Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement

During the past decade, the electronic healthcare (e-health) system has been evolved into a more patient-oriented service with smaller and smarter wireless devices. However, these convenient smart devices have limited computing capacity and memory size, which makes it harder to protect the user’s massive private data in the e-health system. Although some works have established a secure session key between the user and the medical server, the weaknesses still exist in preserving the anonymity with low energy consumption. Moreover, the misuse of biometric information in key agreement process may lead to privacy disclosure, which is irreparable. In this study, we design a dynamic privacy protection mechanism offering the biometric authentication at the server side whereas the exact value of the biometric template remains unknown to the server. And the user anonymity can be fully preserved during the authentication and key negotiation process because the messages transmitted with the proposed scheme are untraceable. Furthermore, the proposed scheme is proved to be semantic secure under the Real-or-Random Model. The performance analysis shows that the proposed scheme suits the e-health environment at the aspect of security and resource occupation

Security analysis and enhancements of an improved multi-factor biometric authentication scheme

Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between a user and server over an insecure channel. By employing a secure remote user authentication scheme, a user and server can authenticate each other and utilize advanced services. In 2015, Cao and Ge demonstrated that An's scheme is also vulnerable to several attacks and does not provide user anonymity. They also proposed an improved multi-factor biometric authentication scheme. However, we review and cryptanalyze Cao and Ge's scheme and demonstrate that their scheme fails in correctness and providing user anonymity and is vulnerable to ID guessing attack and server masquerading attack. To overcome these drawbacks, we propose a security-improved authentication scheme that provides a dynamic ID mechanism and better security functionalities. Then, we show that our proposed scheme is secure against various attacks and prove the security of the proposed scheme using BAN Logic.111Ysciescopu

A user-centric privacy-preserving authentication protocol for IoT-AmI environments

Ambient Intelligence (AmI) in Internet of Things (IoT) has empowered healthcare professionals to monitor, diagnose, and treat patients remotely. Besides, the AmI-IoT has improved patient engagement and gratification as doctors’ interactions have become more comfortable and efficient. However, the benefits of the AmI-IoT-based healthcare applications are not availed entirely due to the adversarial threats. IoT networks are prone to cyber attacks due to vulnerable wireless mediums and the absentia of lightweight and robust security protocols. This paper introduces computationally-inexpensive privacy-assuring authentication protocol for AmI-IoT healthcare applications. The use of blockchain & fog computing in the protocol guarantees unforgeability, non-repudiation, transparency, low latency, and efficient bandwidth utilization. The protocol uses physically unclonable functions (PUF), biometrics, and Ethereum powered smart contracts to prevent replay, impersonation, and cloning attacks. Results prove the resource efficiency of the protocol as the smart contract incurs very minimal gas and transaction fees. The Scyther results validate the robustness of the proposed protocol against cyber-attacks. The protocol applies lightweight cryptography primitives (Hash, PUF) instead of conventional public-key cryptography and scalar multiplications. Consequently, the proposed protocol is better than centralized infrastructure-based authentication approaches

The Extent and Coverage of Current Knowledge of Connected Health: Systematic Mapping Study

Background: This paper examines the development of the Connected Health research landscape with a view on providing a historical perspective on existing Connected Health research. Connected Health has become a rapidly growing research field as our healthcare system is facing pressured to become more proactive and patient centred. Objective: We aimed to identify the extent and coverage of the current body of knowledge in Connected Health. With this, we want to identify which topics have drawn the attention of Connected health researchers, and if there are gaps or interdisciplinary opportunities for further research. Methods: We used a systematic mapping study that combines scientific contributions from research on medicine, business, computer science and engineering. We analyse the papers with seven classification criteria, publication source, publication year, research types, empirical types, contribution types research topic and the condition studied in the paper. Results: Altogether, our search resulted in 208 papers which were analysed by a multidisciplinary group of researchers. Our results indicate a slow start for Connected Health research but a more recent steady upswing since 2013. The majority of papers proposed healthcare solutions (37%) or evaluated Connected Health approaches (23%). Case studies (28%) and experiments (26%) were the most popular forms of scientific validation employed. Diabetes, cancer, multiple sclerosis, and heart conditions are among the most prevalent conditions studied. Conclusions: We conclude that Connected Health research seems to be an established field of research, which has been growing strongly during the last five years. There seems to be more focus on technology driven research with a strong contribution from medicine, but business aspects of Connected health are not as much studied

Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme

Telecare Medicine Information Systems (TMIS) provides flexible and convenient e-health care. However the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.’s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.’s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.’s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes

An authentic-based privacy preservation protocol for smart e-healthcare systems in iot

© 2013 IEEE. Emerging technologies rapidly change the essential qualities of modern societies in terms of smart environments. To utilize the surrounding environment data, tiny sensing devices and smart gateways are highly involved. It has been used to collect and analyze the real-time data remotely in all Industrial Internet of Things (IIoT). Since the IIoT environment gathers and transmits the data over insecure public networks, a promising solution known as authentication and key agreement (AKA) is preferred to prevent illegal access. In the medical industry, the Internet of Medical Things (IoM) has become an expert application system. It is used to gather and analyze the physiological parameters of patients. To practically examine the medical sensor-nodes, which are imbedded in the patient\u27s body. It would in turn sense the patient medical information using smart portable devices. Since the patient information is so sensitive to reveal other than a medical professional, the security protection and privacy of medical data are becoming a challenging issue of the IoM. Thus, an anonymity-based user authentication protocol is preferred to resolve the privacy preservation issues in the IoM. In this paper, a Secure and Anonymous Biometric Based User Authentication Scheme (SAB-UAS) is proposed to ensure secure communication in healthcare applications. This paper also proves that an adversary cannot impersonate as a legitimate user to illegally access or revoke the smart handheld card. A formal analysis based on the random-oracle model and resource analysis is provided to show security and resource efficiencies in medical application systems. In addition, the proposed scheme takes a part of the performance analysis to show that it has high-security features to build smart healthcare application systems in the IoM. To this end, experimental analysis has been conducted for the analysis of network parameters using NS3 simulator. The collected results have shown superiority in terms of the packet delivery ratio, end-to-end delay, throughput rates, and routing overhead for the proposed SAB-UAS in comparison to other existing protocols