Passwordless Authentication in Mobile e-health using a Secure Boot Non-regenerated Unique Identity and NFC

Mobile e-health is a current application where people can connect with healthcare services through sensor nodes and wireless communication. Existing e-health architecture depends on a third party server in order to get connected with the hospitals. Therefore, it adds up to a security hole in the e-health architecture. Objectives: The objective of this paper is to develop a secured password less authentication protocol for mobile e-health system and to eliminate the need for a third party server. Methods/Statistical Analysis: A non-regenerated unique identity for the e-health sensor node is generated through a secure boot process and the unique value will be used as the sensor node identity. EHEART prototype is designed and e-health server is established. Near Field Communication (NFC) ring is used in this mobile e-health system to enhance the security layer of the proposed authentication protocol. Study was conducted in a closed environment with no exposure to attackers. Findings: The project results demonstrate the development of a secured passwordless authentication for e-health system. By implementing the near field communication in the e-health system, it can reduce the energy consumption where the Bluetooth module will only be automatically turned on when the mobile device is being touched by the NFC ring. EHEART application does not need any username and password combination for login request and authentication process. Formal analysis method AVISPA and SPAN is used to analyse the reliability and the security of the proposed system and it is proven to be secured from replay attack, node cloning and password break attack. Application/Improvements: The outcome form the research will ensure secure connectivity or environment in the e-health monitoring system without depending anymore on a password and third party server. NFC ring in the system will help reduce the power consumption of the mobile device.

[1]  Pierre Frémont,et al.  Systematic Review of Factors Influencing the Adoption of Information and Communication Technologies by Healthcare Professionals , 2012, Journal of Medical Systems.

[2]  Nazhatul Hafizah Kamarudin,et al.  IBE_TRUST authentication for e-Health mobile monitoring system , 2015, 2015 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE).

[3]  Hoon-Jae Lee,et al.  A Design of Security Framework for e-Health Authentication System using QR Code , 2013 .

[4]  Marco Bazzani,et al.  Enabling the IoT Paradigm in E-health Solutions through the VIRTUS Middleware , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[5]  William J. Caelli,et al.  A viable and sustainable key management approach for a national e-health environment , 2012, 2012 IEEE 14th International Conference on e-Health Networking, Applications and Services (Healthcom).

[6]  Lau Cheuk Lung,et al.  Multi-factor Authentication in Key Management Systems , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[7]  Shiping Chen,et al.  A platform for secure monitoring and sharing of generic health data in the Cloud , 2014, Future Gener. Comput. Syst..

[8]  Jun Pang,et al.  Challenges in eHealth: From Enabling to Enforcing Privacy , 2011, FHIES.

[9]  Ian M. Marshall,et al.  The design of flexible front end framework for accessing patient health records through short message service , 2007, 2007 Asia-Pacific Conference on Applied Electromagnetics.

[10]  Nandan Parameswaran,et al.  Mobile e-Health monitoring: an agent-based approach , 2008, IET Commun..

[11]  Ming Li,et al.  Secure ad hoc trust initialization and key management in wireless body area networks , 2013, TOSN.

[12]  Linda L. Dawson,et al.  The health information system security threat lifecycle: An informatics theory , 2009, Int. J. Medical Informatics.

[13]  Yang Guo,et al.  Using P2P technology to achieve eHealth interoperability , 2011, ICSSSM11.

[14]  Jameela Al-Jaroodi,et al.  e-Health Cloud: Opportunities and Challenges , 2012, Future Internet.

[15]  Yang Guo,et al.  A general architecture for developing a sustainable elderly care e-health system , 2011, ICSSSM11.

[16]  Yan Bai,et al.  A security framework for e-Health service authentication and e-Health data transmission , 2009, 2009 9th International Symposium on Communications and Information Technology.

[17]  Shahrin Sahib,et al.  Pseudonmization techniques for clinical data: Privacy study in Sultan Ismail Hospital Johor Bahru , 2011, 7th International Conference on Networked Computing.

[18]  Jan H. P. Eloff,et al.  Security in health-care information systems - current trends , 1999, Int. J. Medical Informatics.

[19]  Samiul Islam,et al.  IOT: Detection of Keys, Controlling Machines and Wireless Sensing Via Mesh Networking through Internet , 2013 .

[20]  Mohd Erdi Ayob,et al.  Tank water level monitoring system using GSM network , 2010 .

[21]  Song Han,et al.  MBStar: A Real-time Communication Protocol for Wireless Body Area Networks , 2011, 2011 23rd Euromicro Conference on Real-Time Systems.

[22]  Axel Eckmann,et al.  A SMARTPHONE APPLICATION FOR CHRONIC DISEASE SELF-MANAGEMENT , 2013 .

[23]  Wen Yao,et al.  The Adoption and Implementation of RFID Technologies in Healthcare: A Literature Review , 2012, Journal of Medical Systems.

[24]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[25]  M. Ufuk Çaglayan,et al.  Trust assessment of security for e-health systems , 2014, Electron. Commer. Res. Appl..

[26]  Valérie Gay,et al.  Body Sensor Networks for Mobile Health Monitoring: Experience in Europe and Australia , 2009, 2010 Fourth International Conference on Digital Society.

[27]  Hamid Shahnasser,et al.  A Light Review of Data Security and Privacy Approaches Applicable to E-Health Systems , 2014 .

[28]  José Luis Fernández Alemán,et al.  Security and privacy in electronic health records: A systematic literature review , 2013, J. Biomed. Informatics.

[29]  Yang Guo,et al.  Activity Theory Ontology for Knowledge Sharing in E-health , 2010, 2010 International Forum on Information Technology and Applications.

[30]  Vincenzo Della Mea,et al.  What is e-Health (2): The death of telemedicine? , 2001, Journal of medical Internet research.

[31]  Mojtaba Alizadeh,et al.  Trusted Computing Strengthens Cloud Authentication , 2014, TheScientificWorldJournal.

[32]  Georgios Mantas,et al.  A New Framework Architecture for Next Generation e-Health Services , 2013, IEEE Journal of Biomedical and Health Informatics.