Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement

During the past decade, the electronic healthcare (e-health) system has been evolved into a more patient-oriented service with smaller and smarter wireless devices. However, these convenient smart devices have limited computing capacity and memory size, which makes it harder to protect the user’s massive private data in the e-health system. Although some works have established a secure session key between the user and the medical server, the weaknesses still exist in preserving the anonymity with low energy consumption. Moreover, the misuse of biometric information in key agreement process may lead to privacy disclosure, which is irreparable. In this study, we design a dynamic privacy protection mechanism offering the biometric authentication at the server side whereas the exact value of the biometric template remains unknown to the server. And the user anonymity can be fully preserved during the authentication and key negotiation process because the messages transmitted with the proposed scheme are untraceable. Furthermore, the proposed scheme is proved to be semantic secure under the Real-or-Random Model. The performance analysis shows that the proposed scheme suits the e-health environment at the aspect of security and resource occupation

ROBUST DYNAMIC ID-BASED REMOTE MUTUAL AUTHENTICATION SCHEME

Dynamic ID based authentication scheme is more and more important in insecure wireless environment and system. Two of kinds of attack that authentication schemes must resist are stealing identity and reflection attack which is a potential way of attacking a challenge- response authentication system using the same protocol in both direc­tions. It must be guaranteed to prevent attackers from reusing informa­tion from authentication phase and the scheme of Yoon and Yoo satisfies those requirements. However, their scheme can not resist insider and impersonation attack by using lost or stolen smart card. In this paper, we demonstrate that Yoon and Yoo’s scheme is still vulnerable to those attacks. Then, we present an improvement to their scheme in order to isolate such problems

INFORMATION SECURITY: A STUDY ON BIOMETRIC SECURITY SOLUTIONS FOR TELECARE MEDICAL INFORMATION SYSTEMS

This exploratory study provides a means for evaluating and rating Telecare medical information systems in order to provide a more effective security solution. This analysis of existing solutions was conducted via an in-depth study of Telecare security. This is a proposition for current biometric technologies as a new means for secure communication of private information over public channels. Specifically, this research was done in order to provide a means for businesses to evaluate prospective technologies from a 3 dimensional view in order to make am accurate decision on any given biometric security technology. Through identifying key aspects of what makes a security solution the most effective in minimizing risk of a patient’s confidential data being exposed we were then able to create a 3 dimensional rubric to see not only from a business view but also the users such as the patients and doctors that use Telecare medical information systems every day. Finally, we also need to understand the implications of biometric solutions from a technological standpoint