the database, following which the recorded biometric samples are processed into a template or a feature vector and saved in the database. In the matching step, a similar approach is employed. The subject's sample will be validated only if it matches the templates or feature vectors of the claimed identity in the database. Otherwise, the system will deny the login attempt [2]. Identification and verification are two common functions performed by biometric-based security systems. Identification is the matching of a sample against all the samples in the database, whereas verification is the matching of an input sample to one person's samples in the database [2]. Several biometric approaches are required for identification and verification, which can be categorized into physical and behavioral biometric procedures [54]. Physical biometric measures can be used to protect and maintain the medical privacy of patients without exposing them to insider threats. This includes facial recognition, retina scans, and iris scans [20].
• One method that IoMT systems can utilize to authenticate users is facial recognition [55]. It can demonstrate a high rate of verification [56]. It performed identification based on facial structure of a person using a specialized digital video camera that identifies and measures the structure of the face such as the distance between the eyes, nose, and mouth. Therefore, it can distinguish between legal and unauthorized users by comparing scanned faces to permitted faces in the database. This technology can secure the medical system because it continuously scans the user's face while they are using it. This strategy, for example, can prohibit lower-level medical personnel from accessing patient data in the absence of a higher-level medical staff member who has been authorized but not logged out of the system [55].
• Fingerprint Recognition: This authentication verifies the identity of person using their unique fingerprint. It is one of the most used biometric authentication methods. Fingerprint techniques function by reading the image of the fingerprint. The extraction algorithm influences the performance of fingerprint sensors. These commonly used algorithms include Delaunay triangulation-based, pair-polar coordinate-based and minutia cylinder-codebased feature representation [55].
• Iris Scan: The pigmented tissue around a specific eye pupil is analyzed and scanned by an iris scan to see if it matches the stored data and, if so, whether access is granted or denied. Iris Scan has shown to be critical for both identification and verification due to its ability to generate accurate and precise measurements [20].
• Retinal Scan: A retinal scan is a biometric technology that uses unique patterns on the retina blood vessels to determine the identity of a person. According to [57], it is considered as very accurate and safe verification approach.
• Fingerprint Vein: Finger vein biometrics identifies people based on the vein patterns in their fingertips. The vein patterns of each individual are distinct. When it comes to finger vein image acquisition quality, the follow-up algorithm will have a substantial impact on the final accuracy; thus, a simple and effective acquisition equipment is necessary [58].
• Hand Geometry: Hand geometry is a biometric technology that identifies a person based on the shape of their hands. A camera is used to take a silhouette image of the hand. The biometric systems will analyze the hand measurements, such as palm size, hand shape, and finger dimensions [54]. The data is then compared to a collection of stored data to validate users. If there is a match, a specific member of the staff will be allowed access. Otherwise, access will be denied [20].
Table2 (retrieved from [59])summarizes the strengths and limitations of these physical biometric techniques. According to [58], multi-mode biometric identification, integrated three biometrics of face, fingerprint, and finger vein, which produced a high recognition rate and higher security characteristics. The use of this integrated system will be an unavoidable trend in the future development of the medical industry. Furthermore, based on [60] vital sign monitoring has revolutionized individualized medical care. Real-time vital sign monitoring [60], [61], [62]and [63] enables researchers to acquire a better understanding of a patient's physical status, and to assess and make decisions based on diagnosis and treatment data. This is beneficial for studying human diseases and developing preventive measures. The support of wearable devices is intrinsically related to real-time vital sign monitoring and the realization of telemedicine [64]. Wearable devices such as rings, watches, and wristbands have made it easier to coordinate between medical staff and patients. Dao et al. [65] proposed an encrypted biomedical data with a multi-biometric encryption key technique and stored it in a safe fuzzy vault. The fingerprint data was used as the input for encryption, with the minutia of the fingerprint extracted and the input data encoded using a 16-bit technique.

B. TECHNICAL AUTHENTICATION
Technical authentication is a process of restricting or preventing access to an electronic resource. The goal of technical VOLUME 10, 2022 authentication strategies is to restrict access only to those authorized individual [50]. In the IoMT literature, various methods of technical authentication mechanisms are presented. Thus, we review the most relevant authentication methods based on models that have been proposed.

1) AUTHENTICATION BASED ON CRYPTOGRAPHY
Cano and others [66] proposed the concept of dual signature (DS) in the elliptic curve digital signature algorithm (ECDSA). A Dual signature is not the same as a double signature; it is a technique for securely coupling two variables of distinct natures while keeping them anonymous to two independent entities [66]. It is also compatible with hardware implementations. The authors presented a novel approach for encryption and encoding to be used in IoMT based on the Advanced Encryption Standard (AES) [66]. They tested the performance of their system, which requires less time to execute encryption and encoding operations than traditional cryptography techniques. The author suggested a homomorphic encryption-based data fusion mechanism in [67] that used random numbers for real-identity perturbation to conceal test subjects' real identities during the data fusion process. Using a cipher block chaining algorithm, the authors in [68] created a safe approach for the proposed framework to convey sensitive information related to the patient's body from a sink node to medical institutions. Their suggested approach computes digital authentication utilizing private-public cryptography to validate the encrypted chain of the sensor data. The cryptography approach safeguards data privacy by obfuscating medical applications to produce computationally indistinguishable outputs. Kavitha et al. [69] established a formal model for addressing security concerns using the program obfuscation approach. Their indistinguishable inscrutable obfuscated medical data transfer can be deployed between standard-compliant equipment in a health service center or clinical center to eliminate fraud and internal human risks. The state-of-the-art obfuscation approach (GGH13) uses a variation of the multi-linear map. However, in such schemes, noise can be seen in each element of the matrix, indicating that the matrix is a full rank matrix with a probability of almost one (1), preventing the relationship between the matrix determinant and rank from being established. Jing and others [70] demonstrated that the class of attacks can be extended to show the obfuscator candidate, is vulnerable to a variation of attack when instantiated with the ADLP GES as proven on GGH13. Furthermore, the authors [71] presented a lightweight, robust, and physically secure Mutual Authentication and Secret Key (MASK) setup protocol for securing patients' sensitive health information. The proposed protocol employs lightweight cryptographic primitives such as the one-way hash function, nonce, PUF, and bitwise XOR operations. Wang and others [72] developed an efficient and private outsourced support vector machine training strategy (EPoSVM) for IoMT. They used partially homomorphic encryption (PHE) to keep data private even when it is used. The authors also converted a floating-point value to an integer, with the fractional part denoted by the least significant E bits. They then developed eight secure computation protocols to handle integers and floating-point numbers in this format. In [73], they have incorporated two apps in their system to represent security and compression functionalities, Advanced Encryption Standard (AES) and Lempel-Ziv compression (lzw), respectively. The AES from the Crypto++ package was selected that consists of a 128-bit block length and key lengths of 128, 192, and 256 bits. In their implementation, they used a 128-bit default block and key lengths. Both encryption and decryption are performed by the application. The program accepts an 11KB plain text file and converts it to an encrypted file. The final output text file is created by decrypting the encrypted file. Both files are compared to ensure a correct encryption and decryption. Their main contribution in [74] is a novel lightweight encryption technology for protecting the privacy of medical images of patients. In the suggested lightweight encryption algorithm, they used 256 bits for image encryption and then calculated the associated image's binary value using 16 sub-blocks of 16 bits. The suggested method ensures that medical data transmitted to healthcare facilities remains confidential and safe. OPenICElite was developed by [75] as a general-purpose IoMT middleware for safe and secure medical device interoperability. It is an open-source medical device interoperability platform that is lighter and more modular than OpenICE and adheres to the Integrated Clinical Environment (ICE) architecture. OpenICE-lite ensures security with end-to-end communication encryption and secure data logging features and made use of the lightweight Message Queuing Telemetry Transport (MQTT) protocol. Further, the authors employed the Transport Layer Security (TLS) protocol to provide secure communication between any two MQTT clients. TLS is a popular communication protocol because it mixes symmetric and asymmetric encryption and offers excellent security guarantees if the keys are renewed regularly. Furthermore, OpenICE-lite can fight against most known information attacks, due to the TLS-augmented communication protocol such as eavesdropping and replay attacks. Replay attacks can be mitigated by including sequence numbers in the encrypted message. According to [76], they created a data-sharing scheme for the IoMT that is both safe and lightweight. Based on identity-based broadcast encryption, the approach ensures patient privacy and authorized access to shared data. Patients with health sensor devices collect and encrypt their data before uploading it to cloud servers for distribution. In addition, the patient specifies the identity of the user to acquire access. An entity known as Security-Mediator (SEM) helps patients in the development of blocks and block tags for subsequent integrity verification to verify cloud data (CD) integrity before sharing and reducing patient computation load. The authors presume that the SEM and CS are semi-trusted. In their scheme, the authors further proposed a Trusted Authority (TA) that is responsible for generating public and private system settings and issuing private keys to users based on their identities. In another work [77] the authors suggested Left Data Mapping (LDM) mechanism which translates each bit sequence to a corresponding shifted sequence, resulting in less deterioration, thus higher security for a given quantum of hidden data. The main goal of using LDM is to obtain high imperceptibility without sacrificing embedding capacity. The hidden secret message is divided into 3-bit chunks, each represented by a decimal value between 0 and 7. Additionally, the author devised a novel block checksum computation mechanism for localized tampering detection. A fragile watermark has also been used to assists in early tampering detection. Table 3 compares the existing Cryptography Mechanisms used in IoMT authentication. Table 3 compares the existing cryptography mechanisms used in IoMT authentication.

2) AUTHENTICATION BASED ON BLOCKCHAIN
Blockchain is an emerging technology that can provide a good solution for authentication and access services in IoMT enabled healthcare networks. It has cryptographic characteristics and a decentralized nature [85]. A blockchain is made up of a series of blocks, each of which is time-stamped and connected by cryptographic hashes distributed among network participants. Smart contracts can be coupled with blockchain to enable access control mechanisms for IoMT devices used in the healthcare area. Therefore, blockchain technology and the IPFS cluster are excellent for developing and managing distributed and decentralized infrastructures, as well as solutions for trust, integrity, authenticity, privacy, security, and storage in IoMT systems. The author described a new decentralized system based on IPFS cluster nodes and smart contracts in [85]. The Ethereum Ropsten network was used to design and deploy a consortium blockchain to protect the confidentiality of patient medical data. Their proposed method is divided into two parts: medical device components and IPFS cluster components. The medical device component is responsible for installing various medical devices in the IoMT to enable healthcare (specific patient's medical equipment) to interact via sensing and actuation. These medical devices generate data, which can later be transmitted over the blockchain network. The IPFS cluster component is responsible for ensuring the authentication of patients and medical devices. The IPFS cluster not only authenticates data but also ensures that it is stored securely in the IoMT system. The IPFS cluster nodes facilitates data synchronization for medical device authentication and authorization. In [86], BAKMP-IoMT is a revolutionary blockchain-based authentication and key management technique proposed by the authors for the IoMT environment. Furthermore, BAKMP-IoMT is designed with the private blockchain in mind. The stages of the BAKMP-IoMT are as follows: 1) predeployment, 2) key management, 3) user registration, 4) login, 5) authentication key agreement, 6) blockchain creation and addition, 7) password and biometric updating, and 8) dynamic IMD addition. Further, they used a cryptographic one-way hash function and bitwise XOR operations to make BAKMP-IoMT lightweight. According to [87], the authors presented the basics structure of blockchain and smart contracts, their applicability in the IoMT. They focused on the factors that contribute to the decentralization of smart contract adoption in IoMT. Besides, it also discusses the revolutionary architecture, as well as the benefits, issues, and future trends associated with their proposed integration. The decentralized Blockchain-based smart contracts for IoMT contain all the information linked to each patient transaction, including doctor details, prescription list and drug details, and pathology lab test reports. Each record holder serves as VOLUME 10, 2022 a block, with data flowing from one to the next in a chain. In this chain, a hash serves as the starting point, and a hash is always added to the message with each move. In [88], the authors proposed a private blockchain-based system for medical data management. It uses Ethereum smart contracts to govern data access authorization between entities such as patients, hospitals, doctors, research organizations, and other stakeholders. The smart contract representation in medical records includes permissions, record owner-ship metadata, and data integrity. The medical record data is saved on an off-chain server, with a cryptographic hash of the record kept on the blockchain to ensure data integrity. Additionally, some publications, such as [89], have proposed modifying the consensus protocol to match the IoMT specificities. In [90], the authors presented a consortium blockchain-based architecture for securely recording data generated by IoMT while maintaining patient privacy. The blockchain functionality in the proposed architecture is defined by patient agent software (PA). It uses an Edge computing network for lightweight jobs and a cloud server for secure storage of massive amounts of health data. Smart contracts are used to manage health data in a variety of ways, including filtering clinically useless health data, triggering alarms in specific scenarios, transferring data to the cloud as needed, and classifying data. The authors of [91] presented a permission blockchain-based architecture for secure remote patient monitoring. They used Ethereum smart contracts to analyze data and send notifications to patients and healthcare providers. Instead of using the PoW consensus paradigm, they proposed the use of Practical Byzantine Fault Tolerance (PBFT). However, the proposed architecture does not address IoMT Blockchain integration issues. Conversely, the authors in [92] introduced a tailored blockchain-based infrastructure for IoMT devices. The proposed blockchain is private, therefore to join the network and send transactions, the nodes must be certificated. In such case, the POW consensus protocol was no longer used by the authors. They arranged encrypted data into blocks and stored the interconnected blocks in the cloud to deal with the enormous volume generated by IoMT devices. The hashes of blocks were retained on the blockchain to ensure tamper-proof storage. The authors utilized a 'lightweight privacy-preserving ring signature approach' that allows a set of nodes to participate in the data signature to ensure the anonymity and authenticity of the user. They then utilized a two-fold encryption approach in addition to a digital signature to secure data and ensure its integrity during transmission and storage. The key is encrypted using the receiver's public key, and the data is encrypted using the lightweight ARX technique. In [93] suggested the application of a blockchain-assisted safe data management framework (BSDMF) for health information based on the IoMT to securely transmit patient data while also improving scalability and data accessibility. The proposed BSDMF enables secure data transfer between personal servers and implantable medical devices, as well as between personal servers and the cloud. In the IoMT-based security framework, blockchain is employed to provide data transmission security and data management between linked nodes. Their suggested BSDMF approach achieves high accuracy, precision, average trust value, response time, and latency with minimal effort. Furthermore, in [94] the authors investigated the advantages of blockchain-enabled IoMT, particularly in battling COVID-19. They specifically outline the architecture of blockchain-enabled IoMT and talk about the advantages it offers. Following that, they examine the IoMT-enabled blockchain responses to COVID-19 from five angles, including 1) pandemic origin tracing, 2) social isolation and quarantine, 3) smart hospitals, 4) medical data provenance, and 5) remote healthcare and telemedicine.

C. DETECT
Threat detection is the practice of analyzing the complete security ecosystem to identify any malicious activity that could compromise the network. If a threat is detected, then mitigation efforts must be enacted to properly neutralize the threat before it can exploit any present vulnerabilities. The majority of cutting-edge IoMT detection solutions are Intrusion Detection Systems (IDS) and Malware Detection Systems. Each mechanism will be discussed in detail in the following.

1) INTRUSION DETECTION SYSTEM
IDS is a type of security control that is commonly used to monitor and examine network/system traffic to detect anomalies and suspicious activities [71]. In [95], the authors utilized mobile agents for low-footprint intrusion detection in the medical environment. They also used machine learning and regression algorithms to detect network level intrusions and simulate hospital network topology to conduct IoMT experiments such as wireless body area networks (WABAN) and other DICOM network protocols used by connected devices such as ultrasound scanners and MRI machines. A wireless body area network is made up of wireless wearable or implanted devices that detect and transmit physiological data from patients to enable continuous patient monitoring, diagnosis, and therapy. They performed 72 independent simulations for each network type out of 216, resulting in an overall best and worst-case detection accuracy of 99.9% and 92.91%, respectively.
In [12] a novel IDS for health data prediction at the network's edge utilizing an intelligent experimental agent in an edge-centric edge concentrating on IoMT framework. Their proposed IDS technique is based on an empirical critical idea employed Swarm-NN strategy for detecting attacks and monitoring health data. The main objective of the proposed mode is to detect attacks during data transmission over a network, as well as to perform more efficient and accurate health data analysis at the network's edge. It was demonstrated that the Swarm-NN approach can effectively classified monitoring data with a 0.5% error rate. During the study, the suggested technique is tested on a realistic ToN-IoT data set that contains an estimated 99.5% of the attack styles in IoT devices. Furthermore, the authors proposed the XSRU-IoMT model in IoMT networks for effective and timely detection of advanced attack vectors [96]. The proposed model exploits one-of-a-kind bidirectional simple recurrent units (SRU) that use the presence of skip connections to eliminate vanishing gradient concerns and accelerate recurrent network training. The evaluation results on the ToN-IoT dataset revealed that the proposed XSRU-IoMT model is more effective and superior to state-of-the-art compelling detection methodologies, meaning that it might be employed as a feasible actual deployment model for IoMT networks. The initial element of the proposed framework [13], consists of numerous smart health equipment that is interconnected via the internet and unique IP addresses, such as an intelligent pacemaker, intelligent wheelchair, intelligent glove and others. These devices periodically communicate sensitive data from the patient wearing the smart device, that is further stored the hospital's private cloud. The data may be accessible by intruder in variety of ways, even when it is stored in the cloud, during communication, or when transmitted to the doctor. Therefore, a deep neural network (DNN) was employed to develop a robust IDS to identify and forecast these unexpected cyber-attacks in the IoMT environment [13]. There are three procedures involved in the proposed model: pre-processing, dimensionality reduction, and classification. It was revealed that, the proposed DNN model outperforms conventional machine learning approaches with a 15% increase in accuracy and a 32% reduction in time complexity, enabling faster alarms trigger to avoid post-intrusion impacts on sensitive cloud data storage. The author in [97] presented a model for real-time seizure detection using an edge computing paradigm and the conventional kriging approach. Electroencephalogram (EEG) signals from patients were analyzed for fractal dimensional features and classified using the advised conventional kriging approach. The suggested model has perfect sensitivity, specificity, precision, and testing accuracy, with a training accuracy of 99.4%. In an edge computing setting, hardware implementation results in a mean detection delay of 85s. This is a novel study that employed the kriging approach for early detection in seizures. The authors in [98] proposed a cyberattack detection system powered by ensemble learning and fog-cloud architecture. The ensemble design integrates Decision Tree, Naive Bayes, and Random Forest as first-level individual learners. XGBoost used the categorization findings at the next level to detect normal and attack instances. The proposed model employs an accurate dataset ToN-IoT that is derived from a large-scale, diverse IoT networks. According to the experimental findings, the suggested framework can achieve a detection rate of 99.98%, a precision of 96.98%, and a decrease in false alarms.

2) MALWARE DETECTION
Malware is a catch-all phrase for any malicious program that enters a system without the user's permission. It poses a significant threat in today's digital world [99]. The author in [100] used a learning-based Deep-Q-Network technique to analyze and preserve the confidentiality and privacy of healthcare data. During this process, the system looks for intermediate attacks and malware to detect in an IoT-based healthcare system. The main goal of their work was to introduce a layered approach of Deep-Q-network for handling authentication, access control, and other types of rapid attacks on IoT-based apps for healthcare. The developed technique was employed to ensure the security, privacy, and dependability of the data. Therefore, the main objective of this project is to ensure security and privacy when accessing or sharing medical data over the IoT. The work in [101] introduced a novel deep multi-layer perceptive learning technique based on the blockchain dubbed Biserial Correlative Miyaguchi-Preneel Blockchain-based Ruzicka-Index Deep Multilayer Perceptive Learning (BCMPB-RIDMPL). The introduced model aims to enhance malware detection accuracy while minimizing its computation time. This study combined the advantages of deep-learning algorithms and blockchain technology. The BCMPB-RIDMPL technique used one input layer, three hidden levels, and one output layer to detect malware. The input layer received a large number of applications and malware features. The malware features were then transferred to the first hidden layer, where they were identified using point biserial correlation, which reduces the time required to identify the infiltration. The selected features were then transferred to the second hidden layer. In that tier, the hash value for each selected feature is generated using the Miyaguchi-Preneel cryptographic Hash-based blockchain. The hash values are stored in the blockchain after they have been generated. The classification was performed in the third hidden layers. This method increases the accuracy of malware detection. The experiments were conducted using Matthew's correlation coefficient, and the malware detection have been conducted on varying types of applications.

IX. DISCUSSION AND FUTURE RESEARCH DIRECTIONS
The integration of medical equipment into the IoT have emerged in the development of IoMT since IoT devices have been used in a variety of medical settings. These devices can continuously monitor patients' health in the present, allowing them to be discharged from the hospital and strengthening their physical flexibility and mobility. In addition, IoMT applications are used by many healthcare organizations to improve patient care, manage prescriptions, monitor diseases, reduce human error, and improve patient satisfaction. However, the openness and dynamic architecture of IoMT have increased security and privacy concerns. Therefore, it is critical to address these security and privacy concerns by ensuring the security system is always up to date. Many studies has investigated measures on security and privacy, but there is still more to discover. Hence, this paper aims to provide a comprehensive survey on existing literature focusing on variety of security and privacy principles. These analysis includes different perspectives of research area such as risk management, IoMT system security, and methods for detecting security incidents or suspicious activity. In addition, we used a variety VOLUME 10, 2022 of data sources to examine the unique needs and challenges of an IoMT system. The IoMT domain is still open for more future directions especially for academics, entrepreneurs, and vendors. The following are potential future research directions that could be used to improve the privacy and security of IoMT healthcare systems.

A. STEGANOGRAPHY
The system security and privacy based on IoMT is particularly critical for medical images such as X-rays, radiology, ultrasound, magnetic resonance imaging (MRI), and positron-emission tomography (PET), among other things. Following that, there will be a need to employ more efficient security mechanism for future implementation. The information security should not only be relied on encryption, but it should also focus on achieving an undetectable communication that is not visible to anyone in the communication channel. Alternatively, the use of steganography is introduced to avoid threats such as service repudiation or complete communication system disruption.

B. BLOCKCHAIN
The use of blockchain has been explored in previous literature for data authentication. However, its application came with many challenges. These challenges are presented as follows: • Technical details are inadequate: integrating blockchain with the IoMT is difficult. Most of the previous systems failed to provide any technical information. Researchers are required to make clear all of the technical specifics pertaining to the blockchain's connection with IoMT.
• Abstractions in programming: The adoption of blockchain technology is difficult and requires thorough understanding of multi-disciplines. These includes the low-level discipline, such as managing IoMT devices and configuring blockchain to fulfill IoMT specifications, and to high level discipline, such as sharing, storing, and processing IoMT data. In this environment, it is critical to create an abstraction layer that hides all these difficulties to provide developers with new application programming interfaces (APIs) and middleware that make it simpler to build decentralized and secure healthcare applications using IoMT.
• Computational constraints: generating blocks in blockchain takes significant processing resources, which is difficult for IoMT devices with restricted capabilities.

C. DETECTION MECHANISM
In recent years, numerous machine learning-based network intrusion detection methods, such as in [13] and [12], have been presented. Moreover, the deep learning algorithms for disease diagnoses are becoming more popular in medical servers, therefore they are applicable to IoMT healthcare systems. Thus, researchers should consider the use of these approaches as solution to protect user privacy and system security.

X. CONCLUSION
IoMT is susceptible to cybersecurity attacks since attackers aim to gain unauthorized access to patients' confidential data and medical services. The main goal of this paper is to discuss the security and privacy principles across all IoMT domains to ensure a more complex, secure, and efficient system. Particularly, the paper examines on the IoMT research activities such as issues, challenges, and limitations of the IoMT system. The main contribution of this paper is the proposed novel taxonomy based on cybersecurity concepts such as govern, protect, and detect for IoMT security and privacy approaches. Following that, the paper thoroughly describes the security principles and classifies them based on how they are applied in the IoMT. Despite major efforts in the field, we discover that IoMT is still progressing. One example of a future research direction that could be used to improve the privacy and security of IoMT healthcare systems is steganography. Furthermore, the application of blockchain faces other problems, such as the integration of blockchain with IoMT challenging due to the large processing resources required for blocks construction.