646 research outputs found
Residential access control system using QR code and the IoT
This paper presents a residential access control system (RACs) using QR codes and the internet of things (IoT) to improve security and help house owners. The contribution of this paper is that it proposes two mechanisms in the authentication phase and the verification phase, respectively, to enhance residential access control. The main idea is using cryptography between smartphones and access control devices. The cryptography compares secret codes on the key server via the internet. The RACs can notify a user of the residential access status through the LINE application and show the statuses of devices through the network platform for the internet of everything (NETPIE) in real-time. We compare this system’s performance with that of the current access control methods in terms of security and access speed. The results show that this system has more security and has an access speed of 5.63 seconds. Moreover, this system is safer and more flexible than the comparative methods and suitable for contactless authentication
A Review of Contact Tracing Approaches for Controlling COVID-19 Pandemic
The year 2020 will always be in the history of mankind due to the deadly outbreak of COVID-19. Many people are already infected around the world due to the spreading of this novel coronavirus. The virus mainly replicates through close contacts, so there are no other alternatives than to keep social distance, use proper safety gear, and maintain self-quarantine. As a result, the growth of the virus has changed the lifestyle of every individual to a great extent. It is also compelling the Governments to dictate strict lock-downs of the highly affected areas, impose work-from-home approaches where applicable, enforce strict social distancing standards, and so on. Some of the countries are also using smartphonebased applications for contact tracing to track the possibly infected individuals. However, there is a lot of discussion around the world about these contact tracing applications and also about their architecture, attribute, data privacy, and so on. In this paper, we have provided a comprehensive review of these contact tracing approaches in terms of their system architecture, key attributes, and data privacy. We have also outlined a list of potential research directions that can improvise the tracing performance while maintaining the privacy of the user to a great extent
Temporary Access to Medical Records in Emergency Situations
Access to patients Electronic Health Records (EHR) is a daily operation in mainstream healthcare. However, having access to EHR in emergencies while is vitally important to save patients’ life, it could potentially lead to security breaches and violating patients’ privacy. In this regards, getting access to patients’ medical records in emergency situations is one of the issues that emergency responder teams are facing. This access can be temporary until patients reach hospitals or healthcare centers. In this paper, we aim to explore different technology-based solutions to give responders temporary access to patients\u27 medical records in emergency situations. The core of this study is patients and responders authentication methods that can save precious emergency time and protect the privacy and confidentiality of patients data to the utmost. We also have explored control access mechanism and security audits to increase the security of the procedure and patient privacy
Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records
We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device
is the most ubiquitous device that people now hold. Due to their portability, availability, easy
of use, communication, access and sharing of information within various domains and areas of
our daily lives, the acceptance and adoption of these devices is still growing. However, due to
their potential and raising numbers, mobile devices are a growing target for attackers and, like
other technologies, mobile applications are still vulnerable.
Health information systems are composed with tools and software to collect, manage, analyze
and process medical information (such as electronic health records and personal health records).
Therefore, such systems can empower the performance and maintenance of health services,
promoting availability, readability, accessibility and data sharing of vital information about a
patients overall medical history, between geographic fragmented health services. Quick access
to information presents a great importance in the health sector, as it accelerates work processes,
resulting in better time utilization. Additionally, it may increase the quality of care.
However health information systems store and manage highly sensitive data, which raises serious
concerns regarding patients privacy and safety, and may explain the still increasing number
of malicious incidents reports within the health domain.
Data related to health information systems are highly sensitive and subject to severe legal
and regulatory restrictions, that aim to protect the individual rights and privacy of patients.
Along side with these legislations, security requirements must be analyzed and measures implemented.
Within the necessary security requirements to access health data, secure authentication,
identity management and access control are essential to provide adequate means to
protect data from unauthorized accesses. However, besides the use of simple authentication
models, traditional access control models are commonly based on predefined access policies
and roles, and are inflexible. This results in uniform access control decisions through people,
different type of devices, environments and situational conditions, and across enterprises, location
and time.
Although already existent models allow to ensure the needs of the health care systems, they still
lack components for dynamicity and privacy protection, which leads to not have desire levels
of security and to the patient not to have a full and easy control of his privacy. Within this
master thesis, after a deep research and review of the stat of art, was published a novel dynamic
access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE),
which can model the inherent differences and security requirements that are present in this
thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing
a risk assessment at the moment of the request. The assessment of the risk factors identified
in this work is based in a Delphi Study. A set of security experts from various domains were
selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates.
SoTRAACE was integrated in an architecture with requirements well-founded, and based
in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in
deep review of the state-of-art. The architecture is further targeted with the essential security
analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric
architecture, with two mobile prototypes for several types of accesses by patients and healthcare
professionals, as well the web servers that handles the access requests, authentication and
identity management.
The proof of concept shows that the model works as expected, with transparency, assuring privacy
and data control to the user without impact for user experience and interaction. It is clear
that the model can be extended to other industry domains, and new levels of risks or attributes
can be added because it is modular. The architecture also works as expected, assuring secure
authentication with multifactor, and secure data share/access based in SoTRAACE decisions.
The communication channel that SoTRAACE uses was also protected with a digital certificate.
At last, the architecture was tested within different Android versions, tested with static and
dynamic analysis and with tests with security tools.
Future work includes the integration of health data standards and evaluating the proposed system
by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que
os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua
portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha
de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração
destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número
de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras
tecnologias, aplicações móveis continuam a ser vulneráveis.
Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem
recolher, administrar, analisar e processar informação médica (tais como documentos de saúde
eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos
serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados
vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão
geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande
importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim
numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma
melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e
manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade
e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do
domínio da saúde.
Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares,
que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando
os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança
devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários
para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de
acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos
não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos
tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos
pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para
diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações
e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar
algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso
dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e
em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde.
Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte,
foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as
diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto,
o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação
de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco
identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de
segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada
atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a
dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta
arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque.
Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente
com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis,
que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é
constituída também por servidores web que tratam da gestão de dados, controlo de acesso e
autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado,
com transparência, assegurando a privacidade e o controlo de dados para o utilizador,
sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender
para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados
a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando
uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões
do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com
um certificado digital.
A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática,
dinâmica e testes com ferramentas de segurança.
Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do
sistema proposto, através da recolha de opiniões de utilizadores no mundo real
COMBINING SOCIAL AUTHENTICATION AND UNTRUSTED CLOUDS FOR PRIVATE LOCATION SHARING
With the advent of GPS-enabled smartphones, location-sharing services (LSSs) have emerged that share data collected through those mobile devices. However, research has shown that many users are uncomfortable with LSS operators managing their location histories, and that the ease with which contextual data can be shared with unintended audiences can lead to regrets that sometimes outweigh the benefits of these systems. In an effort to address these issues, we have developed SLS: a secure location sharing system that combines location-limited channels, multi-channel key establishment, and untrusted cloud storage to hide user locations from LSS operators while also limiting unintended audience sharing. In addition to describing the key agreement and location- sharing protocols used by the architecture, we discuss an iOS implementation of SLS that enables location sharing at tunable granularity through an intuitive policy interface on the user’s mobile device
A privacy-preserving framework for smart context-aware healthcare applications
Smart connected devices are widely used in healthcare to achieve improved well-being, quality of life, and security of citizens. While improving quality of healthcare, such devices generate data containing sensitive patient information where unauthorized access constitutes breach of privacy leading to catastrophic outcomes for an individual as well as financial loss to the governing body via regulations such as the General Data Protection Regulation. Furthermore, while mobility afforded by smart devices enables ease of monitoring, portability, and pervasive processing, it introduces challenges with respect to scalability, reliability, and context awareness. This paper is focused on privacy preservation within smart context-aware healthcare emphasizing privacy assurance challenges within Electronic Transfer of Prescription. We present a case for a comprehensive, coherent, and dynamic privacy-preserving system for smart healthcare to protect sensitive user data. Based on a thorough analysis of existing privacy preservation models, we propose an enhancement to the widely used Salford model to achieve privacy preservation against masquerading and impersonation threats. The proposed model therefore improves privacy assurance for smart healthcare while addressing unique challenges with respect to context-aware mobility of such applications. © 2019 John Wiley & Sons, Ltd
A privacy‐preserving framework for smart context‐aware healthcare applications
Internet of things (IoT) is a disruptive paradigm with wide ranging applications including healthcare, manufacturing, transportation and retail. Within healthcare, smart connected wearable devices are widely used to achieve improved wellbeing, quality of life and security of citizens. Such connected devices generate significant amount of data containing sensitive information about patient requiring adequate protection and privacy assurance. Unauthorized access to an individual’s private data constitutes a breach of privacy leading to catastrophic outcomes for an individuals personal and professional life. Furthermore, breach of privacy may also lead to financial loss to the governing body such as those proposed as part of the General Data Protection Regulation (GDPR) in Europe. Furthermore, while mobility afforded by smart devices enables ease of monitoring, portability and pervasive processing, it also introduces challenges with respect to scalability, reliability and context-awareness for its applications. This paper is focused on privacy preservation within smart context-aware healthcare with a special emphasis on privacy assurance challenges within the Electronic Transfer of Prescription (ETP). To this extent, we present a case for a comprehensive, coherent, and dynamic privacypreserving system for smart healthcare to protect sensitive user data. Based on a thorough analysis of existing privacy preservation models we propose an enhancement for the widely used Salford model to achieve privacy preservation against masquerading and impersonation threats. The proposed model therefore improves privacy assurance for cutting edge IoT applications such as smart healthcare whilst addressing unique challenges with respect to context-aware mobility of such applications
Active data-centric framework for data protection in cloud environment
Cloud computing is an emerging evolutionary computing model that provides highly scalable services over highspeed Internet on a pay-as-usage model. However, cloud-based solutions still have not been widely deployed in some sensitive areas, such as banking and healthcare. The lack of widespread development is related to users’ concern that their confidential data or privacy would leak out in the cloud’s outsourced environment. To address this problem, we propose a novel active data-centric framework to ultimately improve the transparency and accountability of actual usage of the users’ data in cloud. Our data-centric framework emphasizes “active” feature which packages the raw data with active properties that enforce data usage with active defending and protection capability. To achieve the active scheme, we devise the Triggerable Data File Structure (TDFS). Moreover, we employ the zero-knowledge proof scheme to verify the request’s identification without revealing any vital information. Our experimental outcomes demonstrate the efficiency, dependability, and scalability of our framework.<br /
- …