Secure spontaneous emergency access to personal health record

We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient

Efficient group key management and authentication for body sensor networks

Wireless body sensor networks (BSN) are being used to continuously monitor the patient's conditions and recovery progress. It is very important to secure the confidentiality, integrity and authenticity of the patient's health record in such applications. In this paper, we propose a novel key distribution and management scheme that uses keychains to establish group keys for body sensor networks. This scheme caters for efficient group key update and re-keying in order to adapt to membership changes. We also present a lightweight approach to enable sensor-to-sensor authentication in the BSNs. Sensors authenticate each other by computing a Elliptic Curve Diffie-Hellman (ECDH) key between each other based on an authenticated membership broadcast received from the patient's device. Both protocols have been implemented on Tmote Sky platform, analysed and evaluated to demonstrate their feasibility. We also shows the security analysis of the protocols using BAN Logic

A Policy-Based Security Framework for Ad-Hoc Networks: Secure Formation, Evolution and Management

This thesis introduces an integrated security framework that enables secure formation, evolution and management of ad-hoc networks. An ad-hoc network is perceived as a community of autonomous devices interconnected through wireless links. The establishment of this community is based on a doctrine that defines the roles of participants, the characteristics that participants must exhibit in order to be eligible to join the community in a specific role, as well as policies governing their behaviour within the community. Lightweight management and security protocols are designed to facilitate the interaction in the community. Authentication of devices and verification of credentials rely on security information available in the device as well as information provided by the doctrine and by other peers in the community. The framework also optimises the access control mechanism by reducing the redundancy in the verification of credentials. A prototype implementation has been developed and then simulated in order to demonstrate its practical feasibility

Marlin: toward seamless content sharing and rights management

Digital rights management is used to protect copyrighted content from unauthorized use. However, it still remains challenging to strike a balance between content sharing and rights management. Marlin is developing open standards for interoperable DRM technology. The Octopus and NEMO frameworks in Marlin are the underlying technologies to realize seamless content sharing and rights management to support a wide variety of business models. We demonstrate the use of Octopus and NEMO in a practical manner by means of Marlin Broadband Network Services (MBNS) and Marlin Shared Domain (MSD). Marlin Simple Secure Streaming (MS3) is designed for protecting streaming content in a simple and efficient manner. We show the industrial adoption of Marlin as the first step toward creating an open and interoperable DRM ecosystem through example deployments of Marlin technology in the market

Towards flexible credential verification in mobile ad-hoc networks

Ad-hoc networks facilitate interconnectivity between mobile devices without the support of a network infrastructure. In this paper we propose a flexible credential verification mechanism, which improves the likelihood that participants in an ad-hoc network can verify each other's credentials despite the lack of access to certification and attribute authorities. Users maintain Credential Assertion Statements (CASs), which are formed through extraction of X.509 and attribute certificates into an interoperable XML form. Trusted entities that can verify the credentials listed in the CAS can then issue signed Assertion Signature Statements (ASSs) to other participants in the ad-hoc network. In addition, each user maintains a key ring, which comprises the list of public-keys trusted to sign credential assertion statements. All public-keys in the ring are assigned a trustworthiness level. When a user presents his/her CAS together with matching ASSs to a verifier, the verifier checks the signatures in the ASSs against its key ring to determine whether credentials in the CAS are authentic and acceptable. Transitivity of trust is generally not allowed, but there are exceptional cases in which it is permitted

An implementation experience of domain management in marlin

Digital Rights Management (DRM) is used to protect copyrighted content from unauthorized use. However, this has taken away the jurisdiction of the consumers over their purchased content as they can no longer freely access the content at any place using any device; given that the license authorizing the consumption of content is typically bound to a particular device. Domain Management provides the flexibility to the consumers to manage their purchased content as they are given the rights to govern their own domain membership. Consumers can dynamically add and remove devices from the domain subject to a domain policy that complies with the policy set by content owners or service providers. We share our implementation experience of domain management using a DRM technology called Marlin. We perceive this work as the first local domain management implementation in a real life practical DRM System

PEACE: a policy-based establishment of ad-hoc communities

Ad-hoc networks are perceived as communities of autonomous devices that interconnect with each other. Typically, they have dynamic topologies and cannot rely on a continuous connection to the Internet. Users' devices often do not have a priori knowledge of each other and cannot rely upon pre-existing shared information. This introduces difficult security issues when attempting to provide authentication, membership management and access control. Designing a framework, which allows the secure establishment and management of ad-hoc communities, remains a significant challenge. In this paper, we propose a novel policy-based security framework to facilitate the establishment, evolution and management of mobile ad-hoc networks. We introduce a community specification, called doctrine, which defines the roles of the participants in the community, the characteristics that participants must exhibit in order to be eligible to play a role, as well as the policies governing their behaviour within the community. Based on the doctrine, we propose a set of security protocols to bootstrap the community, manage the membership, and govern the access to the services provided by the participants. We have investigated the impact of mobility on the proposed security protocols and observed that the protocol is robust to changes in the network topology

Secure Access to Personal Health Records in Emergency Situations

A system including a server system, a user terminal and a hardware token, for providing secure access to a data record. The server system comprises storage means (1) for storing a plurality of data records, a data record (2) having associated therewith a sequence of secrets(14)shared with a hardware token (60) corresponding to the data record(2), the server system(100) further being arranged for storing user authentication information (3). User authenticating means (10) are provided for receiving authentication credentials (11) of a user from a user terminal (200) and authenticating the user as an authorized user,based on the authentication credentials (11) of the user and the stored authentication information (3). Secret-receiving means (9) are provided for receiving a representation of a secret (13) revealed by a hardware token (60) and information identifying the data record corresponding to the hardware token from the terminal. Marking means (12) are provided for marking the unused secret (s3) as used

End-to-end transport security in the IP-based internet of things

The IP-based Internet of Things refers to the interconnection of smart devices in a Low-power and Lossy Network (LLN) with the Internet by means of protocols such as 6LoWPAN or CoAP. The mechanisms to protect the LLN from attacks from the Internet and provisioning of an end-to-end (E2E) secure connection are key requirements for functionalities ranging from network access to software updates. Interconnecting such resource constrained devices with high-performance machines requires new security mechanisms that cannot be covered by already known solutions. This paper describes attacks at transport layer against the LLN launched from the Internet. It also introduces approaches to ensure E2E security between two devices located in homogeneous networks using either HTTP/TLS or CoAP/DTLS by proposing a mapping between TLS and DTLS