Information and Communications Magazine (정보와 통신)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

u-헬스케어 서비스에서의 정보보호 기술 동향

  • Published : 2012.09.28
Download PDF
⟨ Previous Next ⟩

Abstract

u-헬스케어 서비스는 개인 의료 정보를 다루는 분야로서 단순한 건강 검진 및 치료의 수준을 넘어 생명과도 밀접한 관계가 있다. 개인 의료 정보 속성은 매우 민감하기 때문에 만약 개인 의료 정보가 불법적으로 노출되거나 악용될 경우 단순한 개인 프라이버시 침해뿐만 아니라 생명까지도 위협받을 수 있다. 이러한 이유로 안전한 개인 의료 정보 공유 및 인증방법이 가장 우선시 되어야 하며 보안성을 고려하여 u-헬스케어 시스템을 구축해야 한다. 또한 개인의 건강 정보에 대한 관리를 체계적으로 수행하여 의료 서비스기관에 의한 개인 의료 정보 남용을 방지하기 위해 보안 감사 시스템이 강화되어야 한다. 따라서 본고에서는 u-헬스케어 서비스와 관련된 다양한 보안 취약점 및 최신 정보보호 기술 동향에 관해 알아본다.

Keywords

References

  1. J.E. Song et al., "Security Issues and Its Technology Trends in u-Healthcare", ETRI, Electronics and Telecommunications Trends, vol.22, no.1, 2007.
  2. IDC, "IDC Expects Healthy Worldwide Investments in IT with Highest U.S. Growth Rates in Healthcare and Communications and Media," 2006.
  3. S.H. Park, "Meet the IT and BT", ETRI, 2008.
  4. J.h. Park, S.Y. Kang, "A Research on Information SecurityIssue of RFID in U - Healthcare Environment", Journal of Security Engineering, vol.5, no.5, pp.359-370, 2008.
  5. E.J. Yoon, K.Y. Yoo, "Patient Authentication System for Medical Information Security using RFID", The Journal of Korea Information and Communications Society, vol.35, no.6, pp.962-969, 2010.
  6. Lekkas, D., and Gritzalis, D., "Long-term verifiability of the electronic healthcare records authenticity". Int. J. Med. Inform. 76(5):442-448, 2007. https://doi.org/10.1016/j.ijmedinf.2006.09.010
  7. Pharow, P., and Blobel, B., "Electronic signatures for long-lasting storage purposes in electronic archives". Int. J. Med. Inform. 74(2):279-287, 2005. https://doi.org/10.1016/j.ijmedinf.2004.04.018
  8. Kluge, W. E. H., "Secure e-Health: managing risks to patient health data". Int. J. Med. Inform. 76(5):402-406, 2007. https://doi.org/10.1016/j.ijmedinf.2006.09.003
  9. Ahmad, N., "Restrictions on cryptography in India . A case study of encryption and privacy", Comput. Law Secur. Rev., Volume 25, Issue 2, pp.173-180, 2009. https://doi.org/10.1016/j.clsr.2009.02.001
  10. Takeda, H. et al., "An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System)". Int. J. Med. Inform. 73(3):311-316, 2004. https://doi.org/10.1016/j.ijmedinf.2003.12.013
  11. Hu, J., Chen, H.H., "A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations". Compu. Stand. Interfaces., 2009
  12. van der Linden, H., Kalra, D., Hasman, A., and Talmon, J., Inter-organizational future proof EHR systems: a review of the security and privacy related issues. Int. J. Med. Inform. 78:3, 2009.
  13. Sucurovic, S., "Implementing security in a distributed web-based EHCR". Int. J. Med. Inform. 76(5):491-496, 2007. https://doi.org/10.1016/j.ijmedinf.2006.09.017
  14. Bonacina, S. et al., "Modelling, designing, and implementing a family-based health record prototype". Comput. Biol. Med. 40(6):580-590, 2010. https://doi.org/10.1016/j.compbiomed.2010.04.002
  15. Gobi, M., and Vivekanandan, K., "A new digital envelope approach for secure electronic medical records.", IJCSNS Int. J. Comput. Sci. Netw. Secur., VOL. 9 No.1, January 2009.
  16. Yu-Yi Chen, Jun-Chao Lu, Jinn-Ke Jan, "A Secure EHR System Based on Hybrid Clouds.", J Med Syst, 36:3375-3384, 2012. https://doi.org/10.1007/s10916-012-9830-6
  17. Tsung-Chih Hsiao, Zhen-Yu Wu, Yu-Fang Chung, Tzer-Shyong Chen, Gwo-Boa Horng, "A Secure Integrated Medical Information System", J Med Syst., 36:3103-3113, 2012. https://doi.org/10.1007/s10916-011-9793-z
  18. Ateniese, G., and Medeiros, B., "Anonymous e-prescriptions. In proc. Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society", Washington, DC, USA, November 21, 2002.
  19. Yang, Y., Han, X., Bao, F., and Deng, R. H., "A smart-card-enabled privacy preserving e-prescription system". IEEE Trans. Inf. Technol. Biomed. 8(1):47-58, 2004. https://doi.org/10.1109/TITB.2004.824731
  20. Chien-Lung Hsu, Chung-Fu Lu, "A Security and Privacy Preserving E-Prescription System Based on Smart Cards", J Med Syst (2012) DOI 10.1007/ s10916-012-9838-y.
  21. Cheng, X., "A new approach to group signature schemes". Journal of computers 6(4):812-817, 2011.
  22. Tsung-Chih Hsiao et al., "An Authentication Scheme to Healthcare Security under Wireless Sensor Networks", J Med Syst (2012) DOI 10.1007/s10916- 012-9839-x.
  23. Wu, Z. Y., Lee, Y. C., Lai, F., Lee H. C., and Chung, Y., "A secure authentication scheme for telecare medicine information systems". J. Med. Syst. doi: 10.1007/s10916-010-9614-9, 2010.
  24. He, D. B., Chen, J. H., and Zhang, R., "A more secure authentication scheme for telecare medicine information systems". J. Med. Syst. doi: 10.1007/s10916-011-9658-5, 2011.
  25. Wei, J., Hu, X., Liu, W., " AnImproved Authentication Scheme for Telecare Medicine Information Systems", J. Med. Syst. doi: 10.1007/ s10916-012-9835-1, 2012.
  26. Zhian Zhu, "An Efficient Authentication Scheme for Telecare Medicine Information Systems", J. Med. Syst. doi: 10.1007/s10916-012-9856-9, 2012.
  27. K. Van Dam, S. Pitchers, and M. Barnard, "Body area networks: Towards a wearable future," in Proceedings of WWRF kick off meeting,, March 2001.
  28. L. Benoit, B. Braem, I. Moerman, C. Blondia, and P. Demeester, "A survey on wireless body area networks," Wireless Networks, pp. 1.18, 2010.
  29. Georgios Selimis et al, "A Lightweight Security Scheme for Wireless Body Area Networks: Design", Energy Evaluation and Proposed Microprocessor Design, Journal of Medical Systems, vol. 35(5), pp. 1289-1298, 2011. https://doi.org/10.1007/s10916-011-9669-2
  30. CY Poon et al, "A Novel Biometrics Method to Secure Wireless Body Area Sensor Networks for Telemedicine and M-Health", IEEE Communications Magazine, pp. 73-81, 2006.
  31. H. S. Ng, M. L. Sim, and C. M. Tan, "Security issues of wireless sensor networks in healthcare applications," BT Technology Journal, vol. 24, no. 2, pp. 138-144, 2006. https://doi.org/10.1007/s10550-006-0051-8
  32. D. Singelee et al., "A secure low-delay protocol for multi-hop wireless body area networks," Ad-hoc, Mobile and Wireless Networks, pp. 94-107, Sep. 20, 2008.
  33. P. Szczechowiak et al., "NanoECC: Testing the limits of elliptic curve cryptography in sensor networks," Proceedings of the 5th European conference on Wireless Sensor Networks, LNCS 4913, pp. 305-320, Springer-Verlag, 2008.
  34. L. Uhsadel, A. Poschmann, and C. Paar, "Enabling full-size public-key algorithms on 8-bit sensor nodes," Proceedings of European Workshop on Security in Ad-Hoc and Sensor Networks, LNCS 4572, pp. 73-86, Springer-Verlag, 2007.
  35. K. K. Venkatasubramanian, A. Banerjee, and S. K. S. Gupta, "EKG-based key agreement in body sensor networks," IEEE Conference on Computer Communications Workshops, pp. 1-6, 2008.
  36. Sana Ullah et al., "A Comprehensive Survey of Wireless Body Area Networks", Journal of Medical Systems, pp. 1-30, 2010.
  37. E. Jovanov et al., "A Wireless Body Area Network of Intelligent Motion Sensors for Computer Assisted Physical Rehabilitation," J. NeuroEng. and Rehab., vol. 2, no. 11, p. 6, Mar. 2005. https://doi.org/10.1186/1743-0003-2-6
  38. S.T. Ali et al., "Authentication of Lossy Datain Body - SensorNetworks for Health care Monitoring,"2012 9th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks(SECON), pp.470- 478, 2012.
  39. H.S. Ahn et al., "A Practical Authentication System for Wireless Body Area Networks(WBAN)", The Journal of Korea Information and Communications Society, vol.37, no.4, pp.290-296, 2012.
  40. M. Masi et al., "Security Analysis of Standards- Driven Communication Protocols for Healthcare Scenarios", J Med Syst (2012) DOI 10.1007/s10916- 012-9843-1.
  41. Nikooghadam et al., "Secure Communication of Medical Information Using Mobile Agents", J Med Syst (2012) DOI 10.1007/s10916-012-9857-8.
  42. Chen, T. L., Chung, Y. F., and Lin, F. Y. S., "Deployment of secure mobile agents for medical information systems". J. Med. Syst., 2011. doi:10.1007/s10916-011-9716-z.
  43. Wu, S., and Chen K. "An efficient key-management scheme for hierarchical access control in e-medicine system". J. Med. Syst., Springer, doi:10.1007/ s10916-011-9700-7, 2011.
  44. Huang, K. H., Chung, Y. F., Liu, C. H., Lai, F., and Chen, T. S., "Efficient migration for mobile computing in distributed networks". Comput. Stand. Int. 31:40-47, 2009. https://doi.org/10.1016/j.csi.2007.10.011
  45. Liu, C. H., Chung, Y. F., Chen, Th, and De Wang, S., "Mobile agent application and integration in electronic anamnesis system". J. Med. Syst., 2011. doi:10.1007/s10916-010-9563-3.
  46. Nikooghadam, M, Safaei F., and Zakerolhosseini A. "An efficient key management scheme for mobile agents in distributed networks", IEEE, 1st International Conference on Parallel, Distributed and Grid Computing (PDGC - 2010), 2010.
  47. Chen, T. L., Chung, Y. F., and Lin, F. Y. S., "A study on agent-based secure scheme for electronic medical record system". J. Med. Syst., 2010. doi:10.1007/s10916-010-9595-8.
  48. Uluta et al., "Medical image security and EPR hiding using Shamir's secret sharing scheme", The Journal of Systems and Software, vol.84, pp.341-353, 2011. https://doi.org/10.1016/j.jss.2010.11.928