On the Designing of a Tamper Resistant Prescription RFID Access Control System

Recently, Chen et al. have proposed a novel tamper resistant prescription RFID access control system, published in the Journal of Medical Systems. In this paper we consider the security of the proposed protocol and identify some existing weaknesses. The main attack is a reader impersonation attack which allows an active adversary to impersonate a legitimate doctor, e.g. the patient’s doctor, to access the patient’s tag and change the patient prescription. The presented attack is quite efficient. To impersonate a doctor, the adversary should eavesdrop one session between the doctor and the patient’s tag and then she can impersonate the doctor with the success probability of ‘1’. In addition, we present efficient reader-tag to back-end database impersonation, de-synchronization and traceability attacks against the protocol. Finally, we propose an improved version of protocol which is more efficient compared to the original protocol while provides the desired security against the presented attacks.

[1]  Dragan Ivetic,et al.  Medical Image on the Go! , 2011, Journal of Medical Systems.

[2]  Christos Vasilakis,et al.  Systematic Review of the Use of Computer Simulation Modeling of Patient Flow in Surgical Care , 2011, Journal of Medical Systems.

[3]  Martin Feldhofer,et al.  A Case Against Currently Used Hash Functions in RFID Protocols , 2006, OTM Workshops.

[4]  James E. Stahl,et al.  Understanding Performance and Behavior of Tightly Coupled Outpatient Systems Using RFID: Initial Experience , 2011, Journal of Medical Systems.

[5]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[6]  Selwyn Piramuthu,et al.  Patient Safety Through RFID: Vulnerabilities in Recently Proposed Grouping Protocols , 2010, Journal of Medical Systems.

[7]  Samuel Fosso Wamba,et al.  RFID-Enabled Healthcare Applications, Issues and Benefits: An Archival Analysis (1997–2011) , 2011, Journal of medical systems.

[8]  Torin Monahan,et al.  Tracking the social dimensions of RFID systems in hospitals , 2008, Int. J. Medical Informatics.

[9]  Cheng-Yuan Ku,et al.  A RFID Grouping Proof Protocol for Medication Safety of Inpatient , 2009, Journal of Medical Systems.

[10]  Aikaterini Mitrokotsa,et al.  A comprehensive RFID solution to enhance inpatient medication safety , 2011, Int. J. Medical Informatics.

[11]  Hung-Yu Chien,et al.  Two RFID-based Solutions to Enhance Inpatient Medication Safety , 2011, Journal of Medical Systems.

[12]  Fan Wu,et al.  A New Method to Guard Inpatient Medication Safety by the Implementation of RFID , 2008, Journal of Medical Systems.

[13]  Raphael C.-W. Phan,et al.  Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI , 2009, IEEE Transactions on Dependable and Secure Computing.

[14]  Eric W. T. Ngai,et al.  Design of an RFID-based Healthcare Management System using an Information System Design Theory , 2009, Inf. Syst. Frontiers.

[15]  W. B. Lee,et al.  Critical Elements and Lessons Learnt from the Implementation of an RFID-enabled Healthcare Management System in a Medical Organization , 2011, Journal of Medical Systems.

[16]  Yu-Yi Chen,et al.  A Design of Tamper Resistant Prescription RFID Access Control System , 2012, Journal of Medical Systems.

[17]  Masoumeh Safkhani,et al.  On the Security of Mutual Authentication Protocols for RFID Systems: The Case of Wei et al.'s Protocol , 2011, DPM/SETOP.

[18]  Li Liu,et al.  RFID Application in Hospitals: A Case Study on a Demonstration RFID Project in a Taiwan Hospital , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[19]  Samuel Fosso Wamba,et al.  RFID-Enabled Healthcare Applications, Issues and Benefits: An Archival Analysis (1997–2011) , 2011, Journal of Medical Systems.

[20]  Yuehwern Yih,et al.  Fuzzy Logic-Based Approach to Detecting a Passive RFID Tag in an Outpatient Clinic , 2011, Journal of Medical Systems.

[21]  David F. Lobach,et al.  Evaluation of an Infrared/Radiofrequency Equipment-Tracking System in a Tertiary Care Hospital , 2004, Journal of Medical Systems.