A New Secure Authentication Protocol for Telecare Medicine Information System and Smart Campus

© 2013 IEEE. Telecare Medicine Information System (TMIS)'s security importance attracts a lot of attention these days. Whatever the security of TMIS improves, its application becomes wider. To address this requirement, recently, Li et al. proposed a new privacy-preserving RFID authentication protocol for TMIS. After that, Zhou et al. and also Benssalah et al. presented their scheme, which is not secure, and they presented their new authentication protocol and claim that their proposal can provide higher security for TMIS applications. In this stream, Zheng et al. proposed a novel authentication protocol with application in smart campus, including TMIS. In this paper, we present an efficient impersonation and replay attacks against Zheng et al. with the success probability of 1 and a desynchronization attack which is applicable against all of the rest three mentioned protocols with the success probability of 1-2^{-n} , where n is the protocols parameters length. After that, we proposed a new protocol despite these protocols can resist the attacks presented in this paper and also other active and passive attacks. Our proposed protocol's security is also done both informally and formally through the Scyther tool

Security and privacy issues of physical objects in the IoT: Challenges and opportunities

In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out

A review of multi-factor authentication in the internet of healthcare things

Objective: This review paper aims to evaluate existing solutions in healthcare authentication and provides an insight into the technologies incorporated in Internet of Healthcare Things (IoHT) and multi-factor authentication (MFA) applications for next-generation authentication practices. Our review has two objectives: (a) Review MFA based on the challenges, impact and solutions discussed in the literature; and (b) define the security requirements of the IoHT as an approach to adapting MFA solutions in a healthcare context. Methods: To review the existing literature, we indexed articles from the IEEE Xplore, ACM Digital Library, ScienceDirect, and SpringerLink databases. The search was refined to combinations of ‘authentication’, ‘multi-factor authentication’, ‘Internet of Things authentication’, and ‘medical authentication’ to ensure that the retrieved journal articles and conference papers were relevant to healthcare and Internet of Things-oriented authentication research. Results: The concepts of MFA can be applied to healthcare where security can often be overlooked. The security requirements identified result in stronger methodologies of authentication such as hardware solutions in combination with biometric data to enhance MFA approaches. We identify the key vulnerabilities of weaker approaches to security such as password use against various cyber threats. Cyber threats and MFA solutions are categorised in this paper to facilitate readers’ understanding of them in healthcare domains. Conclusions: We contribute to an understanding of up-to-date MFA approaches and how they can be improved for use in the IoHT. This is achieved by discussing the challenges, benefits, and limitations of current methodologies and recommendations to improve access to eHealth resources through additional layers of security

A New Strong Adversary Model for RFID Authentication Protocols

Radio Frequency Identification (RFID) systems represent a key technology for ubiquitous computing and for the deployment of the Internet of Things (IoT). In RFID technology, authentication protocols are often necessary in order to confirm the identity of the parties involved (i.e. RFID readers, RFID tags and/or database servers). In this article, we analyze the security of a mutual authentication protocol proposed by Wang and Ma. Our security analysis clearly shows major security pitfalls in this protocol. Firstly, we show two approaches that an adversary may use to mislead an honest reader into thinking that it is communicating with a legitimate database. Secondly, we show how an adversary that has compromised some tags can impersonate an RFID reader to a legitimate database. Furthermore, we present a new adversary model, which pays heed on cases missed by previous proposals. In contrast to previous models where the communication between an RFID reader and a back-end server is through a secure channel, our model facilitates the security analysis of more general schemes where this communication channel (RFID reader-to-server) is insecure. This model determines whether the compromise of RFID tags has any impact on the security of the readerto-server communication or vice versa. In a secure protocol, the possible compromise of RFID tags should not affect the RFID reader-server communication. In this paper, we show that compromising of RFID tags in Wang and Ma protocol has a direct impact on the reader-server security. Finally, we propose a new authentication protocol that offers an adequate security level and is resistant against the mentioned security risks. The security proofs of the proposed protocol are supported with Gong-Needham-Yahalom (GNY) logic and Scyther tool, which are formal methods to evaluate the security of a cryptographic protocol

Central monitoring system for ambient assisted living

Smart homes for aged care enable the elderly to stay in their own homes longer. By means of various types of ambient and wearable sensors information is gathered on people living in smart homes for aged care. This information is then processed to determine the activities of daily living (ADL) and provide vital information to carers. Many examples of smart homes for aged care can be found in literature, however, little or no evidence can be found with respect to interoperability of various sensors and devices along with associated functions. One key element with respect to interoperability is the central monitoring system in a smart home. This thesis analyses and presents key functions and requirements of a central monitoring system. The outcomes of this thesis may benefit developers of smart homes for aged care

Un esquema de autenticación de usuario basado en el cliente para el entorno de la nube de las cosas

The limited capabilities of IoT devices have resulted in some of the tasks of IoT applications being distributed to a cloud server, which witnessed the arisen of the cloud of things (COT). It enables IoT applications’ development and deployment as a service, providing additional data storage, enhanced processing performance, and fast communication between devices. As COT involves communication between IoT devices, a remote server, and users, remote user authentication is crucial to meeting security demands. Therefore, this study designs a client-based user authentication scheme utilizing smartphone fingerprint recognition technology to fill the gap. The scheme comprises six phases, namely (i) configuration phase, (ii) enrolment phase, (iii) authentication phase, (iv) password update phase, (v) fingerprint revocation phase, and (vi) smartphone revocation phase. The security analysis and automated verification using ProVerif suggested that the scheme is resistant to user impersonating attacks, replay attacks, and man-in-the-middle attacks. The study’s outcome could help secure user credentials from attacks on applications that involve IoT and the cloud.Las capacidades limitadas de los dispositivos IoT han dado como resultado que algunas de las tareas de las aplicaciones IoT se distribuyan a un servidor en la nube, lo que es testigo del surgimiento de la Nube de las Cosas (COT). Esta permite el desarrollo y la implementación de aplicaciones IoT como un servicio, proporcionando almacenamiento de datos adicional, mayor rendimiento de procesamiento y comunicación rápida entre dispositivos. Dado que la COT implica la comunicación entre dispositivos IoT, un servidor remoto y usuarios, la autenticación de usuarios remotos es crucial para satisfacer las demandas de seguridad. Por lo tanto, este estudio diseña un esquema de autenticación de usuario basado en el cliente que utiliza tecnología de reconocimiento de huellas digitales en teléfonos inteligentes para colmar la brecha. El esquema consta de seis fases: (i) fase de configuración, (ii) fase de inscripción, (iii) fase de autenticación, (iv) fase de actualización de contraseña, (v) fase de revocación de huellas digitales y (vi) fase de revocación de teléfonos inteligentes. A partir del análisis de seguridad y la verificación automatizada con ProVerif surge que el esquema es resistente a diferentes ataques, por ejemplo ataques de suplantación de identidad del usuario, los ataques de repetición y los ataques manin- the-middle. El resultado del estudio podría ayudar a proteger las credenciales de los usuarios de los ataques a las aplicaciones que involucran IoT y la nube.Facultad de Informátic

Telemedicine

Telemedicine is a rapidly evolving field as new technologies are implemented for example for the development of wireless sensors, quality data transmission. Using the Internet applications such as counseling, clinical consultation support and home care monitoring and management are more and more realized, which improves access to high level medical care in underserved areas. The 23 chapters of this book present manifold examples of telemedicine treating both theoretical and practical foundations and application scenarios

Recent Developments in Smart Healthcare

Medicine is undergoing a sector-wide transformation thanks to the advances in computing and networking technologies. Healthcare is changing from reactive and hospital-centered to preventive and personalized, from disease focused to well-being centered. In essence, the healthcare systems, as well as fundamental medicine research, are becoming smarter. We anticipate significant improvements in areas ranging from molecular genomics and proteomics to decision support for healthcare professionals through big data analytics, to support behavior changes through technology-enabled self-management, and social and motivational support. Furthermore, with smart technologies, healthcare delivery could also be made more efficient, higher quality, and lower cost. In this special issue, we received a total 45 submissions and accepted 19 outstanding papers that roughly span across several interesting topics on smart healthcare, including public health, health information technology (Health IT), and smart medicine