Skip to main content

Advertisement

SpringerLink
Log in

Analysis of Security Protocols for Mobile Healthcare

  • Mobile & Wireless Health
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Mobile Healthcare (mHealth) continues to improve because of significant improvements and the decreasing costs of Information Communication Technologies (ICTs). mHealth is a medical and public health practice, which is supported by mobile devices (for example, smartphones) and, patient monitoring devices (for example, various types of wearable sensors, etc.). An mHealth system enables healthcare experts and professionals to have ubiquitous access to a patient’s health data along with providing any ongoing medical treatment at any time, any place, and from any device. It also helps the patient requiring continuous medical monitoring to stay in touch with the appropriate medical staff and healthcare experts remotely. Thus, mHealth has become a major driving force in improving the health of citizens today. First, we discuss the security requirements, issues and threats to the mHealth system. We then present a taxonomy of recently proposed security protocols for mHealth system based on features supported and possible attacks, computation cost and communication cost. Our detailed taxonomy demonstrates the strength and weaknesses of recently proposed security protocols for the mHealth system. Finally, we identify some of the challenges in the area of security protocols for mHealth systems that still need to be addressed in the future to enable cost-effective, secure and robust mHealth systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Asare, P.: Emerging health monitoring systems. https://pages.shanti.virginia.edu/Science_Straight_Up. Accessed on June 2016

  2. Boukerche, A., and Ren, Y., A secure mobile healthcare system using trust-based multicast scheme. IEEE J. Selected Areas Commun. 27(4):387–399, 2009.

    Article  Google Scholar 

  3. Arora, S., Yttri, J., Nilsen, W., Privacy and security in mobile health (mHealth) research. Alcohol Res. Current Rev. 36(1):143, 2014.

    Google Scholar 

  4. Is Mobile Healthcare the Future. http://www.greatcall.com/greatcall/lp/is-mobile-healthcare-the-future-infographic.aspx. Accessed on June 2016

  5. Wu, L., Li, J. Y., Fu, C. Y., The adoption of mobile healthcare by hospital’s professionals: an integrative perspective. Decis. Support Syst. 51(3):587–596, 2011.

    Article  Google Scholar 

  6. Kamel Boulos, M. N., Wheeler, S., Tavares, C., Jones, R., How smartphones are changing the face of mobile and participatory healthcare: an overview, with example from eCAALYX. BioMed. Eng. OnLine 10(24):1–14, 2011.

    Google Scholar 

  7. Ren, Y., Werner, R., Pazzi, N., Boukerche, A., Monitoring patients via a secure and mobile healthcare system. IEEE Wireless Commun. 17(1):59–65, 2010.

    Article  Google Scholar 

  8. Ren, Y., Chen, Y., Chuah, M. C., Yang, J., User verification leveraging gait recognition for Smartphone enabled mobile healthcare systems. IEEE Trans. Mobile Comput. 14(9):1961–1974, 2015.

    Article  Google Scholar 

  9. National Cancer Institute, Chemotherapy. http://www.cancer.gov/about-cancer/treatment/types/chemotherapy. Accessed on June 2016

  10. Diana, A.: Securing Mobile Healthcare Devices: Best Practices. http://www.informationweek.com/healthcare/security-and-privacy/securing-mobile-healthcare-devices-best-practices/d/d-id/1269357. Accessed on June 2016

  11. He, D., and Zeadally, S., Authentication protocol for an ambient assisted living system. IEEE Commun. Mag. 53(1):71–77, 2015.

    Article  Google Scholar 

  12. Odelu, V., Das, A. K., Goswami, A., An effective and secure key-management scheme for hierarchical access control in e-medicine system. J. Med. Syst. 37(2):1–18, 2013.

    Article  Google Scholar 

  13. Koblitz, N., Elliptic curves cryptosystems. Math. Comput. 48:203–209, 1987.

    Article  Google Scholar 

  14. Stallings, W: Cryptography and Network Security: Principles and Practices, 3rd edn. Prentice Hall (2003)

  15. Secure Hash Standard: FIPS PUB 180-1, National Institute of Standards and Technology (NIST), U.S. Department of Commerce (1995)

  16. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Advances in Cryptology-Eurocrypt 2004, pp. 523–540. Springer, Interlaken (2004)

    Chapter  Google Scholar 

  17. Odelu, V., Das, A. K., Goswami, A., A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forens. Secur. 10(9):1953–1966, 2015.

    Article  Google Scholar 

  18. Jina, A. T. B., Linga, D. N. C., Goh, A., Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  19. Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.

    Article  Google Scholar 

  20. Zhang, L., Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons and Fractals 50(1):669–674, 2008.

    Article  Google Scholar 

  21. HIT Consultant, 5 Best Practices for Mobile Device Security in Healthcare. https://www.hitconsultant.net/2015/11/03/5-best-practices-for-mobile-device-security-in-healthcare/. Accessed on June 2016

  22. Pittman, D.: 5 Problems With Mobile Health App Security. https://www.theguardian.com/society/2000/jun/25/futureofthenhs.health. Accessed on June 2016

  23. Nelson, E. C., Verhagen, T., Noordzij, M. L., Health empowerment through activity trackers: an empirical smart wristband study. Comput. Human Behav. 62:364–374, 2016.

    Article  Google Scholar 

  24. Phang, T. C., Mokhtar, M. H., Mokhtar, M. N., Rokhani, F. Z.: Time-division multiple access based intra-body communication for wearable health tracker. In: 17th International Symposium on Quality Electronic Design (ISQED), pp. 468–472. Santa Clara, USA (2016)

    Google Scholar 

  25. Sullivan, D.: My life with the Fitbvit One activity tracker. http://www.cnet.com/news/my-life-with-the-fitbit-one-activity-tracker. Accessed on June 2016

  26. Fortino, G., and Pathan, M., Integration of cloud computing and body sensor networks. Future Gen. Comput. Syst. 35:57–61, 2014.

    Article  Google Scholar 

  27. Advanced Encryption Standard (AES), National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. Accessed on June 2016

  28. Baig, M. M., GholamHosseini, H., Connolly, M. J., Mobile healthcare applications: system design review, critical issues and challenges. Aust. Phys. Eng. Sci. Med. 38(1):23–38, 2015.

    Article  Google Scholar 

  29. Rivest, R. L., Shamir, A., Adleman, L., A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2):120–126, 1978.

    Article  Google Scholar 

  30. Arshad, H., Teymoori, V., Nikooghadam, M., Abbassi, H., On the security of a two-factor authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 39(8):1–10, 2015.

    Article  Google Scholar 

  31. Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., Chaturvedi, A., Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. J. Med. Syst. 38(5): 1–11, 2014.

    Article  Google Scholar 

  32. Mir, O., and Nikooghadam, M., A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wireless Person. Commun. 83(4):2439–2461, 2015.

    Article  Google Scholar 

  33. Das, A. K., A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39(3):1–20, 2015.

    Google Scholar 

  34. Liu, C. H., and Chung, Y. F.: Secure user authentication scheme for wireless healthcare sensor networks. Computers & Electrical Engineering. doi:10.1016/j.compeleceng.2016.01.002 2016

  35. Das, A. K., Odelu, V., Goswami, A., A secure and robust user authenticated key agreement scheme for hierarchical multi-medical server environment in TMIS. J. Med. Syst. 39(9):1–24, 2015.

    Article  Google Scholar 

  36. Wazid, M., Das, A. K., Kumari, S., Li, X., Wu, F., Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS. Secur. Commun. Netw. 9(13):1983–2001, 2016.

    Google Scholar 

  37. David, D. B., Mutual authentication scheme for multimedia medical information systems. Multimed. Tools Appl.,1–19, 2016.

  38. David, D. B., Rajappa, M., Karupuswamy, T., Iyer, S. P., A dynamic-identity based multimedia server client authentication scheme for tele-care multimedia medical information system. Wireless Person. Commun. 85(1): 241–261, 2015.

    Article  Google Scholar 

  39. Li, C. T., Weng, C. Y., Lee, C. C., Wang, C. C., A hash based remote user authentication and authenticated key agreement scheme for the integrated EPR information system. J. Med. Syst. 39(11):1–11, 2015.

    Article  Google Scholar 

  40. Das, M. L., Two-factor user authentication in wireless sensor networks. IEEE Trans. Wireless Commun. 8 (3):1086–1090 , 2009.

    Article  Google Scholar 

  41. Sutrala, A. K., Das, A. K., Odelu, V., Wazid, M., Kumari, S., Secure anonymity-preserving password-based user authentication and session key agreement protocol for telecare medicine information systems. Comput. Methods Programs Biomed. 135:167–185, 2016.

    Article  PubMed  Google Scholar 

  42. Siddiqui, Z., Abdullah, A. H., Khan, M. K., Alghamdi, A. S., Smart environment as a service: three factor cloud based user authentication for telecare medical information system. J. Med. Syst. 38(1):1–14, 2013.

    Google Scholar 

  43. Jiang, Q., Khan, M. K., Lu, X., Ma, J., He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput.,1–24, 2016.

  44. Zhang, L., Zhu, S., and Tang, S.: Privacy protection for telecare medicine information systems using a chaotic mapbased three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics. doi:10.1109/JBHI.2016.2517146 2016

  45. Das, A. K., Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3):145–151, 2011.

    Article  Google Scholar 

  46. Li, C. T., and Hwang, M. S., An efficient biometric-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33:1–5, 2010.

    Article  Google Scholar 

  47. Li, X., Niu, J., Liao, J., Liang, W., Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(2):374–382, 2015.

    Article  CAS  Google Scholar 

  48. Li, X., Niu, J., Kumari, S., Liao, J., Liang, W., An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Person. Commun. 80(1):175–192, 2015.

    Article  Google Scholar 

  49. Li, X., Niu, J., Wang, Z., Chen, C., Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10):1488–1497, 2014.

    Google Scholar 

  50. Browne, A.: Lives ruined as NHS leaks patients’ notes. http://www.medpagetoday.com/practicemanagement/informationtechnology/44161. Accessed on June 2016

  51. Ohri, A.: Denial of service attacks against hospitals and emergency rooms. https://decisionstats.com/2011/09/21/denial-of-service-attacks-against-hospitals-and-emergency-rooms. Accessed on June 2016

  52. White, J.: How hospitals can fight back against new hacker attacks. http://www.healthcarebusinesstech.com/ddos-attacks-hospitals. Accessed on June 2016

  53. Ouellette, P.: DDoS attack considerations for healthcare organizations. http://healthitsecurity.com/news/ddos-attack-considerations-for-healthcare-organizations. Accessed on June 2016

  54. Jina, A. T. B., Linga, D. N. C., Goh, A., Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recog. 37(11):2245–2255, 2004.

    Article  Google Scholar 

  55. Lumini, A., and Nanni, L., An improved BioHashing for human authentication. Pattern Recog. 40(3): 1057–1065, 2007.

    Article  Google Scholar 

  56. Xiao, D., Liao, X., Deng, S., One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons & Fractals 24(1):65–71, 2005.

    Article  CAS  Google Scholar 

  57. Moon, J., Choi, Y., Kim, J., Won, D., An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J. Med. Syst. 40(3): 1–11, 2016.

    Article  Google Scholar 

  58. Mir, O., van der Weide, T., Lee, C. C., A secure user anonymity and authentication scheme using AVISPA for telecare medical information systems. J. Med. Syst. 39(9):1–16, 2015.

    Article  Google Scholar 

  59. He, D., Zeadally, S., Xu, B., Huang, X., An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Trans. Inf. Forens. Secur. 10(12):2681–2691, 2015.

    Article  Google Scholar 

  60. He, D., Kumar, N., Lee, J. H., Sherratt, R. S., Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans. Consum. Electron. 60(1):30–37, 2014.

    Article  Google Scholar 

  61. Lee, T. F.: Provably secure anonymous single-sign-on authentication mechanisms using extended Chebyshev chaotic maps for distributed computer networks. IEEE Syst. J. (2015)

  62. Vanstone, S., Responses to NIST’s proposal. Commun. ACM 35(7):50–52, 1992.

    Google Scholar 

  63. Lauter, K., The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Commun. 11 (1):62–67, 2004.

    Article  Google Scholar 

Download references

Acknowledgments

We thank the anonymous reviewers for their valuable feedback on the paper which helped us to improve its quality and presentation.

Author information

Authors and Affiliations

  1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad, 500 032, India

    Mohammad Wazid & Ashok Kumar Das

  2. College of Communication and Information, University of Kentucky, Lexington, KY, 405 06, USA

    Sherali Zeadally

  3. Department of Computer Science and Engineering, Indian Institute of Information Technology, Sri City, Chittoor 517 588, Andhra Pradesh, India

    Vanga Odelu

Authors
  1. Mohammad Wazid
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sherali Zeadally
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashok Kumar Das
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vanga Odelu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashok Kumar Das.

Ethics declarations

Conflict of interests

The authors declare that they have no conflict of interest.

Additional information

This article is part of the Topical Collection on Mobile & Wireless Health

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wazid, M., Zeadally, S., Das, A.K. et al. Analysis of Security Protocols for Mobile Healthcare. J Med Syst 40, 229 (2016). https://doi.org/10.1007/s10916-016-0596-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0596-0

Keywords

Search

Navigation