Security protocols for mobile ubiquitous e-health systems
- Autores: Pablo Picazo Sánchez
- Directores de la Tesis: Pedro Peris López (dir. tes.), Juan Manuel Estévez Tapiador (dir. tes.)
- Lectura: En la Universidad Carlos III de Madrid ( España ) en 2016
- Idioma: inglés
- Tribunal Calificador de la Tesis: Arturo Ribagorda Garnacho (presid.), Jorge Blasco Alís Alís (secret.), Jesús García López de Lacalle (voc.)
- Programa de doctorado: Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de Madrid
- Materias:
- Enlaces
- Tesis en acceso abierto en: e-Archivo
- Resumen
Wearable and implantable medical devices constitute an already established industry nowadays. According to a recent research [113], North America is currently the most important market followed by Europe, Asia-Pacific and the rest of the world. Additionally, the same document remarks the importance of the Asia-Pacific region due to the rising ageing population and the overpopulation in that area. The most common implantable medical devices include pacemakers, defibrillators, cochlear implants, insulin pumps, and neurostimulators among others. In recent years, the proliferation of smartphones and other mobile “smart” devices with substantial computational and communication capabilities have reshaped the way wireless body area network may be implemented. In their current generation (or in a near future), all of them share a common feature: wireless communication capabilities [127]. Moreover, implantable medical devices have the ability to support and store telemetry data facilitating the remote monitoring of the patient. Medical devices can be part of a wireless body area network, operating both as sensors and as actuators and making decisions in real time. On the other hand, a new kind of devices called wearables, such as smart bracelets or smart watches, have been equipped with several sensors like Photoplethysmogram (PPG) to record the heart beats, accelerometers to count the steps, or Global Positioning System (GPS) to geopositioning users and were originally conceived as cheap solutions to help people to improve their workout. However, these devices have demonstrated to be quite useful in many healthcare environments due to a huge variety of different and low-cost medical sensors. Thus, patients can be monitored for long periods of time without interfering in their daily life and taking their vital signs constantly under control. Security and privacy issues have been described as two of the most challenging problems of implantable medical devices and, more generally, wireless body area networks [6, 47, 84, 103]. As an example, it has been demonstrated that somebody equipped with a low-cost device can eavesdrop on the data exchanged between a reader and a peacemaker and may even induce a cardiac arrest [71]. Health-related data have been the focus of several attacks almost since the adoption of computers in the healthcare domain. As a recent example, in 2010 personal data from more than 26 millions of veterans were stolen from the Department of Veterans Affairs’ database in the US by an employee who had access to the database [104]. The Ponemon Institute pointed out that Germany and the US spent in 2013 more than $7.56 and $11 millions, respectively, to protect personal health records from attacks. This PhD dissertation explores the security and privacy of data in healthcare en- vironments where confidential information is measured in real time by some sensors placed in, on, or around the human body. Security and privacy in medical environ- ments have been widely studied by the research community,. Nonetheless with the recent boom of wearable devices, new security issues have arisen. The first part of this dissertation is dedicated to the introducing the main mo- tivation of this PhD and describing its objectives. Additionally, the contributions and organization of this document are also presented. In the second part, a recent proposal has been analysed from the security and privacy points of view. From this study, vulnerabilities concerning the full disclosure, impersonation, traceability, de-synchronization, and Denial-of-Service (DoS) attacks have been found. These attacks make the protocol infeasible to be repaired with an adequate security and sufficient privacy protection level. Finally, a new protocol named Fingerprint+ protocol for the Internet of Thing (IoT) is presented, which is based on the ISO/IEC 9798-2 and ISO/IEC 18000-6C recommendations and whose security is formally verified using BAN logic. In the third part of this dissertation, a new system based on International Standard Organization (ISO) standards and National Institute of Standards and Technology (NIST) security recommendations is proposed. First, we present a mutual entity authentication protocol inspired on ISO/IEC 9798 Part 2. This system could be deployed in a hospital where Radio Frequency IDentification (RFID) technology may be used to prune blood-handling errors, i.e., the identities of the patients and blood bags are confirmed (authentication protocol) and after that the matching between both entities is checked (verification step). Second, a secure messaging protocol inspired on ISO/IEC 11770 Part 2, similar to that used in electronic passports, is presented. Nowadays the new generation of medical implants possess wireless connectivity. Imagine a doctor equipped with a reader aims to access the records of vital signals stored in the memory of an implant. In this scenario, the doctor (reader) and the patient (implant) are first mutually authenticated and then a secure exchange of data can be performed. The fourth part of this dissertation provides an architecture based on two cryptographic protocols. The first one is for publishing personal data in a body area network composed of different sensors whereas the second one is designed for send- ing commands to those sensors by guaranteeing the confidentiality and fine-grained access control to the private data. Both protocols are based on a recently proposed public cryptography paradigm named Ciphertext Policy Attribute Based Encryption (CP-ABE) scheme which is lightweight enough to be embedded into wearable devices and sensors. Contrarily to other proposals made in this field, this architecture allows sensors not only to encrypt data but also to decrypt messages generated by other devices. The fifth part presents a new decentralized attribute-based encryption scheme named Decentralized Ciphertext-Policy Attribute Based Searchable Encryption that incorporates ciphertext-policy attribute-based encryption with keyword search over encrypted data. This scheme allows users to (a) encrypt their personal data collected by a Wireless Body Area Network (WBAN) according to a policy of attributes; (b) define a set of keywords to enable other users (e.g., hospital stuff) to perform encrypted search over their personal (encrypted) data; (c) securely store the encrypted data on a semi-honest server and let the semi-honest server run the (encrypted) keyword search. Note that any user can perform a keyword query on the encrypted data, but the decryption of the resulting ciphertexts is possible only for users whose attributes satisfy the policy with which the data had been encrypted. We state and prove the security of our scheme against an honest-but-curious server and a passive adversary. Finally, we implement our system on heterogeneous devices and demonstrate its efficiency and scalability. Finally, this document ends with a conclusion section describing the main contributions of this PhD dissertation and the published results.
