Journal of Medical Systems

, 40:229 | Cite as

Analysis of Security Protocols for Mobile Healthcare

  • Mohammad Wazid
  • Sherali Zeadally
  • Ashok Kumar Das
  • Vanga Odelu
Mobile & Wireless Health
Part of the following topical collections:
  1. Security and Privacy in e-healthcare

Abstract

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient’s health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

Keywords

Attack Communication cost Computation cost Mobile healthcare Mobile device Protocol Security Threat 

References

  1. 1.
    Asare, P.: Emerging health monitoring systems. https://pages.shanti.virginia.edu/Science_Straight_Up. Accessed on June 2016
  2. 2.
    Boukerche, A., and Ren, Y., A secure mobile healthcare system using trust-based multicast scheme. IEEE J. Selected Areas Commun. 27(4):387–399, 2009.CrossRefGoogle Scholar
  3. 3.
    Arora, S., Yttri, J., Nilsen, W., Privacy and security in mobile health (mHealth) research. Alcohol Res. Current Rev. 36(1):143, 2014.Google Scholar
  4. 4.
  5. 5.
    Wu, L., Li, J. Y., Fu, C. Y., The adoption of mobile healthcare by hospital’s professionals: an integrative perspective. Decis. Support Syst. 51(3):587–596, 2011.CrossRefGoogle Scholar
  6. 6.
    Kamel Boulos, M. N., Wheeler, S., Tavares, C., Jones, R., How smartphones are changing the face of mobile and participatory healthcare: an overview, with example from eCAALYX. BioMed. Eng. OnLine 10(24):1–14, 2011.Google Scholar
  7. 7.
    Ren, Y., Werner, R., Pazzi, N., Boukerche, A., Monitoring patients via a secure and mobile healthcare system. IEEE Wireless Commun. 17(1):59–65, 2010.CrossRefGoogle Scholar
  8. 8.
    Ren, Y., Chen, Y., Chuah, M. C., Yang, J., User verification leveraging gait recognition for Smartphone enabled mobile healthcare systems. IEEE Trans. Mobile Comput. 14(9):1961–1974, 2015.CrossRefGoogle Scholar
  9. 9.
    National Cancer Institute, Chemotherapy. http://www.cancer.gov/about-cancer/treatment/types/chemotherapy. Accessed on June 2016
  10. 10.
    Diana, A.: Securing Mobile Healthcare Devices: Best Practices. http://www.informationweek.com/healthcare/security-and-privacy/securing-mobile-healthcare-devices-best-practices/d/d-id/1269357. Accessed on June 2016
  11. 11.
    He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.CrossRefGoogle Scholar
  12. 12.
    Odelu, V., Das, A. K., Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.CrossRefGoogle Scholar
  13. 13.
    Koblitz, N., Elliptic curves cryptosystems. Math. Comput. 48:203–209, 1987.CrossRefGoogle Scholar
  14. 14.
    Stallings, W: Cryptography and Network Security: Principles and Practices, 3rd edn. Prentice Hall (2003)Google Scholar
  15. 15.
    Secure Hash Standard: FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (1995)Google Scholar
  16. 16.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Advances in Cryptology-Eurocrypt 2004, pp. 523–540. Springer, Interlaken (2004)CrossRefGoogle Scholar
  17. 17.
    Odelu, V., Das, A. K., Goswami, A., A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forens. Secur. 10(9):1953–1966, 2015.CrossRefGoogle Scholar
  18. 18.
    Jina, A. T. B., Linga, D. N. C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.CrossRefGoogle Scholar
  19. 19.
    Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.CrossRefGoogle Scholar
  20. 20.
    Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons and Fractals 50(1):669–674, 2008.CrossRefGoogle Scholar
  21. 21.
    HIT Consultant, 5 Best Practices for Mobile Device Security in Healthcare. https://www.hitconsultant.net/2015/11/03/5-best-practices-for-mobile-device-security-in-healthcare/. Accessed on June 2016
  22. 22.
    Pittman, D.: 5 Problems With Mobile Health App Security. https://www.theguardian.com/society/2000/jun/25/futureofthenhs.health. Accessed on June 2016
  23. 23.
    Nelson, E. C., Verhagen, T., Noordzij, M. L., Health empowerment through activity trackers: an empirical smart wristband study. Comput. Human Behav. 62:364–374, 2016.CrossRefGoogle Scholar
  24. 24.
    Phang, T. C., Mokhtar, M. H., Mokhtar, M. N., Rokhani, F. Z.: Time-division multiple access based intra-body communication for wearable health tracker. In: 17th International Symposium on Quality Electronic Design (ISQED), pp. 468–472. Santa Clara, USA (2016)Google Scholar
  25. 25.
    Sullivan, D.: My life with the Fitbvit One activity tracker. http://www.cnet.com/news/my-life-with-the-fitbit-one-activity-tracker. Accessed on June 2016
  26. 26.
    Fortino, G., and Pathan, M., Integration of cloud computing and body sensor networks. Future Gen. Comput. Syst. 35:57–61, 2014.CrossRefGoogle Scholar
  27. 27.
    Advanced Encryption Standard (AES), National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed on June 2016
  28. 28.
    Baig, M. M., GholamHosseini, H., Connolly, M. J., Mobile healthcare applications: system design review, critical issues and challenges. Aust. Phys. Eng. Sci. Med. 38(1):23–38, 2015.CrossRefGoogle Scholar
  29. 29.
    Rivest, R. L., Shamir, A., Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120–126, 1978.CrossRefGoogle Scholar
  30. 30.
    Arshad, H., Teymoori, V., Nikooghadam, M., Abbassi, H., On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(8):1–10, 2015.CrossRefGoogle Scholar
  31. 31.
    Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014.CrossRefGoogle Scholar
  32. 32.
    Mir, O., and Nikooghadam, M., A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wireless Person. Commun. 83(4):2439–2461, 2015.CrossRefGoogle Scholar
  33. 33.
    Das, A. K., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39(3):1–20, 2015.Google Scholar
  34. 34.
    Liu, C. H., and Chung, Y. F.: Secure user authentication scheme for wireless healthcare sensor networks. Computers & Electrical Engineering. doi:10.1016/j.compeleceng.2016.01.002 2016
  35. 35.
    Das, A. K., Odelu, V., Goswami, A., A secure and robust user authenticated key agreement scheme for hierarchical multi-medical server environment in TMIS. J. Med. Syst. 39(9):1–24, 2015.CrossRefGoogle Scholar
  36. 36.
    Wazid, M., Das, A. K., Kumari, S., Li, X., Wu, F., Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur. Commun. Netw. 9(13):1983–2001, 2016.Google Scholar
  37. 37.
    David, D. B., Mutual authentication scheme for multimedia medical information systems. Multimed. Tools Appl.,1–19, 2016.Google Scholar
  38. 38.
    David, D. B., Rajappa, M., Karupuswamy, T., Iyer, S. P., A dynamic-identity based multimedia server client authentication scheme for tele-care multimedia medical information system. Wireless Person. Commun. 85(1): 241–261, 2015.CrossRefGoogle Scholar
  39. 39.
    Li, C. T., Weng, C. Y., Lee, C. C., Wang, C. C., A hash based remote user authentication and authenticated key agreement scheme for the integrated EPR information system. J. Med. Syst. 39(11):1–11, 2015.CrossRefGoogle Scholar
  40. 40.
    Das, M. L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wireless Commun. 8 (3):1086–1090 , 2009.CrossRefGoogle Scholar
  41. 41.
    Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement protocol for telecare medicine information systems. Comput. Methods Programs Biomed. 135:167–185, 2016.PubMedCrossRefGoogle Scholar
  42. 42.
    Siddiqui, Z., Abdullah, A. H., Khan, M. K., Alghamdi, A. S., Smart environment as a service: three factor cloud based user authentication for telecare medical information system. J. Med. Syst. 38(1):1–14, 2013.Google Scholar
  43. 43.
    Jiang, Q., Khan, M. K., Lu, X., Ma, J., He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput.,1–24, 2016.Google Scholar
  44. 44.
    Zhang, L., Zhu, S., and Tang, S.: Privacy protection for telecare medicine information systems using a chaotic mapbased three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics. doi:10.1109/JBHI.2016.2517146 2016
  45. 45.
    Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.CrossRefGoogle Scholar
  46. 46.
    Li, C. T., and Hwang, M. S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.CrossRefGoogle Scholar
  47. 47.
    Li, X., Niu, J., Liao, J., Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.CrossRefGoogle Scholar
  48. 48.
    Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Person. Commun. 80(1):175–192, 2015.CrossRefGoogle Scholar
  49. 49.
    Li, X., Niu, J., Wang, Z., Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10):1488–1497, 2014.Google Scholar
  50. 50.
    Browne, A.: Lives ruined as NHS leaks patients’ notes. http://www.medpagetoday.com/practicemanagement/informationtechnology/44161. Accessed on June 2016
  51. 51.
    Ohri, A.: Denial of service attacks against hospitals and emergency rooms. https://decisionstats.com/2011/09/21/denial-of-service-attacks-against-hospitals-and-emergency-rooms. Accessed on June 2016
  52. 52.
    White, J.: How hospitals can fight back against new hacker attacks. http://www.healthcarebusinesstech.com/ddos-attacks-hospitals. Accessed on June 2016
  53. 53.
    Ouellette, P.: DDoS attack considerations for healthcare organizations. http://healthitsecurity.com/news/ddos-attack-considerations-for-healthcare-organizations. Accessed on June 2016
  54. 54.
    Jina, A. T. B., Linga, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.CrossRefGoogle Scholar
  55. 55.
    Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.CrossRefGoogle Scholar
  56. 56.
    Xiao, D., Liao, X., Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons & Fractals 24(1):65–71, 2005.CrossRefGoogle Scholar
  57. 57.
    Moon, J., Choi, Y., Kim, J., Won, D., An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J. Med. Syst. 40(3): 1–11, 2016.CrossRefGoogle Scholar
  58. 58.
    Mir, O., van der Weide, T., Lee, C. C., A secure user anonymity and authentication scheme using AVISPA for telecare medical information systems. J. Med. Syst. 39(9):1–16, 2015.CrossRefGoogle Scholar
  59. 59.
    He, D., Zeadally, S., Xu, B., Huang, X., An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans. Inf. Forens. Secur. 10(12):2681–2691, 2015.CrossRefGoogle Scholar
  60. 60.
    He, D., Kumar, N., Lee, J. H., Sherratt, R. S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.CrossRefGoogle Scholar
  61. 61.
    Lee, T. F.: Provably secure anonymous single-sign-on authentication mechanisms using extended Chebyshev chaotic maps for distributed computer networks. IEEE Syst. J. (2015)Google Scholar
  62. 62.
    Vanstone, S., Responses to NIST’s proposal. Commun. ACM 35(7):50–52, 1992.Google Scholar
  63. 63.
    Lauter, K., The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Commun. 11 (1):62–67, 2004.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  1. 1.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information TechnologyHyderabadIndia
  2. 2.College of Communication and InformationUniversity of KentuckyLexingtonUSA
  3. 3.Department of Computer Science and EngineeringIndian Institute of Information TechnologySri CityIndia

Personalised recommendations