Criticality assessment of the components of IoT system in health using the AHP method

The Internet of Things (IoT) network in the health area offers many facilities or conveniences, as it allows communication between machines, such as monitoring the development of chronic diseases, disseminating disease control, monitoring the fall of the elderly. However, this communication can bring some associated risks, such as breach of privacy and security, loss of data integrity. Thus, this study identified the components of the network that interfere with the occurrence of risk and their respective hierarchy within the IoT system used in the health area. There were 8 (eight) factors identified in the literature and were validated by 2 (two) academic experts with knowledge on the subject. The use of the Analytic Hierarchy Process (AHP) method allowed to identify the most critical componentes related to the study proposed here.


Introduction
The vision of a connected world enables more intelligent, sustainable and inclusive economies, requiring resources related to ubiquity, reliability, high performance, efficiency and scalability (Biswas & Giaffreda, 2014). Likewise, the Internet of Things (IoT), a term created by Kevin Ashton in 1999(Greengard, 2015, has evolved and gained notoriety in scientific communities and by other researchers. So, the term IoT can be defined as the ability of multiple devices to interact with each other on a network with the presence of a limited or nonexistent user (Mena, et al., 2018). The basis for controlling this interaction occurs through other objects, systems and servers (Radanlieva, et al., 2020). The WSN (Wireless Sensor Network) and the M2M (Machine to Machine Communication) can be considered as examples of IoT networks (Lee & Ouyang, 2014) The Internet of Things has been permeating the daily lives of companies and people (Ray, 2017), being applied to monitor and track the goods lost during the logistical delivery process (Ben-Daya, et al., 2017). In agribusiness, for instance, it has been used in pest control and soil quality (Lin, et al., 2019), and control of agricultural supplies (Yan, et al., 2017). Besides, in sports it has been applied aiming at a preventive monitoring of athletes' injuries (Wilkerson, et al., 2018). The application in education is also a worldwide trend that impacts on the physical and virtual learning environment (Elsaadany & Soliman, 2017).
The health area was one of the first to adopt the IoT (Lomotey, et al., 2017) and it has been applied to improve the quality of services, providing mobility and autonomy in daily activities (Domingues, et at., 2019 ). In order to improve medical services in hospitals, wearable systems are used to detect emergency cases at the time of screening (Albahri, et al., 2019). In the context of mobility, there are works that utilize sensors to capture plantar pressure and thereby identify, during walking, posture problems in spine and diabetic foot ulcerations (Domingues, et al., 2019). Another example of its application in the health area is to control the development of chronic diseases. In order to prevent problems, Ali et al. (2018) suggested supervising patients, using sensors, after recommending diets with specific foods and medications.
Therefore, the application of the IoT in health shows promising benefits for the patient's well-being, such as remote monitoring and/or diagnosis (Albahri, et al, 2019). However, some issues may jeopardize the application of this emerging technology. For instance, changes in the data package (data inconsistency) and in the generation of incorrect data may occur during the remote monitoring process (Sharma & Chen & Sheth, 2018). Besides that, another challenge is to maintain the privacy of adverse data from the network, allowing its analysis or not, jeopardizing the benefits of its application (Sharma & Chen & Sheth, 2018).

Related Works
IoT system risk A modern healthcare system involves a data mesh in order to continuously monitor the patient. Sensors transmit patient data (blood pressure, heart rate, oxygen saturation, temperature, among others), which are stored and analyzed. For this, privacy must be maintained at all stages of the process so that the benefits of using the network are achieved. However, this ideal privacy is practically unattainable (Sharma & Chen & Sheth , 2018;Sood & Mahajan, 2017;Wang , 2018).
In addition to studies involving risks related to privacy and security, there are studies considering risks related to data integrity (Lomotey et at., 2017); Muhammed et al, 2018), the authors suggest solutions related to the protocol, Device/Sensor and to the Gateway. When evaluating a specific context, restrictions to the proposals presented have to be taken into consideration. They can indicate that it is not possible to implement the best algorithms to model the healthcare (Sharma & Chen & Sheth , 2018) or just to give evidence only to one aspect of the network to be mitigated such as latency, bandwidth, energy consumption and other parameters (Muhammed et al., 2018).
It becomes vital for the successful implementation of these modern health systems to focus on a component of the network and distribute the workload among its participants in order to mitigate these risks involved (Sharma & Chen & Sheth, 2018). And ethic issues were pointed as an external component to the network security (Mittelstadt, 2017 [1],  [2]).

IoT system risk evaluation
The application of techniques or methods to evaluate health risks IoT, are currently restricted to a few articles. For instance, Petri network technique has been applied in the development of a wearable IoT data flow architecture that offered traceability of data routes from the source to the health information system in order to determine what data belongs to whom efficiently. (Lomotey et al., 2017). Gyamfi et al. (2019) proposed the Bayes method to obtain an ideal balance between minimizing the energy cost of pulse transmission and reducing the incidence of important losses during the transmission of patient data, such as heart rate. In addition, they proposed an ideal protocol for transmitting this type of data In another application Analytical Hierarchy Process was applied to improve the screening of patients, selecting hospitals according to the patient's emergency. This enabled improvement in medical team organizations in a modern lifestyle and better supporting the needs of the patient (Albahri, et al., 2019).
Moreover, Huang et al. (2018) applied the AHP technique to evaluate risks in IoT systems, but without focus on the health area. In the mentioned studies, the analysis techniques were not used in the joint analysis of the components of the IoT network in the health area, but in a specific component. In addition, they do not assess the criticality of components external to the network. This article is structured in 4 sections. The first section presents the methodology utilized. Afterwards, it is presented the theoretical basis and discussion of the results. And then, it is concluded with the considerations of the study, presenting limitations and suggestions for future studies.

Methodology
The study adopted mixed approach, as it combined strong points of the qualitative and quantitative approaches (Creswell, 2010). Conforming Pereira et al (2018), the qualitative approach was chosen to assign a level of relevance and also to the probability of failure of the components of the Internet of Things system and was carried out with the help of specialists.
The specialists were provided with the options "Little relevant", "Medium" and "Very Relevant" and to assign the probability of failure the options were: "Very low", "Low", "Median"," High "," Very high ".
The use of a qualitative approach to obtain this information tends to decrease the amount of adverse errors. Each of the options requires conversion to conversion to numerical values and therefore requires more care. Therefore, these numerical values were used in a quantitative approach, when using as the initial parameterization of the AHP.
In addition, according to Kumar (2011), research can still be classified as to its purpose. This research initially had an exploratory character, since the initial focus was to provide context about the studied problem. In a second step, the study became predominantly descriptive, in which there is a deepening on the theme. It is at this stage that prior knowledge obtained in the exploration of the problem situation is considered.

Literature Review
In the literature review, the database of Scopus, Web of Science and IEEE Explorer were consulted, utilizing the combination of key-words: IoT and Risk and Health, ʹInternet of Thingsʹ and Risk and Health, IoT and failure and health, ʹInternet of Thingsʹ and failure and health of the last 5 years. And from the results of these searches, the criteria of proposed and adapted selection (Liao, et al., 2017) resulted in 55 articles. The literature indicated eight components of the IoT network that were listed in Table 1.
The components, their respective examples and respective authors that corroborate were listed in Table 1.  (2019) Source: Authors.
The components listed in Table 1 have been validated by specialists. The specialists are professionals with extensive market experience and who are currently dedicated to studying the IoT for approximately 5 years. They were organized in order to control the application risks in the health as represented in Figure 1. The risk problem in the IoT network was decomposed to help in the representation and assist in the control of the problem (Figure 1), for that the understanding of the components facilitates this activity. This understanding was detailed in Table 1.

Application of AHP Method
The Analytic Hierarchy Process provides a flexible and easy way to understand and analyze the risks of the study. It is a methodology of analysis of decision with several criteria that permit subjective and objective factors be considered in the process (Mustafa, 1991). Besides that, this is a general theory of evaluation largely accepted (Saaty, 2013).
The AHP application was divided into 3 (three) stages: decomposition of the problem in a hierarchy structure ( Figure   2), arrangement of a comparing matrix among the criteria utilizing Saaty's importance scale (and respective normalization), calculation of the priority vector for the criteria (Saaty, 2008). The decomposition of a hierarchy of criteria is the representation of the goal, and association to possible criteria that composes it. So that, the goal is easily analyzable and the criteria is comparable independently.
From the decomposition of hierarchy process, the decision makers compare the criteria one by one to determine the relative importance between them and their relative influence to the global goal.
The comparison between two elements utilizing the AHP can be accomplished in several ways. However, the scale of relative importance between two elements proposed by Saaty (Saaty, 2008) is widely used, assigning values between 1 to 9. The scale determines the relative importance to an alternative in relation to the other, in conformity with Table 2. For the purpose of this study, this is the most appropriate method, as it can be partially implemented. This is consistent with the model proposed in this study, when decomposing the problem in a hierarchical structure until the systematic level of the criteria two by two. In addition, it allows the representation in a spreadsheet comparison matrix that makes easier the interaction with the specialist.
With the purpose of determining the contribution of each criteria/component to reach the global goal, it is necessary, firstly, the normalization of the comparison matrix and then the calculation of the priority vector or Eigen vector. The normalization is obtained by the division between each value of the spreadsheet with the total of each column, and the priority vector is obtained through the mean arithmetic of the normalized values of each of the criteria.

Ranking Determination
It is possible to define a ranking from the calculation of the priority vector, once it determines the contribution/influence of that criteria in the total result of the goal. The criteria with higher values in the priority vector took the top positions in the ranking, while the criteria with lower values in the priority vector took the last positions.

Evaluation Rate Consistency
Finally, the consistency index has to be evaluated (Saaty, 2013). The consistency index allows to verify if the result was representative and the grades were not assigned at random.
The index has the priority vector as basis and it is calculated through the sum of the result of each element of the vector by the total of the respective column of the original comparing matrix, being represented by λmax.
Consistency level can be calculated, as follows: , where CI refers to the consistency index and n is the number of criteria.

Numerical Application
As mentioned in the previous topic, through Google Sheets, the comparing matrix were provided to the 2 (two) academic specialists to assign the weights. The criteria/components were organized in a matrix in order that each specialist could grade from 1 to 9. The grades were consolidated utilizing the geometric average and normalized in order to create a ranking, resulting in a comparison matrix (Table 4). With the purpose of better interpreting the data, the normalization was done dividing each value of the chart by the total of each column (Table 5). Finally, the priority vector it was calculated in order to find out the contribution of each criteria to control risks in the IoT network in the health area. This is obtained by arithmetic mean of the values of each criterion, creating a ranking (Table 6). The next step was to calculate the consistency rate (CR) to check if the result was representative and the scores were not given at random. In the presented model, the RC is equal to 0.07, as shown in Table 7, thus the matrix can be considered consistent.

Discussion
In order to demonstrate the applicability of the proposed model, it was used to assess risk of a monitoring system for the refrigeration control of the magnetic resonance (MR) room (Bento, et al., 2019). The authors use the BMP085 sensor that can measure the temperature and atmospheric pressure and operated the 7-bit I2C protocol. The application codes were written in the C programming language and deployed in the cloud server and available by API (Application Programming Interface) technology. The complete connection scheme is illustrated in Figure 3. Source: Adapted from (Bento et. al, 2019) In Figure 3 shows that all components extracted from the literature were applied to the proposed example, as well as the interaction between them.
In this sense, the study resulted in a model that indicated the sensor for a high level of criticality highlighting the treatment of access control and data. At the same time, there was a low risk on the server side, as there are strict host policies. In addition, improvements were suggested in the implemented algorithms, such as checking the periodicity of data readings.
The use of new technologies, mainly in the health area presents complex challenges regarding the object of the experiment and the human being. The literature shows that the application of the IoT in the health area is promising, although there are challenges concerning the systems and technologies used. The numerical results show that they provide conditions to evaluate a risky situation involving the IoT measurement systems in the health area. The obtained RC (0.07) indicates that the Research, Society andDevelopment, v. 10, n. 2, e57010212917, 2021 (CC BY 4.0) | ISSN 2525-3409 | DOI: http://dx.doi.org/10.33448/rsd-v10i2.12917 11 evaluated data are coherent among the experts' evaluation, which makes the application of the model viable According to the resulting priority vector (Table 7), where 1 has the greatest impact and 9 the least impact, the sensors (1) obtained a PV of 0.27, a value much bigger than the second (gateway) that was 0.11. The average distance between the PVs (2-9) is 0.2, which demonstrates the level of importance of the PV (1). Figure 4 shows the existence of three priority groups, being formed by PV (1). PV (2,3,4,5) and PV (6,7,8). PV (1) is the starting point of the system, since data is collected in it and, due to this, it is the one that presents the greatest risk to the system and is under the vulnerabilities of the installation local. The second group includes VPs related to data transport, generally monitored by third parties, although there is the aspect of local security to access the components involved (transmission equipment, cabling, interface, among others). Finally, the latter group is responsible for processing and presenting the data.
Although it belongs to this group, according to the classification of the VPs, the social aspect impacts on the issue of human presence, with regard to access to devices. The utilization of the proposed risk assessment model provides conditions to assess and mitigate risks in applications that use the IoT within specific contexts in the health area. In other words, it follows ethical protocols and is in accordance with the case of application of the technology. The model includes applications described in the literature, which reinforces the question of its practical application. In many situations, the risks involved in the technological framework to implement the IoT are neglected, especially when using the standard parameters provided by manufacturers or models replicated in different environments. It is important to highlight that despite the elaboration of a risk exposure ranking, the IoT chain application in the health area demands a deep analysis on the other factors listed, as changes in the signal distribution (data) may occur if compared to the adopted standard. Thus, the proposed model allows a risk situation to be analyzed utilizing the elements included in the model. Also, the literature review proposed a division of the IoT systems architecture into three groups. The first one refers to the devices/sensors (mobile and wearable sensors) that capture the patient and the context health data. The second group refers to the Gateway, which acts as a bridge between devices/sensors and the remote servers, being responsible for the data transmission and the protocol conversion. And the third one, the Provider Service, offers the transmission and data storage. It is also the means of offering health services, enabling the professionals to analyze and perform the diagnostics (Azimi, et al., 2019).
Mobile devices are seen as vital components to monitor patients and allow mobility. Furthermore, mobility allows to capture patient data in real time. This is one of the biggest benefits of applying the IoT in health. (Muhammed, et al., 2018).
They are vital components. but vulnerable to installation locations, as mentioned previously. This can indicate the high impact on the model and the positioning in the ranking ( Figure 5). There are few studies focusing on the receipt of data by health professionals or even social issues in the network. Among these studies, assessment/mitigation techniques are not applied. Probably, this may indicate that it cannot be controlled because it is an external factor. Regarding the ethical component, the IoT in the health field has to be designed to be technologically robust and scientifically reliable. Furthermore, it has to remain ethically responsible, reliable and respectful concerning the rights and interests of users .

Conclusion
The health sector is one of the first ones to adopt the Internet of Things (IoT). And, with the increase of wearables, health provider services are facilitated, offering economical cost of life such as real-time monitoring, vital reading, recommendations to healthy lifestyle and so on (Lomotey, et al. 2017).
This study proposed the application of the Analytic Hierarchy Process technique, resulting in a ranking of internal and external components that have higher impact on the network. From this ranking, it was verified that the Device/Sensor component represented the highest impact factor, indicating the necessity of closer attention by the decision maker in the mitigation of the risk. On the other hand, the Social and Application (GUI) were indicated components of lower impact in the IoT network.
The results pointed that the proposed AHP model can be used to assess criticality of the IoT components in different problems in the health area.
Moreover, the AHP technique allows to explore the problem in more hierarchy levels, by including alternatives, bringing, for instance, more details on the protocol vulnerability.
For further researches, alternatives could be included on the basis of this model, allowing to assess systems criticality and its application in other sectors could be investigated.

Acknowledgements
This study was supported by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior -Brasil (CAPES) and special thanks to Uninove for the scholarship.