Security aspects of ubiquitous computing in health care

Today, ubiquitous devices lack many of the security features known in desktop computing, an industry that is known to have a plethora of security problems. As ubiquitous devices are increasingly applied in the health care industry, security aspects need to receive even more attention. Clearly, patient-related data is extremely sensitive and legal requirements (such as HIPAA) attempt to enforce strict privacy controls. While we cannot solve the overall problem, our proposal to use RFID tags to authenticate users with ubiquitous devices addresses one of the most fundamental requirements of all security mechanisms: to reliably establish the user's identity. In this paper we discuss some questions that raised during experiments with ubiquitous devices at Graz University Hospital. The main problems which could be identified included security and privacy issues (protection precautions, confidentiality, reliability, sociability). The experiments showed that new and emerging computer technologies such as mobile, ubiquitous and pervasive computing have an enormous potential for the improvement of manifold workflows in health care, however, psychological and technological research must be carried out together in order to bring clear benefits for the end-users and to optimize workflows in health care in the daily routine.Sicherheitsmechanismen, die in PCs heute als Standard vorausgesetzt werden, fehlen in vielen mobilen Geräten. Da mobile Geräte zunehmend im Gesundheitsbereich eingesetzt werden, gewinnen Sicherheitsaspekte an Bedeutung. Daten von Patienten und Krankenakten sind ganz offensichtlich sensible Daten, die sowohl durch technische als auch durch gesetzliche Maßnahmen geschützt werden müssen. Authentifikation ist eine Grundvoraussetzung für alle weiteren Sicherheitsmaßnahmen. Unser Vorschlag ist, RFID für die Authentifikation bei mobilen Geräten zu verwenden. In dieser Arbeit diskutieren die Autoren prototypische Entwicklungen, die am AKH Graz durchgeführt wurden. Der Fokus lag auf Aspekten der Sicherheit und Vertraulichkeit. Versuche haben gezeigt, dass neue Technologien das Arbeitsumfeld massiv verändern können und dass Vorteile nur durch eine enge Einbindung von Endbenutzern zum Tragen kommen. Täglich anfallende Arbeitsprozesse können dann effizienter und sicherer gestaltet werden.

[1]  Ronald L. Rivest,et al.  Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems , 2003, SPC.

[2]  James A. Whittaker,et al.  How to Break Software Security , 2003 .

[3]  Benjamin Halpert Mobile device security , 2004, InfoSecCD '04.

[4]  Uwe Hansmann,et al.  Pervasive Computing Handbook , 2001, Springer Berlin Heidelberg.

[5]  James A. Whittaker Why Secure Applications are Difficult to Write , 2003, IEEE Secur. Priv..

[6]  Edgar R. Weippl Security in e-learning , 2005, ELERN.

[7]  J. Bardram Hospitals of the Future – Ubiquitous Computing support for Medical Work in Hospitals , 2003 .

[8]  Norbert A. Streitz,et al.  Building disappearing computers , 2005, CACM.

[9]  Marino Menozzi,et al.  Information access at the point of care: what can we learn for designing a mobile CPR system? , 2004, Int. J. Medical Informatics.

[10]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[11]  Hartmut Pohl,et al.  RFID security , 2004, Inf. Secur. Tech. Rep..

[12]  Chien Chou,et al.  The development of an online adaptive questionnaire for health education in Taiwan , 2000, Comput. Educ..

[13]  Anup K. Ghosh,et al.  Software security and privacy risks in mobile e-commerce , 2001, CACM.

[14]  Matthias Weitlaner,et al.  Ubiquitous Computing for Hospital Applications: RFID-Applications to Enable Research in Real-Life Environments , 2005, COMPSAC.

[15]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  T. Jepsen,et al.  IT in healthcare: progress report , 2003 .

[17]  Joakim Persson,et al.  Bluetooth Security , 2004 .

[18]  Neal Leavitt,et al.  Mobile phones: the next frontier for hackers? , 2005, Computer.

[19]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[20]  Jon Doyle,et al.  Editorial: Strategic directions in computing research , 1996, CSUR.

[21]  Ronald L. Rivest,et al.  The blocker tag: selective blocking of RFID tags for consumer privacy , 2003, CCS '03.

[22]  Mark Weiser,et al.  Some computer science issues in ubiquitous computing , 1993, CACM.

[23]  Partha Dasgupta,et al.  Security in wireless networks , 2005 .

[24]  Daniel W. Engels,et al.  Radio Frequency Identification and the Electronic Product Code , 2001, IEEE Micro.

[25]  Brian Randell,et al.  Fundamental Concepts of Computer System Dependability , 2001 .

[26]  Jakob E. Bardram,et al.  Activity-Driven Computing Infrastructure – Pervasive Computing in Healthcare , 2004 .

[27]  N. William Walker,et al.  Ethical Considerations in the Use of Computers in Psychological Testing and Assessment. , 1985 .

[28]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[29]  Andreas Holzinger,et al.  Mobile phones as a challenge for m-learning: examples for mobile interactive learning objects (MILOs) , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[30]  Iakovos S. Venieris,et al.  Introduction of the Asymmetric Cryptography in GSM, GPRS, UMTS, and Its Public Key Infrastructure Integration , 2003, Mob. Networks Appl..

[31]  L. Rueckert,et al.  Pseudoneglect and the cross-over effect , 2002, Neuropsychologia.

[32]  Jakob E. Bardram,et al.  Applications of context-aware computing in hospital work: examples and design principles , 2004, SAC '04.

[33]  Michael M. Wagner,et al.  Mobile workers in healthcare and their information needs: are 2-way pagers the answer? , 1998, AMIA.

[34]  Frank Stajano Security in Pervasive Computing (Abstract of Invited Talk) , 2004 .

[35]  Roy Want,et al.  The Magic of RFID , 2004, ACM Queue.