e & i Elektrotechnik und Informationstechnik

, Volume 123, Issue 4, pp 156–161 | Cite as

Security aspects of ubiquitous computing in health care

  • E. Weippl
  • A. Holzinger
  • A. M. Tjoa

Today, ubiquitous devices lack many of the security features known in desktop computing, an industry that is known to have a plethora of security problems. As ubiquitous devices are increasingly applied in the health care industry, security aspects need to receive even more attention. Clearly, patient-related data is extremely sensitive and legal requirements (such as HIPAA) attempt to enforce strict privacy controls. While we cannot solve the overall problem, our proposal to use RFID tags to authenticate users with ubiquitous devices addresses one of the most fundamental requirements of all security mechanisms: to reliably establish the user's identity. In this paper we discuss some questions that raised during experiments with ubiquitous devices at Graz University Hospital. The main problems which could be identified included security and privacy issues (protection precautions, confidentiality, reliability, sociability). The experiments showed that new and emerging computer technologies such as mobile, ubiquitous and pervasive computing have an enormous potential for the improvement of manifold workflows in health care, however, psychological and technological research must be carried out together in order to bring clear benefits for the end-users and to optimize workflows in health care in the daily routine.


Mobile devices Security Health care RFID 

Sicherheitsaspekte von Ubiquitous Computing im Gesundheitsbereich

Sicherheitsmechanismen, die in PCs heute als Standard vorausgesetzt werden, fehlen in vielen mobilen Geräten. Da mobile Geräte zunehmend im Gesundheitsbereich eingesetzt werden, gewinnen Sicherheitsaspekte an Bedeutung. Daten von Patienten und Krankenakten sind ganz offensichtlich sensible Daten, die sowohl durch technische als auch durch gesetzliche Maßnahmen geschützt werden müssen. Authentifikation ist eine Grundvoraussetzung für alle weiteren Sicherheitsmaßnahmen. Unser Vorschlag ist, RFID für die Authentifikation bei mobilen Geräten zu verwenden. In dieser Arbeit diskutieren die Autoren prototypische Entwicklungen, die am AKH Graz durchgeführt wurden. Der Fokus lag auf Aspekten der Sicherheit und Vertraulichkeit. Versuche haben gezeigt, dass neue Technologien das Arbeitsumfeld massiv verändern können und dass Vorteile nur durch eine enge Einbindung von Endbenutzern zum Tragen kommen. Täglich anfallende Arbeitsprozesse können dann effizienter und sicherer gestaltet werden.


Mobile Geräte Sicherheit Gesundheitssystem RFID 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Avizienis, A., Laprie, J.-C., Randell, B. (2001): Fundamental concepts of computer system dependability. Paper presented at the IARP/IEEE-RAS Workshop on Robot Dependability: Technological Challenge of Dependable Robots in Human Environments, Seoul, Korea.Google Scholar
  2. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C. (2004): Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions of Dependable and Secure Computing, 1 (1): 11–33.CrossRefGoogle Scholar
  3. Bardram, J. (2003): Hospitals of the future – ubiquitous computing support for medical work in hospitals. Paper presented at the 2nd Int. Workshop on Ubiquitous Computing for Pervasive Healthcare Applications.Google Scholar
  4. Bardram, J. E. (2004): Applications of context-aware computing in hospital work: examples and design principles. Paper presented at the 2004 ACM Symposium on Applied Computing, Nicosia (Cyprus).Google Scholar
  5. Bardram, J., Christensen, H., Olsen, A. (2002): Activity-driven computing infrastructure – pervasive computing in healthcare. Paper presented at the Pervasive 2002.Google Scholar
  6. Chou, C., Chang, Y.-F., Jiang, Y.-Y. (2000): The development of an online adaptive questionnaire for health education in Taiwan. Computers & Education, 35 (3): 209–222.CrossRefGoogle Scholar
  7. Constantinos, F. G., Sotirios, I. M., Iakovos, S. V. (2003): Introduction of the asymmetric cryptography in GSM, GPRS, UMTS, and its public key infrastructure integration. Mob. Netw. Appl., 8 (2): 145–150.CrossRefGoogle Scholar
  8. Daid, M.: Bluetooth Security, Parts 1, 2, and 3. Unpublished manuscript.
  9. Eisenstadt, S. A., Wagner, M. M., Hogan, W. R., Pankaskie, M. C., Tsui, F.-C., Wilbright, W. (1998): Mobile workers in healthcare and their information needs: are 2-way pagers the answer? Paper presented at the 1998 AMIA Annual Symposium, Orlando (FL).Google Scholar
  10. Gehrmann, C. (2002): Bluetooth security white paper.
  11. Ghosh, A. K., Swaminatha, T. M. (2001): Software security and privacy risks in mobile e-commerce. Communications of the ACM, 44 (2): 51–57.CrossRefGoogle Scholar
  12. Gollmann, D. (1999): Computer security. John Wiley & Sons.Google Scholar
  13. Gruber, F., Wolfmaier, K. (2001): State of the art in wireless communication (SCCH-TR-0171). Software Competence Center Hagenberg.Google Scholar
  14. Halpert, B. (2004): Mobile device security. Kennesaw: ACM Press.Google Scholar
  15. Hansmann, M., Nicklous, S. (2001): Pervasive computing-handbook. Springer Verlag.Google Scholar
  16. Holzinger, A., Nischelwitzer, A., Meisenberger, M. (2005): Mobile phones as a challenge for m-learning: examples for mobile interactive learning objects (MILOs). Paper presented at the Proc. of the 3rd Int. Conf. on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops).Google Scholar
  17. Holzinger, A., Schwaberger, K., Weitlaner, M. (2005): Ubiquitous computing for hospital applications RFID-applications to enable research in real-life environments. Paper presented at the UbiComp in HC, CompSAC.Google Scholar
  18. Holzinger, A., Schwaberger, K., Weitlaner, M. (2005): Ubiquitous computing for hospital applications: RFID-applications to enable research in real-life environments. 29th Int. Computer Software & Applications Conference (IEEE COMPSAC): 19–20.Google Scholar
  19. Howard, M., LeBlanc, D. (2002): Writing secure code (2nd ed.). Microsoft Press.Google Scholar
  20. Jepsen, T. (2003): IT in healthcare: Progress Report. IT PROFESSIONAL, 5 (1): 8–14.Google Scholar
  21. Juels, A., Rivest, R. L., Szydlo, M. (2003): The blocker tag: selective blocking of RFID tags for consumer privacy. Paper presented at the Proc. of the 10th ACM Conf. on Computer and Communications Security.Google Scholar
  22. Kelly, S. (2001): Chair of IEEE 802.11 Responds to WEP Security Flaws.Google Scholar
  23. Knospe, H., Pohl, H. (2004): RFID security. Information Security Technical Report, 9 (4), 39–50.Google Scholar
  24. Leavitt, N. (2005): Mobile phones: the next frontier for hackers. IEEE Computer, 38 (4): 20–23.Google Scholar
  25. Mahan, R. E. (2001): Security in wireless networks, SANS Institute.
  26. Mazzola, M. (2003): Interview. Queue, 1 (3): 12–16.Google Scholar
  27. Mitnick, K. D., Simon, W. L. (2002): The art of deception. Controlling the human element of security. John Wiley & Sons.Google Scholar
  28. Paul, D., Grinter, E., Delgado de la Flor, J., Joseph, M. (2004): Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput., 8 (6): 391–401.CrossRefGoogle Scholar
  29. Pesonen, L. (1999): GSM interception. Dpt. of Computer Science and Engineering: Helsinki University of Technology.Google Scholar
  30. Reuss, E., Menozzi, M., Buchi, M., Koller, J., Krueger, H. (2004): Information access at the point of care: what can we learn for designing a mobile CPR system? Int. Journal of Medical Informatics, 73 (4): 363–369.Google Scholar
  31. Rueckert, L., Deravanesian, A., Baboorian, D., Lacalamita, A., Repplinger, M. (2002): Pseudoneglect and the cross-over effect. Neuropsychologia, 40 (2): 162.CrossRefGoogle Scholar
  32. Russell, D. M., Streitz, N. A., Winograd, T. (2005): Building disappearing computers. Communications of the ACM, 48 (3): 42–48.CrossRefGoogle Scholar
  33. Sarma, S., Brock, D., Engels, D. (2001): Radio frequency identification and the electronic product code. IEEE MICRO, 21 (6): 50–54.CrossRefGoogle Scholar
  34. Swiderski, F., Snyder, W. (2004): Threat modelling. Microsoft Press.Google Scholar
  35. Walker, N. W., Myrick, C. C. (1985): Ethical considerations in the use of computers in psychological testing and assessment. J. School Psychol. 23 (1): 51–57.CrossRefGoogle Scholar
  36. Want, R. (2004): The magic of RFID: just how do those little things work anyway? ACM Queue, 2 (7): 40–48.CrossRefGoogle Scholar
  37. Wegner, P., Doyle, J. (1996): Editorial: strategic directions in computing research. ACM Comput. Surv., 28 (4): 565–574.CrossRefGoogle Scholar
  38. Weippl, E. R. (2005): Security in e-Learning. Heidelberg: Springer.Google Scholar
  39. Weis, S. A., Sarma, S. E., Rivest, R. L., Engels, D. W. (2004): Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D. (ed.): Security in pervasive computing. Heidelberg. LNCS 2802: 201–212.Google Scholar
  40. Weiser, M. (1993): Some computer science issues in ubiquitous computing. Communication of the ACM, 36 (7): 75–84.CrossRefGoogle Scholar
  41. Whittaker, J. (2003): Why secure applications are difficult to write. IEEE Security & Privacy (2): 81–83.Google Scholar
  42. Whittaker, J. A., Thompson, H. H. (2003): How to break software security. Addison Wesley.Google Scholar

Copyright information

© Springer-Verlag 2006

Authors and Affiliations

  • E. Weippl
    • 1
  • A. Holzinger
    • 2
  • A. M. Tjoa
    • 3
  1. 1.Vienna University of TechnologyWienAustria
  2. 2.Medical University of GrazGrazAustria
  3. 3.Vienna University of TechnologyWienAustria

Personalised recommendations