Design and Implementation of a Communication and Data Management Architecture for IoT Systems and IoT-based Assistive Technologies

The thesis presents the design, development, and verification of a communication and data management architecture for IoT-based assistive systems for the remote tracking of physiological signals. The motivation is the increasing demand for reliable, secure, and privacy-preserving healthcare applications, whereby remote tracking of patients can contribute to the early detection of anomalies, elderly care, and the clinician's decision support. The architecture deployed within this system is structured across three top-level layers: data acquisition, communication and processing, and storage and visualization. Physiological measures are detected with a wearable sensor and collected with a Raspberry Pi that acts as a local gateway. The local gateway runs custom programs that serialize the sensor readings in JSON format, add metadata fields, and publish the information both with a local broker and with a remote broker. Communication is activated over the MQTT protocol and with TLS encryption and certificate-based mutual authentication. For fault-tolerance, store-and-forward techniques are employed, so that information is stored in the persistence files whenever the brokers or the databases are temporarily not available, and re-transmitted when connectivity is re-established. On the storage side, the time-series database InfluxDB is installed locally as well as on a cloud-based virtual machine. The dual installation allows current information to be available at all times even when the Internet is out. Visualizations are via the Grafana dashboards, served over HTTPS only. There are role-based dashboards so that users only see information that is relevant to what they are responsible for. The data lifecycle is managed so that measurements remain short-term on the local gateway while long-term in the cloud. High importance was given to GDPR compliance and security. Access to the hosts is limited by using a dedicated non-root user on the Raspberry Pi and SSH key authentication on the remote server. Communications are encrypted with TLS, certificates are signed with the self-signed Certification Authority (CA), and mutual authentication is implemented with clients. The metadata is pseudonymized so that device identifiers cannot be linked directly with individuals, and Linux auditd logs and Telegraf monitoring are used for accountability and observability. The system was extensively validated with experiments across many aspects. Role-based dashboards were created in order to check authorization policies. Data reliability and integrity were validated with comparisons in local and remote databases, checking consistent and loss-free transmission. The scalability was tested with simulated multiple sensors while monitoring CPU, RAM, and network load on the local gateway as well as the cloud host. The observability test confirmed system parameters as well as resource monitoring. The latency was checked with timestamp comparison, checking acceptable end-to-end delays. The failure recovery was validated with deliberate stopping and rerunning of services locally and remotely, which confirmed that the persistence mechanism prevented data loss. Finally, the thesis shows how an IoT framework that is fault-tolerant, GDPR-compliant, and secure can be developed for healthcare. The system integrates local resilience with cloud availability, attains end-to-end encrypted and trustworthy communication among all components, and is nonetheless extendable in order to support more sensors and sophisticated analytics.