Abstract
Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient’s health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.
Similar content being viewed by others
References
Asare, P.: Emerging health monitoring systems. https://pages.shanti.virginia.edu/Science_Straight_Up. Accessed on June 2016
Boukerche, A., and Ren, Y., A secure mobile healthcare system using trust-based multicast scheme. IEEE J. Selected Areas Commun. 27(4):387–399, 2009.
Arora, S., Yttri, J., Nilsen, W., Privacy and security in mobile health (mHealth) research. Alcohol Res. Current Rev. 36(1):143, 2014.
Is Mobile Healthcare the Future. http://www.greatcall.com/greatcall/lp/is-mobile-healthcare-the-future-infographic.aspx. Accessed on June 2016
Wu, L., Li, J. Y., Fu, C. Y., The adoption of mobile healthcare by hospital’s professionals: an integrative perspective. Decis. Support Syst. 51(3):587–596, 2011.
Kamel Boulos, M. N., Wheeler, S., Tavares, C., Jones, R., How smartphones are changing the face of mobile and participatory healthcare: an overview, with example from eCAALYX. BioMed. Eng. OnLine 10(24):1–14, 2011.
Ren, Y., Werner, R., Pazzi, N., Boukerche, A., Monitoring patients via a secure and mobile healthcare system. IEEE Wireless Commun. 17(1):59–65, 2010.
Ren, Y., Chen, Y., Chuah, M. C., Yang, J., User verification leveraging gait recognition for Smartphone enabled mobile healthcare systems. IEEE Trans. Mobile Comput. 14(9):1961–1974, 2015.
National Cancer Institute, Chemotherapy. http://www.cancer.gov/about-cancer/treatment/types/chemotherapy. Accessed on June 2016
Diana, A.: Securing Mobile Healthcare Devices: Best Practices. http://www.informationweek.com/healthcare/security-and-privacy/securing-mobile-healthcare-devices-best-practices/d/d-id/1269357. Accessed on June 2016
He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.
Odelu, V., Das, A. K., Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.
Koblitz, N., Elliptic curves cryptosystems. Math. Comput. 48:203–209, 1987.
Stallings, W: Cryptography and Network Security: Principles and Practices, 3rd edn. Prentice Hall (2003)
Secure Hash Standard: FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (1995)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Advances in Cryptology-Eurocrypt 2004, pp. 523–540. Springer, Interlaken (2004)
Odelu, V., Das, A. K., Goswami, A., A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forens. Secur. 10(9):1953–1966, 2015.
Jina, A. T. B., Linga, D. N. C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.
Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.
Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons and Fractals 50(1):669–674, 2008.
HIT Consultant, 5 Best Practices for Mobile Device Security in Healthcare. https://www.hitconsultant.net/2015/11/03/5-best-practices-for-mobile-device-security-in-healthcare/. Accessed on June 2016
Pittman, D.: 5 Problems With Mobile Health App Security. https://www.theguardian.com/society/2000/jun/25/futureofthenhs.health. Accessed on June 2016
Nelson, E. C., Verhagen, T., Noordzij, M. L., Health empowerment through activity trackers: an empirical smart wristband study. Comput. Human Behav. 62:364–374, 2016.
Phang, T. C., Mokhtar, M. H., Mokhtar, M. N., Rokhani, F. Z.: Time-division multiple access based intra-body communication for wearable health tracker. In: 17th International Symposium on Quality Electronic Design (ISQED), pp. 468–472. Santa Clara, USA (2016)
Sullivan, D.: My life with the Fitbvit One activity tracker. http://www.cnet.com/news/my-life-with-the-fitbit-one-activity-tracker. Accessed on June 2016
Fortino, G., and Pathan, M., Integration of cloud computing and body sensor networks. Future Gen. Comput. Syst. 35:57–61, 2014.
Advanced Encryption Standard (AES), National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed on June 2016
Baig, M. M., GholamHosseini, H., Connolly, M. J., Mobile healthcare applications: system design review, critical issues and challenges. Aust. Phys. Eng. Sci. Med. 38(1):23–38, 2015.
Rivest, R. L., Shamir, A., Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120–126, 1978.
Arshad, H., Teymoori, V., Nikooghadam, M., Abbassi, H., On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(8):1–10, 2015.
Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014.
Mir, O., and Nikooghadam, M., A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wireless Person. Commun. 83(4):2439–2461, 2015.
Das, A. K., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39(3):1–20, 2015.
Liu, C. H., and Chung, Y. F.: Secure user authentication scheme for wireless healthcare sensor networks. Computers & Electrical Engineering. doi:10.1016/j.compeleceng.2016.01.002 2016
Das, A. K., Odelu, V., Goswami, A., A secure and robust user authenticated key agreement scheme for hierarchical multi-medical server environment in TMIS. J. Med. Syst. 39(9):1–24, 2015.
Wazid, M., Das, A. K., Kumari, S., Li, X., Wu, F., Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur. Commun. Netw. 9(13):1983–2001, 2016.
David, D. B., Mutual authentication scheme for multimedia medical information systems. Multimed. Tools Appl.,1–19, 2016.
David, D. B., Rajappa, M., Karupuswamy, T., Iyer, S. P., A dynamic-identity based multimedia server client authentication scheme for tele-care multimedia medical information system. Wireless Person. Commun. 85(1): 241–261, 2015.
Li, C. T., Weng, C. Y., Lee, C. C., Wang, C. C., A hash based remote user authentication and authenticated key agreement scheme for the integrated EPR information system. J. Med. Syst. 39(11):1–11, 2015.
Das, M. L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wireless Commun. 8 (3):1086–1090 , 2009.
Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement protocol for telecare medicine information systems. Comput. Methods Programs Biomed. 135:167–185, 2016.
Siddiqui, Z., Abdullah, A. H., Khan, M. K., Alghamdi, A. S., Smart environment as a service: three factor cloud based user authentication for telecare medical information system. J. Med. Syst. 38(1):1–14, 2013.
Jiang, Q., Khan, M. K., Lu, X., Ma, J., He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput.,1–24, 2016.
Zhang, L., Zhu, S., and Tang, S.: Privacy protection for telecare medicine information systems using a chaotic mapbased three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics. doi:10.1109/JBHI.2016.2517146 2016
Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.
Li, C. T., and Hwang, M. S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.
Li, X., Niu, J., Liao, J., Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.
Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Person. Commun. 80(1):175–192, 2015.
Li, X., Niu, J., Wang, Z., Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10):1488–1497, 2014.
Browne, A.: Lives ruined as NHS leaks patients’ notes. http://www.medpagetoday.com/practicemanagement/informationtechnology/44161. Accessed on June 2016
Ohri, A.: Denial of service attacks against hospitals and emergency rooms. https://decisionstats.com/2011/09/21/denial-of-service-attacks-against-hospitals-and-emergency-rooms. Accessed on June 2016
White, J.: How hospitals can fight back against new hacker attacks. http://www.healthcarebusinesstech.com/ddos-attacks-hospitals. Accessed on June 2016
Ouellette, P.: DDoS attack considerations for healthcare organizations. http://healthitsecurity.com/news/ddos-attack-considerations-for-healthcare-organizations. Accessed on June 2016
Jina, A. T. B., Linga, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.
Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.
Xiao, D., Liao, X., Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons & Fractals 24(1):65–71, 2005.
Moon, J., Choi, Y., Kim, J., Won, D., An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J. Med. Syst. 40(3): 1–11, 2016.
Mir, O., van der Weide, T., Lee, C. C., A secure user anonymity and authentication scheme using AVISPA for telecare medical information systems. J. Med. Syst. 39(9):1–16, 2015.
He, D., Zeadally, S., Xu, B., Huang, X., An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans. Inf. Forens. Secur. 10(12):2681–2691, 2015.
He, D., Kumar, N., Lee, J. H., Sherratt, R. S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.
Lee, T. F.: Provably secure anonymous single-sign-on authentication mechanisms using extended Chebyshev chaotic maps for distributed computer networks. IEEE Syst. J. (2015)
Vanstone, S., Responses to NIST’s proposal. Commun. ACM 35(7):50–52, 1992.
Lauter, K., The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Commun. 11 (1):62–67, 2004.
Acknowledgments
We thank the anonymous reviewers for their valuable feedback on the paper which helped us to improve its quality and presentation.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interests
The authors declare that they have no conflict of interest.
Additional information
This article is part of the Topical Collection on Mobile & Wireless Health
Rights and permissions
About this article
Cite this article
Wazid, M., Zeadally, S., Das, A.K. et al. Analysis of Security Protocols for Mobile Healthcare. J Med Syst 40, 229 (2016). https://doi.org/10.1007/s10916-016-0596-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0596-0