Two RFID Standard-based Security Protocols for Healthcare Environments

Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate theimplementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

[1]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[2]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality [including updates through 7/20/2007] , 2004 .

[3]  Vassilis Paliouras,et al.  Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation , 2005, Lecture Notes in Computer Science.

[4]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[5]  Wen Yao,et al.  The Adoption and Implementation of RFID Technologies in Healthcare: A Literature Review , 2012, Journal of Medical Systems.

[6]  R. Bunduchi,et al.  Mapping the benefits and costs associated with process innovation: The case of RFID adoption , 2011 .

[7]  Xiuli Qu,et al.  A model for quantifying the value of RFID-enabled equipment tracking in hospitals , 2011, Adv. Eng. Informatics.

[8]  Ivan Marsic,et al.  Introducing RFID technology in dynamic and time-critical medical settings: Requirements and challenges , 2012, J. Biomed. Informatics.

[9]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[10]  Fangguo Zhang,et al.  ECC-Based Grouping-Proof RFID for Inpatient Medication Safety , 2011, Journal of Medical Systems.

[11]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[12]  Hung-Yu Chien,et al.  Mutual authentication protocol for RFID conforming to EPC Class 1 Generation 2 standards , 2007, Comput. Stand. Interfaces.

[13]  Xiaotong Fu,et al.  A Lightweight RFID Mutual Authentication Protocol with Ownership Transfer , 2012, CWSN.

[14]  Aikaterini Mitrokotsa,et al.  A comprehensive RFID solution to enhance inpatient medication safety , 2011, Int. J. Medical Informatics.

[15]  Yu-Yi Chen,et al.  A Secure 2G-RFID-Sys Mechanism for Applying to the Medical Emergency System , 2013, Journal of Medical Systems.

[16]  Masoumeh Safkhani,et al.  On the Designing of a Tamper Resistant Prescription RFID Access Control System , 2012, Journal of Medical Systems.

[17]  Morris J. Dworkin,et al.  SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[18]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[19]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[20]  Tao Wang,et al.  Active RFID Based Infant Security System , 2011 .

[21]  Selwyn Piramuthu,et al.  RFID mutual authentication protocols , 2011, Decis. Support Syst..

[22]  Zang Li,et al.  The use of RFID in healthcare: Benefits and barriers , 2010, 2010 IEEE International Conference on RFID-Technology and Applications.

[23]  Avishai Wool,et al.  Toward practical public key anti-counterfeiting for low-cost EPC tags , 2011, 2011 IEEE International Conference on RFID.

[24]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[25]  Cheng-Yuan Ku,et al.  A RFID Grouping Proof Protocol for Medication Safety of Inpatient , 2009, Journal of Medical Systems.

[26]  Tsan-Ming Choi,et al.  RFID versus bar-coding systems: Transactions errors in health care apparel inventory control , 2012, Decis. Support Syst..

[27]  Susana Garrido Azevedo,et al.  Radio frequency identification: a case study of healthcare organisations , 2010, Int. J. Secur. Networks.

[28]  Rodrigo Roman,et al.  Real-time location and inpatient care systems based on passive RFID , 2010, Journal of Network and Computer Applications.

[29]  Ju-Chuan Wu,et al.  A Reliable RFID Mutual Authentication Scheme for Healthcare Environments , 2013, Journal of Medical Systems.

[30]  Ming-Hour Yang,et al.  Secure multiple group ownership transfer protocol for mobile RFID , 2012, Electron. Commer. Res. Appl..

[31]  David C. Wyld,et al.  Preventing the Worst Case Scenario: An Analysis of RFID Technology and Infant Protection in Hospitals , 2009 .

[32]  J. Aronson,et al.  Medication errors: what they are, how they happen, and how to avoid them. , 2009, QJM : monthly journal of the Association of Physicians.

[33]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[34]  Wen Yao,et al.  Leveraging complex event processing for smart hospitals using RFID , 2011, J. Netw. Comput. Appl..

[35]  Hannu Tenhunen,et al.  Switching Sensitive Driver Circuit to Combat Dynamic Delay in On-Chip Buses , 2005, PATMOS.

[36]  Hung-Yu Chien,et al.  Two RFID-based Solutions to Enhance Inpatient Medication Safety , 2011, Journal of Medical Systems.

[37]  Fan Wu,et al.  A New Method to Guard Inpatient Medication Safety by the Implementation of RFID , 2008, Journal of Medical Systems.

[38]  Athanassios N. Skodras,et al.  A comparative study of hardware architectures for lightweight block ciphers , 2012, Comput. Electr. Eng..

[39]  Selwyn Piramuthu,et al.  Simultaneous multi-level RFID tag ownership & transfer in health care environments , 2012, Decis. Support Syst..

[40]  Tim Kerins,et al.  Public-Key Cryptography for RFID-Tags , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[41]  José Luis Gómez Pardo,et al.  Classical Ciphers and Their Cryptanalysis , 2021, Cryptography, Information Theory, and Error‐Correction.

[42]  Dursun Delen,et al.  An RFID network design methodology for asset tracking in healthcare , 2010, Decis. Support Syst..

[43]  Tzong-Chen Wu,et al.  Two RFID-Based Solutions for Secure Inpatient Medication Administration , 2011, Journal of Medical Systems.

[44]  David C. Yen,et al.  Understanding the Mediating Effects of Relationship Quality on Technology Acceptance: An Empirical Study of E-Appointment System , 2013, Journal of Medical Systems.

[45]  Kwangjo Kim,et al.  Defending RFID authentication protocols against DoS attacks , 2011, Comput. Commun..

[46]  Yu-Yi Chen,et al.  A Design of Tamper Resistant Prescription RFID Access Control System , 2012, Journal of Medical Systems.

[47]  Alex Biryukov,et al.  Block Ciphers and Stream Ciphers: The State of the Art , 2004, IACR Cryptol. ePrint Arch..