Journal of Medical Systems

, 37:9962 | Cite as

Two RFID Standard-based Security Protocols for Healthcare Environments

  • Pablo Picazo-Sanchez
  • Nasour Bagheri
  • Pedro Peris-Lopez
  • Juan E. Tapiador
Original Paper

Abstract

Radio Frequency Identification (RFID) systems are widely used in access control, transportation, real-time inventory and asset management, automated payment systems, etc. Nevertheless, the use of this technology is almost unexplored in healthcare environments, where potential applications include patient monitoring, asset traceability and drug administration systems, to mention just a few. RFID technology can offer more intelligent systems and applications, but privacy and security issues have to be addressed before its adoption. This is even more dramatical in healthcare applications where very sensitive information is at stake and patient safety is paramount. In Wu et al. (J. Med. Syst. 37:19, 43) recently proposed a new RFID authentication protocol for healthcare environments. In this paper we show that this protocol puts location privacy of tag holders at risk, which is a matter of gravest concern and ruins the security of this proposal. To facilitate theimplementation of secure RFID-based solutions in the medical sector, we suggest two new applications (authentication and secure messaging) and propose solutions that, in contrast to previous proposals in this field, are fully based on ISO Standards and NIST Security Recommendations.

Keywords

RFID Healthcare Privacy Standards 

References

  1. 1.
    Arbit, A., Oren, Y., and Wool, A. Toward practical public key anti-counterfeiting for low-cost epc tags. In: IEEE International Conference on RFID, pp. 184–191, 2011.Google Scholar
  2. 2.
    Aronson, J., Medication errors: What they are, how they happen, and how to avoid them. QJM: Int. J. Med. 102(8):513–521, 2009.CrossRefGoogle Scholar
  3. 3.
    Azevedo, S. G., and Ferreira, J. J., Radio frequency identification: A case study of healthcare organisations. Int. J. Secur. Netw. 5(2/3):147–155, 2010.CrossRefGoogle Scholar
  4. 4.
    Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., and Verbauwhede, I., Public-key cryptography for RFID-Tags. In: Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 217–222, 2007.Google Scholar
  5. 5.
    Biryukov, A., Block ciphers and stream ciphers: The state of the art. Cryptology ePrint Archive, Report 2004/094, 2004. http://eprint.iacr.org/.
  6. 6.
    Bogdanov, A., Knudsen, L., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., and Vikkelsoe, C., Present: an ultra-lightweight block cipher. In: Cryptographic Hardware and Embedded Systems-CHES 2007. Lecture Notes in Computer Science, Vol. 4727, pp. 450–466. Berlin: Springer, 2007.Google Scholar
  7. 7.
    Bunduchi, R., Weisshaar, C., and Smart, A. U., Mapping the benefits and costs associated with process innovation: The case of rfid adoption. Technovation 31(9):505–521, 2011.CrossRefGoogle Scholar
  8. 8.
    Cannire, C., Dunkelman, O., and Kneevi, M., KATAN and KTANTAN a family of small and efficient hardware-oriented block ciphers. In: Cryptographic Hardware and Embedded Systems-CHES 2009. Lecture Notes in Computer Science, Vol. 5747, pp. 272–288. Berlin: Springer, 2009.Google Scholar
  9. 9.
    Chan, H. L., Choi, T. M., and Hui, C. L., Rfid versus bar-coding systems: transactions errors in health care apparel inventory control. Decis. Support. Syst. 54(1):803–811, 2012.CrossRefGoogle Scholar
  10. 10.
    Chen, Y. Y., Huang, D. C., Tsai, M. L., and Jan, J. K., A design of tamper resistant prescription rfid access control system. J. Med. Syst. 36(5):2795–2801, 2012. doi:10.1007/s10916-011-9758-2.CrossRefGoogle Scholar
  11. 11.
    Chen, Y. Y., Wang, Y. J., and Jan, J. K., A secure 2G-RFID-Sys mechanism for applying to the medical emergency system. J. Med. Syst. 37(3):1–10, 2013.CrossRefGoogle Scholar
  12. 12.
    Chien, H. Y., and Chen, C. H., Mutual authentication protocol for rfid conforming to epc class 1 generation 2 standards. Comput. Stand. & Interfaces 29(2):254–259, 2007.MathSciNetCrossRefGoogle Scholar
  13. 13.
    Chien, H. Y., Yang, C. C., Wu, T. C., and Lee, C. F., Two rfid-based solutions to enhance inpatient medication safety. J. Med. Syst. 35(3):369–375, 2011. doi: 10.1007/s10916-009-9373-7.CrossRefGoogle Scholar
  14. 14.
    Duc, D. N., and Kim, K., Defending rfid authentication protocols against dos attacks. Comput. Commun. 34(3):384–390, 2011.CrossRefGoogle Scholar
  15. 15.
    Dunbar, P., 300,000 babies stolen from their parents-and sold for adoption: haunting bbc documentary exposes 50-year scandal of baby trafficking by the catholic church in Spain. Daily Mail, 2011. http://www.dailymail.co.uk/news/article-2049647/BBC-Catholic-documentary-exposes-50-year-scandal-baby-trafficking-church-Spain.html.
  16. 16.
    Feldhofer, M., and Rechberger, C., A case against currently used hash functions in rfid protocols. In: Proceedings of the 2006 International Conference on On the Move to Meaningful Internet Systems-Workshops-Volume Part I, OTM’06, pp. 372–381. Springer-Verlag, 2006.Google Scholar
  17. 17.
    Feldhofer, M., Wolkerstorfer, J., and Rijmen, V., Aes implementation on a grain of sand. IEE Proceed. Info. Secur. 152(1):13–20, 2005.CrossRefGoogle Scholar
  18. 18.
    Fu, X., and Guo, Y., A lightweight rfid mutual authentication protocol with ownership transfer. In: Advances in Wireless Sensor Networks, Communications in Computer and Information Science, Vol. 334, pp. 68–74. Berlin: Springer, 2013.Google Scholar
  19. 19.
    Gmez Pardo, J., Classical ciphers and their cryptanalysis. In: Introduction to Cryptography with Maple, pp. 1–33. Berlin: Springer, 2013.Google Scholar
  20. 20.
    Hell, M., Johansson, T., Maximov, A., and Meier, W., A stream cipher proposal: Grain-128. In: IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE, 2006.Google Scholar
  21. 21.
    Huang, H. H., and Ku, C. Y., A rfid grouping proof protocol for medication safety of inpatient. J. Med. Syst. 33(6):467–474, 2009. doi: 10.1007/s10916-008-9207-z.CrossRefGoogle Scholar
  22. 22.
    ICAO: Machine readable travel documents–part 3. International Civil Aviation Organization, 2009.Google Scholar
  23. 23.
    ISO: Information technology–security techniques–entity authentication–part 2: Mechanisms using symmetric encipherment algorithms, iso/iec 9798-2:2008. International Standard, 2nd edn., 1999.Google Scholar
  24. 24.
    Kitsos, P., Sklavos, N., Parousi, M., and Skodras, A. N., A comparative study of hardware architectures for lightweight block ciphers. Comput. Electr. Eng. 38(1):148–160, 2012.CrossRefGoogle Scholar
  25. 25.
    Lin, L., Yu, N., Wang, T., and Zhan, C., Active rfid based infant security system., In: Ma, M. (Ed.) Communication Systems and Information Technology, Lecture Notes in Electrical Engineering, Vol. 100, pp. 203–209. Berlin: Springer, 2011.Google Scholar
  26. 26.
    Lin, Q., and Zhang, F., Ecc-based grouping-proof rfid for inpatient medication safety. J. Med. Syst. 36(6):3527–3531, 2012.CrossRefGoogle Scholar
  27. 27.
    Malkin, B., 300,000 babies stolen from their parents-and sold for adoption: haunting bbc documentary exposes 50-year scandal of baby trafficking by the catholic church in spain. The Telegraph p. 1, 2011. http://www.telegraph.co.uk/news/religion/8660249/Australias-Roman-Catholic-Church-apologises-for-forced-adoptions.html.
  28. 28.
    Menezes, A. J., Vanstone, S. A., and Oorschot, P. C. V., Handbook of applied cryptography, 1st edn. CRC Press, Inc, 1996.Google Scholar
  29. 29.
    Mora-Gutirrez, J., Jimnez-Fernndez, C., and Valencia-Barrero, M., Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation. In: Lecture Notes in Computer Science, Vol. 7606, pp. 113–120. Berlin: Springer, 2013.Google Scholar
  30. 30.
    Najera, P., Lopez, J., and Roman, R., Real-time location and inpatient care systems based on passive rfid. J. Netw. Comput. Appl. 34(3):980–989, 2011.CrossRefGoogle Scholar
  31. 31.
    NCMEC: Newborn/infant abductions. National Center for Missing & Exploited Children, p. 1, 2012. http://www.ncmec.org/en_US/documents/InfantAbductionStats.pdf.
  32. 32.
    NIST: Recommendation for block cipher modes of operation. methods and techniques, NIST special publication 800–38a. National Institute of Standards and Technology, 2001.Google Scholar
  33. 33.
    NIST: Recommendation for block cipher modes of operation: the CMAC mode for authentication, NIST special publication 800-38b. National Institute of Standards and Technology, 2005.Google Scholar
  34. 34.
    NIST: Recommendation for key derivation using pseudorandom functions (revised), NIST special publication 800–108. National Institute of Standards and Technology, 2009.Google Scholar
  35. 35.
    Oztekin, A., Pajouh, F. M., Delen, D., and Swim, L. K., An rfid network design methodology for asset tracking in healthcare. Decis. Support. Syst. 49(1):100–109, 2010. doi: 10.1016/j.dss.2010.01.007.CrossRefGoogle Scholar
  36. 36.
    Parlak, S., Sarcevic, A., Marsic, I., and Burd, R. S., Introducing rfid technology in dynamic and time-critical medical settings: Requirements and challenges. J. Biomed. Inform. 45(5):958–974, 2012.CrossRefGoogle Scholar
  37. 37.
    Peris-Lopez, P., Orfila, A., Mitrokotsa, A., and van der Lubbe, J. C., A comprehensive rfid solution to enhance inpatient medication safety. Int. J. Med. Inform. 80(1):13—24, 2011. doi: 10.1016/j.ijmedinf.2010.10.008.CrossRefGoogle Scholar
  38. 38.
    Peris-Lopez, P., Orfila, A., Mitrokotsa, A., and van der Lubbe, J. C. A., A comprehensive rfid solution to enhance inpatient medication safety. Int. J. Med. Inform. 80(1):13–24, 2011.CrossRefGoogle Scholar
  39. 39.
    Piramuthu, S., Rfid mutual authentication protocols. Decis. Support. Syst. 50(2):387–393, 2011.CrossRefGoogle Scholar
  40. 40.
    Qu, X., Simpson, L. T., and Stanfield, P., A model for quantifying the value of rfid-enabled equipment tracking in hospitals. Adv. Eng. Inform. 25(1):23–31, 2011.CrossRefGoogle Scholar
  41. 41.
    Safkhani, M., Bagheri, N., and Naderi, M., On the designing of a tamper resistant prescription rfid access control system. J. Med. Syst. 36(6):3995–4004, 2012. doi: 10.1007/s10916-012-9872-9.CrossRefGoogle Scholar
  42. 42.
    Sun, P. R., Wang, B. H., and Wu, F., A new method to guard inpatient medication safety by the implementation of rfid. J. Med. Syst. 32(4):327–332, 2008.CrossRefGoogle Scholar
  43. 43.
    Wu, Z. Y., Chen, L., and Wu, J. C., A reliable rfid mutual authentication scheme for healthcare environments. J. Med. Syst. 37:1–9, 2013.Google Scholar
  44. 44.
    Wyld, D., Preventing the worst case scenario: An analysis of rfid technology and infant protection in hospitals. Int. J. Healthc. Adm. 7(1), 2010.Google Scholar
  45. 45.
    Yang, M. H., Secure multiple group ownership transfer protocol for mobile rfid. Electron. Commer. Res. Appl. 11(4):361–373, 2012.CrossRefGoogle Scholar
  46. 46.
    Yao, W., Chu, C. H., and Li, Z., The use of rfid in healthcare: Benefits and barriers. In: IEEE International Conference on RFID-Technology and Applications (RFID-TA), pp. 128 –134, 2010.Google Scholar
  47. 47.
    Yao, W., Chu, C. H., and Li, Z., The use of rfid in healthcare: benefits and barriers. In: IEEE International Conference on RFID-Technology and Applications (RFID-TA), pp. 128–134. IEEE Society, 2010.Google Scholar
  48. 48.
    Yao, W., Chu, C. H., and Li, Z., Leveraging complex event processing for smart hospitals using rfid. J. Netw. Comput. Appl. 34(3):799–810, 2011.CrossRefGoogle Scholar
  49. 49.
    Yao, W., Chu, C. H., and Li, Z., The adoption and implementation of rfid technologies in healthcare: a literature review. J. Med. Syst. 36(6):3507–3525, 2012.CrossRefGoogle Scholar
  50. 50.
    Yen, Y. C., Lo, N. W., and Wu, T. C., Two rfid-based solutions for secure inpatient medication administration. J. Med. Syst. 36(5):2769–2778, 2012. doi: 10.1007/s10916-011-9753-7.CrossRefGoogle Scholar
  51. 51.
    Zhou, W., and Yoon, E. J., Piramuthu, S., Simultaneous multi-level rfid tag ownership & transfer in health care environments. Decis. Support. Syst. 54(1):98–108, 2012.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Pablo Picazo-Sanchez
    • 1
  • Nasour Bagheri
    • 2
  • Pedro Peris-Lopez
    • 3
  • Juan E. Tapiador
    • 3
  1. 1.Department of Applied MathematicsUniversity School of Computer Science (UPM) of MadridMadridSpain
  2. 2.Department of Electrical EngineeringShahid Rajaee Teachers Training UniversityTehranIran
  3. 3.Department of Computer ScienceUniversidad Carlos III de MadridLeganésSpain

Personalised recommendations